Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

can't connect to net in normal mode


  • Please log in to reply
18 replies to this topic

#1 j.mark

j.mark

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:23 PM

Posted 28 July 2011 - 11:43 PM

Cannot connect to internet in normal mode.
Internet connection in Safe Mode is intermittent and
almost impossible to download any large software.
Downloaded Cobian Backup but says there's "no engine" so
no back up.
Cannot find winnt32.exe
Downloaded DDS.
Rerunning GMER with IAT/EAT and Show All unchecked, but did not
see "Drives/Partitions other than Systemdrive" so can't uncheck.

Downloaded Spyhunter, the only program to find anything, which says;
2 infections, registry cleaner, spyshield, regreswiz.zip,
{spyshield}_372067.exe
{trojan.clicker.vesloruki}_Lame_enc.dll
{worm.rimecud.fy} combofix.exe
connects/sends to; hxxp://shponchik.com/gda/gate/data.php
hxxp://shponchik.com/gda/gate/r.php
Don't know if that's true or just Spyhunter wanting to sell
me a product.

Ready to give up and reformat but don't have original disks.
Still have limited net access in Safe Mode and access to
yahoo and gmail email accounts, when I can get on.
Have to continually run Network Connection Wizard but when
that doesn't work have to reboot into Safe Mode again and
start over, which is often.

No idea what virus, worm, trojan, whatever I picked up and would
like to visit the creator to put a live bat in his pajamas.

Seemed that certain keywords in google would freeze it.

Spent 90 minutes waiting for GMER to finish and no report?!
Will run it again tomorrow.
Here's the DDS log;

.
DDS (Ver_2011-06-23.01) - NTFSx86 NETWORK
Internet Explorer: 6.0.2900.2180
Run by Administrator at 22:09:17 on 2011-07-27
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1007.588 [GMT -7:00]
.
AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: avast! Antivirus *Enabled/Outdated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AntiVirus\Adaware\AAWService.exe
C:\Program Files\AntiVirus\Adaware\AAWTray.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: CKeyScramblerBHO Object: {2b9f5787-88a5-4945-90e7-c4b18563bc5e} - c:\program files\keyscrambler\KeyScramblerIE.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [cdloader] "c:\documents and settings\administrator\application data\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [TClockEx] c:\program files\tclockex\TCLOCKEX.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [PRONoMgrWired] c:\program files\intel\prosetwired\ncs\proset\PRONoMgr.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [DNS7reminder] "c:\program files\nuance\naturallyspeaking10\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\nuance\naturallyspeaking10\Ereg.ini
mRun: [WinampAgent] "c:\program files\winamp\winamp2.73\winamp\Winampa.exe"
mRun: [VirtualCloneDrive] "g:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [ClocX] c:\program files\clocx\ClocX.exe
mRun: [Trend Micro RUBotted V2.0 Beta] c:\program files\trend micro\rubotted\RUBottedGUI.exe
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRunOnce: [aswAhAScr.dll] "c:\program files\avast software\avast\aswregsvr.exe" "c:\program files\avast software\avast\AhAScr.dll"
StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\lunaba~1.lnk - c:\program files\lunabar\Lunabar.exe
StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\pandau~1.lnk - j:\panda usb vaccine\USBVaccine.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.0.207\SSScheduler.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wirele~1.lnk - c:\program files\trendnet\trendnet tew-421pc_tew-423pi\WlanCU.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - c:\program files\keyscrambler\KeyScramblerIE.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
Trusted Zone: aol.com\free
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
TCP: DhcpNameServer = 68.116.46.115 24.205.192.61 24.205.224.36
TCP: Interfaces\{27A15771-A6D5-474A-B0B9-082B5D2AAA8F} : DhcpNameServer = 68.116.46.115 24.205.192.61 24.205.224.36
TCP: Interfaces\{89E5A792-D88B-4866-9764-206B5D76516D} : NameServer = 68.116.46.115,24.205.192.61
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\varyf5vs.default\
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\netscape\communicator\program\plugins\npaudio.dll
FF - plugin: c:\program files\netscape\communicator\program\plugins\npavi32.dll
FF - plugin: c:\program files\netscape\communicator\program\plugins\NPAXDLPI.dll
FF - plugin: c:\program files\netscape\communicator\program\plugins\npbeatnk.dll
FF - plugin: c:\program files\netscape\communicator\program\plugins\NPDocBox.dll
FF - plugin: c:\program files\netscape\communicator\program\plugins\npdrmv2.dll
FF - plugin: c:\program files\netscape\communicator\program\plugins\npdsplay.dll
FF - plugin: c:\program files\netscape\communicator\program\plugins\npnul32.dll
FF - plugin: c:\program files\netscape\communicator\program\plugins\nppdf32.dll
FF - plugin: c:\program files\netscape\communicator\program\plugins\npswf32.dll
FF - plugin: c:\program files\netscape\communicator\program\plugins\npwmsdrm.dll
.
============= SERVICES / DRIVERS ===============
.
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2008-11-29 394952]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\antivirus\adaware\AAWService.exe [2011-7-21 2151640]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2008-12-21 113896]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-7-26 441176]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-7-26 309848]
S1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-7-15 11608]
S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-7-15 136360]
S2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-7-15 269480]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-7-26 19544]
S2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-7-26 42184]
S2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-7-15 61960]
S2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]
S2 RUBotSrv;Trend Micro RUBotted Service;c:\program files\trend micro\rubotted\RUBotSrv.exe [2011-7-26 439632]
S2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\enigma~1\spyhun~1\SH4SER~1.EXE [2011-5-17 735648]
S3 esgiguard;esgiguard;c:\program files\enigma software group\spyhunter\esgiguard.sys [2011-5-6 13904]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.0.207\McCHSvc.exe [2011-6-17 237008]
S3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [2002-10-2 13532]
S3 uts_bus;UTStarcom USB Composite Device driver (WDM);c:\windows\system32\drivers\uts_bus.sys [2009-6-23 84352]
S3 uts_mdfl;UTStarcom USB Modem Filter;c:\windows\system32\drivers\uts_mdfl.sys [2009-6-23 14976]
S3 uts_mdm;UTStarcom USB Modem Drivers;c:\windows\system32\drivers\uts_mdm.sys [2009-6-23 110848]
S3 uts_serd;UTStarcom USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\uts_serd.sys [2009-6-23 90880]
.
=============== Created Last 30 ================
.
2011-07-28 03:41:37 -------- d-----w- c:\program files\GMERLOG
2011-07-27 19:47:00 -------- d-----w- c:\program files\HPprinter
2011-07-27 19:42:22 1748384 ----a-w- c:\program files\HPSDU.exe.part
2011-07-27 02:49:33 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2011-07-27 02:32:33 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-27 02:32:29 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-27 02:32:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-27 00:02:54 -------- d-----w- c:\documents and settings\all users\application data\Panda Security
2011-07-26 23:19:17 -------- d-----w- c:\program files\QH
2011-07-26 22:39:53 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-26 22:39:32 40112 ----a-w- c:\windows\avastSS.scr
2011-07-26 21:40:03 -------- d-----w- c:\program files\WinPcap
2011-07-26 21:22:12 -------- d-----w- c:\program files\OKAY
2011-07-24 00:43:24 -------- d-----w- c:\documents and settings\all users\application data\McAfee Security Scan
2011-07-24 00:43:08 -------- d-----w- c:\program files\McAfee Security Scan
2011-07-23 10:40:14 110080 ----a-r- c:\documents and settings\administrator\application data\microsoft\installer\{820c0eeb-9b12-4ad5-b39d-d15ed1dbdd06}\IconF7A21AF7.exe
2011-07-23 10:40:14 110080 ----a-r- c:\documents and settings\administrator\application data\microsoft\installer\{820c0eeb-9b12-4ad5-b39d-d15ed1dbdd06}\IconD7F16134.exe
2011-07-23 10:40:14 110080 ----a-r- c:\documents and settings\administrator\application data\microsoft\installer\{820c0eeb-9b12-4ad5-b39d-d15ed1dbdd06}\IconCF33A0CE.exe
2011-07-23 10:40:07 -------- d-----w- C:\sh4ldr
2011-07-23 10:40:06 -------- d-----w- c:\program files\Enigma Software Group
2011-07-23 07:07:54 190032 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-07-23 06:59:14 -------- d-----w- c:\program files\ESET
2011-07-23 04:13:27 -------- d-----w- c:\documents and settings\administrator\application data\QuickScan
2011-07-23 01:37:24 767952 ----a-w- c:\windows\BDTSupport.dll0719.old
2011-07-23 01:37:23 2029520 ----a-w- c:\windows\PCTBDCore.dll0719.old
2011-07-23 01:37:23 149456 ----a-w- c:\windows\SGDetectionTool.dll0719.old
2011-07-23 01:07:05 -------- d-----w- c:\program files\PC Tools Security
2011-07-23 01:07:05 -------- d-----w- c:\program files\common files\PC Tools
2011-07-22 19:44:14 -------- d-sha-r- C:\cmdcons
2011-07-22 19:33:40 98816 ----a-w- c:\windows\sed.exe
2011-07-22 19:33:40 518144 ----a-w- c:\windows\SWREG.exe
2011-07-22 19:33:40 256000 ----a-w- c:\windows\PEV.exe
2011-07-22 19:33:40 208896 ----a-w- c:\windows\MBR.exe
2011-07-22 05:06:51 91190456 ----a-w- C:\RegistryBkup7-20-11.reg
2011-07-22 05:05:21 4980 ----a-w- C:\cc_20101015_185446[10-15-10backup].reg
2011-07-22 05:02:14 -------- d-----w- c:\program files\Registry-command
2011-07-22 00:35:28 -------- d-----w- c:\program files\BackUpDiskImagers
2011-07-21 22:27:56 -------- d-----w- c:\windows\system32\SysRestorebackup
2011-07-21 22:15:34 73472 ----a-w- c:\windows\system\sr.sys
2011-07-21 22:15:31 73472 ----a-w- c:\windows\system32\sr.sys
2011-07-21 20:38:10 85504 ----a-w- C:\Inherit.exe
2011-07-21 20:02:38 -------- d-----w- c:\program files\RegistryCleaner
2011-07-21 18:32:15 -------- d-----w- c:\program files\currentcontrolset
2011-07-21 17:41:40 -------- d-----w- c:\program files\REG_SZ
2011-07-21 15:23:10 -------- d-----w- c:\program files\SystemRestore
2011-07-21 07:57:04 -------- d-----w- c:\documents and settings\administrator\DoctorWeb
2011-07-18 22:06:29 1130047 ----a-w- c:\program files\KillBoxINS.exe
2011-07-17 02:24:25 388096 ----a-r- c:\documents and settings\administrator\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-07-17 02:24:22 -------- d-----w- c:\program files\Trend Micro
2011-07-16 21:59:31 -------- d-----w- c:\program files\Uninstaller
2011-07-16 05:36:32 -------- d-----w- c:\documents and settings\all users\application data\PC Tools
2011-07-16 05:32:11 -------- d-----w- c:\program files\Uninstallers
2011-07-16 05:09:05 -------- d-----w- c:\documents and settings\administrator\application data\Avira
2011-07-16 04:59:05 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-07-16 04:58:08 -------- d-----w- c:\program files\Avira
2011-07-16 04:58:08 -------- d-----w- c:\documents and settings\all users\application data\Avira
2011-07-15 00:55:48 -------- d-----w- c:\program files\Trojan Remover
2011-07-15 00:17:40 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-07-15 00:17:40 -------- d-----w- c:\windows\system32\wbem\Repository
2011-07-14 23:30:00 -------- d--h--w- c:\windows\system32\GroupPolicy
.
==================== Find3M ====================
.
2010-07-26 22:34:26 309314 ----a-w- c:\program files\K-Lite_Codec_Pack_620_Basic.exe
.
============= FINISH: 22:10:06.34 ===============

Edited by Orange Blossom, 05 August 2011 - 12:39 AM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,744 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:23 AM

Posted 07 August 2011 - 11:45 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resouce! To tell me this, please click on http://www.bleepingcomputer.com/logreply/411863 and follow the instructions there. If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 j.mark

j.mark
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:23 PM

Posted 08 August 2011 - 04:00 AM

Still need help.
Windoze XP Pro 32 bit, 40 gig HD
Cannot connect to internet in normal mode.
Internet connection in Safe Mode is intermittent and
almost impossible to download any large software.
Downloaded Cobian Backup but says there's "no engine" so
no back up.
Cannot find winnt32.exe
Downloaded DDS.
Rerunning GMER with IAT/EAT and Show All unchecked, but did not
see "Drives/Partitions other than Systemdrive".

Downloaded Spyhunter, the only program to find anything, which says;
2 infections, registry cleaner, spyshield, regreswiz.zip,
{spyshield}_372067.exe
{trojan.clicker.vesloruki}_Lame_enc.dll
{worm.rimecud.fy} combofix.exe
connects/sends to; http://shponchik.com/gda/gate/data.php
http://shponchik.com/gda/gate/r.php

Ready to give up and reformat but don't have original disks.
Still have limited net access in Safe Mode and access to
yahoo and gmail email accounts, when I can get on.
Have to continually run Network Connection Wizard but when
that doesn't work have to reboot into Safe Mode again and
start over, which is often.

Only generic versions of some icons in normal mode and a few
older programs wont run.

here's todays DDS & GMER logs;

.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 6.0.2900.2180
Run by Administrator at 23:49:58 on 2011-08-07
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1007.648 [GMT -7:00]
.
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *Enabled*
.
============== Running Processes ===============
.
C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\SnoopFreeSvc.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\igfxpers.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
G:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ClocX\ClocX.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\SnoopFreeUI.exe
C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe
C:\Program Files\TRENDnet\TRENDnet TEW-421PC_TEW-423PI\WlanCU.exe
C:\Program Files\Lunabar\Lunabar.exe
C:\Documents and Settings\Administrator\Desktop\dds.com
C:\WINDOWS\system32\WSCRIPT.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: KeyScramblerBHO Class: {2b9f5787-88a5-4945-90e7-c4b18563bc5e} - c:\program files\keyscrambler\KeyScramblerIE.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [TClockEx] c:\program files\tclockex\TCLOCKEX.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [PRONoMgrWired] c:\program files\intel\prosetwired\ncs\proset\PRONoMgr.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [VirtualCloneDrive] "g:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [ClocX] c:\program files\clocx\ClocX.exe
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [SnoopFreeUI] SnoopFreeUI.exe
StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\lunaba~1.lnk - c:\program files\lunabar\Lunabar.exe
StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\pandau~1.lnk - j:\panda usb vaccine\USBVaccine.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.0.207\SSScheduler.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wirele~1.lnk - c:\program files\trendnet\trendnet tew-421pc_tew-423pi\WlanCU.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - c:\program files\keyscrambler\KeyScramblerIE.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
Trusted Zone: aol.com\free
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
TCP: {89E5A792-D88B-4866-9764-206B5D76516D} = 68.116.46.115,24.205.192.61
Handler: AutorunsDisabled\skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\varyf5vs.default\
FF - plugin: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\varyf5vs.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\netscape\communicator\program\plugins\npaudio.dll
FF - plugin: c:\program files\netscape\communicator\program\plugins\npavi32.dll
FF - plugin: c:\program files\netscape\communicator\program\plugins\NPAXDLPI.dll
FF - plugin: c:\program files\netscape\communicator\program\plugins\npbeatnk.dll
FF - plugin: c:\program files\netscape\communicator\program\plugins\NPDocBox.dll
FF - plugin: c:\program files\netscape\communicator\program\plugins\npdrmv2.dll
FF - plugin: c:\program files\netscape\communicator\program\plugins\npdsplay.dll
FF - plugin: c:\program files\netscape\communicator\program\plugins\npnul32.dll
FF - plugin: c:\program files\netscape\communicator\program\plugins\nppdf32.dll
FF - plugin: c:\program files\netscape\communicator\program\plugins\npswf32.dll
FF - plugin: c:\program files\netscape\communicator\program\plugins\npwmsdrm.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SnoopFree;SnoopFree Driver;c:\windows\system32\drivers\SnopFree.sys [2011-7-30 9472]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-7-26 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-7-26 309848]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2008-11-29 394952]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-7-26 19544]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-7-26 42184]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]
R2 SnoopFreeSvc;Snoop Free Service;System32\SnoopFreeSvc.exe --> System32\SnoopFreeSvc.exe [?]
R2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\enigma~1\spyhun~1\SH4SER~1.EXE [2011-5-17 735648]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2008-12-21 225856]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\antivirus\adaware\AAWService.exe [2011-7-21 2151640]
S3 esgiguard;esgiguard;c:\program files\enigma software group\spyhunter\esgiguard.sys [2011-5-6 13904]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.0.207\McCHSvc.exe [2011-6-17 237008]
S3 uts_bus;UTStarcom USB Composite Device driver (WDM);c:\windows\system32\drivers\uts_bus.sys [2009-6-23 84352]
S3 uts_mdfl;UTStarcom USB Modem Filter;c:\windows\system32\drivers\uts_mdfl.sys [2009-6-23 14976]
S3 uts_mdm;UTStarcom USB Modem Drivers;c:\windows\system32\drivers\uts_mdm.sys [2009-6-23 110848]
S3 uts_serd;UTStarcom USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\uts_serd.sys [2009-6-23 90880]
.
=============== Created Last 30 ================
.
2011-08-02 00:27:26 4608744 ----a-w- C:\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
2011-08-01 23:43:37 2585872 ----a-w- C:\WindowsInstaller-KB893803-v2-x86.exe
2011-08-01 23:41:57 1214120 ----a-w- C:\EWBackup_1-1-1006_dwn.exe
2011-08-01 23:33:22 793600 ----a-w- C:\ntbackup.msi
2011-08-01 06:39:08 -------- d-----w- c:\documents and settings\administrator\application data\Runscanner.net
2011-08-01 06:07:00 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2011-08-01 06:07:00 -------- d-----w- c:\program files\SpywareBlaster
2011-08-01 05:57:12 -------- d--h--w- c:\documents and settings\all users\application data\Common Files
2011-08-01 05:56:30 -------- d-----w- c:\documents and settings\all users\application data\MFAData
2011-08-01 05:35:09 -------- d-----w- c:\program files\UPHClean
2011-08-01 04:08:13 -------- d-----w- C:\EVENTLOGS
2011-08-01 02:13:08 -------- d-----w- c:\documents and settings\all users\application data\Hitman Pro
2011-07-31 23:47:58 -------- d-----w- c:\program files\VS Revo Group
2011-07-31 23:16:18 -------- d-----w- c:\program files\COMODO
2011-07-31 23:04:44 -------- d-----w- C:\EnhanceSecurityXP2
2011-07-31 22:31:22 -------- d-----w- C:\Disconnects
2011-07-31 22:03:20 -------- d-----w- c:\program files\IPaddresses
2011-07-31 20:37:15 -------- d-----w- c:\program files\MSBLASTVIRUS
2011-07-31 20:29:20 -------- d-----w- c:\program files\NetworkConnectionWizardProblems
2011-07-31 20:21:23 -------- d-----w- c:\program files\TUThelp
2011-07-31 19:16:12 124688 ----a-w- c:\windows\system32\MSWinSck.ocx
2011-07-31 19:16:10 614400 ----a-w- c:\windows\system32\ExButton.dll
2011-07-31 19:16:10 602112 ----a-w- c:\windows\system32\ExMenu.dll
2011-07-31 19:16:10 516096 ----a-w- c:\windows\system32\ExTab.dll
2011-07-31 19:16:10 307200 ----a-w- c:\windows\system32\ExPMenu.dll
2011-07-31 19:16:10 1753088 ----a-w- c:\windows\system32\ExGrid.dll
2011-07-31 19:16:09 368912 ----a-w- c:\windows\system32\vbar332.dll
2011-07-31 19:16:09 356352 ----a-w- c:\windows\system32\eSellerateEngine.dll
2011-07-31 19:16:09 118784 ----a-w- c:\windows\system32\eWebControl.dll
2011-07-31 19:16:09 -------- d-----w- c:\program files\common files\eSellerate
2011-07-31 19:16:08 -------- d-----w- c:\program files\AnswersThatWork
2011-07-31 08:28:28 -------- d-----w- C:\threatreport
2011-07-31 05:10:02 -------- d-----w- c:\program files\Ashampoo
2011-07-31 04:35:43 -------- d-----w- c:\program files\Startup
2011-07-30 22:06:19 -------- d-----w- c:\documents and settings\all users\application data\QFX Software
2011-07-30 22:06:19 -------- d-----w- c:\documents and settings\administrator\application data\QFX Software
2011-07-30 21:48:21 9472 ----a-w- c:\windows\system32\drivers\SnopFree.sys
2011-07-30 21:48:21 90112 ----a-w- c:\windows\system32\SnoopFreeSvc.exe
2011-07-30 21:48:21 45056 ----a-w- c:\windows\SnoopFreeDll.dll
2011-07-30 21:48:21 221184 ----a-w- c:\windows\SnoopFreeUI.exe
2011-07-30 06:11:07 -------- d-----w- c:\program files\aswMBR
2011-07-30 04:11:03 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Opera
2011-07-30 03:41:09 10307728 ----a-w- c:\program files\Opera_1150_int_Setup.exe
2011-07-29 22:36:36 -------- d-----w- c:\program files\fixbug
2011-07-29 04:33:36 -------- d-----w- c:\program files\Firefox
2011-07-29 02:08:16 -------- d-----w- C:\Bleepingcomputer.com
2011-07-29 00:25:39 -------- d-----w- c:\program files\HowToCleanMalware
2011-07-29 00:23:58 -------- d-----w- c:\program files\ReinstallXP
2011-07-28 23:45:00 -------- d-----w- c:\program files\BackupInfo
2011-07-28 21:53:04 -------- d-----w- c:\program files\Backup
2011-07-28 03:41:37 -------- d-----w- c:\program files\GMERLOG
2011-07-27 19:47:00 -------- d-----w- c:\program files\HPprinter
2011-07-27 19:42:22 1748384 ----a-w- c:\program files\HPSDU.exe.part
2011-07-27 02:49:33 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2011-07-27 02:32:33 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-27 02:32:29 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-27 02:32:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-27 00:02:54 -------- d-----w- c:\documents and settings\all users\application data\Panda Security
2011-07-26 23:19:17 -------- d-----w- c:\program files\QH
2011-07-26 22:39:53 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-26 22:39:32 40112 ----a-w- c:\windows\avastSS.scr
2011-07-26 21:40:03 -------- d-----w- c:\program files\WinPcap
2011-07-26 21:22:12 -------- d-----w- c:\program files\OKAY
2011-07-24 00:43:24 -------- d-----w- c:\documents and settings\all users\application data\McAfee Security Scan
2011-07-24 00:43:08 -------- d-----w- c:\program files\McAfee Security Scan
2011-07-23 10:40:14 110080 ----a-r- c:\documents and settings\administrator\application data\microsoft\installer\{820c0eeb-9b12-4ad5-b39d-d15ed1dbdd06}\IconF7A21AF7.exe
2011-07-23 10:40:14 110080 ----a-r- c:\documents and settings\administrator\application data\microsoft\installer\{820c0eeb-9b12-4ad5-b39d-d15ed1dbdd06}\IconD7F16134.exe
2011-07-23 10:40:14 110080 ----a-r- c:\documents and settings\administrator\application data\microsoft\installer\{820c0eeb-9b12-4ad5-b39d-d15ed1dbdd06}\IconCF33A0CE.exe
2011-07-23 10:40:07 -------- d-----w- C:\sh4ldr
2011-07-23 10:40:06 -------- d-----w- c:\program files\Enigma Software Group
2011-07-23 07:07:54 190032 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-07-23 06:59:14 -------- d-----w- c:\program files\ESET
2011-07-23 04:13:27 -------- d-----w- c:\documents and settings\administrator\application data\QuickScan
2011-07-23 01:37:24 767952 ----a-w- c:\windows\BDTSupport.dll0719.old
2011-07-23 01:37:23 2029520 ----a-w- c:\windows\PCTBDCore.dll0719.old
2011-07-23 01:37:23 149456 ----a-w- c:\windows\SGDetectionTool.dll0719.old
2011-07-23 01:07:05 -------- d-----w- c:\program files\common files\PC Tools
2011-07-22 19:44:14 -------- d-sha-r- C:\cmdcons
2011-07-22 19:33:40 98816 ----a-w- c:\windows\sed.exe
2011-07-22 19:33:40 518144 ----a-w- c:\windows\SWREG.exe
2011-07-22 19:33:40 256000 ----a-w- c:\windows\PEV.exe
2011-07-22 19:33:40 208896 ----a-w- c:\windows\MBR.exe
2011-07-22 05:06:51 91190456 ----a-w- C:\RegistryBkup7-20-11.reg
2011-07-22 05:05:21 4980 ----a-w- C:\cc_20101015_185446[10-15-10backup].reg
2011-07-22 05:02:14 -------- d-----w- c:\program files\Registry-command
2011-07-22 00:35:28 -------- d-----w- c:\program files\BackUpDiskImagers
2011-07-21 22:27:56 -------- d-----w- c:\windows\system32\SysRestorebackup
2011-07-21 22:15:34 73472 ----a-w- c:\windows\system\sr.sys
2011-07-21 22:15:31 73472 ----a-w- c:\windows\system32\sr.sys
2011-07-21 20:38:10 85504 ----a-w- C:\Inherit.exe
2011-07-21 20:02:38 -------- d-----w- c:\program files\RegistryCleaner
2011-07-21 18:32:15 -------- d-----w- c:\program files\currentcontrolset
2011-07-21 17:41:40 -------- d-----w- c:\program files\REG_SZ
2011-07-21 15:23:10 -------- d-----w- c:\program files\SystemRestore
2011-07-21 07:57:04 -------- d-----w- c:\documents and settings\administrator\DoctorWeb
2011-07-18 22:06:29 1130047 ----a-w- c:\program files\KillBoxINS.exe
2011-07-17 02:24:25 388096 ----a-r- c:\documents and settings\administrator\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-07-17 02:24:22 -------- d-----w- c:\program files\Trend Micro
2011-07-16 21:59:31 -------- d-----w- c:\program files\Uninstaller
2011-07-16 05:36:32 -------- d-----w- c:\documents and settings\all users\application data\PC Tools
2011-07-16 05:32:11 -------- d-----w- c:\program files\Uninstallers
2011-07-16 04:58:08 -------- d-----w- c:\program files\Avira
2011-07-15 00:55:48 -------- d-----w- c:\program files\Trojan Remover
2011-07-15 00:17:40 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-07-15 00:17:40 -------- d-----w- c:\windows\system32\wbem\Repository
2011-07-14 23:30:00 -------- d--h--w- c:\windows\system32\GroupPolicy
.
==================== Find3M ====================
.
2010-07-26 22:34:26 309314 ----a-w- c:\program files\K-Lite_Codec_Pack_620_Basic.exe
.
============= FINISH: 23:51:09.21 ===============



GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-08-08 01:34:53
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD400JB-00ETA0 rev.77.07W77
Running: gmer.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kfaiyaob.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xEE93B202]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xEE9A1D8C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xEE95F6C1]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwConnectPort [0xEEB1B040]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xEE93D7F0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xEE93D848]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateFile [0xEEB17930]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xEE93D95E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xEE95F075]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xEE93D746]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreatePort [0xEEB1B510]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateProcess [0xEEB21870]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateProcessEx [0xEEB21AA0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateSection [0xEEB24FD0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xEE93D79A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xEE93D90C]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateWaitablePort [0xEEB1B600]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xEE93B226]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwDeleteFile [0xEEB17F20]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xEE95FD87]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xEE96003D]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwDuplicateObject [0xEEB21580]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xEE95FBF2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xEE95FA5D]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xEE9A1E3C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xEE93AFF0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwLoadKey [0xEEB238B0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xEE93B24A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xEE93DD56]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xEE93BCDA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xEE93D820]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xEE93D870]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwOpenFile [0xEEB17D70]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xEE93D988]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xEE95F3D1]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xEE93D772]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwOpenProcess [0xEEB21350]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xEE93D8D8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xEE93D7C8]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwOpenThread [0xEEB21150]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xEE93D936]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xEE9A1ED4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xEE95F8D8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xEE93BBA0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xEE95F72A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xEE9AA10E]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwReplaceKey [0xEEB23CB0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwRequestWaitReplyPort [0xEEB1AC00]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xEE95E6E8]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwSecureConnectPort [0xEEB1B220]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xEE93B26E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xEE93B292]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwSetInformationFile [0xEEB18120]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xEE93B04A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xEE93B186]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xEE95FE8E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xEE93B162]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xEE93B1AA]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwTerminateProcess [0xEEB21CD0]
SSDT \??\C:\WINDOWS\system32\Drivers\uphcleanhlp.sys ZwUnloadKey [0xEDEC275C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xEE93B2B6]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!ZwYieldExecution + 102 804E495C 16 Bytes [F0, D7, 93, EE, 48, D8, 93, ...]
.text ntoskrnl.exe!ZwYieldExecution + 12E 804E4988 12 Bytes [10, B5, B1, EE, 70, 18, B2, ...]
.text ntoskrnl.exe!ZwYieldExecution + 16A 804E49C4 12 Bytes [26, B2, 93, EE, 20, 7F, B1, ...]
.text ntoskrnl.exe!ZwYieldExecution + 23E 804E4A98 16 Bytes [20, D8, 93, EE, 70, D8, 93, ...] {AND AL, BL; XCHG EBX, EAX; OUT DX, AL ; JO 0xffffffffffffffde; XCHG EBX, EAX; OUT DX, AL ; JO 0x87; MOV CL, 0xee; MOV CL, BL; XCHG EBX, EAX; OUT DX, AL }
.text ntoskrnl.exe!ZwYieldExecution + 3A6 804E4C00 4 Bytes [E8, E6, 95, EE]
.text ...
PAGE ntoskrnl.exe!ObInsertObject 8056CBBF 5 Bytes JMP EE9B47F2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ZwReplyWaitReceivePortEx + 3CC 8057570E 4 Bytes CALL EE93C335 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntoskrnl.exe!ObMakeTemporaryObject 805A80B6 5 Bytes JMP EE9B2D4C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
? C:\WINDOWS\system32\drivers\SnopFree.sys The process cannot access the file because it is being used by another process.
? srescan.sys The system cannot find the file specified. !
.text win32k.sys!EngFreeUserMem + 674 BF809B45 5 Bytes JMP EE93ECA2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSurface + 45 BF80FBC0 5 Bytes JMP EE93EBAE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPaint + 4EF BF8255ED 5 Bytes JMP EE93DF34 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + 1E5F BF8341A1 5 Bytes JMP EE93EE0C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + 237D BF8346BF 5 Bytes JMP EE93EB1E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + 4564 BF8368A6 5 Bytes JMP EE93F014 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + EE3F BF841181 5 Bytes JMP EE93DFA4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!FONTOBJ_pxoGetXform + DE42 BF85AD4E 5 Bytes JMP EE93DE70 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 3474 BF87111B 5 Bytes JMP EE93E180 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 34FF BF8711A6 5 Bytes JMP EE93E326 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBlt + 35C1 BF87593B 5 Bytes JMP EE93EBD8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetCurrentCodePage + 411E BF894CB8 5 Bytes JMP EE93E2FE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 3AA1 BF8B6854 5 Bytes JMP EE93ED54 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBltROP + 34B7 BF8BA260 5 Bytes JMP EE93DE58 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBltROP + 8A22 BF8BF7CB 5 Bytes JMP EE93EF72 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngAlphaBlend + 3E8 BF8C333C 5 Bytes JMP EE93E03E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1517 BF8EB97D 5 Bytes JMP EE93E0AE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1797 BF8EBBFD 5 Bytes JMP EE93E0E8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_bCloseFigure + 19EF BF8F9A43 5 Bytes JMP EE93DD8C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 19C1 BF913245 5 Bytes JMP EE93DEF0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 2595 BF913E19 5 Bytes JMP EE93E008 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 4EF4 BF916778 5 Bytes JMP EE93E440 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 18EC BF94468A 5 Bytes JMP EE93EECA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
? C:\WINDOWS\system32\Drivers\uphcleanhlp.sys The system cannot find the file specified. !
? C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\svchost.exe[128] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[128] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[128] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[128] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[128] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 002A1014
.text C:\WINDOWS\System32\svchost.exe[128] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 002A0804
.text C:\WINDOWS\System32\svchost.exe[128] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 002A0A08
.text C:\WINDOWS\System32\svchost.exe[128] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 002A0C0C
.text C:\WINDOWS\System32\svchost.exe[128] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 002A0E10
.text C:\WINDOWS\System32\svchost.exe[128] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 002A01F8
.text C:\WINDOWS\System32\svchost.exe[128] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 002A03FC
.text C:\WINDOWS\System32\svchost.exe[128] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 002A0600
.text C:\WINDOWS\System32\svchost.exe[128] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\svchost.exe[128] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\svchost.exe[128] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\svchost.exe[128] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\svchost.exe[128] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[244] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[244] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[244] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[244] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[244] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 002A1014
.text C:\WINDOWS\system32\svchost.exe[244] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 002A0804
.text C:\WINDOWS\system32\svchost.exe[244] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 002A0A08
.text C:\WINDOWS\system32\svchost.exe[244] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 002A0C0C
.text C:\WINDOWS\system32\svchost.exe[244] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 002A0E10
.text C:\WINDOWS\system32\svchost.exe[244] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 002A01F8
.text C:\WINDOWS\system32\svchost.exe[244] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 002A03FC
.text C:\WINDOWS\system32\svchost.exe[244] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 002A0600
.text C:\WINDOWS\system32\svchost.exe[244] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[244] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[244] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[244] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[244] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 002B03FC
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[264] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 001501F8
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[264] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[264] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 001503FC
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[264] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[264] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 003A1014
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[264] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 003A0804
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[264] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 003A0A08
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[264] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 003A0C0C
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[264] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 003A0E10
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[264] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 003A01F8
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[264] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 003A03FC
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[264] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 003A0600
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[264] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 003B0A08
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[264] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 003B0804
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[264] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 003B0600
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[264] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 003B01F8
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[264] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 003B03FC
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[584] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[584] kernel32.dll!SetUnhandledExceptionFilter 7C8447ED 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[584] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[708] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[708] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[708] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[708] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[708] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 002A1014
.text C:\WINDOWS\System32\svchost.exe[708] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 002A0804
.text C:\WINDOWS\System32\svchost.exe[708] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 002A0A08
.text C:\WINDOWS\System32\svchost.exe[708] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 002A0C0C
.text C:\WINDOWS\System32\svchost.exe[708] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 002A0E10
.text C:\WINDOWS\System32\svchost.exe[708] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 002A01F8
.text C:\WINDOWS\System32\svchost.exe[708] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 002A03FC
.text C:\WINDOWS\System32\svchost.exe[708] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 002A0600
.text C:\WINDOWS\System32\svchost.exe[708] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\svchost.exe[708] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\svchost.exe[708] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\svchost.exe[708] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\svchost.exe[708] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\hkcmd.exe[824] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 001401F8
.text C:\WINDOWS\System32\hkcmd.exe[824] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\WINDOWS\System32\hkcmd.exe[824] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 001403FC
.text C:\WINDOWS\System32\hkcmd.exe[824] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\System32\hkcmd.exe[824] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 00370A08
.text C:\WINDOWS\System32\hkcmd.exe[824] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 00370804
.text C:\WINDOWS\System32\hkcmd.exe[824] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 00370600
.text C:\WINDOWS\System32\hkcmd.exe[824] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 003701F8
.text C:\WINDOWS\System32\hkcmd.exe[824] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 003703FC
.text C:\WINDOWS\System32\hkcmd.exe[824] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 00381014
.text C:\WINDOWS\System32\hkcmd.exe[824] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 00380804
.text C:\WINDOWS\System32\hkcmd.exe[824] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 00380A08
.text C:\WINDOWS\System32\hkcmd.exe[824] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 00380C0C
.text C:\WINDOWS\System32\hkcmd.exe[824] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 00380E10
.text C:\WINDOWS\System32\hkcmd.exe[824] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 003801F8
.text C:\WINDOWS\System32\hkcmd.exe[824] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 003803FC
.text C:\WINDOWS\System32\hkcmd.exe[824] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 00380600
.text C:\WINDOWS\System32\igfxpers.exe[836] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 001401F8
.text C:\WINDOWS\System32\igfxpers.exe[836] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\WINDOWS\System32\igfxpers.exe[836] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 001403FC
.text C:\WINDOWS\System32\igfxpers.exe[836] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\System32\igfxpers.exe[836] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 00370A08
.text C:\WINDOWS\System32\igfxpers.exe[836] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 00370804
.text C:\WINDOWS\System32\igfxpers.exe[836] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 00370600
.text C:\WINDOWS\System32\igfxpers.exe[836] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 003701F8
.text C:\WINDOWS\System32\igfxpers.exe[836] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 003703FC
.text C:\WINDOWS\System32\igfxpers.exe[836] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 00381014
.text C:\WINDOWS\System32\igfxpers.exe[836] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 00380804
.text C:\WINDOWS\System32\igfxpers.exe[836] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 00380A08
.text C:\WINDOWS\System32\igfxpers.exe[836] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 00380C0C
.text C:\WINDOWS\System32\igfxpers.exe[836] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 00380E10
.text C:\WINDOWS\System32\igfxpers.exe[836] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 003801F8
.text C:\WINDOWS\System32\igfxpers.exe[836] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 003803FC
.text C:\WINDOWS\System32\igfxpers.exe[836] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 00380600
.text C:\WINDOWS\System32\smss.exe[932] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[984] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[984] KERNEL32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[1008] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000701F8
.text C:\WINDOWS\system32\winlogon.exe[1008] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[1008] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000703FC
.text C:\WINDOWS\system32\winlogon.exe[1008] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[1008] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 002A1014
.text C:\WINDOWS\system32\winlogon.exe[1008] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 002A0804
.text C:\WINDOWS\system32\winlogon.exe[1008] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 002A0A08
.text C:\WINDOWS\system32\winlogon.exe[1008] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 002A0C0C
.text C:\WINDOWS\system32\winlogon.exe[1008] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 002A0E10
.text C:\WINDOWS\system32\winlogon.exe[1008] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 002A01F8
.text C:\WINDOWS\system32\winlogon.exe[1008] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 002A03FC
.text C:\WINDOWS\system32\winlogon.exe[1008] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 002A0600
.text C:\WINDOWS\system32\winlogon.exe[1008] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\winlogon.exe[1008] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\winlogon.exe[1008] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\winlogon.exe[1008] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\winlogon.exe[1008] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\services.exe[1052] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\services.exe[1052] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[1052] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\services.exe[1052] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[1052] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 002A1014
.text C:\WINDOWS\system32\services.exe[1052] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 002A0804
.text C:\WINDOWS\system32\services.exe[1052] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 002A0A08
.text C:\WINDOWS\system32\services.exe[1052] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 002A0C0C
.text C:\WINDOWS\system32\services.exe[1052] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 002A0E10
.text C:\WINDOWS\system32\services.exe[1052] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 002A01F8
.text C:\WINDOWS\system32\services.exe[1052] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 002A03FC
.text C:\WINDOWS\system32\services.exe[1052] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 002A0600
.text C:\WINDOWS\system32\services.exe[1052] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\services.exe[1052] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\services.exe[1052] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\services.exe[1052] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\services.exe[1052] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\lsass.exe[1064] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\lsass.exe[1064] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[1064] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\lsass.exe[1064] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[1064] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 002A1014
.text C:\WINDOWS\system32\lsass.exe[1064] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 002A0804
.text C:\WINDOWS\system32\lsass.exe[1064] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 002A0A08
.text C:\WINDOWS\system32\lsass.exe[1064] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 002A0C0C
.text C:\WINDOWS\system32\lsass.exe[1064] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 002A0E10
.text C:\WINDOWS\system32\lsass.exe[1064] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 002A01F8
.text C:\WINDOWS\system32\lsass.exe[1064] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 002A03FC
.text C:\WINDOWS\system32\lsass.exe[1064] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 002A0600
.text C:\WINDOWS\system32\lsass.exe[1064] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\lsass.exe[1064] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\lsass.exe[1064] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\lsass.exe[1064] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\lsass.exe[1064] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 002B03FC
.text C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE[1220] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 001501F8
.text C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE[1220] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE[1220] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 001503FC
.text C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE[1220] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE[1220] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 00381014
.text C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE[1220] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 00380804
.text C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE[1220] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 00380A08
.text C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE[1220] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 00380C0C
.text C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE[1220] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 00380E10
.text C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE[1220] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 003801F8
.text C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE[1220] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 003803FC
.text C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE[1220] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 00380600
.text C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE[1220] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 00390A08
.text C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE[1220] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 00390804
.text C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE[1220] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 00390600
.text C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE[1220] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 003901F8
.text C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE[1220] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 003903FC
.text C:\WINDOWS\system32\svchost.exe[1236] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1236] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1236] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1236] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 002A1014
.text C:\WINDOWS\system32\svchost.exe[1236] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 002A0804
.text C:\WINDOWS\system32\svchost.exe[1236] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 002A0A08
.text C:\WINDOWS\system32\svchost.exe[1236] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 002A0C0C
.text C:\WINDOWS\system32\svchost.exe[1236] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 002A0E10
.text C:\WINDOWS\system32\svchost.exe[1236] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 002A01F8
.text C:\WINDOWS\system32\svchost.exe[1236] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 002A03FC
.text C:\WINDOWS\system32\svchost.exe[1236] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 002A0600
.text C:\WINDOWS\system32\svchost.exe[1236] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1236] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1236] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1236] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1236] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\svchost.exe[1252] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[1252] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1252] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[1252] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1252] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 002A1014
.text C:\WINDOWS\System32\svchost.exe[1252] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 002A0804
.text C:\WINDOWS\System32\svchost.exe[1252] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 002A0A08
.text C:\WINDOWS\System32\svchost.exe[1252] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 002A0C0C
.text C:\WINDOWS\System32\svchost.exe[1252] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 002A0E10
.text C:\WINDOWS\System32\svchost.exe[1252] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 002A01F8
.text C:\WINDOWS\System32\svchost.exe[1252] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 002A03FC
.text C:\WINDOWS\System32\svchost.exe[1252] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 002A0600
.text C:\WINDOWS\System32\svchost.exe[1252] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\svchost.exe[1252] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\svchost.exe[1252] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\svchost.exe[1252] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\svchost.exe[1252] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 002B03FC
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[1256] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 001501F8
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[1256] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[1256] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 001503FC
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[1256] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[1256] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 00381014
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[1256] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 00380804
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[1256] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 00380A08
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[1256] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 00380C0C
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[1256] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 00380E10
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[1256] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 003801F8
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[1256] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 003803FC
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[1256] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 00380600
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[1256] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 00390A08
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[1256] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 00390804
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[1256] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 00390600
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[1256] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 003901F8
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[1256] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 003903FC
.text C:\WINDOWS\system32\svchost.exe[1304] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1304] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1304] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1304] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 002A1014
.text C:\WINDOWS\system32\svchost.exe[1304] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 002A0804
.text C:\WINDOWS\system32\svchost.exe[1304] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 002A0A08
.text C:\WINDOWS\system32\svchost.exe[1304] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 002A0C0C
.text C:\WINDOWS\system32\svchost.exe[1304] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 002A0E10
.text C:\WINDOWS\system32\svchost.exe[1304] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 002A01F8
.text C:\WINDOWS\system32\svchost.exe[1304] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 002A03FC
.text C:\WINDOWS\system32\svchost.exe[1304] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 002A0600
.text C:\WINDOWS\system32\svchost.exe[1304] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1304] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1304] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1304] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1304] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\svchost.exe[1344] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[1344] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1344] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[1344] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1344] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 002A1014
.text C:\WINDOWS\System32\svchost.exe[1344] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 002A0804
.text C:\WINDOWS\System32\svchost.exe[1344] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 002A0A08
.text C:\WINDOWS\System32\svchost.exe[1344] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 002A0C0C
.text C:\WINDOWS\System32\svchost.exe[1344] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 002A0E10
.text C:\WINDOWS\System32\svchost.exe[1344] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 002A01F8
.text C:\WINDOWS\System32\svchost.exe[1344] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 002A03FC
.text C:\WINDOWS\System32\svchost.exe[1344] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 002A0600
.text C:\WINDOWS\System32\svchost.exe[1344] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\svchost.exe[1344] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\svchost.exe[1344] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\svchost.exe[1344] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\svchost.exe[1344] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 002B03FC
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1440] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 001401F8
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1440] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1440] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 001403FC
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1440] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1440] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 00370A08
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1440] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 00370804
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1440] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 00370600
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1440] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 003701F8
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1440] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 003703FC
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1440] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 00381014
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1440] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 00380804
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1440] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 00380A08
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1440] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 00380C0C
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1440] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 00380E10
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1440] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 003801F8
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1440] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 003803FC
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1440] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 00380600
.text C:\WINDOWS\System32\svchost.exe[1472] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[1472] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1472] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[1472] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1472] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 002A1014
.text C:\WINDOWS\System32\svchost.exe[1472] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 002A0804
.text C:\WINDOWS\System32\svchost.exe[1472] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 002A0A08
.text C:\WINDOWS\System32\svchost.exe[1472] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 002A0C0C
.text C:\WINDOWS\System32\svchost.exe[1472] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 002A0E10
.text C:\WINDOWS\System32\svchost.exe[1472] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 002A01F8
.text C:\WINDOWS\System32\svchost.exe[1472] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 002A03FC
.text C:\WINDOWS\System32\svchost.exe[1472] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 002A0600
.text C:\WINDOWS\System32\svchost.exe[1472] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\svchost.exe[1472] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\svchost.exe[1472] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\svchost.exe[1472] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\svchost.exe[1472] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\svchost.exe[1480] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[1480] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1480] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[1480] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1480] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 002A1014
.text C:\WINDOWS\System32\svchost.exe[1480] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 002A0804
.text C:\WINDOWS\System32\svchost.exe[1480] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 002A0A08
.text C:\WINDOWS\System32\svchost.exe[1480] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 002A0C0C
.text C:\WINDOWS\System32\svchost.exe[1480] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 002A0E10
.text C:\WINDOWS\System32\svchost.exe[1480] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 002A01F8
.text C:\WINDOWS\System32\svchost.exe[1480] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 002A03FC
.text C:\WINDOWS\System32\svchost.exe[1480] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 002A0600
.text C:\WINDOWS\System32\svchost.exe[1480] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\svchost.exe[1480] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\svchost.exe[1480] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\svchost.exe[1480] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\svchost.exe[1480] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1512] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1512] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1512] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1512] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1512] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 002A1014
.text C:\WINDOWS\system32\svchost.exe[1512] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 002A0804
.text C:\WINDOWS\system32\svchost.exe[1512] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 002A0A08
.text C:\WINDOWS\system32\svchost.exe[1512] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 002A0C0C
.text C:\WINDOWS\system32\svchost.exe[1512] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 002A0E10
.text C:\WINDOWS\system32\svchost.exe[1512] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 002A01F8
.text C:\WINDOWS\system32\svchost.exe[1512] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 002A03FC
.text C:\WINDOWS\system32\svchost.exe[1512] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 002A0600
.text C:\WINDOWS\system32\svchost.exe[1512] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1512] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1512] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1512] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1512] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1548] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 001401F8
.text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1548] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1548] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 001403FC
.text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1548] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1548] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 003A1014
.text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1548] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 003A0804
.text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1548] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 003A0A08
.text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1548] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 003A0C0C
.text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1548] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 003A0E10
.text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1548] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 003A01F8
.text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1548] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 003A03FC
.text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1548] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 003A0600
.text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1548] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 003B0A08
.text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1548] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 003B0804
.text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1548] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 003B0600
.text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1548] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 003B01F8
.text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1548] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 003B03FC
.text G:\Program[1572] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 001501F8
.text G:\Program[1572] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text G:\Program[1572] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 001503FC
.text G:\Program[1572] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text G:\Program[1572] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 003A1014
.text G:\Program[1572] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 003A0804
.text G:\Program[1572] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 003A0A08
.text G:\Program[1572] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 003A0C0C
.text G:\Program[1572] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 003A0E10
.text G:\Program[1572] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 003A01F8
.text G:\Program[1572] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 003A03FC
.text G:\Program[1572] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 003A0600
.text G:\Program[1572] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 003B0A08
.text G:\Program[1572] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 003B0804
.text G:\Program[1572] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 003B0600
.text G:\Program[1572] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 003B01F8
.text G:\Program[1572] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 003B03FC
.text C:\WINDOWS\System32\SnoopFreeSvc.exe[1584] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 001401F8
.text C:\WINDOWS\System32\SnoopFreeSvc.exe[1584] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\WINDOWS\System32\SnoopFreeSvc.exe[1584] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 001403FC
.text C:\WINDOWS\System32\SnoopFreeSvc.exe[1584] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\System32\SnoopFreeSvc.exe[1584] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 00370A08
.text C:\WINDOWS\System32\SnoopFreeSvc.exe[1584] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 00370804
.text C:\WINDOWS\System32\SnoopFreeSvc.exe[1584] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 00370600
.text C:\WINDOWS\System32\SnoopFreeSvc.exe[1584] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 003701F8
.text C:\WINDOWS\System32\SnoopFreeSvc.exe[1584] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 003703FC
.text C:\WINDOWS\System32\SnoopFreeSvc.exe[1584] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 00381014
.text C:\WINDOWS\System32\SnoopFreeSvc.exe[1584] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 00380804
.text C:\WINDOWS\System32\SnoopFreeSvc.exe[1584] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 00380A08
.text C:\WINDOWS\System32\SnoopFreeSvc.exe[1584] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 00380C0C
.text C:\WINDOWS\System32\SnoopFreeSvc.exe[1584] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 00380E10
.text C:\WINDOWS\System32\SnoopFreeSvc.exe[1584] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 003801F8
.text C:\WINDOWS\System32\SnoopFreeSvc.exe[1584] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 003803FC
.text C:\WINDOWS\System32\SnoopFreeSvc.exe[1584] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 00380600
.text C:\WINDOWS\System32\svchost.exe[1668] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[1668] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1668] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[1668] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1668] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 002A1014
.text C:\WINDOWS\System32\svchost.exe[1668] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 002A0804
.text C:\WINDOWS\System32\svchost.exe[1668] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 002A0A08
.text C:\WINDOWS\System32\svchost.exe[1668] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 002A0C0C
.text C:\WINDOWS\System32\svchost.exe[1668] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 002A0E10
.text C:\WINDOWS\System32\svchost.exe[1668] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 002A01F8
.text C:\WINDOWS\System32\svchost.exe[1668] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 002A03FC
.text C:\WINDOWS\System32\svchost.exe[1668] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 002A0600
.text C:\WINDOWS\System32\svchost.exe[1668] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\svchost.exe[1668] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\svchost.exe[1668] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\svchost.exe[1668] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\svchost.exe[1668] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 002B03FC
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[1692] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 001501F8
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[1692] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[1692] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 001503FC
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[1692] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[1692] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 00611014
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[1692] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 00610804
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[1692] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 00610A08
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[1692] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 00610C0C
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[1692] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 00610E10
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[1692] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 006101F8
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[1692] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 006103FC
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[1692] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 00610600
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[1692] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 00620A08
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[1692] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 00620804
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[1692] USER32.dll!SetWindowsHookExA 77D611E9 3 Bytes JMP 00620600
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[1692] USER32.dll!SetWindowsHookExA + 4 77D611ED 1 Byte [88]
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[1692] USER32.dll!SetWinEventHook 77D617C8 3 Bytes JMP 006201F8
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[1692] USER32.dll!SetWinEventHook + 4 77D617CC 1 Byte [88]
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[1692] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 006203FC
.text C:\WINDOWS\system32\LEXBCES.EXE[1748] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 001401F8
.text C:\WINDOWS\system32\LEXBCES.EXE[1748] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\WINDOWS\system32\LEXBCES.EXE[1748] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 001403FC
.text C:\WINDOWS\system32\LEXBCES.EXE[1748] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\LEXBCES.EXE[1748] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 00370A08
.text C:\WINDOWS\system32\LEXBCES.EXE[1748] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 00370804
.text C:\WINDOWS\system32\LEXBCES.EXE[1748] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 00370600
.text C:\WINDOWS\system32\LEXBCES.EXE[1748] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 003701F8
.text C:\WINDOWS\system32\LEXBCES.EXE[1748] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 003703FC
.text C:\WINDOWS\system32\LEXBCES.EXE[1748] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 00381014
.text C:\WINDOWS\system32\LEXBCES.EXE[1748] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 00380804
.text C:\WINDOWS\system32\LEXBCES.EXE[1748] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 00380A08
.text C:\WINDOWS\system32\LEXBCES.EXE[1748] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 00380C0C
.text C:\WINDOWS\system32\LEXBCES.EXE[1748] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 00380E10
.text C:\WINDOWS\system32\LEXBCES.EXE[1748] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 003801F8
.text C:\WINDOWS\system32\LEXBCES.EXE[1748] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 003803FC
.text C:\WINDOWS\system32\LEXBCES.EXE[1748] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 00380600
.text C:\WINDOWS\system32\LEXPPS.EXE[1792] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 001401F8
.text C:\WINDOWS\system32\LEXPPS.EXE[1792] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\WINDOWS\system32\LEXPPS.EXE[1792] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 001403FC
.text C:\WINDOWS\system32\LEXPPS.EXE[1792] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\LEXPPS.EXE[1792] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 00371014
.text C:\WINDOWS\system32\LEXPPS.EXE[1792] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 00370804
.text C:\WINDOWS\system32\LEXPPS.EXE[1792] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 00370A08
.text C:\WINDOWS\system32\LEXPPS.EXE[1792] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 00370C0C
.text C:\WINDOWS\system32\LEXPPS.EXE[1792] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 00370E10
.text C:\WINDOWS\system32\LEXPPS.EXE[1792] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 003701F8
.text C:\WINDOWS\system32\LEXPPS.EXE[1792] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 003703FC
.text C:\WINDOWS\system32\LEXPPS.EXE[1792] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 00370600
.text C:\WINDOWS\system32\LEXPPS.EXE[1792] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 00380A08
.text C:\WINDOWS\system32\LEXPPS.EXE[1792] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 00380804
.text C:\WINDOWS\system32\LEXPPS.EXE[1792] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 00380600
.text C:\WINDOWS\system32\LEXPPS.EXE[1792] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 003801F8
.text C:\WINDOWS\system32\LEXPPS.EXE[1792] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 003803FC
.text C:\WINDOWS\system32\spoolsv.exe[1880] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\spoolsv.exe[1880] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1880] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\spoolsv.exe[1880] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1880] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 002A1014
.text C:\WINDOWS\system32\spoolsv.exe[1880] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 002A0804
.text C:\WINDOWS\system32\spoolsv.exe[1880] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 002A0A08
.text C:\WINDOWS\system32\spoolsv.exe[1880] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 002A0C0C
.text C:\WINDOWS\system32\spoolsv.exe[1880] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 002A0E10
.text C:\WINDOWS\system32\spoolsv.exe[1880] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 002A01F8
.text C:\WINDOWS\system32\spoolsv.exe[1880] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 002A03FC
.text C:\WINDOWS\system32\spoolsv.exe[1880] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 002A0600
.text C:\WINDOWS\system32\spoolsv.exe[1880] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\spoolsv.exe[1880] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\spoolsv.exe[1880] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\spoolsv.exe[1880] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\spoolsv.exe[1880] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 002B03FC
.text C:\WINDOWS\Explorer.EXE[1948] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000901F8
.text C:\WINDOWS\Explorer.EXE[1948] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[1948] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000903FC
.text C:\WINDOWS\Explorer.EXE[1948] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[1948] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 002B1014
.text C:\WINDOWS\Explorer.EXE[1948] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 002B0804
.text C:\WINDOWS\Explorer.EXE[1948] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 002B0A08
.text C:\WINDOWS\Explorer.EXE[1948] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\Explorer.EXE[1948] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 002B0E10
.text C:\WINDOWS\Explorer.EXE[1948] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 002B01F8
.text C:\WINDOWS\Explorer.EXE[1948] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 002B03FC
.text C:\WINDOWS\Explorer.EXE[1948] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 002B0600
.text C:\WINDOWS\Explorer.EXE[1948] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\Explorer.EXE[1948] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 002C0804
.text C:\WINDOWS\Explorer.EXE[1948] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 002C0600
.text C:\WINDOWS\Explorer.EXE[1948] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 002C01F8
.text C:\WINDOWS\Explorer.EXE[1948] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 002C03FC
.text C:\Program Files\ClocX\ClocX.exe[2064] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 001501F8
.text C:\Program Files\ClocX\ClocX.exe[2064] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\Program Files\ClocX\ClocX.exe[2064] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 001503FC
.text C:\Program Files\ClocX\ClocX.exe[2064] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\Program Files\ClocX\ClocX.exe[2064] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 00380A08
.text C:\Program Files\ClocX\ClocX.exe[2064] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 00380804
.text C:\Program Files\ClocX\ClocX.exe[2064] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 00380600
.text C:\Program Files\ClocX\ClocX.exe[2064] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 003801F8
.text C:\Program Files\ClocX\ClocX.exe[2064] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 003803FC
.text C:\Program Files\ClocX\ClocX.exe[2064] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 00391014
.text C:\Program Files\ClocX\ClocX.exe[2064] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 00390804
.text C:\Program Files\ClocX\ClocX.exe[2064] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 00390A08
.text C:\Program Files\ClocX\ClocX.exe[2064] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 00390C0C
.text C:\Program Files\ClocX\ClocX.exe[2064] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 00390E10
.text C:\Program Files\ClocX\ClocX.exe[2064] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 003901F8
.text C:\Program Files\ClocX\ClocX.exe[2064] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 003903FC
.text C:\Program Files\ClocX\ClocX.exe[2064] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 00390600
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[2104] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[2104] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\System32\wdfmgr.exe[2312] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000801F8
.text C:\WINDOWS\System32\wdfmgr.exe[2312] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\WINDOWS\System32\wdfmgr.exe[2312] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000803FC
.text C:\WINDOWS\System32\wdfmgr.exe[2312] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\System32\wdfmgr.exe[2312] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 002B1014
.text C:\WINDOWS\System32\wdfmgr.exe[2312] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\wdfmgr.exe[2312] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\wdfmgr.exe[2312] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\System32\wdfmgr.exe[2312] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 002B0E10
.text C:\WINDOWS\System32\wdfmgr.exe[2312] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\wdfmgr.exe[2312] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\wdfmgr.exe[2312] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\wdfmgr.exe[2312] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\System32\wdfmgr.exe[2312] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 002C0804
.text C:\WINDOWS\System32\wdfmgr.exe[2312] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 002C0600
.text C:\WINDOWS\System32\wdfmgr.exe[2312] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\wdfmgr.exe[2312] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 002C03FC
.text C:\Program Files\UPHClean\uphclean.exe[2424] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 001501F8
.text C:\Program Files\UPHClean\uphclean.exe[2424] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\Program Files\UPHClean\uphclean.exe[2424] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 001503FC
.text C:\Program Files\UPHClean\uphclean.exe[2424] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\SnoopFreeUI.exe[2480] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 001401F8
.text C:\WINDOWS\SnoopFreeUI.exe[2480] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\WINDOWS\SnoopFreeUI.exe[2480] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 001403FC
.text C:\WINDOWS\SnoopFreeUI.exe[2480] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\SnoopFreeUI.exe[2480] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 00371014
.text C:\WINDOWS\SnoopFreeUI.exe[2480] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 00370804
.text C:\WINDOWS\SnoopFreeUI.exe[2480] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 00370A08
.text C:\WINDOWS\SnoopFreeUI.exe[2480] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 00370C0C
.text C:\WINDOWS\SnoopFreeUI.exe[2480] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 00370E10
.text C:\WINDOWS\SnoopFreeUI.exe[2480] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 003701F8
.text C:\WINDOWS\SnoopFreeUI.exe[2480] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 003703FC
.text C:\WINDOWS\SnoopFreeUI.exe[2480] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 00370600
.text C:\WINDOWS\SnoopFreeUI.exe[2480] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 00380A08
.text C:\WINDOWS\SnoopFreeUI.exe[2480] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 00380804
.text C:\WINDOWS\SnoopFreeUI.exe[2480] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 00380600
.text C:\WINDOWS\SnoopFreeUI.exe[2480] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 003801F8
.text C:\WINDOWS\SnoopFreeUI.exe[2480] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 003803FC
.text C:\WINDOWS\system32\wscntfy.exe[3080] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\wscntfy.exe[3080] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\WINDOWS\system32\wscntfy.exe[3080] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\wscntfy.exe[3080] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\wscntfy.exe[3080] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\wscntfy.exe[3080] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\wscntfy.exe[3080] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\wscntfy.exe[3080] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\wscntfy.exe[3080] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\wscntfy.exe[3080] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 002D1014
.text C:\WINDOWS\system32\wscntfy.exe[3080] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 002D0804
.text C:\WINDOWS\system32\wscntfy.exe[3080] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 002D0A08
.text C:\WINDOWS\system32\wscntfy.exe[3080] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 002D0C0C
.text C:\WINDOWS\system32\wscntfy.exe[3080] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 002D0E10
.text C:\WINDOWS\system32\wscntfy.exe[3080] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 002D01F8
.text C:\WINDOWS\system32\wscntfy.exe[3080] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 002D03FC
.text C:\WINDOWS\system32\wscntfy.exe[3080] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 002D0600
.text C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe[3100] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 001501F8
.text C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe[3100] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe[3100] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 001503FC
.text C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe[3100] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe[3100] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 00380A08
.text C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe[3100] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 00380804
.text C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe[3100] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 00380600
.text C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe[3100] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 003801F8
.text C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe[3100] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 003803FC
.text C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe[3100] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 00391014
.text C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe[3100] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 00390804
.text C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe[3100] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 00390A08
.text C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe[3100] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 00390C0C
.text C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe[3100] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 00390E10
.text C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe[3100] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 003901F8
.text C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe[3100] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 003903FC
.text C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe[3100] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 00390600
.text C:\Program Files\TRENDnet\TRENDnet TEW-421PC_TEW-423PI\WlanCU.exe[3216] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 001401F8
.text C:\Program Files\TRENDnet\TRENDnet TEW-421PC_TEW-423PI\WlanCU.exe[3216] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\Program Files\TRENDnet\TRENDnet TEW-421PC_TEW-423PI\WlanCU.exe[3216] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 001403FC
.text C:\Program Files\TRENDnet\TRENDnet TEW-421PC_TEW-423PI\WlanCU.exe[3216] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\Program Files\TRENDnet\TRENDnet TEW-421PC_TEW-423PI\WlanCU.exe[3216] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 003B1014
.text C:\Program Files\TRENDnet\TRENDnet TEW-421PC_TEW-423PI\WlanCU.exe[3216] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 003B0804
.text C:\Program Files\TRENDnet\TRENDnet TEW-421PC_TEW-423PI\WlanCU.exe[3216] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 003B0A08
.text C:\Program Files\TRENDnet\TRENDnet TEW-421PC_TEW-423PI\WlanCU.exe[3216] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 003B0C0C
.text C:\Program Files\TRENDnet\TRENDnet TEW-421PC_TEW-423PI\WlanCU.exe[3216] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 003B0E10
.text C:\Program Files\TRENDnet\TRENDnet TEW-421PC_TEW-423PI\WlanCU.exe[3216] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 003B01F8
.text C:\Program Files\TRENDnet\TRENDnet TEW-421PC_TEW-423PI\WlanCU.exe[3216] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 003B03FC
.text C:\Program Files\TRENDnet\TRENDnet TEW-421PC_TEW-423PI\WlanCU.exe[3216] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 003B0600
.text C:\Program Files\TRENDnet\TRENDnet TEW-421PC_TEW-423PI\WlanCU.exe[3216] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 003C0A08
.text C:\Program Files\TRENDnet\TRENDnet TEW-421PC_TEW-423PI\WlanCU.exe[3216] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 003C0804
.text C:\Program Files\TRENDnet\TRENDnet TEW-421PC_TEW-423PI\WlanCU.exe[3216] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 003C0600
.text C:\Program Files\TRENDnet\TRENDnet TEW-421PC_TEW-423PI\WlanCU.exe[3216] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 003C01F8
.text C:\Program Files\TRENDnet\TRENDnet TEW-421PC_TEW-423PI\WlanCU.exe[3216] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 003C03FC
.text C:\Program Files\Lunabar\Lunabar.exe[3312] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 001501F8
.text C:\Program Files\Lunabar\Lunabar.exe[3312] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\Program Files\Lunabar\Lunabar.exe[3312] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 001503FC
.text C:\Program Files\Lunabar\Lunabar.exe[3312] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\Program Files\Lunabar\Lunabar.exe[3312] ADVAPI32.DLL!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 00381014
.text C:\Program Files\Lunabar\Lunabar.exe[3312] ADVAPI32.DLL!ChangeServiceConfigA 77E36D11 5 Bytes JMP 00380804
.text C:\Program Files\Lunabar\Lunabar.exe[3312] ADVAPI32.DLL!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 00380A08
.text C:\Program Files\Lunabar\Lunabar.exe[3312] ADVAPI32.DLL!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 00380C0C
.text C:\Program Files\Lunabar\Lunabar.exe[3312] ADVAPI32.DLL!ChangeServiceConfig2W 77E37031 5 Bytes JMP 00380E10
.text C:\Program Files\Lunabar\Lunabar.exe[3312] ADVAPI32.DLL!CreateServiceA 77E370B9 5 Bytes JMP 003801F8
.text C:\Program Files\Lunabar\Lunabar.exe[3312] ADVAPI32.DLL!CreateServiceW 77E37251 5 Bytes JMP 003803FC
.text C:\Program Files\Lunabar\Lunabar.exe[3312] ADVAPI32.DLL!DeleteService 77E37359 5 Bytes JMP 00380600
.text C:\Program Files\Lunabar\Lunabar.exe[3312] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 00390A08
.text C:\Program Files\Lunabar\Lunabar.exe[3312] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 00390804
.text C:\Program Files\Lunabar\Lunabar.exe[3312] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 00390600
.text C:\Program Files\Lunabar\Lunabar.exe[3312] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 003901F8
.text C:\Program Files\Lunabar\Lunabar.exe[3312] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 003903FC
.text C:\Documents and Settings\Administrator\Desktop\gmer\gmer.exe[3412] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\Documents and Settings\Administrator\Desktop\gmer\gmer.exe[3412] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[3596] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\alg.exe[3596] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[3596] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\alg.exe[3596] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[3596] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 002A0A08
.text C:\WINDOWS\System32\alg.exe[3596] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 002A0804
.text C:\WINDOWS\System32\alg.exe[3596] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 002A0600
.text C:\WINDOWS\System32\alg.exe[3596] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 002A01F8
.text C:\WINDOWS\System32\alg.exe[3596] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 002A03FC
.text C:\WINDOWS\System32\alg.exe[3596] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 002B1014
.text C:\WINDOWS\System32\alg.exe[3596] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\alg.exe[3596] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\alg.exe[3596] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\System32\alg.exe[3596] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 002B0E10
.text C:\WINDOWS\System32\alg.exe[3596] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\alg.exe[3596] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\alg.exe[3596] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\NOTEPAD.EXE[4012] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\WINDOWS\system32\NOTEPAD.EXE[4012] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

Device \FileSystem\Fastfat \FatCdrom aswSP.SYS (avast! self protection module/AVAST Software)
Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)

AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)

AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
Device \FileSystem\Fastfat \Fat aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
---- Processes - GMER 1.0.15 ----


---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@RequireSignedAppInit_DLLs 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8C6141F8-733B-0D7F-591B-709D231A991C}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8C6141F8-733B-0D7F-591B-709D231A991C}@jabplhcaiepbpabjecnm 0x62 0x61 0x62 0x6A ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8C6141F8-733B-0D7F-591B-709D231A991C}@iabmgffbdhjnpccfjh 0x6B 0x61 0x69 0x69 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8C6141F8-733B-0D7F-591B-709D231A991C}@jabplhcaiepbpabjecjm 0x62 0x61 0x6E 0x69 ...

---- EOF - GMER 1.0.15 ----

#4 shelf life

shelf life

  • Malware Response Team
  • 2,682 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:11:23 PM

Posted 08 August 2011 - 06:43 PM

hi j.mark,

We will get a download to use. There is a guide to read first. You can read it on another machine if it will be easier. Read through the guide. Download combofix to the compromised machine, you can run it in safe mode with networking so it can install the recovery console before it runs. Post the log once combofix is done.


Guide to using Combofix

How Can I Reduce My Risk to Malware?


#5 j.mark

j.mark
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:23 PM

Posted 09 August 2011 - 10:56 AM

Combo Fix says Avast was still on, but Avast says it ain't.
Guess I should have uninstalled it before running CF.
Here's the log. What's next?
Thanks

ComboFix 11-08-08.03 - Administrator 08/09/2011 1:13.7.2 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1007.618 [GMT -7:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *Enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\messenger\msmsgsin.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-07-09 to 2011-08-09 )))))))))))))))))))))))))))))))
.
.
2011-08-09 05:52 . 2011-08-09 05:52 720288 ----a-w- c:\program files\Mozilla Firefox\install_reader10_en_air_mssa_aih.exe
2011-08-02 00:27 . 2011-08-02 00:29 4608744 ----a-w- C:\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
2011-08-01 23:43 . 2011-08-01 23:45 2585872 ----a-w- C:\WindowsInstaller-KB893803-v2-x86.exe
2011-08-01 23:41 . 2011-08-01 23:43 1214120 ----a-w- C:\EWBackup_1-1-1006_dwn.exe
2011-08-01 23:33 . 2011-08-01 23:36 793600 ----a-w- C:\ntbackup.msi
2011-08-01 06:39 . 2011-08-01 06:39 -------- d-----w- c:\documents and settings\Administrator\Application Data\Runscanner.net
2011-08-01 06:07 . 2011-08-01 06:07 -------- d-----w- c:\program files\SpywareBlaster
2011-08-01 06:07 . 2010-01-11 02:40 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2011-08-01 05:57 . 2011-08-01 05:57 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2011-08-01 05:56 . 2011-08-01 05:57 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-08-01 05:35 . 2011-08-01 05:35 -------- d-----w- c:\program files\UPHClean
2011-08-01 04:08 . 2011-08-02 00:12 -------- d-----w- C:\EVENTLOGS
2011-08-01 02:13 . 2011-08-01 02:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2011-07-31 23:47 . 2011-07-31 23:47 -------- d-----w- c:\program files\VS Revo Group
2011-07-31 23:16 . 2011-07-31 23:50 -------- d-----w- c:\program files\COMODO
2011-07-31 23:04 . 2011-07-31 23:04 -------- d-----w- C:\EnhanceSecurityXP2
2011-07-31 22:31 . 2011-07-31 22:36 -------- d-----w- C:\Disconnects
2011-07-31 22:03 . 2011-07-31 22:03 -------- d-----w- c:\program files\IPaddresses
2011-07-31 20:37 . 2011-07-31 21:32 -------- d-----w- c:\program files\MSBLASTVIRUS
2011-07-31 20:29 . 2011-07-31 20:32 -------- d-----w- c:\program files\NetworkConnectionWizardProblems
2011-07-31 20:21 . 2011-07-31 20:25 -------- d-----w- c:\program files\TUThelp
2011-07-31 19:16 . 2004-03-09 07:00 124688 ----a-w- c:\windows\system32\MSWinSck.ocx
2011-07-31 19:16 . 2007-06-08 19:53 1753088 ----a-w- c:\windows\system32\ExGrid.dll
2011-07-31 19:16 . 2007-06-05 16:20 602112 ----a-w- c:\windows\system32\ExMenu.dll
2011-07-31 19:16 . 2007-06-05 16:19 516096 ----a-w- c:\windows\system32\ExTab.dll
2011-07-31 19:16 . 2007-04-03 22:51 614400 ----a-w- c:\windows\system32\ExButton.dll
2011-07-31 19:16 . 2007-04-03 22:51 307200 ----a-w- c:\windows\system32\ExPMenu.dll
2011-07-31 19:16 . 2011-07-31 19:16 -------- d-----w- c:\program files\Common Files\eSellerate
2011-07-31 19:16 . 2005-10-11 20:40 356352 ----a-w- c:\windows\system32\eSellerateEngine.dll
2011-07-31 19:16 . 2005-10-04 14:11 118784 ----a-w- c:\windows\system32\eWebControl.dll
2011-07-31 19:16 . 1998-04-24 06:00 368912 ----a-w- c:\windows\system32\vbar332.dll
2011-07-31 19:16 . 2011-07-31 19:16 -------- d-----w- c:\program files\AnswersThatWork
2011-07-31 08:28 . 2011-07-31 08:32 -------- d-----w- C:\threatreport
2011-07-31 05:10 . 2011-07-31 05:10 -------- d-----w- c:\program files\Ashampoo
2011-07-31 04:35 . 2011-07-31 05:05 -------- d-----w- c:\program files\Startup
2011-07-30 22:06 . 2011-07-30 22:06 -------- d-----w- c:\documents and settings\All Users\Application Data\QFX Software
2011-07-30 22:06 . 2011-07-30 22:06 -------- d-----w- c:\documents and settings\Administrator\Application Data\QFX Software
2011-07-30 21:48 . 2011-08-01 22:16 9472 ----a-w- c:\windows\system32\drivers\SnopFree.sys
2011-07-30 21:48 . 2011-08-01 22:16 90112 ----a-w- c:\windows\system32\SnoopFreeSvc.exe
2011-07-30 21:48 . 2011-08-01 22:16 45056 ----a-w- c:\windows\SnoopFreeDll.dll
2011-07-30 21:48 . 2011-08-01 22:16 221184 ----a-w- c:\windows\SnoopFreeUI.exe
2011-07-30 06:11 . 2011-07-30 06:11 -------- d-----w- c:\program files\aswMBR
2011-07-30 04:11 . 2011-07-30 04:11 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Opera
2011-07-30 04:10 . 2011-07-30 04:10 -------- d-----w- c:\program files\Opera
2011-07-29 22:36 . 2011-07-29 22:38 -------- d-----w- c:\program files\fixbug
2011-07-29 04:33 . 2011-07-29 04:43 -------- d-----w- c:\program files\Firefox
2011-07-29 02:08 . 2011-07-30 02:46 -------- d-----w- C:\Bleepingcomputer.com
2011-07-29 00:25 . 2011-07-29 00:30 -------- d-----w- c:\program files\HowToCleanMalware
2011-07-29 00:23 . 2011-07-29 00:34 -------- d-----w- c:\program files\ReinstallXP
2011-07-28 23:45 . 2011-07-29 00:14 -------- d-----w- c:\program files\BackupInfo
2011-07-28 21:53 . 2011-08-02 07:42 -------- d-----w- c:\program files\Backup
2011-07-28 03:41 . 2011-07-28 03:42 -------- d-----w- c:\program files\GMERLOG
2011-07-27 19:47 . 2011-07-29 21:47 -------- d-----w- c:\program files\HPprinter
2011-07-27 19:42 . 2011-07-27 19:50 1748384 ----a-w- c:\program files\HPSDU.exe.part
2011-07-27 05:39 . 2011-07-27 05:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2011-07-27 02:49 . 2011-07-27 02:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-07-27 02:32 . 2011-07-07 02:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-27 02:32 . 2011-07-27 02:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-27 02:32 . 2011-07-07 02:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-27 00:02 . 2011-07-27 00:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Panda Security
2011-07-26 23:19 . 2011-07-27 00:11 -------- d-----w- c:\program files\QH
2011-07-26 22:39 . 2011-07-04 11:36 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-26 22:39 . 2011-07-04 11:32 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-07-26 22:39 . 2011-07-04 11:35 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-26 22:39 . 2011-07-04 11:32 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-26 22:39 . 2011-07-04 11:36 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-26 22:39 . 2011-07-04 11:35 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-07-26 22:39 . 2011-07-04 11:35 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-07-26 22:39 . 2011-07-04 11:32 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-07-26 22:39 . 2011-07-04 11:43 40112 ----a-w- c:\windows\avastSS.scr
2011-07-26 22:39 . 2011-07-04 11:43 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-26 21:40 . 2011-07-26 21:40 -------- d-----w- c:\program files\WinPcap
2011-07-26 21:22 . 2011-07-26 21:26 -------- d-----w- c:\program files\OKAY
2011-07-24 00:43 . 2011-07-24 00:43 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2011-07-24 00:43 . 2011-08-01 06:55 -------- d-----w- c:\program files\McAfee Security Scan
2011-07-24 00:43 . 2011-07-24 00:43 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2011-07-23 10:40 . 2011-07-23 10:40 110080 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{820C0EEB-9B12-4AD5-B39D-D15ED1DBDD06}\IconF7A21AF7.exe
2011-07-23 10:40 . 2011-07-23 10:40 110080 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{820C0EEB-9B12-4AD5-B39D-D15ED1DBDD06}\IconD7F16134.exe
2011-07-23 10:40 . 2011-07-23 10:40 110080 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{820C0EEB-9B12-4AD5-B39D-D15ED1DBDD06}\IconCF33A0CE.exe
2011-07-23 10:40 . 2011-07-23 10:40 -------- d-----w- C:\sh4ldr
2011-07-23 10:40 . 2011-07-23 10:40 -------- d-----w- c:\program files\Enigma Software Group
2011-07-23 07:07 . 2011-07-23 07:07 190032 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-07-23 06:59 . 2011-07-23 06:59 -------- d-----w- c:\program files\ESET
2011-07-23 04:13 . 2011-08-01 05:31 -------- d-----w- c:\documents and settings\Administrator\Application Data\QuickScan
2011-07-23 01:37 . 2011-07-01 22:36 767952 ----a-w- c:\windows\BDTSupport.dll0719.old
2011-07-23 01:37 . 2011-07-01 22:36 149456 ----a-w- c:\windows\SGDetectionTool.dll0719.old
2011-07-23 01:37 . 2011-07-01 22:36 2029520 ----a-w- c:\windows\PCTBDCore.dll0719.old
2011-07-23 01:07 . 2011-08-01 22:21 -------- d-----w- c:\program files\Common Files\PC Tools
2011-07-22 05:06 . 2011-07-21 22:57 91190456 ----a-w- C:\RegistryBkup7-20-11.reg
2011-07-22 05:05 . 2010-10-16 01:55 4980 ----a-w- C:\cc_20101015_185446[10-15-10backup].reg
2011-07-22 05:02 . 2011-07-22 06:51 -------- d-----w- c:\program files\Registry-command
2011-07-22 00:35 . 2011-07-22 03:04 -------- d-----w- c:\program files\BackUpDiskImagers
2011-07-21 22:27 . 2011-07-21 22:47 -------- d-----w- c:\windows\system32\SysRestorebackup
2011-07-21 22:15 . 2004-08-04 06:06 73472 ----a-w- c:\windows\system\sr.sys
2011-07-21 22:15 . 2004-08-04 06:06 73472 ----a-w- c:\windows\system32\sr.sys
2011-07-21 20:38 . 2011-07-21 20:38 85504 ----a-w- C:\Inherit.exe
2011-07-21 20:02 . 2011-07-21 20:02 -------- d-----w- c:\program files\RegistryCleaner
2011-07-21 18:32 . 2011-07-21 19:08 -------- d-----w- c:\program files\currentcontrolset
2011-07-21 17:41 . 2011-08-01 22:06 -------- d-----w- c:\program files\REG_SZ
2011-07-21 15:23 . 2011-08-01 03:12 -------- d-----w- c:\program files\SystemRestore
2011-07-21 07:57 . 2011-07-21 07:57 -------- d-----w- c:\documents and settings\Administrator\DoctorWeb
2011-07-18 22:06 . 2011-07-18 22:06 1130047 ----a-w- c:\program files\KillBoxINS.exe
2011-07-17 02:24 . 2011-07-17 02:24 388096 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-07-17 02:24 . 2011-08-01 22:30 -------- d-----w- c:\program files\Trend Micro
2011-07-16 21:59 . 2011-07-16 22:02 -------- d-----w- c:\program files\Uninstaller
2011-07-16 05:36 . 2011-08-01 20:54 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2011-07-16 04:58 . 2011-08-02 00:04 -------- d-----w- c:\program files\Avira
2011-07-15 00:55 . 2011-07-15 00:55 -------- d-----w- c:\program files\Trojan Remover
2011-07-15 00:17 . 2011-07-15 00:17 -------- d-----w- c:\windows\system32\wbem\Repository
2011-07-14 23:30 . 2011-07-14 23:30 -------- d--h--w- c:\windows\system32\GroupPolicy
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-26 22:34 . 2010-08-01 00:52 309314 ----a-w- c:\program files\K-Lite_Codec_Pack_620_Basic.exe
2011-04-14 16:26 . 2011-05-22 00:26 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-07-22_20.00.43 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-07 09:19 . 2007-11-07 09:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
- 2009-05-22 05:46 . 2009-05-22 05:46 62976 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 62976 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll
- 2009-05-22 05:46 . 2009-05-22 05:46 46080 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 46080 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll
- 2009-05-22 05:46 . 2009-05-22 05:46 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 64512 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll
- 2009-05-22 05:46 . 2009-05-22 05:46 64512 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll
- 2009-05-22 05:46 . 2009-05-22 05:46 66048 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 66048 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll
- 2009-05-22 05:46 . 2009-05-22 05:46 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll
- 2009-05-22 05:46 . 2009-05-22 05:46 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll
- 2009-05-22 05:46 . 2009-05-22 05:46 56832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 56832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll
- 2009-05-22 05:46 . 2009-05-22 05:46 66560 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 66560 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll
- 2009-05-22 05:46 . 2009-05-22 05:46 39936 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 39936 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll
- 2009-05-22 05:46 . 2009-05-22 05:46 38912 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 38912 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll
+ 2008-07-29 13:07 . 2008-07-29 13:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll
+ 2008-07-29 13:07 . 2008-07-29 13:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll
+ 2009-10-20 18:19 . 2009-10-20 18:19 53299 c:\windows\system32\pthreadVC.dll
+ 2009-10-20 18:19 . 2009-10-20 18:19 50704 c:\windows\system32\drivers\npf.sys
+ 2011-07-27 05:40 . 2011-08-08 18:02 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2008-11-29 01:36 . 2011-07-16 18:45 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-11-29 01:36 . 2011-08-08 18:02 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2011-08-05 17:30 . 2011-08-08 18:02 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2011-08-01 05:35 . 2011-08-01 05:35 25214 c:\windows\Installer\{7D15B945-2725-4443-AB3F-D900556612FE}\_6FEFF9B68218417F98F549.exe
+ 2011-08-02 22:15 . 2011-08-02 22:20 23126 c:\windows\hpqins15.dat
+ 2008-07-29 15:05 . 2008-07-29 15:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
+ 2008-07-29 10:54 . 2008-07-29 10:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll
+ 2009-07-12 05:11 . 2009-07-12 05:11 624448 c:\windows\WinSxS\amd64_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_069f922e\msvcr90.dll
+ 2009-07-12 05:11 . 2009-07-12 05:11 853312 c:\windows\WinSxS\amd64_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_069f922e\msvcp90.dll
+ 2009-07-12 05:14 . 2009-07-12 05:14 245760 c:\windows\WinSxS\amd64_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_069f922e\msvcm90.dll
+ 2009-07-12 05:11 . 2009-07-12 05:11 176456 c:\windows\WinSxS\amd64_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_673f7fa2\atl90.dll
+ 2009-10-20 18:19 . 2009-10-20 18:19 281104 c:\windows\system32\wpcap.dll
+ 2009-10-20 18:19 . 2009-10-20 18:19 100880 c:\windows\system32\Packet.dll
+ 2008-12-22 03:18 . 2011-04-24 22:14 225856 c:\windows\system32\drivers\keyscrambler.sys
+ 2011-08-01 22:46 . 2011-08-01 22:46 262144 c:\windows\system32\default_user_class.dat
+ 2011-08-01 05:35 . 2011-08-01 05:35 261632 c:\windows\Installer\6cd19.msi
+ 2011-07-23 01:07 . 2011-07-23 01:07 228352 c:\windows\Installer\34c04c.msi
+ 2011-08-02 22:17 . 2011-08-02 22:17 855040 c:\windows\Installer\1e7342.msi
+ 2008-07-29 15:05 . 2008-07-29 15:05 3783672 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 3768312 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll
+ 2011-07-27 05:39 . 2011-07-27 05:39 5157376 c:\windows\Installer\daa81d.msi
+ 2011-07-23 10:40 . 2011-07-23 10:40 2905088 c:\windows\Installer\d3e8ba.msi
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TClockEx"="c:\program files\TClockEx\TCLOCKEX.EXE" [2000-03-09 89088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2005-04-05 94208]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2005-04-05 77824]
"Persistence"="c:\windows\System32\igfxpers.exe" [2005-04-05 114688]
"PRONoMgrWired"="c:\program files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe" [2004-03-02 86016]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"ClocX"="c:\program files\ClocX\ClocX.exe" [2007-07-26 270336]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]
"SnoopFreeUI"="SnoopFreeUI.exe" [2011-08-01 221184]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Lunabar Taskbar Icon.lnk - c:\program files\Lunabar\Lunabar.exe [2008-12-11 369152]
PandaUSBVaccine.lnk - j:\panda usb vaccine\USBVaccine.exe [N/A]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-17 272528]
Wireless Configuration Utility HW.15.lnk - c:\program files\TRENDnet\TRENDnet TEW-421PC_TEW-423PI\WlanCU.exe [2007-1-30 577536]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^AstroClock.lnk]
path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\AstroClock.lnk
backup=c:\windows\pss\AstroClock.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Pophr.exe]
path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\Pophr.exe
backup=c:\windows\pss\Pophr.exeStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^PopHR.INI]
path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\PopHR.INI
backup=c:\windows\pss\PopHR.INIStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-09 00:24 54840 ----a-w- c:\program files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 22:57 153136 ----a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2011-05-04 17:42 2424192 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]
2010-11-24 22:26 1233856 ----a-w- c:\program files\Trojan Remover\Trjscan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZortamMp3Center]
2010-10-17 18:18 1859584 ----a-w- c:\program files\Zortam Mp3 Center\zortammc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"mnmsrvc"=3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqfxt08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
.
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\AntiVirus\Adaware\AAWService.exe [7/21/2011 2:59 PM 2151640]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [12/21/2008 8:18 PM 225856]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [7/26/2011 3:39 PM 441176]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [7/26/2011 3:39 PM 309848]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 11:41 AM 67656]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [7/26/2011 3:39 PM 19544]
S2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [10/20/2009 11:19 AM 50704]
S2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [5/17/2011 5:45 PM 735648]
S3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [5/6/2011 9:57 AM 13904]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.207\McCHSvc.exe [6/17/2011 7:33 AM 237008]
S3 uts_bus;UTStarcom USB Composite Device driver (WDM);c:\windows\system32\drivers\uts_bus.sys [6/23/2009 8:46 PM 84352]
S3 uts_mdfl;UTStarcom USB Modem Filter;c:\windows\system32\drivers\uts_mdfl.sys [6/23/2009 8:46 PM 14976]
S3 uts_mdm;UTStarcom USB Modem Drivers;c:\windows\system32\drivers\uts_mdm.sys [6/23/2009 8:46 PM 110848]
S3 uts_serd;UTStarcom USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\uts_serd.sys [6/23/2009 8:46 PM 90880]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-09 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\AntiVirus\Adaware\Ad-AwareAdmin.exe [2011-07-21 21:59]
.
2011-08-08 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2011-05-06 05:18]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
Trusted Zone: aol.com\free
TCP: DhcpNameServer = 68.116.46.115 24.205.192.61 24.205.224.36
TCP: Interfaces\{89E5A792-D88B-4866-9764-206B5D76516D}: NameServer = 68.116.46.115,24.205.192.61
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\varyf5vs.default\
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-VirtualCloneDrive - g:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
MSConfigStartUp-AnyDVD - g:\program files\SlySoft\AnyDVD\AnyDVDtray.exe
MSConfigStartUp-NBKeyScan - g:\nero 8\Nero BackItUp\NBKeyScan.exe
MSConfigStartUp-Spyware Doctor with AntiVirus - c:\documents and settings\Administrator\Desktop\sdasetup.exe
AddRemove-AnyDVD - g:\program files\SlySoft\AnyDVD\AnyDVD-uninst.exe
AddRemove-CloneDVD2 - g:\program files\Elaborate Bytes\CloneDVD2\CloneDVD2-uninst.exe
AddRemove-VirtualCloneDrive - g:\program files\Elaborate Bytes\VirtualCloneDrive\vcd-uninst.exe
AddRemove-VLC media player - g:\program files\VideoLAN\VLC\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-09 01:20
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(720)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
Completion time: 2011-08-09 01:25:11
ComboFix-quarantined-files.txt 2011-08-09 08:25
ComboFix2.txt 2011-08-01 05:53
ComboFix3.txt 2011-07-27 17:24
ComboFix4.txt 2011-07-26 22:15
ComboFix5.txt 2011-08-09 08:11
.
Pre-Run: 7,988,584,448 bytes free
Post-Run: 8,056,209,408 bytes free
.
- - End Of File - - 588BBE23043F4B4A8090CFBAEB8F8766

#6 shelf life

shelf life

  • Malware Response Team
  • 2,682 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:11:23 PM

Posted 09 August 2011 - 04:20 PM

We will use combofix to remove a file.

Click Start, then Run and type Notepad and click OK.
Copy/paste the text in the code box below into notepad:

Driver::
SjyPkt
File::
c:\windows\system32\drivers


Name the Notepad file CFScript.txt and Save it to your desktop.
now locate the file you just saved (CFScript.txt) and the combofix icon, both on your desktop
using your mouse drag the CFScript right on top of the combofix icon and release, combofix will run and produce a new log
please post the new combofix log. See if you can get on the internet normally.

Edited by shelf life, 09 August 2011 - 04:39 PM.

How Can I Reduce My Risk to Malware?


#7 j.mark

j.mark
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:23 PM

Posted 10 August 2011 - 12:04 AM

was able to access internet in normal mode.

I'd think it odd that Zonealarm would suddenly start making problems
when I've done nothing with it for so long.

When attempting to start a desktop icon (Astrodamus) I get the following;

16 bit Windows Subsystem [in header]
C:\Program Files\Alwil Software\Avast4\aswMonVd.dll An installable Virtual
Device Driver failed Dll initialization. Choose 'Close' to terminate the application.

Attempted to open "You Birth Horoscope" and got same message but this time
clicked the ignore button and it started. So went back to Astrodamus and clicked
the icon and it started.

And an Avast window popped open saying it had updated and I swore I turned it off.
Combo fix also told me it was still on when I know I turned it off.

I'm not sure everything is resolved, but if it is it could it be due to running
Combo fix several times?

I saved CFScript.txt to Desktop and will drag to Combo fix and run it again.

#8 j.mark

j.mark
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:23 PM

Posted 10 August 2011 - 03:11 AM

Accessing internet okay.
notice every time I open the file manager, I mean
windows explorer (I renamed it) a smart web printing window
opens and attempts to install which I have to cancel twice,
but even if I let it proceed the install is unsuccessful.
What file did we just delete and why?

Here's the combo fix log;

ComboFix 11-08-08.03 - Administrator 08/10/2011 0:23.8.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1007.574 [GMT -7:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
FILE ::
"c:\windows\system32\drivers"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SJYPKT
.
.
((((((((((((((((((((((((( Files Created from 2011-07-10 to 2011-08-10 )))))))))))))))))))))))))))))))
.
.
2011-08-10 06:32 . 2011-08-10 06:32 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-08-10 05:39 . 2011-08-10 05:39 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Sunbelt Software
2011-08-09 05:52 . 2011-08-09 05:52 720288 ----a-w- c:\program files\Mozilla Firefox\install_reader10_en_air_mssa_aih.exe
2011-08-02 00:27 . 2011-08-02 00:29 4608744 ----a-w- C:\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
2011-08-01 23:43 . 2011-08-01 23:45 2585872 ----a-w- C:\WindowsInstaller-KB893803-v2-x86.exe
2011-08-01 23:41 . 2011-08-01 23:43 1214120 ----a-w- C:\EWBackup_1-1-1006_dwn.exe
2011-08-01 23:33 . 2011-08-01 23:36 793600 ----a-w- C:\ntbackup.msi
2011-08-01 06:39 . 2011-08-01 06:39 -------- d-----w- c:\documents and settings\Administrator\Application Data\Runscanner.net
2011-08-01 06:07 . 2011-08-01 06:07 -------- d-----w- c:\program files\SpywareBlaster
2011-08-01 06:07 . 2010-01-11 02:40 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2011-08-01 05:57 . 2011-08-01 05:57 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2011-08-01 05:56 . 2011-08-01 05:57 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-08-01 05:35 . 2011-08-01 05:35 -------- d-----w- c:\program files\UPHClean
2011-08-01 04:08 . 2011-08-02 00:12 -------- d-----w- C:\EVENTLOGS
2011-08-01 02:13 . 2011-08-01 02:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2011-07-31 23:47 . 2011-07-31 23:47 -------- d-----w- c:\program files\VS Revo Group
2011-07-31 23:16 . 2011-07-31 23:50 -------- d-----w- c:\program files\COMODO
2011-07-31 23:04 . 2011-07-31 23:04 -------- d-----w- C:\EnhanceSecurityXP2
2011-07-31 22:31 . 2011-07-31 22:36 -------- d-----w- C:\Disconnects
2011-07-31 22:03 . 2011-07-31 22:03 -------- d-----w- c:\program files\IPaddresses
2011-07-31 20:37 . 2011-07-31 21:32 -------- d-----w- c:\program files\MSBLASTVIRUS
2011-07-31 20:29 . 2011-07-31 20:32 -------- d-----w- c:\program files\NetworkConnectionWizardProblems
2011-07-31 20:21 . 2011-07-31 20:25 -------- d-----w- c:\program files\TUThelp
2011-07-31 19:16 . 2004-03-09 07:00 124688 ----a-w- c:\windows\system32\MSWinSck.ocx
2011-07-31 19:16 . 2007-06-08 19:53 1753088 ----a-w- c:\windows\system32\ExGrid.dll
2011-07-31 19:16 . 2007-06-05 16:20 602112 ----a-w- c:\windows\system32\ExMenu.dll
2011-07-31 19:16 . 2007-06-05 16:19 516096 ----a-w- c:\windows\system32\ExTab.dll
2011-07-31 19:16 . 2007-04-03 22:51 614400 ----a-w- c:\windows\system32\ExButton.dll
2011-07-31 19:16 . 2007-04-03 22:51 307200 ----a-w- c:\windows\system32\ExPMenu.dll
2011-07-31 19:16 . 2011-07-31 19:16 -------- d-----w- c:\program files\Common Files\eSellerate
2011-07-31 19:16 . 2005-10-11 20:40 356352 ----a-w- c:\windows\system32\eSellerateEngine.dll
2011-07-31 19:16 . 2005-10-04 14:11 118784 ----a-w- c:\windows\system32\eWebControl.dll
2011-07-31 19:16 . 1998-04-24 06:00 368912 ----a-w- c:\windows\system32\vbar332.dll
2011-07-31 19:16 . 2011-07-31 19:16 -------- d-----w- c:\program files\AnswersThatWork
2011-07-31 08:28 . 2011-07-31 08:32 -------- d-----w- C:\threatreport
2011-07-31 05:10 . 2011-07-31 05:10 -------- d-----w- c:\program files\Ashampoo
2011-07-31 04:35 . 2011-07-31 05:05 -------- d-----w- c:\program files\Startup
2011-07-30 22:06 . 2011-07-30 22:06 -------- d-----w- c:\documents and settings\All Users\Application Data\QFX Software
2011-07-30 22:06 . 2011-07-30 22:06 -------- d-----w- c:\documents and settings\Administrator\Application Data\QFX Software
2011-07-30 21:48 . 2011-08-01 22:16 9472 ----a-w- c:\windows\system32\drivers\SnopFree.sys
2011-07-30 21:48 . 2011-08-01 22:16 90112 ----a-w- c:\windows\system32\SnoopFreeSvc.exe
2011-07-30 21:48 . 2011-08-01 22:16 45056 ----a-w- c:\windows\SnoopFreeDll.dll
2011-07-30 21:48 . 2011-08-01 22:16 221184 ----a-w- c:\windows\SnoopFreeUI.exe
2011-07-30 06:11 . 2011-07-30 06:11 -------- d-----w- c:\program files\aswMBR
2011-07-30 04:11 . 2011-07-30 04:11 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Opera
2011-07-30 04:10 . 2011-07-30 04:10 -------- d-----w- c:\program files\Opera
2011-07-29 22:36 . 2011-07-29 22:38 -------- d-----w- c:\program files\fixbug
2011-07-29 04:33 . 2011-07-29 04:43 -------- d-----w- c:\program files\Firefox
2011-07-29 02:08 . 2011-07-30 02:46 -------- d-----w- C:\Bleepingcomputer.com
2011-07-29 00:25 . 2011-07-29 00:30 -------- d-----w- c:\program files\HowToCleanMalware
2011-07-29 00:23 . 2011-07-29 00:34 -------- d-----w- c:\program files\ReinstallXP
2011-07-28 23:45 . 2011-07-29 00:14 -------- d-----w- c:\program files\BackupInfo
2011-07-28 21:53 . 2011-08-02 07:42 -------- d-----w- c:\program files\Backup
2011-07-28 03:41 . 2011-07-28 03:42 -------- d-----w- c:\program files\GMERLOG
2011-07-27 19:47 . 2011-07-29 21:47 -------- d-----w- c:\program files\HPprinter
2011-07-27 19:42 . 2011-07-27 19:50 1748384 ----a-w- c:\program files\HPSDU.exe.part
2011-07-27 05:39 . 2011-07-27 05:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2011-07-27 02:49 . 2011-07-27 02:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-07-27 02:32 . 2011-07-07 02:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-27 02:32 . 2011-07-27 02:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-27 02:32 . 2011-07-07 02:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-27 00:02 . 2011-07-27 00:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Panda Security
2011-07-26 23:19 . 2011-07-27 00:11 -------- d-----w- c:\program files\QH
2011-07-26 22:39 . 2011-07-04 11:36 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-26 22:39 . 2011-07-04 11:32 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-07-26 22:39 . 2011-07-04 11:35 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-26 22:39 . 2011-07-04 11:32 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-26 22:39 . 2011-07-04 11:36 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-26 22:39 . 2011-07-04 11:35 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-07-26 22:39 . 2011-07-04 11:35 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-07-26 22:39 . 2011-07-04 11:32 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-07-26 22:39 . 2011-07-04 11:43 40112 ----a-w- c:\windows\avastSS.scr
2011-07-26 22:39 . 2011-07-04 11:43 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-26 21:40 . 2011-07-26 21:40 -------- d-----w- c:\program files\WinPcap
2011-07-26 21:22 . 2011-07-26 21:26 -------- d-----w- c:\program files\OKAY
2011-07-24 00:43 . 2011-07-24 00:43 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2011-07-24 00:43 . 2011-08-01 06:55 -------- d-----w- c:\program files\McAfee Security Scan
2011-07-24 00:43 . 2011-07-24 00:43 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2011-07-23 10:40 . 2011-07-23 10:40 110080 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{820C0EEB-9B12-4AD5-B39D-D15ED1DBDD06}\IconF7A21AF7.exe
2011-07-23 10:40 . 2011-07-23 10:40 110080 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{820C0EEB-9B12-4AD5-B39D-D15ED1DBDD06}\IconD7F16134.exe
2011-07-23 10:40 . 2011-07-23 10:40 110080 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{820C0EEB-9B12-4AD5-B39D-D15ED1DBDD06}\IconCF33A0CE.exe
2011-07-23 10:40 . 2011-07-23 10:40 -------- d-----w- C:\sh4ldr
2011-07-23 10:40 . 2011-07-23 10:40 -------- d-----w- c:\program files\Enigma Software Group
2011-07-23 07:07 . 2011-07-23 07:07 190032 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-07-23 06:59 . 2011-07-23 06:59 -------- d-----w- c:\program files\ESET
2011-07-23 04:13 . 2011-08-01 05:31 -------- d-----w- c:\documents and settings\Administrator\Application Data\QuickScan
2011-07-23 01:37 . 2011-07-01 22:36 767952 ----a-w- c:\windows\BDTSupport.dll0719.old
2011-07-23 01:37 . 2011-07-01 22:36 149456 ----a-w- c:\windows\SGDetectionTool.dll0719.old
2011-07-23 01:37 . 2011-07-01 22:36 2029520 ----a-w- c:\windows\PCTBDCore.dll0719.old
2011-07-23 01:07 . 2011-08-01 22:21 -------- d-----w- c:\program files\Common Files\PC Tools
2011-07-22 05:06 . 2011-07-21 22:57 91190456 ----a-w- C:\RegistryBkup7-20-11.reg
2011-07-22 05:05 . 2010-10-16 01:55 4980 ----a-w- C:\cc_20101015_185446[10-15-10backup].reg
2011-07-22 05:02 . 2011-07-22 06:51 -------- d-----w- c:\program files\Registry-command
2011-07-22 00:35 . 2011-07-22 03:04 -------- d-----w- c:\program files\BackUpDiskImagers
2011-07-21 22:27 . 2011-07-21 22:47 -------- d-----w- c:\windows\system32\SysRestorebackup
2011-07-21 22:15 . 2004-08-04 06:06 73472 ----a-w- c:\windows\system\sr.sys
2011-07-21 22:15 . 2004-08-04 06:06 73472 ----a-w- c:\windows\system32\sr.sys
2011-07-21 20:38 . 2011-07-21 20:38 85504 ----a-w- C:\Inherit.exe
2011-07-21 20:02 . 2011-07-21 20:02 -------- d-----w- c:\program files\RegistryCleaner
2011-07-21 18:32 . 2011-07-21 19:08 -------- d-----w- c:\program files\currentcontrolset
2011-07-21 17:41 . 2011-08-01 22:06 -------- d-----w- c:\program files\REG_SZ
2011-07-21 15:23 . 2011-08-01 03:12 -------- d-----w- c:\program files\SystemRestore
2011-07-21 07:57 . 2011-07-21 07:57 -------- d-----w- c:\documents and settings\Administrator\DoctorWeb
2011-07-18 22:06 . 2011-07-18 22:06 1130047 ----a-w- c:\program files\KillBoxINS.exe
2011-07-17 02:24 . 2011-07-17 02:24 388096 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-07-17 02:24 . 2011-08-01 22:30 -------- d-----w- c:\program files\Trend Micro
2011-07-16 21:59 . 2011-07-16 22:02 -------- d-----w- c:\program files\Uninstaller
2011-07-16 05:36 . 2011-08-01 20:54 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2011-07-16 04:58 . 2011-08-02 00:04 -------- d-----w- c:\program files\Avira
2011-07-15 00:55 . 2011-07-15 00:55 -------- d-----w- c:\program files\Trojan Remover
2011-07-15 00:17 . 2011-07-15 00:17 -------- d-----w- c:\windows\system32\wbem\Repository
2011-07-14 23:30 . 2011-07-14 23:30 -------- d--h--w- c:\windows\system32\GroupPolicy
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-26 22:34 . 2010-08-01 00:52 309314 ----a-w- c:\program files\K-Lite_Codec_Pack_620_Basic.exe
2011-04-14 16:26 . 2011-05-22 00:26 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2005-04-05 94208]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2005-04-05 77824]
"Persistence"="c:\windows\System32\igfxpers.exe" [2005-04-05 114688]
"PRONoMgrWired"="c:\program files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe" [2004-03-02 86016]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"ClocX"="c:\program files\ClocX\ClocX.exe" [2007-07-26 270336]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]
"SnoopFreeUI"="SnoopFreeUI.exe" [2011-08-01 221184]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Lunabar Taskbar Icon.lnk - c:\program files\Lunabar\Lunabar.exe [2008-12-11 369152]
PandaUSBVaccine.lnk - j:\panda usb vaccine\USBVaccine.exe [N/A]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-17 272528]
Wireless Configuration Utility HW.15.lnk - c:\program files\TRENDnet\TRENDnet TEW-421PC_TEW-423PI\WlanCU.exe [2007-1-30 577536]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^AstroClock.lnk]
path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\AstroClock.lnk
backup=c:\windows\pss\AstroClock.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Pophr.exe]
path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\Pophr.exe
backup=c:\windows\pss\Pophr.exeStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^PopHR.INI]
path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\PopHR.INI
backup=c:\windows\pss\PopHR.INIStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-09 00:24 54840 ----a-w- c:\program files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 22:57 153136 ----a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2011-05-04 17:42 2424192 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]
2010-11-24 22:26 1233856 ----a-w- c:\program files\Trojan Remover\Trjscan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZortamMp3Center]
2010-10-17 18:18 1859584 ----a-w- c:\program files\Zortam Mp3 Center\zortammc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"mnmsrvc"=3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqfxt08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [7/26/2011 3:39 PM 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [7/26/2011 3:39 PM 309848]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 11:41 AM 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [7/26/2011 3:39 PM 19544]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\AntiVirus\Adaware\AAWService.exe [7/21/2011 2:59 PM 2151640]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [10/20/2009 11:19 AM 50704]
R2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [5/17/2011 5:45 PM 735648]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [12/21/2008 8:18 PM 225856]
S3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [5/6/2011 9:57 AM 13904]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.207\McCHSvc.exe [6/17/2011 7:33 AM 237008]
S3 uts_bus;UTStarcom USB Composite Device driver (WDM);c:\windows\system32\drivers\uts_bus.sys [6/23/2009 8:46 PM 84352]
S3 uts_mdfl;UTStarcom USB Modem Filter;c:\windows\system32\drivers\uts_mdfl.sys [6/23/2009 8:46 PM 14976]
S3 uts_mdm;UTStarcom USB Modem Drivers;c:\windows\system32\drivers\uts_mdm.sys [6/23/2009 8:46 PM 110848]
S3 uts_serd;UTStarcom USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\uts_serd.sys [6/23/2009 8:46 PM 90880]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - uphcleanhlp
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-10 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\AntiVirus\Adaware\Ad-AwareAdmin.exe [2011-07-21 21:59]
.
2011-08-10 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2011-05-06 05:18]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
Trusted Zone: aol.com\free
TCP: Interfaces\{89E5A792-D88B-4866-9764-206B5D76516D}: NameServer = 68.116.46.115,24.205.192.61
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\varyf5vs.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-10 00:36
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(856)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\System32\SnoopFreeSvc.exe
c:\windows\System32\wdfmgr.exe
c:\program files\UPHClean\uphclean.exe
c:\windows\System32\wbem\unsecapp.exe
c:\windows\system32\wscntfy.exe
c:\program files\AntiVirus\Adaware\AAWTray.exe
c:\windows\SnoopFreeUI.exe
.
**************************************************************************
.
Completion time: 2011-08-10 01:00:51 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-10 08:00
ComboFix2.txt 2011-08-09 08:25
ComboFix3.txt 2011-08-01 05:53
ComboFix4.txt 2011-07-27 17:24
ComboFix5.txt 2011-08-10 07:20
.
Pre-Run: 7,488,548,864 bytes free
Post-Run: 7,611,047,936 bytes free
.
- - End Of File - - 28638F23B4C7ECFD6B461D02329307AE

#9 shelf life

shelf life

  • Malware Response Team
  • 2,682 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:11:23 PM

Posted 10 August 2011 - 05:19 PM

Accessing internet okay.
ok good.

I'd think it odd that Zonealarm would suddenly start making problems
It wasnt ZA. It was the driver combofix removed. While IE make not have been accessing the internet, the malware could have been. Some malware can operate below the level of a software firewall or easily disable them or simply use a existing connection. I thought it could have been ZA also but was going to wait and see if removing the file would help.

Combo fix and run it again.
Only need to run combofix once.


a smart web printing window
opens and attempts to install which I have to cancel twice

See this link

For now please check malwarebytes for any updates and do a full scan with it. Lets see if comes up clean.

How Can I Reduce My Risk to Malware?


#10 j.mark

j.mark
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:23 PM

Posted 11 August 2011 - 05:14 AM

Malware shows clean (see below) but it didn't pick up the file you had me delete,
and I've been running Malware since May.
Should have mentioned before, I don't use IE. I use Firefox.
So the SkyPkt file was meant to effect IE?

Am still able to access internet in normal mode and for long periods
without disconnects but the whole system seems slower than before.
Anything I can do to speed it back up?

If my system is clean can I back up the whole Desktop
to an external drive in case I need to reinstall in
future?

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7433

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

8/11/2011 2:38:53 AM
mbam-log-2011-08-11 (02-38-53).txt

Scan type: Full scan (C:\|)
Objects scanned: 235857
Time elapsed: 43 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#11 shelf life

shelf life

  • Malware Response Team
  • 2,682 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:11:23 PM

Posted 11 August 2011 - 05:09 PM

Malware shows clean (see below) but it didn't pick up the file you had me delete,
If you mean before we used combofix, Malwarebytes didnt remove it because it didnt detect it, probably because of its rootkit like behavior.

Should have mentioned before, I don't use IE. I use Firefox.
So the SkyPkt file was meant to effect IE?
Dosnt matter, malware dosnt care what you use on your machine. It didnt target IE, its goal was to use your internet connection. Rootkits operate far below any detection that antivirus or anti-malware can provide. They use "stealth" technology to avoid detection. They have been around for a while but we are starting to see them (rootkits) used more and more and the stealth technology is getting better and better.

Run this for me:
Please download TDSS Killer.exe and save it to your desktop
Double click to launch the utility. Vista and Windows 7 right click and "run as admin.." After it initializes click the start scan button.

"The utility will automatically select an action (Cure or Delete) for known malcious objects. A suspicious object will be skipped by default."


If an infected file is detected, the default action will be Cure, click on Continue.

If a suspicious file is detected, the default action will be Skip, click on Continue.

It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.


A report can also be found in your Root drive Local Disk © as TDSSKiller.2.4.12.0_02.01.2011_17.32.21_log.txt (name, version, date, time, log.txt)
Please post the log report


Also run DDS again and post the two logs it generates.

How Can I Reduce My Risk to Malware?


#12 j.mark

j.mark
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:23 PM

Posted 11 August 2011 - 07:43 PM

2011/08/11 17:29:45.0812 3400 TDSS rootkit removing tool 2.5.15.0 Aug 11 2011 16:32:13
2011/08/11 17:29:45.0843 3400 ================================================================================
2011/08/11 17:29:45.0843 3400 SystemInfo:
2011/08/11 17:29:45.0843 3400
2011/08/11 17:29:45.0843 3400 OS Version: 5.1.2600 ServicePack: 2.0
2011/08/11 17:29:45.0843 3400 Product type: Workstation
2011/08/11 17:29:45.0843 3400 ComputerName: USER-8N4B7L7C19
2011/08/11 17:29:45.0843 3400 UserName: Administrator
2011/08/11 17:29:45.0843 3400 Windows directory: C:\WINDOWS
2011/08/11 17:29:45.0843 3400 System windows directory: C:\WINDOWS
2011/08/11 17:29:45.0843 3400 Processor architecture: Intel x86
2011/08/11 17:29:45.0843 3400 Number of processors: 2
2011/08/11 17:29:45.0843 3400 Page size: 0x1000
2011/08/11 17:29:45.0843 3400 Boot type: Normal boot
2011/08/11 17:29:45.0843 3400 ================================================================================
2011/08/11 17:29:47.0343 3400 Initialize success
2011/08/11 17:29:52.0437 1368 ================================================================================
2011/08/11 17:29:52.0437 1368 Scan started
2011/08/11 17:29:52.0437 1368 Mode: Manual;
2011/08/11 17:29:52.0437 1368 ================================================================================
2011/08/11 17:29:53.0203 1368 Aavmker4 (dfcdd5936cad0138775d5a105d4c7716) C:\WINDOWS\system32\drivers\Aavmker4.sys
2011/08/11 17:29:53.0343 1368 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/08/11 17:29:53.0453 1368 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/08/11 17:29:53.0531 1368 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
2011/08/11 17:29:53.0578 1368 AegisP (58a8273918eef2bf9204b12ed171513a) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2011/08/11 17:29:53.0625 1368 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
2011/08/11 17:29:53.0906 1368 AnyDVD (a198fd45dfe819c1f9a7bed90339842f) C:\WINDOWS\system32\Drivers\AnyDVD.sys
2011/08/11 17:29:54.0093 1368 aswFsBlk (861cb512e4e850e87dd2316f88d69330) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011/08/11 17:29:54.0140 1368 aswMon2 (7857e0b4c817f69ff463eea2c63e56f9) C:\WINDOWS\system32\drivers\aswMon2.sys
2011/08/11 17:29:54.0187 1368 aswRdr (8db043bf96bb6d334e5b4888e709e1c7) C:\WINDOWS\system32\drivers\aswRdr.sys
2011/08/11 17:29:54.0234 1368 aswSnx (17230708a2028cd995656df455f2e303) C:\WINDOWS\system32\drivers\aswSnx.sys
2011/08/11 17:29:54.0312 1368 aswSP (dbedd9d43b00630966ef05d2d8d04cee) C:\WINDOWS\system32\drivers\aswSP.sys
2011/08/11 17:29:54.0375 1368 aswTdi (984cfce2168286c2511695c2f9621475) C:\WINDOWS\system32\drivers\aswTdi.sys
2011/08/11 17:29:54.0484 1368 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/08/11 17:29:54.0515 1368 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/08/11 17:29:54.0609 1368 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/08/11 17:29:54.0687 1368 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/08/11 17:29:54.0750 1368 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/08/11 17:29:54.0843 1368 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/08/11 17:29:54.0937 1368 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/08/11 17:29:54.0984 1368 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/08/11 17:29:55.0031 1368 Cdr4_xp (837eef65af62d4e8a37c41d3879f7274) C:\WINDOWS\system32\drivers\Cdr4_xp.sys
2011/08/11 17:29:55.0078 1368 Cdralw2k (579da2f9f5401f55dae2cf8779d61dfc) C:\WINDOWS\system32\drivers\Cdralw2k.sys
2011/08/11 17:29:55.0125 1368 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/08/11 17:29:55.0484 1368 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/08/11 17:29:55.0578 1368 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2011/08/11 17:29:55.0656 1368 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
2011/08/11 17:29:55.0718 1368 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/08/11 17:29:55.0765 1368 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2011/08/11 17:29:55.0859 1368 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/08/11 17:29:55.0906 1368 E1000 (16b7726c2d8b4e3e5df64666c16498f5) C:\WINDOWS\system32\DRIVERS\e1000325.sys
2011/08/11 17:29:55.0953 1368 ElbyCDIO (309ac30471a0f1c3a89dee1c81230576) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
2011/08/11 17:29:56.0031 1368 esgiguard (2407b8164e966755bc6a4242fc9de31e) C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys
2011/08/11 17:29:56.0125 1368 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/08/11 17:29:56.0187 1368 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/08/11 17:29:56.0234 1368 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2011/08/11 17:29:56.0265 1368 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/08/11 17:29:56.0328 1368 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/08/11 17:29:56.0359 1368 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/08/11 17:29:56.0484 1368 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/08/11 17:29:56.0515 1368 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/08/11 17:29:56.0578 1368 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/08/11 17:29:56.0703 1368 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/08/11 17:29:56.0750 1368 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/08/11 17:29:56.0796 1368 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/08/11 17:29:56.0859 1368 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/08/11 17:29:57.0000 1368 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/08/11 17:29:57.0093 1368 ialm (0294a30b302ca71a2c26e582dda93486) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/08/11 17:29:57.0171 1368 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/08/11 17:29:57.0343 1368 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/08/11 17:29:57.0437 1368 ip6fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/08/11 17:29:57.0515 1368 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/08/11 17:29:57.0562 1368 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/08/11 17:29:57.0609 1368 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/08/11 17:29:57.0640 1368 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/08/11 17:29:57.0687 1368 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/08/11 17:29:57.0750 1368 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/08/11 17:29:57.0796 1368 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/08/11 17:29:57.0859 1368 KeyScrambler (8f1bb80d589affb9c5e9cd7544251b29) C:\WINDOWS\system32\drivers\keyscrambler.sys
2011/08/11 17:29:57.0921 1368 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
2011/08/11 17:29:57.0984 1368 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/08/11 17:29:58.0140 1368 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/08/11 17:29:58.0203 1368 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
2011/08/11 17:29:58.0250 1368 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/08/11 17:29:58.0312 1368 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/08/11 17:29:58.0359 1368 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/08/11 17:29:58.0515 1368 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/08/11 17:29:58.0593 1368 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/08/11 17:29:58.0671 1368 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2011/08/11 17:29:58.0734 1368 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/08/11 17:29:58.0765 1368 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/08/11 17:29:58.0828 1368 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/08/11 17:29:58.0875 1368 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/08/11 17:29:58.0921 1368 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2011/08/11 17:29:58.0968 1368 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2011/08/11 17:29:59.0015 1368 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/08/11 17:29:59.0078 1368 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/08/11 17:29:59.0125 1368 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/08/11 17:29:59.0156 1368 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/08/11 17:29:59.0218 1368 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/08/11 17:29:59.0281 1368 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/08/11 17:29:59.0437 1368 npf (b9730495e0cf674680121e34bd95a73b) C:\WINDOWS\system32\drivers\npf.sys
2011/08/11 17:29:59.0484 1368 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2011/08/11 17:29:59.0546 1368 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/08/11 17:29:59.0609 1368 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/08/11 17:29:59.0671 1368 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/08/11 17:29:59.0734 1368 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/08/11 17:29:59.0781 1368 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/08/11 17:29:59.0812 1368 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/08/11 17:29:59.0859 1368 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/08/11 17:29:59.0921 1368 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/08/11 17:30:00.0015 1368 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/08/11 17:30:00.0093 1368 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/08/11 17:30:00.0515 1368 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/08/11 17:30:00.0562 1368 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/08/11 17:30:00.0625 1368 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/08/11 17:30:00.0671 1368 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/08/11 17:30:00.0734 1368 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
2011/08/11 17:30:00.0984 1368 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/08/11 17:30:01.0031 1368 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/08/11 17:30:01.0093 1368 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/08/11 17:30:01.0125 1368 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/08/11 17:30:01.0203 1368 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/08/11 17:30:01.0250 1368 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/08/11 17:30:01.0312 1368 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/08/11 17:30:01.0453 1368 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/08/11 17:30:01.0515 1368 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/08/11 17:30:01.0625 1368 rtl8185 (88b63f291ae10c1b66d2b9ed6921a7df) C:\WINDOWS\system32\DRIVERS\rtl8185.sys
2011/08/11 17:30:01.0718 1368 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/08/11 17:30:01.0750 1368 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/08/11 17:30:01.0828 1368 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/08/11 17:30:01.0890 1368 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/08/11 17:30:01.0937 1368 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/08/11 17:30:02.0000 1368 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
2011/08/11 17:30:02.0140 1368 smwdm (014ab093e6452ea88031bb6e22919bb5) C:\WINDOWS\system32\drivers\smwdm.sys
2011/08/11 17:30:02.0203 1368 SnoopFree (21ea9dc8fbe1236051832abb5254226f) C:\WINDOWS\system32\Drivers\SnopFree.sys
2011/08/11 17:30:02.0203 1368 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\SnopFree.sys. md5: 21ea9dc8fbe1236051832abb5254226f
2011/08/11 17:30:02.0218 1368 SnoopFree - detected LockedFile.Multi.Generic (1)
2011/08/11 17:30:02.0328 1368 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
2011/08/11 17:30:02.0437 1368 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/08/11 17:30:02.0500 1368 srescan (bda0ecc7cba1d3b9fd7ff2881bf9b463) C:\WINDOWS\system32\ZoneLabs\srescan.sys
2011/08/11 17:30:02.0562 1368 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/08/11 17:30:02.0640 1368 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/08/11 17:30:02.0718 1368 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2011/08/11 17:30:02.0937 1368 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/08/11 17:30:03.0031 1368 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/08/11 17:30:03.0093 1368 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/08/11 17:30:03.0156 1368 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/08/11 17:30:03.0203 1368 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/08/11 17:30:03.0328 1368 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2011/08/11 17:30:03.0484 1368 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
2011/08/11 17:30:03.0562 1368 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/08/11 17:30:03.0609 1368 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/08/11 17:30:03.0671 1368 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/08/11 17:30:03.0734 1368 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/08/11 17:30:03.0765 1368 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/08/11 17:30:03.0812 1368 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/08/11 17:30:03.0859 1368 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/08/11 17:30:03.0921 1368 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/08/11 17:30:03.0968 1368 uts_bus (df8bb0e93518f74d943046a1162bbcdd) C:\WINDOWS\system32\DRIVERS\uts_bus.sys
2011/08/11 17:30:04.0015 1368 uts_mdfl (3427fe9a31e50d0dac3e062f8dd3be41) C:\WINDOWS\system32\DRIVERS\uts_mdfl.sys
2011/08/11 17:30:04.0093 1368 uts_mdm (8fa13cd6a1cf2612ddbc056d23c5c0ad) C:\WINDOWS\system32\DRIVERS\uts_mdm.sys
2011/08/11 17:30:04.0140 1368 uts_serd (edd4d6275289014457e84ecb60ad5c2d) C:\WINDOWS\system32\DRIVERS\uts_serd.sys
2011/08/11 17:30:04.0187 1368 VClone (94d73b62e458fb56c9ce60aa96d914f9) C:\WINDOWS\system32\DRIVERS\VClone.sys
2011/08/11 17:30:04.0250 1368 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2011/08/11 17:30:04.0343 1368 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/08/11 17:30:04.0453 1368 vsdatant (279761ad6562c0d4309cb1bbb260233f) C:\WINDOWS\system32\vsdatant.sys
2011/08/11 17:30:04.0609 1368 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/08/11 17:30:04.0703 1368 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/08/11 17:30:04.0828 1368 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/08/11 17:30:04.0906 1368 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/08/11 17:30:05.0015 1368 MBR (0x1B8) (739b36f7a373fc81121d831231b6d311) \Device\Harddisk1\DR2
2011/08/11 17:30:05.0140 1368 Boot (0x1200) (e93aaa3823041a40388e28f688c1acc3) \Device\Harddisk0\DR0\Partition0
2011/08/11 17:30:05.0171 1368 Boot (0x1200) (9b0d91c37541e309409b8a7724809116) \Device\Harddisk1\DR2\Partition0
2011/08/11 17:30:05.0187 1368 ================================================================================
2011/08/11 17:30:05.0187 1368 Scan finished
2011/08/11 17:30:05.0187 1368 ================================================================================
2011/08/11 17:30:05.0203 3584 Detected object count: 1
2011/08/11 17:30:05.0203 3584 Actual detected object count: 1
2011/08/11 17:30:23.0625 3584 LockedFile.Multi.Generic(SnoopFree) - User select action: Skip


.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_26
Run by Administrator at 17:31:15 on 2011-08-11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1007.545 [GMT -7:00]
.
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *Disabled*
.
============== Running Processes ===============
.
C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\ClocX\ClocX.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\SnoopFreeUI.exe
C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe
C:\Program Files\TRENDnet\TRENDnet TEW-421PC_TEW-423PI\WlanCU.exe
C:\Program Files\Lunabar\Lunabar.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
svchost.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\SnoopFreeSvc.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: KeyScramblerBHO Class: {2b9f5787-88a5-4945-90e7-c4b18563bc5e} - c:\program files\keyscrambler\KeyScramblerIE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
EB: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
uRun: [TClockEx] c:\program files\tclockex\TCLOCKEX.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [PRONoMgrWired] c:\program files\intel\prosetwired\ncs\proset\PRONoMgr.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ClocX] c:\program files\clocx\ClocX.exe
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [SnoopFreeUI] SnoopFreeUI.exe
StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\lunaba~1.lnk - c:\program files\lunabar\Lunabar.exe
StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\pandau~1.lnk - j:\panda usb vaccine\USBVaccine.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.0.207\SSScheduler.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wirele~1.lnk - c:\program files\trendnet\trendnet tew-421pc_tew-423pi\WlanCU.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - c:\program files\keyscrambler\KeyScramblerIE.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522}
Trusted Zone: aol.com\free
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: Interfaces\{89E5A792-D88B-4866-9764-206B5D76516D} : NameServer = 68.116.46.115,24.205.192.61
Handler: AutorunsDisabled\skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\varyf5vs.default\
FF - plugin: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\varyf5vs.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\netscape\communicator\program\plugins\npaudio.dll
FF - plugin: c:\program files\netscape\communicator\program\plugins\npavi32.dll
FF - plugin: c:\program files\netscape\communicator\program\plugins\NPAXDLPI.dll
FF - plugin: c:\program files\netscape\communicator\program\plugins\npbeatnk.dll
FF - plugin: c:\program files\netscape\communicator\program\plugins\NPDocBox.dll
FF - plugin: c:\program files\netscape\communicator\program\plugins\npdrmv2.dll
FF - plugin: c:\program files\netscape\communicator\program\plugins\npdsplay.dll
FF - plugin: c:\program files\netscape\communicator\program\plugins\npnul32.dll
FF - plugin: c:\program files\netscape\communicator\program\plugins\nppdf32.dll
FF - plugin: c:\program files\netscape\communicator\program\plugins\npswf32.dll
FF - plugin: c:\program files\netscape\communicator\program\plugins\npwmsdrm.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SnoopFree;SnoopFree Driver;c:\windows\system32\drivers\SnopFree.sys [2011-7-30 9472]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-7-26 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-7-26 309848]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2008-11-29 394952]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-7-26 19544]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-7-26 42184]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]
R2 SnoopFreeSvc;Snoop Free Service;System32\SnoopFreeSvc.exe --> System32\SnoopFreeSvc.exe [?]
R2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\enigma~1\spyhun~1\SH4SER~1.EXE [2011-5-17 735648]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2008-12-21 225856]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\antivirus\adaware\AAWService.exe [2011-7-21 2151640]
S3 esgiguard;esgiguard;c:\program files\enigma software group\spyhunter\esgiguard.sys [2011-5-6 13904]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.0.207\McCHSvc.exe [2011-6-17 237008]
S3 uts_bus;UTStarcom USB Composite Device driver (WDM);c:\windows\system32\drivers\uts_bus.sys [2009-6-23 84352]
S3 uts_mdfl;UTStarcom USB Modem Filter;c:\windows\system32\drivers\uts_mdfl.sys [2009-6-23 14976]
S3 uts_mdm;UTStarcom USB Modem Drivers;c:\windows\system32\drivers\uts_mdm.sys [2009-6-23 110848]
S3 uts_serd;UTStarcom USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\uts_serd.sys [2009-6-23 90880]
S3 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
.
=============== Created Last 30 ================
.
2011-08-10 18:05:29 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-08-10 17:19:08 476904 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2011-08-10 17:19:08 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-08-10 07:20:50 98816 ----a-w- c:\windows\sed.exe
2011-08-10 07:20:50 518144 ----a-w- c:\windows\SWREG.exe
2011-08-10 07:20:50 256000 ----a-w- c:\windows\PEV.exe
2011-08-10 07:20:50 208896 ----a-w- c:\windows\MBR.exe
2011-08-10 06:32:39 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-08-09 05:52:23 720288 ----a-w- c:\program files\mozilla firefox\install_reader10_en_air_mssa_aih.exe
2011-08-02 00:27:26 4608744 ----a-w- C:\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
2011-08-01 23:43:37 2585872 ----a-w- C:\WindowsInstaller-KB893803-v2-x86.exe
2011-08-01 23:41:57 1214120 ----a-w- C:\EWBackup_1-1-1006_dwn.exe
2011-08-01 23:33:22 793600 ----a-w- C:\ntbackup.msi
2011-08-01 06:39:08 -------- d-----w- c:\documents and settings\administrator\application data\Runscanner.net
2011-08-01 06:07:00 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2011-08-01 06:07:00 -------- d-----w- c:\program files\SpywareBlaster
2011-08-01 05:57:12 -------- d--h--w- c:\documents and settings\all users\application data\Common Files
2011-08-01 05:56:30 -------- d-----w- c:\documents and settings\all users\application data\MFAData
2011-08-01 05:35:09 -------- d-----w- c:\program files\UPHClean
2011-08-01 04:08:13 -------- d-----w- C:\EVENTLOGS
2011-08-01 02:13:08 -------- d-----w- c:\documents and settings\all users\application data\Hitman Pro
2011-07-31 23:47:58 -------- d-----w- c:\program files\VS Revo Group
2011-07-31 23:16:18 -------- d-----w- c:\program files\COMODO
2011-07-31 23:04:44 -------- d-----w- C:\EnhanceSecurityXP2
2011-07-31 22:31:22 -------- d-----w- C:\Disconnects
2011-07-31 22:03:20 -------- d-----w- c:\program files\IPaddresses
2011-07-31 20:37:15 -------- d-----w- c:\program files\MSBLASTVIRUS
2011-07-31 20:29:20 -------- d-----w- c:\program files\NetworkConnectionWizardProblems
2011-07-31 20:21:23 -------- d-----w- c:\program files\TUThelp
2011-07-31 19:16:12 124688 ----a-w- c:\windows\system32\MSWinSck.ocx
2011-07-31 19:16:10 614400 ----a-w- c:\windows\system32\ExButton.dll
2011-07-31 19:16:10 602112 ----a-w- c:\windows\system32\ExMenu.dll
2011-07-31 19:16:10 516096 ----a-w- c:\windows\system32\ExTab.dll
2011-07-31 19:16:10 307200 ----a-w- c:\windows\system32\ExPMenu.dll
2011-07-31 19:16:10 1753088 ----a-w- c:\windows\system32\ExGrid.dll
2011-07-31 19:16:09 368912 ----a-w- c:\windows\system32\vbar332.dll
2011-07-31 19:16:09 356352 ----a-w- c:\windows\system32\eSellerateEngine.dll
2011-07-31 19:16:09 118784 ----a-w- c:\windows\system32\eWebControl.dll
2011-07-31 19:16:09 -------- d-----w- c:\program files\common files\eSellerate
2011-07-31 19:16:08 -------- d-----w- c:\program files\AnswersThatWork
2011-07-31 08:28:28 -------- d-----w- C:\threatreport
2011-07-31 05:10:02 -------- d-----w- c:\program files\Ashampoo
2011-07-31 04:35:43 -------- d-----w- c:\program files\Startup
2011-07-30 22:06:19 -------- d-----w- c:\documents and settings\all users\application data\QFX Software
2011-07-30 22:06:19 -------- d-----w- c:\documents and settings\administrator\application data\QFX Software
2011-07-30 21:48:21 9472 ----a-w- c:\windows\system32\drivers\SnopFree.sys
2011-07-30 21:48:21 90112 ----a-w- c:\windows\system32\SnoopFreeSvc.exe
2011-07-30 21:48:21 45056 ----a-w- c:\windows\SnoopFreeDll.dll
2011-07-30 21:48:21 221184 ----a-w- c:\windows\SnoopFreeUI.exe
2011-07-30 06:11:07 -------- d-----w- c:\program files\aswMBR
2011-07-30 04:11:03 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Opera
2011-07-30 03:41:09 10307728 ----a-w- c:\program files\Opera_1150_int_Setup.exe
2011-07-29 22:36:36 -------- d-----w- c:\program files\fixbug
2011-07-29 04:33:36 -------- d-----w- c:\program files\Firefox
2011-07-29 02:08:16 -------- d-----w- C:\Bleepingcomputer.com
2011-07-29 00:25:39 -------- d-----w- c:\program files\HowToCleanMalware
2011-07-29 00:23:58 -------- d-----w- c:\program files\ReinstallXP
2011-07-28 23:45:00 -------- d-----w- c:\program files\BackupInfo
2011-07-28 21:53:04 -------- d-----w- c:\program files\Backup
2011-07-28 03:41:37 -------- d-----w- c:\program files\GMERLOG
2011-07-27 19:47:00 -------- d-----w- c:\program files\HPprinter
2011-07-27 19:42:22 1748384 ----a-w- c:\program files\HPSDU.exe.part
2011-07-27 02:49:33 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2011-07-27 02:32:33 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-27 02:32:29 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-27 02:32:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-27 00:02:54 -------- d-----w- c:\documents and settings\all users\application data\Panda Security
2011-07-26 23:19:17 -------- d-----w- c:\program files\QH
2011-07-26 22:39:53 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-26 22:39:32 40112 ----a-w- c:\windows\avastSS.scr
2011-07-26 21:40:03 -------- d-----w- c:\program files\WinPcap
2011-07-26 21:22:12 -------- d-----w- c:\program files\OKAY
2011-07-24 00:43:24 -------- d-----w- c:\documents and settings\all users\application data\McAfee Security Scan
2011-07-24 00:43:08 -------- d-----w- c:\program files\McAfee Security Scan
2011-07-23 10:40:14 110080 ----a-r- c:\documents and settings\administrator\application data\microsoft\installer\{820c0eeb-9b12-4ad5-b39d-d15ed1dbdd06}\IconF7A21AF7.exe
2011-07-23 10:40:14 110080 ----a-r- c:\documents and settings\administrator\application data\microsoft\installer\{820c0eeb-9b12-4ad5-b39d-d15ed1dbdd06}\IconD7F16134.exe
2011-07-23 10:40:14 110080 ----a-r- c:\documents and settings\administrator\application data\microsoft\installer\{820c0eeb-9b12-4ad5-b39d-d15ed1dbdd06}\IconCF33A0CE.exe
2011-07-23 10:40:07 -------- d-----w- C:\sh4ldr
2011-07-23 10:40:06 -------- d-----w- c:\program files\Enigma Software Group
2011-07-23 07:07:54 190032 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-07-23 06:59:14 -------- d-----w- c:\program files\ESET
2011-07-23 04:13:27 -------- d-----w- c:\documents and settings\administrator\application data\QuickScan
2011-07-23 01:37:24 767952 ----a-w- c:\windows\BDTSupport.dll0719.old
2011-07-23 01:37:23 2029520 ----a-w- c:\windows\PCTBDCore.dll0719.old
2011-07-23 01:37:23 149456 ----a-w- c:\windows\SGDetectionTool.dll0719.old
2011-07-23 01:07:05 -------- d-----w- c:\program files\common files\PC Tools
2011-07-22 19:44:14 -------- d-sha-r- C:\cmdcons
2011-07-22 05:06:51 91190456 ----a-w- C:\RegistryBkup7-20-11.reg
2011-07-22 05:05:21 4980 ----a-w- C:\cc_20101015_185446[10-15-10backup].reg
2011-07-22 05:02:14 -------- d-----w- c:\program files\Registry-command
2011-07-22 00:35:28 -------- d-----w- c:\program files\BackUpDiskImagers
2011-07-21 22:27:56 -------- d-----w- c:\windows\system32\SysRestorebackup
2011-07-21 22:15:34 73472 ----a-w- c:\windows\system\sr.sys
2011-07-21 22:15:31 73472 ----a-w- c:\windows\system32\sr.sys
2011-07-21 20:38:10 85504 ----a-w- C:\Inherit.exe
2011-07-21 20:02:38 -------- d-----w- c:\program files\RegistryCleaner
2011-07-21 18:32:15 -------- d-----w- c:\program files\currentcontrolset
2011-07-21 17:41:40 -------- d-----w- c:\program files\REG_SZ
2011-07-21 15:23:10 -------- d-----w- c:\program files\SystemRestore
2011-07-21 07:57:04 -------- d-----w- c:\documents and settings\administrator\DoctorWeb
2011-07-18 22:06:29 1130047 ----a-w- c:\program files\KillBoxINS.exe
2011-07-17 02:24:25 388096 ----a-r- c:\documents and settings\administrator\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-07-17 02:24:22 -------- d-----w- c:\program files\Trend Micro
2011-07-16 21:59:31 -------- d-----w- c:\program files\Uninstaller
2011-07-16 05:36:32 -------- d-----w- c:\documents and settings\all users\application data\PC Tools
2011-07-16 05:32:11 -------- d-----w- c:\program files\Uninstallers
2011-07-16 04:58:08 -------- d-----w- c:\program files\Avira
2011-07-15 00:55:48 -------- d-----w- c:\program files\Trojan Remover
2011-07-15 00:17:40 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-07-15 00:17:40 -------- d-----w- c:\windows\system32\wbem\Repository
2011-07-14 23:30:00 -------- d--h--w- c:\windows\system32\GroupPolicy
.
==================== Find3M ====================
.
2011-08-10 17:18:48 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-07-26 22:34:26 309314 ----a-w- c:\program files\K-Lite_Codec_Pack_620_Basic.exe
.
============= FINISH: 17:32:23.04 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 11/28/2008 5:36:15 PM
System Uptime: 8/11/2011 4:29:09 PM (1 hours ago)
.
Motherboard: Intel Corporation | | D865GLC
Processor: Intel® Pentium® 4 CPU 2.40GHz | J2E1 | 2394/200mhz
Processor: Intel® Pentium® 4 CPU 2.40GHz | J2E1 | 2394/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 37 GiB total, 6.444 GiB free.
D: is CDROM ()
E: is CDROM ()
G: is FIXED (NTFS) - 466 GiB total, 83.105 GiB free.
H: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Realtek RTL8185 54M Wireless LAN Network Adapter
Device ID: PCI\VEN_10EC&DEV_8185&SUBSYS_818510EC&REV_20\4&2E98101C&0&08F0
Manufacturer: Realtek
Name: Realtek RTL8185 54M Wireless LAN Network Adapter
PNP Device ID: PCI\VEN_10EC&DEV_8185&SUBSYS_818510EC&REV_20\4&2E98101C&0&08F0
Service: rtl8185
.
==== System Restore Points ===================
.
RP14: 8/9/2011 10:04:48 AM - System Checkpoint
RP15: 8/9/2011 7:28:30 PM - System Checkpoint
RP16: 8/10/2011 10:18:33 AM - Installed Java™ 6 Update 26
RP17: 8/10/2011 3:58:52 PM - Revo Uninstaller's restore point - HP Customer Participation Program 13.0
RP18: 8/10/2011 4:02:15 PM - Revo Uninstaller's restore point - HP Smart Web Printing 4.60
RP19: 8/10/2011 4:10:15 PM - Revo Uninstaller's restore point - HP Smart Web Printing 4.60
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
4500_G510af_Help
4500G510af
4500G510af_Software_Min
A-PDF Text Extractor 1.3
ACSS SCRNSAVE
Ad-Aware
Ad-aware 6 Personal
Adobe Acrobat 5.0
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.0
AFPL Ghostscript 8.54
AFPL Ghostscript Fonts
AIR Software Astro Clock
Alcyone Ephemeris 4
ALUpdate
ALZip
Amazing Slow Downer (remove only)
Argente - Registry Cleaner 1.5.1.0
Ashampoo WinOptimizer 4 FREE
Aspectarian
Astro123 v1.50
AstroWin v3.61
Auslogics Registry Cleaner
avast! Free Antivirus
BufferChm
Capture View
CCleaner (remove only)
ClocX (1.5b2)
ConvertHelper 2.1
Destinations
DeviceDiscovery
DeviceManagementQFolder
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Plus Web Player
dj_sf_ProductContext
dj_sf_software
dj_sf_software_req
DocMgr
DocProc
Dragon NaturallySpeaking 10
Ease Pdf to Text Extractor 1.10
EasyZip
Election Helper v2.30
eSupportQFolder
Fax
FoxyTunes for Firefox
Free PDF Converter
Free Video Converter V 1.4
Freecorder Toolbar 3.0 Application
Freecorder Toolbar 3.02 Application
GPBaseService2
Haihaisoft PDF Reader
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
HP Document Manager 2.0
HP Imaging Device Functions 13.0
HP Solution Center 13.0
HP Update
HPProductAssistant
HPSSupply
ImgBurn
Insight Calendar
Intel® Extreme Graphics 2 Driver
Intel® PRO Network Adapters and Drivers
Intel® PROSet for Wired Connections
IrfanView (remove only)
Java Auto Updater
Java™ 6 Update 26
Java™ 6 Update 7
Junior Jyotish 1.09v
KeyScrambler
Lexmark 510 Series
LightScribe 1.4.136.1
Lucky Days 2.1
Lunabar
Malwarebytes' Anti-Malware version 1.51.1.1800
McAfee Security Scan Plus
MediaCoder 0.6.1
mediaPlay
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Moonphase 3.2
Moyea FLV Player version 1.6.2.2
Mozilla Firefox 4.0.1 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
Nero 8
Netscape Communicator 4.79
OCR Software by I.R.I.S. 13.0
OpenOffice.org 3.0
Opera 11.50
PDF-Viewer
PopHR
QuickLink Mobile
Reveals Your Future
Revo Uninstaller 1.92
rulesPlayer 0.99.3
Scan
Screen Grab Pro
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Microsoft .NET Framework 2.0 (KB922770)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 8 (KB917734)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981350)
Security Update for Windows XP (KB982381)
Shop for HP Supplies
Skype™ 3.8
SmartWebPrinting
SnoopFree Privacy Shield
SolutionCenter
Some Text to PDF Converter 1.5
SoundMAX
SPC Invoice 2.0
SpyHunter
SpywareBlaster 4.4
Status
SUPERAntiSpyware
taskTome
TClockEx
The Ultimate Troubleshooter
Toolbox
TrayApp
TRENDnet TEW-421PC or TEW-423PI
Trojan Remover 6.8.2
Tweak UI
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB898461)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB925720)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
User Profile Hive Cleanup Service
UTStarcom USB Modem Software
VC80CRTRedist - 8.0.50727.4053
Visual C++ Runtime for Dragon NaturallySpeaking
WebFldrs XP
WebReg
Winamp (remove only)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
WinPcap 4.1.1
WinZip 12.0
ZET 9 Lite 1.22
ZoneAlarm
.
==== Event Viewer Messages From Past Week ========
.
8/9/2011 5:58:31 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
8/9/2011 12:59:24 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000043' while processing the file 'Combo-fix.exe' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
8/9/2011 10:37:42 PM, error: Service Control Manager [7034] - The SpyHunter 4 Service service terminated unexpectedly. It has done this 1 time(s).
8/9/2011 10:04:48 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000022' while processing the file 'New Folder (2)' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
8/7/2011 11:45:16 PM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 1 time(s).
8/7/2011 11:45:02 PM, error: Service Control Manager [7034] - The TCP/IP NetBIOS Helper service terminated unexpectedly. It has done this 1 time(s).
8/7/2011 11:44:27 PM, error: Service Control Manager [7034] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 1 time(s).
8/6/2011 10:54:47 AM, error: Dhcp [1002] - The IP address lease 192.168.1.103 for the Network Card with network address 0014D1312626 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
8/4/2011 6:32:52 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
8/4/2011 6:32:10 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 aswSnx aswSP aswTdi ElbyCDIO Fips intelppm SASDIFSV SASKUTIL
8/4/2011 6:32:10 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
8/4/2011 6:32:05 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
8/11/2011 3:40:37 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 30 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
8/11/2011 10:07:33 AM, error: ipnathlp [32003] - The Network Address Translator (NAT) was unable to request an operation of the kernel-mode translation module. This may indicate misconfiguration, insufficient resources, or an internal error. The data is the error code.
8/10/2011 12:33:51 AM, error: PlugPlayManager [11] - The device Root\LEGACY_SJYPKT\0000 disappeared from the system without first being prepared for removal.
.
==== End Of File ===========================

#13 shelf life

shelf life

  • Malware Response Team
  • 2,682 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:11:23 PM

Posted 12 August 2011 - 04:01 PM

hi,
Tdsskiller log looks ok. for the slow issues: I see you have Superantispyware, Adaware, Snoopfree, keyscrambler, malwarebytes and Spyhunter.
Are all these running in the background? If you see a icon by the clock then they are running. Spyhunter a few years ago was questionable software. You might try disabling the option to run at start up except for superantispyware. I cant tell if you have the free malwarebytes version which dosnt run at start up. Not sure what snoopfree is all about. Iam sure the keyscrambler must run at start up. Really the other software will protect you from keyloggers.

How Can I Reduce My Risk to Malware?


#14 j.mark

j.mark
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:23 PM

Posted 12 August 2011 - 10:00 PM

Only Adaware and Avast are running "by the clock".
I do have the free version of Malwarebytes.
Very mixed reviews at cnet on Snoopfree so will use Revo Uninstaller on it.
Will remove Spyhunter also.
Was going to download latest Zonealarm until I read some reviews. Will try
Comodo instead.
Free SUPERAntiSpyware offers no real time protection and Avast and Comodo
do so will probably remove it.
Then will run CCleaner and hopefully speed things back up. Unless you
know of a better registry cleaner.

#15 shelf life

shelf life

  • Malware Response Team
  • 2,682 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:11:23 PM

Posted 13 August 2011 - 01:55 PM

Avast and Comodo
I think comodo now bundles antivirus, not sure on that but you only want one AV, maybe its optional.
Try Ccleaner. I dont recommend any registry cleaners. Even the benefits of ccleaner are debatable as far trying to "speed up" a PC.

How Can I Reduce My Risk to Malware?





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users