Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93083 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

XP runs slloooww

Started by TheGreat.308 , Jan 12 2011 01:23 PM

  • This topic is locked This topic is locked
22 replies to this topic

#1 TheGreat.308

TheGreat.308

    Authentic Member

  • Authentic Member
  • PipPip
  • 31 posts

Posted 12 January 2011 - 01:23 PM

Start up is very slow and it seems to take forever to open internet explorer
Some pages requiring a log in id and password will reload themselves after I partially type in a user id they reload themselves and have the entry fields blank as if I never entered info. into them

Posted below is a HJT log

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:20:11 PM, on 1/12/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Creative\Shared Files\CTDevSrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\TweakNow PowerPack 2010\CDAuto.exe
C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\user1\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - (no file)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [CD Autorun] C:\Program Files\TweakNow PowerPack 2010\CDAuto.exe
O4 - HKCU\..\Run: [CTZDetec.exe] C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - http://www.creative....101/CTSUEng.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - http://www.creative....15106/CTPID.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 5710 bytes

    Advertisements

Register to Remove

#2 Jack&Jill

Jack&Jill

    MRU Emeritus

  • Authentic Member
  • PipPip
  • 247 posts
  • Interests:Non-stop & life-long learning

Posted 14 January 2011 - 10:26 AM

Hello and welcome to What The Tech.

I am currently assessing your situation and will be back with a fix for your problem as soon as possible.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this, click Options, then click Track this topic. Please select Immediate Email Notification for the topic subscription, then click Proceed.

Please be patient with me during this time.

Meanwhile, please make a reply to this topic to acknowledge that you have read this and is still with me to tackle the problem until the end. If I do not get any response within 3 days, this topic will be closed.
Jack&Jill
MRU Teacher of Malware Removal University - A Cooperative Effort with WhatTheTech Classroom.
Member of ASAP and UNITE.

If you have been helped and wish to donate to support this volunteer site, go to Donations For What The Tech.

#3 Jack&Jill

Jack&Jill

    MRU Emeritus

  • Authentic Member
  • PipPip
  • 247 posts
  • Interests:Non-stop & life-long learning

Posted 14 January 2011 - 10:40 AM

Hello TheGreat.308 :),

Welcome to What The Tech. I am Jack&Jill, and I will be helping you out.

Before we go further, there are a few things that I would like to make clear so that we are share the same understanding.
  • Please observe and follow these Terms of Use and the rules in Are you Infected? Getting Started: How To Get Help.
  • Any advice is for your computer only and is taken at your own risk. Fixes sometimes will cause unexpected results, but I will do my best to assist you.
  • Please read the instructions carefully and follow them closely, in the order they are presented to you.
  • If you have any doubts or problems during the fix, please stop and ask.
  • All the tools that I will ask you to download and use are safe. Please allow if prompted by any of your security softwares.
  • Do not use or run any malware cleaning tools without supervision as they may cause more harm if improperly used.
  • Refrain from installing any new programs except those that I request during the fix to prevent interference to my diagnosis of the problem.
  • Lack of malware symptoms does not mean your computer is clean. Stick to this topic until I give the All Clear.
  • If you do not reply within 3 days, this topic will be closed.
If you are agreeable to the above, then everything should go smoothly :) . We may begin.

--------------------

Please download DDS from one of the links below and save it to your desktop.

Link 1
Link 2
Link 3

Please disable any script blocker before running DDS.

  • Double click on dds file and a command window will appear. This is normal.
  • Shortly after, two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save and post the logs.
  • Save the logs to a convenient location such as your desktop.
  • Copy the contents of both logs and post them in your next reply.
--------------------

Please download Rootkit Unhooker and save it to your desktop. Click here.
  • Double click RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Ensure the following are checked (ticked):
    • Drivers
    • Stealth Code
    • Files
    • Code Hooks
  • Uncheck the rest, then click OK. An initial scan will be performed.
  • When prompted to Select Disks for Scan, make sure C:\ is checked and click OK.
  • Wait until the scanner is done, then click on File at the pull down menu, followed by Save Report.
  • Save the report somewhere you can find it. Click Close to exit.
  • Copy the entire contents of the report and paste it in your next reply.
You may get a warning about parasite detection. Please click OK to continue.

--------------------

Please post back:
1. the DDS logs (DDS.txt and Attach.txt)
2. Rootkit Unhooker log
Jack&Jill
MRU Teacher of Malware Removal University - A Cooperative Effort with WhatTheTech Classroom.
Member of ASAP and UNITE.

If you have been helped and wish to donate to support this volunteer site, go to Donations For What The Tech.

#4 TheGreat.308

TheGreat.308

    Authentic Member

  • Authentic Member
  • PipPip
  • 31 posts

Posted 14 January 2011 - 04:42 PM

Thanks for taking the time to check my post DDS txt. Attach txt. & Rootkit Unhooker log are copied below: DDS (Ver_10-12-12.02) - NTFSx86 Run by user1 at 16:06:55.84 on Fri 01/14/2011 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.255.60 [GMT -6:00] AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} FW: ZoneAlarm Firewall *Enabled* ============== Running Processes =============== C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe C:\WINDOWS\system32\Ati2evxx.exe svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast5\AvastSvc.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE svchost.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\Creative\Shared Files\CTDevSrv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe -k imgsvc C:\Program Files\Alwil Software\Avast5\avastUI.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\TweakNow PowerPack 2010\CDAuto.exe C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\spider.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE C:\Documents and Settings\user1\Local Settings\Temporary Internet Files\Content.IE5\CG1IUO8Z\dds[1].pif ============== Pseudo HJT Report =============== uStart Page = hxxp://www.yahoo.com/ uInternet Connection Wizard,ShellNext = iexplore uSearchURL,(Default) = hxxp://www.google.com/search?q=%s BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - No File BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [CTZDetec.exe] c:\program files\creative\creative media lite\CTZDetec.exe uRun: [StartCCC] c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe" mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [CD Autorun] c:\program files\tweaknow powerpack 2010\CDAuto.exe uPolicies-explorer: MaxRecentDocs = 2 (0x2) Trusted Zone: akamai.net\a248.e Trusted Zone: bitdefender.com Trusted Zone: netflame.cc\ssl-hints Trusted Zone: turbotax.com Trusted Zone: yahoo.com DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204 DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scan8/oscan8.cab DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/softwareupdate/su/ocx/15106/CTPID.cab Notify: AtiExtEvent - Ati2evxx.dll Notify: igfxcui - igfxsrvc.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, ============= SERVICES / DRIVERS =============== R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-10-26 293968] R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2010-10-29 532224] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-10-26 17744] S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [2006-7-25 20160] S3 MA8512M;MA8512M;c:\windows\system32\drivers\MA8512M.sys [2008-8-3 25300] S3 MA8512U;MA8512U;c:\windows\system32\drivers\MA8512U.sys [2008-8-3 49106] S3 MadgeTRN;Madge Token-Ring Adapter NDIS5 Driver;c:\windows\system32\drivers\mdgndis5.sys [2006-7-28 164586] =============== File Associations =============== regfile=regedit.exe "%1" %* =============== Created Last 30 ================ 2010-12-17 07:39:37 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys 2010-12-17 07:38:41 45568 -c----w- c:\windows\system32\dllcache\wab.exe ==================== Find3M ==================== 2010-12-31 20:06:36 38848 ----a-w- c:\windows\avastSS.scr 2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll 2010-11-09 14:52:35 249856 ----a-w- c:\windows\system32\odbc32.dll 2010-11-07 21:55:58 737280 ----a-w- c:\windows\iun6002.exe 2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll 2010-11-06 00:26:58 43520 ----a-w- c:\windows\system32\licmgr10.dll 2010-11-06 00:26:58 1469440 ------w- c:\windows\system32\inetcpl.cpl 2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec 2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll 2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys ============= FINISH: 16:08:46.89 =============== UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_10-12-12.02) Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 7/25/2006 1:14:01 PM System Uptime: 1/14/2011 3:41:03 PM (1 hours ago) Motherboard: Compaq | | 07E8h Processor: Intel® Pentium® 4 CPU 1.80GHz | XU1 PROCESSOR | 1794/400mhz ==== Disk Partitions ========================= A: is Removable C: is FIXED (NTFS) - 19 GiB total, 9.069 GiB free. D: is CDROM () E: is CDROM (CDFS) ==== Disabled Device Manager Items ============= Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318} Description: PS/2 Compatible Mouse Device ID: ACPI\PNP0F13\4&36B16CB7&0 Manufacturer: Microsoft Name: PS/2 Compatible Mouse PNP Device ID: ACPI\PNP0F13\4&36B16CB7&0 Service: i8042prt Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318} Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard Device ID: ACPI\PNP0303\4&36B16CB7&0 Manufacturer: (Standard keyboards) Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard PNP Device ID: ACPI\PNP0303\4&36B16CB7&0 Service: i8042prt ==== System Restore Points =================== RP626: 1/12/2011 1:13:36 PM - Removed HiJackThis RP627: 1/13/2011 7:55:57 PM - System Checkpoint ==== Installed Programs ====================== License Manager ABBYY FineReader 5.0 Sprint Adobe Download Manager Adobe Flash Player 10 ActiveX Adobe Reader 8.2.5 Adobe SVG Viewer 3.0 AGEIA PhysX v7.07.09 Apple Application Support Apple Software Update ATI - Software Uninstall Utility ATI Catalyst Control Center ATI Display Driver ATI Parental Control & Encoder avast! Free Antivirus AVIVO Codecs Battlecraft 1942 Battlefield 1942 Battlefield 1942: Secret Weapons of WWII Battlefield 1942: The Road To Rome Battlefield Mod Development Toolkit 2.0 Beta Battlefield Vietnam™ Broadcom 570x Driver Installer Call of Duty - United Offensive Call of Duty Game of the Year Edition Catalyst Control Center Core Implementation Catalyst Control Center Graphics Full Existing Catalyst Control Center Graphics Full New Catalyst Control Center Graphics Light Catalyst Control Center Localization Chinese Standard Catalyst Control Center Localization French Catalyst Control Center Localization German Catalyst Control Center Localization Spanish ccc-core-preinstall ccc-core-static ccc-utility CCC Help Chinese Standard CCC Help English CCC Help French CCC Help German CCC Help Spanish Creative Media Lite Creative ZEN Stone User's Guide Critical Update for Windows Media Player 11 (KB959772) eMule FaxTools Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB2158563) Hotfix for Windows XP (KB2443685) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB970653-v3) Hotfix for Windows XP (KB976098-v2) Hotfix for Windows XP (KB979306) Hotfix for Windows XP (KB981793) Intel® Extreme Graphics Driver Intel® PRO Network Connections Drivers Java Auto Updater Java™ 6 Update 22 Lexmark 1200 Series Medal of Honor Allied Assault Medal of Honor Allied Assault™ Breakthrough Medal of Honor Allied Assault™ Spearhead Medal of Honor Pacific Assault™ Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Office Excel Viewer Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Office Word Viewer 2003 Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Multimedia Samples Mystery in London QuickTime Sanyo PM8200 USB - Handset Manager V8 Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473) Security Update for Windows Internet Explorer 8 (KB2183461) Security Update for Windows Internet Explorer 8 (KB2360131) Security Update for Windows Internet Explorer 8 (KB2416400) Security Update for Windows Internet Explorer 8 (KB971961) Security Update for Windows Internet Explorer 8 (KB976325) Security Update for Windows Internet Explorer 8 (KB978207) Security Update for Windows Internet Explorer 8 (KB981332) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player 10 (KB917734) Security Update for Windows Media Player 10 (KB936782) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows Media Player 9 (KB917734) Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2121546) Security Update for Windows XP (KB2160329) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2259922) Security Update for Windows XP (KB2279986) Security Update for Windows XP (KB2286198) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2296199) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2436673) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923789) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950759) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953838) Security Update for Windows XP (KB953839) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956390) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371-v2) Security Update for Windows XP (KB961373) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969898) Security Update for Windows XP (KB969947) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971486) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB971961) Security Update for Windows XP (KB972260) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973346) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973525) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974455) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB976325) Security Update for Windows XP (KB977165) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978251) Security Update for Windows XP (KB978262) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979559) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980218) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981852) Security Update for Windows XP (KB981957) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982214) Security Update for Windows XP (KB982665) Security Update for Windows XP (KB982802) Skins SoundMAX TweakNow PowerPack 2010 Unreal Anthology Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Windows Internet Explorer 8 (KB976662) Update for Windows Internet Explorer 8 (KB978506) Update for Windows Internet Explorer 8 (KB980182) Update for Windows XP (KB2141007) Update for Windows XP (KB2345886) Update for Windows XP (KB2467659) Update for Windows XP (KB951072-v2) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB955839) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) Update for Windows XP (KB978207) VC 9.0 Runtime Vietcong WebFldrs XP Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage Validation Tool (KB892130) Windows Internet Explorer 8 Windows Media Format 11 runtime Windows Media Player 11 Windows XP Service Pack 3 Yahoo! Install Manager ZoneAlarm ==== Event Viewer Messages From Past Week ======== 1/9/2011 2:52:59 PM, error: atapi [9] - The device, \Device\Ide\IdePort1, did not respond within the timeout period. 1/14/2011 3:18:58 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect. 1/14/2011 3:18:58 PM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 1/10/2011 6:58:05 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt ==== End Of File =========================== RkU Version: 3.8.388.590, Type LE (SR2) ============================================== OS Name: Windows XP Version 5.1.2600 (Service Pack 3) Number of processors #1 ============================================== >Drivers ============================================== 0xBF0FC000 C:\WINDOWS\System32\ati3duag.dll 2826240 bytes (ATI Technologies Inc. , ati3duag.dll) 0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2189952 bytes (Microsoft Corporation, NT Kernel & System) 0x804D7000 PnpManager 2189952 bytes 0x804D7000 RAW 2189952 bytes 0x804D7000 WMIxWDM 2189952 bytes 0xF90D7000 C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 2170880 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Miniport Driver) 0xBF800000 Win32k 1855488 bytes 0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver) 0xBF3AE000 C:\WINDOWS\System32\ativvaxx.dll 1290240 bytes (ATI Technologies Inc. , Radeon Video Acceleration Universal Driver) 0xF8FD6000 C:\WINDOWS\system32\drivers\smwdm.sys 581632 bytes (Analog Devices, Inc., SoundMAX Integrated Digital Audio ) 0xF9A1E000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver) 0xAE67B000 C:\WINDOWS\System32\vsdatant.sys 528384 bytes (Check Point Software Technologies LTD, ZoneAlarm Firewalling Driver) 0xAE5BE000 C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr) 0xF8E44000 C:\WINDOWS\System32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver) 0xAE74A000 C:\WINDOWS\System32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver) 0xAD044000 C:\WINDOWS\System32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver) 0xBF057000 C:\WINDOWS\System32\ati2cqag.dll 348160 bytes (ATI Technologies Inc., Central Memory Manager / Queue Server Module) 0xBF0AC000 C:\WINDOWS\System32\atikvmag.dll 327680 bytes (ATI Technologies Inc., Virtual Command And Memory Manager) 0xAE577000 C:\WINDOWS\System32\Drivers\aswSP.SYS 290816 bytes (AVAST Software, avast! self protection module) 0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver) 0xBF012000 C:\WINDOWS\System32\ati2dvag.dll 282624 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Display Driver) 0xF8F42000 C:\WINDOWS\System32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector) 0xF9B62000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT) 0xAD44F000 C:\WINDOWS\System32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr) 0xF99F1000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver) 0xAC936000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer) 0xAE62E000 C:\WINDOWS\System32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver) 0xF909B000 C:\WINDOWS\System32\DRIVERS\e100b325.sys 163840 bytes (Intel Corporation, Intel® PRO/100 Adapter NDIS 5.1 driver) 0xAE6FC000 C:\WINDOWS\System32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver) 0xAD13C000 C:\WINDOWS\System32\DRIVERS\secdrv.sys 163840 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver) 0xF9B0C000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver) 0xAE724000 C:\WINDOWS\System32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator) 0xADB4B000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver) 0xF8FB2000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices)) 0xF92E9000 C:\WINDOWS\System32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver) 0xF9064000 C:\WINDOWS\System32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library) 0xAE659000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock) 0x806EE000 ACPI_HAL 131840 bytes 0x806EE000 C:\WINDOWS\system32\hal.dll 131840 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL) 0xF9AD4000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager) 0xF9B32000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver) 0xF99C5000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver) 0xF8F9A000 C:\WINDOWS\system32\drivers\aeaudio.sys 98304 bytes (Andrea Electronics Corporation, Andrea Audio Noise Cancellation Driver) 0xF9AF4000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver) 0xAE46F000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes 0xAD65C000 C:\WINDOWS\System32\Drivers\aswMon2.SYS 94208 bytes (AVAST Software, avast! File System Filter Driver for Windows XP) 0xF9AAB000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface) 0xF8F83000 C:\WINDOWS\System32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption)) 0xAD372000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper) 0xF9087000 C:\WINDOWS\System32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver) 0xF90C3000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver) 0xAE7A3000 C:\WINDOWS\System32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver) 0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver) 0xF99DF000 sfdrv01.sys 73728 bytes (Protection Technology, StarForce Protection Environment Driver) 0xF9AC2000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver) 0xF9B51000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator) 0xF8F72000 C:\WINDOWS\System32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler) 0xF9D81000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver) 0xF9D61000 C:\WINDOWS\System32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver) 0xF9D41000 C:\WINDOWS\System32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver) 0xF9D91000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter) 0xF9D71000 C:\WINDOWS\System32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver) 0xF8EC2000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter) 0xF9C61000 C:\WINDOWS\System32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB) 0xF9C01000 C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll) 0xF9E01000 C:\WINDOWS\System32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver) 0xF9BE1000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver) 0xF9E21000 C:\WINDOWS\System32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol) 0xF9C11000 agp440.sys 45056 bytes (Microsoft Corporation, 440 NT AGP Filter) 0xF9CF1000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver) 0xF9D51000 C:\WINDOWS\System32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver) 0xF9DB1000 C:\WINDOWS\system32\DRIVERS\LVUSBSta.sys 45056 bytes (Logitech Inc., USB Statistic Driver) 0xF9BC1000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager) 0xF9E11000 C:\WINDOWS\System32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver) 0xF9CB1000 C:\WINDOWS\System32\Drivers\aswTdi.SYS 40960 bytes (AVAST Software, avast! TDI Filter Driver) 0xF9BB1000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver) 0xF9C71000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy) 0xF9C51000 C:\WINDOWS\System32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver) 0xF9BF1000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver) 0xF9DC1000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library) 0xF9DA1000 C:\WINDOWS\System32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver) 0xF9C41000 C:\WINDOWS\System32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier) 0xF9CD1000 C:\WINDOWS\System32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver) 0xACAC9000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver) 0xF9BD1000 sfsync02.sys 36864 bytes (Protection Technology, StarForce Protection Synchronization Driver) 0xF9CC1000 C:\WINDOWS\System32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver) 0xF9FB1000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver) 0xF9E41000 sfhlp02.sys 32768 bytes (Protection Technology, StarForce Protection Helper Driver) 0xF9EB9000 C:\WINDOWS\System32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver) 0xF9EC9000 C:\WINDOWS\System32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver) 0xF9EF1000 C:\WINDOWS\System32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver) 0xF9F89000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library) 0xF9E79000 C:\DOCUME~1\user1\LOCALS~1\Temp\mbr.sys 28672 bytes 0xF9E31000 C:\WINDOWS\System32\Drivers\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension) 0xF9EE9000 C:\WINDOWS\system32\DRIVERS\usbprint.sys 28672 bytes (Microsoft Corporation, USB Printer driver) 0xF9E89000 C:\WINDOWS\System32\Drivers\Aavmker4.SYS 24576 bytes (AVAST Software, avast! Base Kernel-Mode Device Driver for Windows NT/2000/XP) 0xF9EE1000 C:\WINDOWS\System32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver) 0xF9ED9000 C:\WINDOWS\System32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver) 0xF9EC1000 C:\WINDOWS\System32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver) 0xF9F91000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver) 0xF9E61000 C:\WINDOWS\System32\Drivers\aswRdr.SYS 20480 bytes (AVAST Software, avast! TDI RDR Driver) 0xF9F69000 C:\WINDOWS\System32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver) 0xF9FA1000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver) 0xF9E39000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager) 0xF9F39000 C:\WINDOWS\System32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library) 0xF9F49000 C:\WINDOWS\System32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver) 0xF9F29000 C:\WINDOWS\System32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper) 0xF9F11000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver) 0xAE7EA000 C:\WINDOWS\system32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID Mouse Filter Driver) 0xFA0A5000 C:\WINDOWS\System32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver) 0xADA2F000 C:\WINDOWS\System32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver) 0xFA065000 C:\WINDOWS\System32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator) 0xAE7FA000 C:\WINDOWS\system32\DRIVERS\usbscan.sys 16384 bytes (Microsoft Corporation, USB Scanner Driver) 0xADB43000 C:\WINDOWS\System32\Drivers\aswFsBlk.SYS 12288 bytes (AVAST Software, avast! File System Access Blocking Driver) 0xF9FC1000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver) 0xF930D000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver) 0xAE7F2000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices) 0xAD4C4000 C:\WINDOWS\system32\DRIVERS\MaVc2K.sys 12288 bytes (Mobile Action Technology Inc., Mobile Action Virtual Control) 0xAE7E2000 C:\WINDOWS\System32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver) 0xFA081000 C:\WINDOWS\System32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver) 0xFA049000 C:\WINDOWS\System32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver) 0xFA0F3000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver) 0xFA0B7000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver) 0xFA147000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes 0xFA0EF000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver) 0xFA0B5000 intelide.sys 8192 bytes (Microsoft Corporation, Intel PCI IDE Driver) 0xFA0B1000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL) 0xFA0F7000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator) 0xFA165000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver) 0xFA0FB000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport) 0xFA0E7000 C:\WINDOWS\System32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator) 0xFA0EB000 C:\WINDOWS\System32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver) 0xFA0B3000 C:\WINDOWS\System32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll) 0xFA2FD000 C:\WINDOWS\System32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver) 0xFA2EF000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk) 0xFA210000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver) 0xFA179000 PCIIde.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver) ============================================== >Stealth ============================================== 0x05910000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Wizard.DLL [ EPROCESS 0x8248F708 ] PID: 2884, 102400 bytes 0x00D70000 Hidden Image-->MOM.Implementation.DLL [ EPROCESS 0x820319E0 ] PID: 2748, 110592 bytes 0x03900000 Hidden Image-->MOM.Implementation.DLL [ EPROCESS 0x8248F708 ] PID: 2884, 110592 bytes 0x03970000 Hidden Image-->CLI.Component.Runtime.DLL [ EPROCESS 0x8248F708 ] PID: 2884, 110592 bytes 0x06230000 Hidden Image-->CLI.Aspect.DeviceTV.Graphics.Wizard.DLL [ EPROCESS 0x8248F708 ] PID: 2884, 110592 bytes 0x06BC0000 Hidden Image-->CLI.Aspect.VPURecover.Graphics.Dashboard.DLL [ EPROCESS 0x8248F708 ] PID: 2884, 110592 bytes 0x066B0000 Hidden Image-->CLI.Aspect.DisplaysOptions.Graphics.Dashboard.DLL [ EPROCESS 0x8248F708 ] PID: 2884, 126976 bytes 0x06300000 Hidden Image-->CLI.Component.Dashboard.DLL [ EPROCESS 0x8248F708 ] PID: 2884, 1413120 bytes 0x065C0000 Hidden Image-->CLI.Aspect.Welcome.Graphics.Dashboard.DLL [ EPROCESS 0x8248F708 ] PID: 2884, 143360 bytes 0x05930000 Hidden Image-->CLI.Aspect.DisplaysManager.Graphics.Wizard.DLL [ EPROCESS 0x8248F708 ] PID: 2884, 1683456 bytes 0x06180000 Hidden Image-->CLI.Aspect.InfoCentre.Graphics.Wizard.DLL [ EPROCESS 0x8248F708 ] PID: 2884, 192512 bytes 0x06670000 Hidden Image-->CLI.Aspect.InfoCentre.Graphics.Dashboard.DLL [ EPROCESS 0x8248F708 ] PID: 2884, 217088 bytes 0x046B0000 Hidden Image-->CLI.Caste.Graphics.Runtime.DLL [ EPROCESS 0x8248F708 ] PID: 2884, 241664 bytes 0x00F30000 Hidden Image-->MOM.Foundation.DLL [ EPROCESS 0x820319E0 ] PID: 2748, 28672 bytes 0x01180000 Hidden Image-->LOG.Foundation.Implementation.Private.DLL [ EPROCESS 0x820319E0 ] PID: 2748, 28672 bytes 0x05AF0000 Hidden Image-->atixclib.DLL [ EPROCESS 0x8248F708 ] PID: 2884, 28672 bytes 0x04BD0000 Hidden Image-->CLI.Caste.Graphics.Runtime.Shared.Private.DLL [ EPROCESS 0x8248F708 ] PID: 2884, 28672 bytes 0x00DA0000 Hidden Image-->MOM.Foundation.DLL [ EPROCESS 0x8248F708 ] PID: 2884, 28672 bytes 0x00DC0000 Hidden Image-->LOG.Foundation.Implementation.Private.DLL [ EPROCESS 0x8248F708 ] PID: 2884, 28672 bytes 0x039B0000 Hidden Image-->CLI.Foundation.Private.DLL [ EPROCESS 0x8248F708 ] PID: 2884, 28672 bytes 0x03C00000 Hidden Image-->AEM.Server.Shared.DLL [ EPROCESS 0x8248F708 ] PID: 2884, 28672 bytes 0x03C50000 Hidden Image-->AEM.Plugin.DPPE.Shared.DLL [ EPROCESS 0x8248F708 ] PID: 2884, 28672 bytes 0x03C70000 Hidden Image-->AEM.Plugin.Hotkeys.Shared.DLL [ EPROCESS 0x8248F708 ] PID: 2884, 28672 bytes 0x03E90000 Hidden Image-->DEM.Graphics.DLL [ EPROCESS 0x8248F708 ] PID: 2884, 28672 bytes 0x03EB0000 Hidden Image-->DEM.Foundation.DLL [ EPROCESS 0x8248F708 ] PID: 2884, 28672 bytes 0x04720000 Hidden Image-->DEM.OS.DLL [ EPROCESS 0x8248F708 ] PID: 2884, 28672 bytes 0x04710000 Hidden Image-->AEM.Actions.CCAA.Shared.DLL [ EPROCESS 0x8248F708 ] PID: 2884, 28672 bytes 0x046F0000 Hidden Image-->DEM.OS.I0602.DLL [ EPROCESS 0x8248F708 ] PID: 2884, 28672 bytes 0x04A80000 Hidden Image-->CLI.Aspect.HotkeysHandling.Graphics.Runtime.DLL [ EPROCESS 0x8248F708 ] PID: 2884, 28672 bytes 0x04BA0000 Hidden Image-->CLI.Aspect.HotkeysHandling.Graphics.Shared.DLL [ EPROCESS 0x8248F708 ] PID: 2884, 28672 bytes 0x04DA0000 Hidden Image-->AEM.Plugin.GD.Shared.DLL [ EPROCESS 0x8248F708 ] PID: 2884, 28672 bytes 0x05020000 Hidden Image-->CLI.Aspect.VPURecover.Graphics.Shared.DLL [ EPROCESS 0x8248F708 ] PID: 2884, 28672 bytes 0x05240000 Hidden Image-->CLI.Component.Client.Shared.DLL [ EPROCESS 0x8248F708 ] PID: 2884, 28672 bytes 0x05250000 Hidden Image-->CLI.Component.Wizard.Shared.DLL [ EPROCESS 0x8248F708 ] PID: 2884, 28672 bytes 0x05470000 Hidden Image-->CLI.Caste.Graphics.Wizard.Shared.DLL [ EPROCESS 0x8248F708 ] PID: 2884, 28672 bytes 0x06470000 Hidden Image-->CLI.Component.Dashboard.Shared.Private.DLL [ EPROCESS 0x8248F708 ] PID: 2884, 28672 bytes 0x06460000 Hidden Image-->CLI.Component.Dashboard.Shared.DLL [ EPROCESS 0x8248F708 ] PID: 2884, 28672 bytes 0x065A0000 Hidden Image-->CLI.Caste.Graphics.Dashboard.Shared.DLL [ EPROCESS 0x8248F708 ] PID: 2884, 28672 bytes 0x01190000 Hidden Image-->System.Runtime.Remoting.dll [ EPROCESS 0x820319E0 ] PID: 2748, 307200 bytes 0x00E00000 Hidden Image-->System.Runtime.Remoting.dll [ EPROCESS 0x8248F708 ] PID: 2884, 307200 bytes 0x03EC0000 Hidden Image-->ATIDEMGX.dll [ EPROCESS 0x8248F708 ] PID: 2884, 315392 bytes 0x069C0000 Hidden Image-->CLI.Aspect.DeviceDFP.Graphics.Dashboard.DLL [ EPROCESS 0x8248F708 ] PID: 2884, 331776 bytes 0x06A20000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Dashboard.DLL [ EPROCESS 0x8248F708 ] PID: 2884, 364544 bytes 0x03920000 Hidden Image-->NEWAEM.Foundation.DLL [ EPROCESS 0x820319E0 ] PID: 2748, 36864 bytes 0x03920000 Hidden Image-->CLI.Foundation.XManifest.DLL [ EPROCESS 0x8248F708 ] PID: 2884, 36864 bytes 0x039F0000 Hidden Image-->AEM.Foundation.DLL [ EPROCESS 0x8248F708 ] PID: 2884, 36864 bytes 0x039E0000 Hidden Image-->NEWAEM.Foundation.DLL [ EPROCESS 0x8248F708 ] PID: 2884, 36864 bytes 0x041A0000 Hidden Image-->ACE.Graphics.DisplaysManager.Shared.DLL [ EPROCESS 0x8248F708 ] PID: 2884, 36864 bytes 0x04C20000 Hidden Image-->CLI.Aspect.DeviceProperty.Graphics.Runtime.DLL [ EPROCESS 0x8248F708 ] PID: 2884, 36864 bytes 0x04C10000 Hidden Image-->CLI.Aspect.CustomFormats.Graphics.Shared.DLL [ EPROCESS 0x8248F708 ] PID: 2884, 36864 bytes 0x04C30000 Hidden Image-->CLI.Aspect.DeviceProperty.Graphics.Shared.DLL [ EPROCESS 0x8248F708 ] PID: 2884, 36864 bytes 0x05000000 Hidden Image-->CLI.Aspect.VPURecover.Graphics.Runtime.DLL [ EPROCESS 0x8248F708 ] PID: 2884, 36864 bytes 0x04E10000 Hidden Image-->CLI.Aspect.DisplaysColour2.Graphics.Shared.DLL [ EPROCESS 0x8248F708 ] PID: 2884, 36864 bytes 0x04E40000 Hidden Image-->CLI.Aspect.DisplaysOptions.Graphics.Shared.DLL [ EPROCESS 0x8248F708 ] PID: 2884, 36864 bytes 0x04EB0000 Hidden Image-->CLI.Aspect.DeviceLCD.Graphics.Shared.DLL [ EPROCESS 0x8248F708 ] PID: 2884, 36864 bytes 0x050A0000 Hidden Image-->APM.Foundation.DLL [ EPROCESS 0x8248F708 ] PID: 2884, 36864 bytes 0x05270000 Hidden Image-->CLI.Component.Wizard.Shared.Private.DLL [ EPROCESS 0x8248F708 ] PID: 2884, 36864 bytes 0x03F30000 Hidden Image-->System.Management.dll [ EPROCESS 0x8248F708 ] PID: 2884, 380928 bytes 0x05380000 Hidden Image-->CLI.Component.Systemtray.DLL [ EPROCESS 0x8248F708 ] PID: 2884, 397312 bytes 0x06080000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Wizard.DLL [ EPROCESS 0x8248F708 ] PID: 2884, 413696 bytes 0x06600000 Hidden Image-->CLI.Aspect.DisplaysManager.Graphics.Dashboard.DLL [ EPROCESS 0x8248F708 ] PID: 2884, 446464 bytes 0x00DA0000 Hidden Image-->LOG.Foundation.DLL [ EPROCESS 0x820319E0 ] PID: 2748, 45056 bytes 0x011F0000 Hidden Image-->LOG.Foundation.Private.DLL [ EPROCESS 0x820319E0 ] PID: 2748, 45056 bytes 0x03C20000 Hidden Image-->AEM.Plugin.Source.Kit.Server.DLL [ EPROCESS 0x8248F708 ] PID: 2884, 45056 bytes 0x00D90000 Hidden Image-->LOG.Foundation.DLL [ EPROCESS 0x8248F708 ] PID: 2884, 45056 bytes 0x00D70000 Hidden Image-->CCC.Implementation.DLL [ EPROCESS 0x8248F708 ] PID: 2884, 45056 bytes 0x00E60000 Hidden Image-->LOG.Foundation.Private.DLL [ EPROCESS 0x8248F708 ] PID: 2884, 45056 bytes 0x039C0000 Hidden Image-->ATICCCom.DLL [ EPROCESS 0x8248F708 ] PID: 2884, 45056 bytes 0x04DB0000 Hidden Image-->CLI.Aspect.InfoCentre.Graphics.Runtime.DLL [ EPROCESS 0x8248F708 ] PID: 2884, 45056 bytes 0x04DF0000 Hidden Image-->CLI.Aspect.DisplaysColour2.Graphics.Runtime.DLL [ EPROCESS 0x8248F708 ] PID: 2884, 45056 bytes 0x04E30000 Hidden Image-->CLI.Aspect.DisplaysOptions.Graphics.Runtime.DLL [ EPROCESS 0x8248F708 ] PID: 2884, 45056 bytes 0x04EA0000 Hidden Image-->CLI.Aspect.DeviceLCD.Graphics.Runtime.DLL [ EPROCESS 0x8248F708 ] PID: 2884, 45056 bytes 0x05090000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Shared.DLL [ EPROCESS 0x8248F708 ] PID: 2884, 45056 bytes 0x053F0000 Hidden Image-->CLI.Component.Wizard.DLL [ EPROCESS 0x8248F708 ] PID: 2884, 479232 bytes 0x066D0000 Hidden Image-->CLI.Aspect.DeviceCRT.Graphics.Dashboard.DLL [ EPROCESS 0x8248F708 ] PID: 2884, 487424 bytes 0x05710000 Hidden Image-->CLI.Aspect.TransCode.Graphics.Wizard.DLL [ EPROCESS 0x8248F708 ] PID: 2884, 495616 bytes 0x03910000 Hidden Image-->AEM.Server.DLL [ EPROCESS 0x820319E0 ] PID: 2748, 53248 bytes 0x039A0000 Hidden Image-->CLI.Component.Runtime.Shared.Private.DLL [ EPROCESS 0x8248F708 ] PID: 2884, 53248 bytes 0x039D0000 Hidden Image-->AEM.Server.DLL [ EPROCESS 0x8248F708 ] PID: 2884, 53248 bytes 0x03EA0000 Hidden Image-->DEM.Graphics.I0601.DLL [ EPROCESS 0x8248F708 ] PID: 2884, 53248 bytes 0x04BE0000 Hidden Image-->CLI.Aspect.DeviceCV.Graphics.Shared.DLL [ EPROCESS 0x8248F708 ] PID: 2884, 53248 bytes 0x04E50000 Hidden Image-->CLI.Aspect.DeviceCRT.Graphics.Runtime.DLL [ EPROCESS 0x8248F708 ] PID: 2884, 53248 bytes 0x04ED0000 Hidden Image-->CLI.Aspect.DeviceDFP.Graphics.Shared.DLL [ EPROCESS 0x8248F708 ] PID: 2884, 53248 bytes 0x05070000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Runtime.DLL [ EPROCESS 0x8248F708 ] PID: 2884, 53248 bytes 0x05210000 Hidden Image-->CLI.Component.Client.Shared.Private.DLL [ EPROCESS 0x8248F708 ] PID: 2884, 53248 bytes 0x05260000 Hidden Image-->CLI.Caste.Graphics.Wizard.DLL [ EPROCESS 0x8248F708 ] PID: 2884, 53248 bytes 0x05AD0000 Hidden Image-->CLI.Aspect.TransCode.Graphics.Shared.DLL [ EPROCESS 0x8248F708 ] PID: 2884, 53248 bytes 0x06A80000 Hidden Image-->CLI.Aspect.DisplaysColour2.Graphics.Dashboard.DLL [ EPROCESS 0x8248F708 ] PID: 2884, 585728 bytes 0x00DB0000 Hidden Image-->CLI.Foundation.DLL [ EPROCESS 0x8248F708 ] PID: 2884, 61440 bytes 0x04190000 Hidden Image-->CLI.Caste.Graphics.Shared.DLL [ EPROCESS 0x8248F708 ] PID: 2884, 61440 bytes 0x04730000 Hidden Image-->ATIDEMOS.DLL [ EPROCESS 0x8248F708 ] PID: 2884, 61440 bytes 0x04DC0000 Hidden Image-->CLI.Aspect.InfoCentre.Graphics.Shared.DLL [ EPROCESS 0x8248F708 ] PID: 2884, 61440 bytes 0x04E60000 Hidden Image-->CLI.Aspect.DeviceCRT.Graphics.Shared.DLL [ EPROCESS 0x8248F708 ] PID: 2884, 61440 bytes 0x04EC0000 Hidden Image-->CLI.Aspect.DeviceDFP.Graphics.Runtime.DLL [ EPROCESS 0x8248F708 ] PID: 2884, 61440 bytes 0x05050000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Shared.DLL [ EPROCESS 0x8248F708 ] PID: 2884, 61440 bytes 0x06800000 Hidden Image-->CLI.Aspect.DeviceCV.Graphics.Dashboard.DLL [ EPROCESS 0x8248F708 ] PID: 2884, 659456 bytes 0x06B10000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Dashboard.DLL [ EPROCESS 0x8248F708 ] PID: 2884, 675840 bytes 0x01160000 Hidden Image-->LOG.Foundation.Implementation.DLL [ EPROCESS 0x820319E0 ] PID: 2748, 69632 bytes 0x00DD0000 Hidden Image-->LOG.Foundation.Implementation.DLL [ EPROCESS 0x8248F708 ] PID: 2884, 69632 bytes 0x04BB0000 Hidden Image-->CLI.Aspect.DeviceCV.Graphics.Runtime.DLL [ EPROCESS 0x8248F708 ] PID: 2884, 69632 bytes 0x04D60000 Hidden Image-->CLI.Aspect.DeviceTV.Graphics.Shared.DLL [ EPROCESS 0x8248F708 ] PID: 2884, 69632 bytes 0x05030000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Runtime.DLL [ EPROCESS 0x8248F708 ] PID: 2884, 69632 bytes 0x06250000 Hidden Image-->CLI.Aspect.DeviceCV.Graphics.Wizard.DLL [ EPROCESS 0x8248F708 ] PID: 2884, 700416 bytes 0x04D40000 Hidden Image-->CLI.Aspect.DeviceTV.Graphics.Runtime.DLL [ EPROCESS 0x8248F708 ] PID: 2884, 86016 bytes 0x06580000 Hidden Image-->CLI.Caste.Graphics.Dashboard.DLL [ EPROCESS 0x8248F708 ] PID: 2884, 86016 bytes 0x068B0000 Hidden Image-->CLI.Aspect.DeviceTV.Graphics.Dashboard.DLL [ EPROCESS 0x8248F708 ] PID: 2884, 921600 bytes ============================================== >Files ============================================== ============================================== >Hooks ============================================== ntoskrnl.exe+0x00004AA2, Type: Inline - RelativeJump 0x804DBAA2-->804DBAA9 [ntoskrnl.exe] ntoskrnl.exe+0x0000B71C, Type: Inline - RelativeJump 0x804E271C-->804E277B [ntoskrnl.exe] ntoskrnl.exe+0x0000B75C, Type: Inline - RelativeJump 0x804E275C-->804E27BB [ntoskrnl.exe] ntoskrnl.exe+0x0000B7B0, Type: Inline - RelativeJump 0x804E27B0-->804E2820 [ntoskrnl.exe] ntoskrnl.exe+0x0000B7BC, Type: Inline - RelativeJump 0x804E27BC-->804E281A [ntoskrnl.exe] ntoskrnl.exe+0x0000B9B8, Type: Inline - RelativeJump 0x804E29B8-->804E2A17 [ntoskrnl.exe] ntoskrnl.exe+0x0000BA38, Type: Inline - RelativeJump 0x804E2A38-->804E2AA8 [ntoskrnl.exe] ntoskrnl.exe-->NtLoadDriver, Type: Inline - RelativeJump 0x805A3B73-->AE5946C0 [aswSP.SYS] ntoskrnl.exe-->ObInsertObject, Type: Inline - RelativeJump 0x8056503A-->AE591BB8 [aswSP.SYS] ntoskrnl.exe-->ObMakeTemporaryObject, Type: Inline - RelativeJump 0x8059F8CA-->AE59011E [aswSP.SYS] tcpip.sys-->ndis.sys-->NdisCloseAdapter, Type: IAT modification 0xAE789428-->AE6A1CBA [vsdatant.sys] tcpip.sys-->ndis.sys-->NdisOpenAdapter, Type: IAT modification 0xAE789454-->AE6A14C8 [vsdatant.sys] tcpip.sys-->ndis.sys-->NdisRegisterProtocol, Type: IAT modification 0xAE789460-->AE6A1672 [vsdatant.sys] wanarp.sys-->ndis.sys-->NdisCloseAdapter, Type: IAT modification 0xF9CC6B4C-->AE6A1CBA [vsdatant.sys] wanarp.sys-->ndis.sys-->NdisDeregisterProtocol, Type: IAT modification 0xF9CC6B1C-->AE69FC2A [vsdatant.sys] wanarp.sys-->ndis.sys-->NdisOpenAdapter, Type: IAT modification 0xF9CC6B3C-->AE6A14C8 [vsdatant.sys] wanarp.sys-->ndis.sys-->NdisRegisterProtocol, Type: IAT modification 0xF9CC6B28-->AE6A1672 [vsdatant.sys] [1028]svchost.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x77E37101-->00000000 [snxhk.dll] [1028]svchost.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x77E37189-->00000000 [snxhk.dll] [1028]svchost.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x77E36E69-->00000000 [snxhk.dll] [1028]svchost.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x77E37001-->00000000 [snxhk.dll] [1028]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [snxhk.dll] [1028]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [snxhk.dll] [1028]svchost.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [snxhk.dll] [1028]svchost.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x77E36D81-->00000000 [snxhk.dll] [1028]svchost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [snxhk.dll] [1028]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [snxhk.dll] [1028]svchost.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [snxhk.dll] [1028]svchost.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [snxhk.dll] [1028]svchost.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x7E4317F7-->00000000 [snxhk.dll] [1028]svchost.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E42D5F3-->00000000 [snxhk.dll] [1028]svchost.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7E4318AC-->00000000 [snxhk.dll] [1060]svchost.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x77E37101-->00000000 [snxhk.dll] [1060]svchost.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x77E37189-->00000000 [snxhk.dll] [1060]svchost.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x77E36E69-->00000000 [snxhk.dll] [1060]svchost.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x77E37001-->00000000 [snxhk.dll] [1060]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [snxhk.dll] [1060]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [snxhk.dll] [1060]svchost.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [snxhk.dll] [1060]svchost.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x77E36D81-->00000000 [snxhk.dll] [1060]svchost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [snxhk.dll] [1060]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [snxhk.dll] [1060]svchost.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [snxhk.dll] [1060]svchost.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [snxhk.dll] [1060]svchost.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x7E4317F7-->00000000 [snxhk.dll] [1060]svchost.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E42D5F3-->00000000 [snxhk.dll] [1060]svchost.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7E4318AC-->00000000 [snxhk.dll] [1088]svchost.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x77E37101-->00000000 [snxhk.dll] [1088]svchost.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x77E37189-->00000000 [snxhk.dll] [1088]svchost.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x77E36E69-->00000000 [snxhk.dll] [1088]svchost.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x77E37001-->00000000 [snxhk.dll] [1088]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [snxhk.dll] [1088]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [snxhk.dll] [1088]svchost.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [snxhk.dll] [1088]svchost.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x77E36D81-->00000000 [snxhk.dll] [1088]svchost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [snxhk.dll] [1088]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [snxhk.dll] [1088]svchost.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [snxhk.dll] [1088]svchost.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [snxhk.dll] [1088]svchost.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x7E4317F7-->00000000 [snxhk.dll] [1088]svchost.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E42D5F3-->00000000 [snxhk.dll] [1088]svchost.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7E4318AC-->00000000 [snxhk.dll] [1116]HPZipm12.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x77E37101-->00000000 [snxhk.dll] [1116]HPZipm12.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x77E37189-->00000000 [snxhk.dll] [1116]HPZipm12.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x77E36E69-->00000000 [snxhk.dll] [1116]HPZipm12.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x77E37001-->00000000 [snxhk.dll] [1116]HPZipm12.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [snxhk.dll] [1116]HPZipm12.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [snxhk.dll] [1116]HPZipm12.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [snxhk.dll] [1116]HPZipm12.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x77E36D81-->00000000 [snxhk.dll] [1116]HPZipm12.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [snxhk.dll] [1116]HPZipm12.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [snxhk.dll] [1116]HPZipm12.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [snxhk.dll] [1116]HPZipm12.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [snxhk.dll] [1116]HPZipm12.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x7E4317F7-->00000000 [snxhk.dll] [1116]HPZipm12.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E42D5F3-->00000000 [snxhk.dll] [1116]HPZipm12.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7E4318AC-->00000000 [snxhk.dll] [1156]svchost.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x77E37101-->00000000 [snxhk.dll] [1156]svchost.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x77E37189-->00000000 [snxhk.dll] [1156]svchost.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x77E36E69-->00000000 [snxhk.dll] [1156]svchost.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x77E37001-->00000000 [snxhk.dll] [1156]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [snxhk.dll] [1156]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [snxhk.dll] [1156]svchost.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [snxhk.dll] [1156]svchost.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x77E36D81-->00000000 [snxhk.dll] [1156]svchost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [snxhk.dll] [1156]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [snxhk.dll] [1156]svchost.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [snxhk.dll] [1156]svchost.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [snxhk.dll] [1156]svchost.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x7E4317F7-->00000000 [snxhk.dll] [1156]svchost.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E42D5F3-->00000000 [snxhk.dll] [1156]svchost.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7E4318AC-->00000000 [snxhk.dll] [1180]SMAgent.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x77E37101-->00000000 [snxhk.dll] [1180]SMAgent.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x77E37189-->00000000 [snxhk.dll] [1180]SMAgent.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x77E36E69-->00000000 [snxhk.dll] [1180]SMAgent.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x77E37001-->00000000 [snxhk.dll] [1180]SMAgent.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [snxhk.dll] [1180]SMAgent.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [snxhk.dll] [1180]SMAgent.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [snxhk.dll] [1180]SMAgent.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x77E36D81-->00000000 [snxhk.dll] [1180]SMAgent.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [snxhk.dll] [1180]SMAgent.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [snxhk.dll] [1180]SMAgent.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [snxhk.dll] [1180]SMAgent.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [snxhk.dll] [1180]SMAgent.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x7E4317F7-->00000000 [snxhk.dll] [1180]SMAgent.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E42D5F3-->00000000 [snxhk.dll] [1180]SMAgent.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7E4318AC-->00000000 [snxhk.dll] [1196]ati2evxx.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x77E37101-->00000000 [snxhk.dll] [1196]ati2evxx.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x77E37189-->00000000 [snxhk.dll] [1196]ati2evxx.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x77E36E69-->00000000 [snxhk.dll] [1196]ati2evxx.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x77E37001-->00000000 [snxhk.dll] [1196]ati2evxx.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [snxhk.dll] [1196]ati2evxx.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [snxhk.dll] [1196]ati2evxx.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [snxhk.dll] [1196]ati2evxx.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x77E36D81-->00000000 [snxhk.dll] [1196]ati2evxx.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [snxhk.dll] [1196]ati2evxx.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [snxhk.dll] [1196]ati2evxx.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [snxhk.dll] [1196]ati2evxx.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [snxhk.dll] [1196]ati2evxx.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x7E4317F7-->00000000 [snxhk.dll] [1196]ati2evxx.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E42D5F3-->00000000 [snxhk.dll] [1196]ati2evxx.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7E4318AC-->00000000 [snxhk.dll] [1280]svchost.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x77E37101-->00000000 [snxhk.dll] [1280]svchost.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x77E37189-->00000000 [snxhk.dll] [1280]svchost.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x77E36E69-->00000000 [snxhk.dll] [1280]svchost.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x77E37001-->00000000 [snxhk.dll] [1280]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [snxhk.dll] [1280]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [snxhk.dll] [1280]svchost.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [snxhk.dll] [1280]svchost.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x77E36D81-->00000000 [snxhk.dll] [1280]svchost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [snxhk.dll] [1280]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [snxhk.dll] [1280]svchost.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [snxhk.dll] [1280]svchost.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [snxhk.dll] [1280]svchost.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x7E4317F7-->00000000 [snxhk.dll] [1280]svchost.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E42D5F3-->00000000 [snxhk.dll] [1280]svchost.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7E4318AC-->00000000 [snxhk.dll] [1564]explorer.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x77E37101-->00000000 [snxhk.dll] [1564]explorer.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x77E37189-->00000000 [snxhk.dll] [1564]explorer.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x77E36E69-->00000000 [snxhk.dll] [1564]explorer.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x77E37001-->00000000 [snxhk.dll] [1564]explorer.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [snxhk.dll] [1564]explorer.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [snxhk.dll] [1564]explorer.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [snxhk.dll] [1564]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll] [1564]explorer.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x77E36D81-->00000000 [snxhk.dll] [1564]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll] [1564]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->00000000 [shimeng.dll] [1564]explorer.exe-->mswsock.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71A51178-->00000000 [shimeng.dll] [1564]explorer.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [snxhk.dll] [1564]explorer.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [snxhk.dll] [1564]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll] [1564]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll] [1564]explorer.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [snxhk.dll] [1564]explorer.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [snxhk.dll] [1564]explorer.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x7E4317F7-->00000000 [snxhk.dll] [1564]explorer.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E42D5F3-->00000000 [snxhk.dll] [1564]explorer.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7E4318AC-->00000000 [snxhk.dll] [1564]explorer.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x3D9314B0-->00000000 [shimeng.dll] [1564]explorer.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71AB109C-->00000000 [shimeng.dll] [1876]AvastSvc.exe-->kernel32.dll-->SetUnhandledExceptionFilter, Type: Inline - PushRet 0x7C84495D-->00000000 [unknown_code_page] [2228]alg.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x77E37101-->00000000 [snxhk.dll] [2228]alg.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x77E37189-->00000000 [snxhk.dll] [2228]alg.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x77E36E69-->00000000 [snxhk.dll] [2228]alg.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x77E37001-->00000000 [snxhk.dll] [2228]alg.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [snxhk.dll] [2228]alg.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [snxhk.dll] [2228]alg.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [snxhk.dll] [2228]alg.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x77E36D81-->00000000 [snxhk.dll] [2228]alg.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [snxhk.dll] [2228]alg.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [snxhk.dll] [2228]alg.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [snxhk.dll] [2228]alg.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [snxhk.dll] [2228]alg.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x7E4317F7-->00000000 [snxhk.dll] [2228]alg.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E42D5F3-->00000000 [snxhk.dll] [2228]alg.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7E4318AC-->00000000 [snxhk.dll] [2612]jusched.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x77E37101-->00000000 [snxhk.dll] [2612]jusched.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x77E37189-->00000000 [snxhk.dll] [2612]jusched.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x77E36E69-->00000000 [snxhk.dll] [2612]jusched.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x77E37001-->00000000 [snxhk.dll] [2612]jusched.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [snxhk.dll] [2612]jusched.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [snxhk.dll] [2612]jusched.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [snxhk.dll] [2612]jusched.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x77E36D81-->00000000 [snxhk.dll] [2612]jusched.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [snxhk.dll] [2612]jusched.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [snxhk.dll] [2612]jusched.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [snxhk.dll] [2612]jusched.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [snxhk.dll] [2612]jusched.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x7E4317F7-->00000000 [snxhk.dll] [2612]jusched.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E42D5F3-->00000000 [snxhk.dll] [2612]jusched.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7E4318AC-->00000000 [snxhk.dll] [2668]CDAuto.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x77E37101-->00000000 [snxhk.dll] [2668]CDAuto.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x77E37189-->00000000 [snxhk.dll] [2668]CDAuto.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x77E36E69-->00000000 [snxhk.dll] [2668]CDAuto.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x77E37001-->00000000 [snxhk.dll] [2668]CDAuto.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [snxhk.dll] [2668]CDAuto.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [snxhk.dll] [2668]CDAuto.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [snxhk.dll] [2668]CDAuto.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x77E36D81-->00000000 [snxhk.dll] [2668]CDAuto.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [snxhk.dll] [2668]CDAuto.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [snxhk.dll] [2668]CDAuto.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [snxhk.dll] [2668]CDAuto.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [snxhk.dll] [2668]CDAuto.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x7E4317F7-->00000000 [snxhk.dll] [2668]CDAuto.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E42D5F3-->00000000 [snxhk.dll] [2668]CDAuto.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7E4318AC-->00000000 [snxhk.dll] [2688]CTZDetec.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x77E37101-->00000000 [snxhk.dll] [2688]CTZDetec.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x77E37189-->00000000 [snxhk.dll] [2688]CTZDetec.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x77E36E69-->00000000 [snxhk.dll] [2688]CTZDetec.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x77E37001-->00000000 [snxhk.dll] [2688]CTZDetec.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [snxhk.dll] [2688]CTZDetec.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [snxhk.dll] [2688]CTZDetec.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [snxhk.dll] [2688]CTZDetec.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x77E36D81-->00000000 [snxhk.dll] [2688]CTZDetec.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [snxhk.dll] [2688]CTZDetec.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [snxhk.dll] [2688]CTZDetec.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [snxhk.dll] [2688]CTZDetec.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [snxhk.dll] [2688]CTZDetec.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x7E4317F7-->00000000 [snxhk.dll] [2688]CTZDetec.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E42D5F3-->00000000 [snxhk.dll] [2688]CTZDetec.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7E4318AC-->00000000 [snxhk.dll] [2720]ctfmon.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x77E37101-->00000000 [snxhk.dll] [2720]ctfmon.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x77E37189-->00000000 [snxhk.dll] [2720]ctfmon.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x77E36E69-->00000000 [snxhk.dll] [2720]ctfmon.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x77E37001-->00000000 [snxhk.dll] [2720]ctfmon.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [snxhk.dll] [2720]ctfmon.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [snxhk.dll] [2720]ctfmon.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [snxhk.dll] [2720]ctfmon.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x77E36D81-->00000000 [snxhk.dll] [2720]ctfmon.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [snxhk.dll] [2720]ctfmon.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [snxhk.dll] [2720]ctfmon.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [snxhk.dll] [2720]ctfmon.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [snxhk.dll] [2720]ctfmon.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x7E4317F7-->00000000 [snxhk.dll] [2720]ctfmon.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E42D5F3-->00000000 [snxhk.dll] [2720]ctfmon.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7E4318AC-->00000000 [snxhk.dll] [2748]MOM.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x77E37101-->00000000 [snxhk.dll] [2748]MOM.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x77E37189-->00000000 [snxhk.dll] [2748]MOM.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x77E36E69-->00000000 [snxhk.dll] [2748]MOM.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x77E37001-->00000000 [snxhk.dll] [2748]MOM.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [snxhk.dll] [2748]MOM.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [snxhk.dll] [2748]MOM.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [snxhk.dll] [2748]MOM.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x77E36D81-->00000000 [snxhk.dll] [2748]MOM.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [snxhk.dll] [2748]MOM.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [snxhk.dll] [2748]MOM.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [snxhk.dll] [2748]MOM.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [snxhk.dll] [2748]MOM.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x7E4317F7-->00000000 [snxhk.dll] [2748]MOM.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E42D5F3-->00000000 [snxhk.dll] [2748]MOM.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7E4318AC-->00000000 [snxhk.dll] [2884]CCC.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x77E37101-->00000000 [snxhk.dll] [2884]CCC.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x77E37189-->00000000 [snxhk.dll] [2884]CCC.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x77E36E69-->00000000 [snxhk.dll] [2884]CCC.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x77E37001-->00000000 [snxhk.dll] [2884]CCC.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [snxhk.dll] [2884]CCC.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [snxhk.dll] [2884]CCC.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [snxhk.dll] [2884]CCC.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x77E36D81-->00000000 [snxhk.dll] [2884]CCC.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [snxhk.dll] [2884]CCC.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [snxhk.dll] [2884]CCC.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [snxhk.dll] [2884]CCC.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [snxhk.dll] [2884]CCC.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x7E4317F7-->00000000 [snxhk.dll] [2884]CCC.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E42D5F3-->00000000 [snxhk.dll] [2884]CCC.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7E4318AC-->00000000 [snxhk.dll] [316]LEXBCES.EXE-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x77E37101-->00000000 [snxhk.dll] [316]LEXBCES.EXE-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x77E37189-->00000000 [snxhk.dll] [316]LEXBCES.EXE-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x77E36E69-->00000000 [snxhk.dll] [316]LEXBCES.EXE-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x77E37001-->00000000 [snxhk.dll] [316]LEXBCES.EXE-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [snxhk.dll] [316]LEXBCES.EXE-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [snxhk.dll] [316]LEXBCES.EXE-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [snxhk.dll] [316]LEXBCES.EXE-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x77E36D81-->00000000 [snxhk.dll] [316]LEXBCES.EXE-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [snxhk.dll] [316]LEXBCES.EXE-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [snxhk.dll] [316]LEXBCES.EXE-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [snxhk.dll] [316]LEXBCES.EXE-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [snxhk.dll] [316]LEXBCES.EXE-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x7E4317F7-->00000000 [snxhk.dll] [316]LEXBCES.EXE-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E42D5F3-->00000000 [snxhk.dll] [316]LEXBCES.EXE-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7E4318AC-->00000000 [snxhk.dll] [340]spoolsv.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x77E37101-->00000000 [snxhk.dll] [340]spoolsv.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x77E37189-->00000000 [snxhk.dll] [340]spoolsv.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x77E36E69-->00000000 [snxhk.dll] [340]spoolsv.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x77E37001-->00000000 [snxhk.dll] [340]spoolsv.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [snxhk.dll] [340]spoolsv.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [snxhk.dll] [340]spoolsv.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [snxhk.dll] [340]spoolsv.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x77E36D81-->00000000 [snxhk.dll] [340]spoolsv.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [snxhk.dll] [340]spoolsv.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [snxhk.dll] [340]spoolsv.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [snxhk.dll] [340]spoolsv.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [snxhk.dll] [340]spoolsv.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x7E4317F7-->00000000 [snxhk.dll] [340]spoolsv.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E42D5F3-->00000000 [snxhk.dll] [340]spoolsv.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7E4318AC-->00000000 [snxhk.dll] [348]LEXPPS.EXE-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x77E37101-->00000000 [snxhk.dll] [348]LEXPPS.EXE-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x77E37189-->00000000 [snxhk.dll] [348]LEXPPS.EXE-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x77E36E69-->00000000 [snxhk.dll] [348]LEXPPS.EXE-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x77E37001-->00000000 [snxhk.dll] [348]LEXPPS.EXE-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [snxhk.dll] [348]LEXPPS.EXE-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [snxhk.dll] [348]LEXPPS.EXE-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [snxhk.dll] [348]LEXPPS.EXE-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x77E36D81-->00000000 [snxhk.dll] [348]LEXPPS.EXE-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [snxhk.dll] [348]LEXPPS.EXE-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [snxhk.dll] [348]LEXPPS.EXE-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [snxhk.dll] [348]LEXPPS.EXE-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [snxhk.dll] [348]LEXPPS.EXE-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x7E4317F7-->00000000 [snxhk.dll] [348]LEXPPS.EXE-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E42D5F3-->00000000 [snxhk.dll] [348]LEXPPS.EXE-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7E4318AC-->00000000 [snxhk.dll] [3756]iexplore.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x77E37101-->00000000 [snxhk.dll] [3756]iexplore.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x77E37189-->00000000 [snxhk.dll] [3756]iexplore.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x77E36E69-->00000000 [snxhk.dll] [3756]iexplore.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x77E37001-->00000000 [snxhk.dll] [3756]iexplore.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [snxhk.dll] [3756]iexplore.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [snxhk.dll] [3756]iexplore.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [snxhk.dll] [3756]iexplore.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x77E36D81-->00000000 [snxhk.dll] [3756]iexplore.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [snxhk.dll] [3756]iexplore.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [snxhk.dll] [3756]iexplore.exe-->user32.dll-->CreateWindowExW, Type: Inline - RelativeJump 0x7E42D0A3-->00000000 [ieframe.dll] [3756]iexplore.exe-->user32.dll-->DialogBoxIndirectParamA, Type: Inline - RelativeJump 0x7E456D7D-->00000000 [ieframe.dll] [3756]iexplore.exe-->user32.dll-->DialogBoxIndirectParamW, Type: Inline - RelativeJump 0x7E432072-->00000000 [ieframe.dll] [3756]iexplore.exe-->user32.dll-->DialogBoxParamA, Type: Inline - RelativeJump 0x7E43B144-->00000000 [ieframe.dll] [3756]iexplore.exe-->user32.dll-->DialogBoxParamW, Type: Inline - RelativeJump 0x7E4247AB-->00000000 [ieframe.dll] [3756]iexplore.exe-->user32.dll-->MessageBoxExA, Type: Inline - RelativeJump 0x7E45085C-->00000000 [ieframe.dll] [3756]iexplore.exe-->user32.dll-->MessageBoxExW, Type: Inline - RelativeJump 0x7E450838-->00000000 [ieframe.dll] [3756]iexplore.exe-->user32.dll-->MessageBoxIndirectA, Type: Inline - RelativeJump 0x7E43A082-->00000000 [ieframe.dll] [3756]iexplore.exe-->user32.dll-->MessageBoxIndirectW, Type: Inline - RelativeJump 0x7E4664D5-->00000000 [ieframe.dll] [3756]iexplore.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [snxhk.dll] [3756]iexplore.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [snxhk.dll] [3756]iexplore.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x7E4317F7-->00000000 [snxhk.dll] [3756]iexplore.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E42D5F3-->00000000 [snxhk.dll] [3756]iexplore.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7E4318AC-->00000000 [snxhk.dll] [4056]iexplore.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x77E37101-->00000000 [snxhk.dll] [4056]iexplore.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x77E37189-->00000000 [snxhk.dll] [4056]iexplore.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x77E36E69-->00000000 [snxhk.dll] [4056]iexplore.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x77E37001-->00000000 [snxhk.dll] [4056]iexplore.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [snxhk.dll] [4056]iexplore.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [snxhk.dll] [4056]iexplore.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [snxhk.dll] [4056]iexplore.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x77E36D81-->00000000 [snxhk.dll] [4056]iexplore.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [snxhk.dll] [4056]iexplore.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [snxhk.dll] [4056]iexplore.exe-->user32.dll-->CallNextHookEx, Type: Inline - RelativeJump 0x7E42B3C6-->00000000 [ieframe.dll] [4056]iexplore.exe-->user32.dll-->CreateWindowExW, Type: Inline - RelativeJump 0x7E42D0A3-->00000000 [ieframe.dll] [4056]iexplore.exe-->user32.dll-->DialogBoxIndirectParamA, Type: Inline - RelativeJump 0x7E456D7D-->00000000 [ieframe.dll] [4056]iexplore.exe-->user32.dll-->DialogBoxIndirectParamW, Type: Inline - RelativeJump 0x7E432072-->00000000 [ieframe.dll] [4056]iexplore.exe-->user32.dll-->DialogBoxParamA, Type: Inline - RelativeJump 0x7E43B144-->00000000 [ieframe.dll] [4056]iexplore.exe-->user32.dll-->DialogBoxParamW, Type: Inline - RelativeJump 0x7E4247AB-->00000000 [ieframe.dll] [4056]iexplore.exe-->user32.dll-->MessageBoxExA, Type: Inline - RelativeJump 0x7E45085C-->00000000 [ieframe.dll] [4056]iexplore.exe-->user32.dll-->MessageBoxExW, Type: Inline - RelativeJump 0x7E450838-->00000000 [ieframe.dll] [4056]iexplore.exe-->user32.dll-->MessageBoxIndirectA, Type: Inline - RelativeJump 0x7E43A082-->00000000 [ieframe.dll] [4056]iexplore.exe-->user32.dll-->MessageBoxIndirectW, Type: Inline - RelativeJump 0x7E4664D5-->00000000 [ieframe.dll] [4056]iexplore.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [snxhk.dll] [4056]iexplore.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [ieframe.dll] [4056]iexplore.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x7E4317F7-->00000000 [snxhk.dll] [4056]iexplore.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E42D5F3-->00000000 [ieframe.dll] [4056]iexplore.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7E4318AC-->00000000 [snxhk.dll] [428]svchost.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x77E37101-->00000000 [snxhk.dll] [428]svchost.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x77E37189-->00000000 [snxhk.dll] [428]svchost.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x77E36E69-->00000000 [snxhk.dll] [428]svchost.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x77E37001-->00000000 [snxhk.dll] [428]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [snxhk.dll] [428]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [snxhk.dll] [428]svchost.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [snxhk.dll] [428]svchost.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x77E36D81-->00000000 [snxhk.dll] [428]svchost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [snxhk.dll] [428]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [snxhk.dll] [428]svchost.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [snxhk.dll] [428]svchost.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [snxhk.dll] [428]svchost.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x7E4317F7-->00000000 [snxhk.dll] [428]svchost.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E42D5F3-->00000000 [snxhk.dll] [428]svchost.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7E4318AC-->00000000 [snxhk.dll] [624]CTSVCCDA.EXE-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x77E37101-->00000000 [snxhk.dll] [624]CTSVCCDA.EXE-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x77E37189-->00000000 [snxhk.dll] [624]CTSVCCDA.EXE-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x77E36E69-->00000000 [snxhk.dll] [624]CTSVCCDA.EXE-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x77E37001-->00000000 [snxhk.dll] [624]CTSVCCDA.EXE-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [snxhk.dll] [624]CTSVCCDA.EXE-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [snxhk.dll] [624]CTSVCCDA.EXE-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [snxhk.dll] [624]CTSVCCDA.EXE-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x77E36D81-->00000000 [snxhk.dll] [624]CTSVCCDA.EXE-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [snxhk.dll] [624]CTSVCCDA.EXE-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [snxhk.dll] [624]CTSVCCDA.EXE-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [snxhk.dll] [624]CTSVCCDA.EXE-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [snxhk.dll] [624]CTSVCCDA.EXE-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x7E4317F7-->00000000 [snxhk.dll] [624]CTSVCCDA.EXE-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E42D5F3-->00000000 [snxhk.dll] [624]CTSVCCDA.EXE-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7E4318AC-->00000000 [snxhk.dll] [656]CTDevSrv.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x77E37101-->00000000 [snxhk.dll] [656]CTDevSrv.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x77E37189-->00000000 [snxhk.dll] [656]CTDevSrv.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x77E36E69-->00000000 [snxhk.dll] [656]CTDevSrv.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x77E37001-->00000000 [snxhk.dll] [656]CTDevSrv.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [snxhk.dll] [656]CTDevSrv.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [snxhk.dll] [656]CTDevSrv.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [snxhk.dll] [656]CTDevSrv.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x77E36D81-->00000000 [snxhk.dll] [656]CTDevSrv.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [snxhk.dll] [656]CTDevSrv.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [snxhk.dll] [656]CTDevSrv.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [snxhk.dll] [656]CTDevSrv.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [snxhk.dll] [656]CTDevSrv.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x7E4317F7-->00000000 [snxhk.dll] [656]CTDevSrv.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E42D5F3-->00000000 [snxhk.dll] [656]CTDevSrv.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7E4318AC-->00000000 [snxhk.dll] [700]winlogon.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x77E37101-->00000000 [snxhk.dll] [700]winlogon.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x77E37189-->00000000 [snxhk.dll] [700]winlogon.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x77E36E69-->00000000 [snxhk.dll] [700]winlogon.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x77E37001-->00000000 [snxhk.dll] [700]winlogon.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [snxhk.dll] [700]winlogon.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [snxhk.dll] [700]winlogon.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [snxhk.dll] [700]winlogon.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x77E36D81-->00000000 [snxhk.dll] [700]winlogon.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [snxhk.dll] [700]winlogon.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [snxhk.dll] [700]winlogon.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [snxhk.dll] [700]winlogon.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [snxhk.dll] [700]winlogon.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x7E4317F7-->00000000 [snxhk.dll] [700]winlogon.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E42D5F3-->00000000 [snxhk.dll] [700]winlogon.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7E4318AC-->00000000 [snxhk.dll] [744]services.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x77E37101-->00000000 [snxhk.dll] [744]services.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x77E37189-->00000000 [snxhk.dll] [744]services.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x77E36E69-->00000000 [snxhk.dll] [744]services.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x77E37001-->00000000 [snxhk.dll] [744]services.exe-->advapi32.dll-->CreateProcessAsUserW, Type: IAT modification 0x01001094-->00000000 [unknown_code_page] [744]services.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [snxhk.dll] [744]services.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [snxhk.dll] [744]services.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [snxhk.dll] [744]services.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x77E36D81-->00000000 [snxhk.dll] [744]services.exe-->kernel32.dll-->CreateProcessW, Type: IAT modification 0x01001114-->00000000 [unknown_code_page] [744]services.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [snxhk.dll] [744]services.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [snxhk.dll] [744]services.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [snxhk.dll] [744]services.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [snxhk.dll] [744]services.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x7E4317F7-->00000000 [snxhk.dll] [744]services.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E42D5F3-->00000000 [snxhk.dll] [744]services.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7E4318AC-->00000000 [snxhk.dll] [756]lsass.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x77E37101-->00000000 [snxhk.dll] [756]lsass.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x77E37189-->00000000 [snxhk.dll] [756]lsass.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x77E36E69-->00000000 [snxhk.dll] [756]lsass.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x77E37001-->00000000 [snxhk.dll] [756]lsass.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [snxhk.dll] [756]lsass.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [snxhk.dll] [756]lsass.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [snxhk.dll] [756]lsass.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x77E36D81-->00000000 [snxhk.dll] [756]lsass.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [snxhk.dll] [756]lsass.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [snxhk.dll] [756]lsass.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [snxhk.dll] [756]lsass.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [snxhk.dll] [756]lsass.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x7E4317F7-->00000000 [snxhk.dll] [756]lsass.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E42D5F3-->00000000 [snxhk.dll] [756]lsass.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7E4318AC-->00000000 [snxhk.dll] [884]jqs.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x77E37101-->00000000 [snxhk.dll] [884]jqs.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x77E37189-->00000000 [snxhk.dll] [884]jqs.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x77E36E69-->00000000 [snxhk.dll] [884]jqs.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x77E37001-->00000000 [snxhk.dll] [884]jqs.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [snxhk.dll] [884]jqs.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [snxhk.dll] [884]jqs.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [snxhk.dll] [884]jqs.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x77E36D81-->00000000 [snxhk.dll] [884]jqs.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [snxhk.dll] [884]jqs.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [snxhk.dll] [884]jqs.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [snxhk.dll] [884]jqs.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [snxhk.dll] [884]jqs.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x7E4317F7-->00000000 [snxhk.dll] [884]jqs.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E42D5F3-->00000000 [snxhk.dll] [884]jqs.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7E4318AC-->00000000 [snxhk.dll] [904]ati2evxx.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x77E37101-->00000000 [snxhk.dll] [904]ati2evxx.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x77E37189-->00000000 [snxhk.dll] [904]ati2evxx.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x77E36E69-->00000000 [snxhk.dll] [904]ati2evxx.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x77E37001-->00000000 [snxhk.dll] [904]ati2evxx.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [snxhk.dll] [904]ati2evxx.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [snxhk.dll] [904]ati2evxx.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [snxhk.dll] [904]ati2evxx.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x77E36D81-->00000000 [snxhk.dll] [904]ati2evxx.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [snxhk.dll] [904]ati2evxx.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [snxhk.dll] [904]ati2evxx.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [snxhk.dll] [904]ati2evxx.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [snxhk.dll] [904]ati2evxx.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x7E4317F7-->00000000 [snxhk.dll] [904]ati2evxx.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E42D5F3-->00000000 [snxhk.dll] [904]ati2evxx.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7E4318AC-->00000000 [snxhk.dll] [924]svchost.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x77E37101-->00000000 [snxhk.dll] [924]svchost.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x77E37189-->00000000 [snxhk.dll] [924]svchost.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x77E36E69-->00000000 [snxhk.dll] [924]svchost.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x77E37001-->00000000 [snxhk.dll] [924]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [snxhk.dll] [924]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [snxhk.dll] [924]svchost.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [snxhk.dll] [924]svchost.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x77E36D81-->00000000 [snxhk.dll] [924]svchost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [snxhk.dll] [924]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [snxhk.dll] [924]svchost.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [snxhk.dll] [924]svchost.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [snxhk.dll] [924]svchost.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x7E4317F7-->00000000 [snxhk.dll] [924]svchost.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E42D5F3-->00000000 [snxhk.dll] [924]svchost.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7E4318AC-->00000000 [snxhk.dll]

#5 Jack&Jill

Jack&Jill

    MRU Emeritus

  • Authentic Member
  • PipPip
  • 247 posts
  • Interests:Non-stop & life-long learning

Posted 15 January 2011 - 10:43 AM

Hello TheGreat.308 :),

Please download OTL© by OldTimer from one of the links below and save it to your desktop.

Link 1
Link 2

Scan with OTL
  • Double click on OTL.exe to run it.
  • Make sure all the Use SafeList options is checked (ticked). There are six of them.
  • Check Scan All Users.
  • At the lower right corner, check LOP Check and Purity Check.
  • Click on Run Scan at the top left hand corner. This might take a while.
  • When done, two Notepad files will open. Please post the contents of these 2 Notepad files in your next reply. One log per reply please.
    Note: These files are saved as OTL.txt and Extras.txt on the desktop.
--------------------

Please post back:
1. the OTL logs (OTL.txt and Extras.txt)
Jack&Jill
MRU Teacher of Malware Removal University - A Cooperative Effort with WhatTheTech Classroom.
Member of ASAP and UNITE.

If you have been helped and wish to donate to support this volunteer site, go to Donations For What The Tech.

#6 TheGreat.308

TheGreat.308

    Authentic Member

  • Authentic Member
  • PipPip
  • 31 posts

Posted 15 January 2011 - 10:19 PM

Hi Jack & Jill,

Extras.Txt- Notepad logfile from OTL posted below

OTL Extras logfile created on: 1/15/2011 9:59:07 PM - Run 1
OTL by OldTimer - Version 3.2.20.2 Folder = C:\Documents and Settings\user1\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

255.00 Mb Total Physical Memory | 125.00 Mb Available Physical Memory | 49.00% Memory free
989.00 Mb Paging File | 679.00 Mb Available in Paging File | 69.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 18.64 Gb Total Space | 8.94 Gb Free Space | 47.98% Space Free | Partition Type: NTFS
Drive E: | 618.77 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: COMPAQ-033HB3B9 | User Name: user1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Disabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Program Files\EA GAMES\Battlefield 1942\BF1942.exe" = C:\Program Files\EA GAMES\Battlefield 1942\BF1942.exe:*:Enabled:BF1942
"F:\GAMES\Battlefield Vietnam\bfvietnam.exe" = F:\GAMES\Battlefield Vietnam\bfvietnam.exe:*:Enabled:bfvietnam
"F:\Turbo tax\TurboTax Deluxe 2006\32bit\ttax.exe" = F:\Turbo tax\TurboTax Deluxe 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax
"F:\Turbo tax\TurboTax Deluxe 2006\32bit\updatemgr.exe" = F:\Turbo tax\TurboTax Deluxe 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager
"F:\MofH Pacific Assault\mohpa.exe" = F:\MofH Pacific Assault\mohpa.exe:*:Enabled:Medal of Honor Pacific Assault™
"C:\Program Files\EA GAMES\Medal of Honor Pacific Assault™\mohpa.exe" = C:\Program Files\EA GAMES\Medal of Honor Pacific Assault™\mohpa.exe:*:Enabled:Medal of Honor Pacific Assault™
"C:\WINDOWS\system32\ZoneLabs\vsmon.exe" = C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:vsmon -- (Check Point Software Technologies LTD)
"C:5\Medal of Honor Airborne\UnrealEngine3\Binaries\MOHA.exe" = C:5\Medal of Honor Airborne\UnrealEngine3\Binaries\MOHA.exe:*:Enabled:Medal of Honor Airborne
"C:5\Medal of Honor Pacific Assault\mohpa.exe" = C:5\Medal of Honor Pacific Assault\mohpa.exe:*:Enabled:Medal of Honor Pacific Assault™


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0DEA94ED-915A-4834-A87E-388D012C8E02}" = Medal of Honor Allied Assault
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{14AA72DA-DB40-4A34-93A6-401A81D7AF9E}" = Unreal Anthology
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20676B6E-3A89-9D8B-DF0B-66B52C007864}" = CCC Help French
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 22
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3F6535CB-8385-14E8-0BC6-136CB9750A85}" = ccc-core-preinstall
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{42B10D50-68F9-0C65-D7AE-3602A9852041}" = Catalyst Control Center Graphics Light
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BEC42A2-B060-C560-B177-5A955F527160}" = CCC Help Spanish
"{5659C1C6-FBBC-2019-854C-8D5D68AFB877}" = Catalyst Control Center Graphics Full New
"{56CFA833-F44F-4199-8C58-7F8B38F2BC7B}" = Medal of Honor Pacific Assault™
"{5BDEC021-A430-5531-76C1-10FE3ED2E405}" = CCC Help English
"{65F1CF63-31E0-450B-96F3-4A88BE7361A6}" = AGEIA PhysX v7.07.09
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}" = Battlefield 1942
"{6FA88A80-45C3-4B3E-999E-FE9FB9B3C0DA}" = CCC Help German
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75BED4BB-2580-7D68-840C-A6A25AAED4B1}" = Catalyst Control Center Core Implementation
"{7914BE1E-F186-4790-B8F4-9F63C52A41C1}" = Medal of Honor Allied Assault™ Spearhead
"{7E0CDB79-91DA-BDFB-B88C-E869942784CE}" = Catalyst Control Center Localization Spanish
"{7ED80209-18CB-61CD-7CD2-C9197BD6AA0B}" = Catalyst Control Center Localization German
"{823A68CC-3049-4A6B-8F63-7DC85E4BB1C9}" = Medal of Honor Allied Assault™ Breakthrough
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{95120000-003F-0409-0000-0000000FF1CE}" = Microsoft Office Excel Viewer
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9862B19F-4CAD-4EED-920F-2F378D84393F}" = ATI Parental Control & Encoder
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{A041C7FC-1E1B-4DD9-4CCC-306AB36DA087}" = Catalyst Control Center Graphics Full Existing
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A662E280-64A8-4CF5-8407-13D0808602B3}" = Call of Duty - United Offensive
"{A918DE8A-98C8-0800-0000-0000000C0001}" = Sanyo PM8200 USB - Handset Manager V8
"{A918DE8A-98C8-0800-0001-000000000000}" = Multimedia Samples
"{ABB7151E-754A-351A-4F7A-5292591937E6}" = CCC Help Chinese Standard
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.5
"{B54D3E98-8757-FCFF-398F-199B618D36B6}" = Catalyst Control Center Localization French
"{B73B4A99-4173-4747-BBEC-0F05E966F9D2}" = Battlefield 1942: Secret Weapons of WWII
"{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = Broadcom 570x Driver Installer
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C941F1F1-25B3-4DF5-83E6-888C51A1AAB6}" = AVIVO Codecs
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D057AA08-8CBF-42E3-9EAB-23B8FED1C279}" = Battlefield 1942: The Road To Rome
"{D1696920-9794-4BBC-8A30-7A88763DE5A2}" = ABBYY FineReader 5.0 Sprint
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E35B3C63-E958-4E31-A178-95D22024109A}" = Battlefield Vietnam™
"{E35E55BC-BC35-4303-2C46-D3E63C5EDC2F}" = ccc-utility
"{EA767019-E9AD-4B96-FF31-C1A816612D1F}" = ccc-core-static
"{EB10E764-79C1-BCE7-6526-D3A4B7220BF8}" = Skins
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F45298E5-0083-426F-A668-1A2C5F04B8A0}" = FaxTools
"{F9089224-6CBA-B814-0A58-77EEBA7A9579}" = Catalyst Control Center Localization Chinese Standard
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"avast5" = avast! Free Antivirus
"Battlecraft 19422.1" = Battlecraft 1942
"BFG-Mystery in London" = Mystery in London
"Call of Duty Game of the Year Edition" = Call of Duty Game of the Year Edition
"Creative Media Lite" = Creative Media Lite
"eMule" = eMule
"ie8" = Windows Internet Explorer 8
"InstallShield_{A662E280-64A8-4CF5-8407-13D0808602B3}" = Call of Duty - United Offensive
"InstallShield_{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = Broadcom 570x Driver Installer
"Lexmark 1200 Series" = Lexmark 1200 Series
"MDT" = Battlefield Mod Development Toolkit 2.0 Beta
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"PROSet" = Intel® PRO Network Connections Drivers
"TweakNow PowerPack 2010_is1" = TweakNow PowerPack 2010
"Vietcong" = Vietcong
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"YInstHelper" = Yahoo! Install Manager
"ZENStoneUG" = Creative ZEN Stone User's Guide
"ZoneAlarm" = ZoneAlarm

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-839522115-2146812355-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"notify" = License Manager

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/26/2010 6:53:15 PM | Computer Name = COMPAQ-033HB3B9 | Source = | ID = 0
Description =

Error - 12/26/2010 6:53:15 PM | Computer Name = COMPAQ-033HB3B9 | Source = | ID = 0
Description =

Error - 12/30/2010 7:33:41 PM | Computer Name = COMPAQ-033HB3B9 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/30/2010 7:33:41 PM | Computer Name = COMPAQ-033HB3B9 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/30/2010 7:33:53 PM | Computer Name = COMPAQ-033HB3B9 | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

Error - 12/30/2010 7:33:53 PM | Computer Name = COMPAQ-033HB3B9 | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

Error - 1/7/2011 11:19:58 PM | Computer Name = COMPAQ-033HB3B9 | Source = Application Hang | ID = 1002
Description = Hanging application WORDVIEW.EXE, version 11.0.8169.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/10/2011 6:51:41 PM | Computer Name = COMPAQ-033HB3B9 | Source = Application Hang | ID = 1002
Description = Hanging application wmplayer.exe, version 11.0.5721.5145, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/10/2011 6:51:41 PM | Computer Name = COMPAQ-033HB3B9 | Source = Application Hang | ID = 1002
Description = Hanging application wmplayer.exe, version 11.0.5721.5145, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/10/2011 6:51:41 PM | Computer Name = COMPAQ-033HB3B9 | Source = Application Hang | ID = 1002
Description = Hanging application wmplayer.exe, version 11.0.5721.5145, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 1/12/2011 7:17:04 PM | Computer Name = COMPAQ-033HB3B9 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
i8042prt

Error - 1/12/2011 8:07:25 PM | Computer Name = COMPAQ-033HB3B9 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
i8042prt

Error - 1/13/2011 8:17:04 PM | Computer Name = COMPAQ-033HB3B9 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
i8042prt

Error - 1/14/2011 5:08:40 PM | Computer Name = COMPAQ-033HB3B9 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
i8042prt

Error - 1/14/2011 5:18:58 PM | Computer Name = COMPAQ-033HB3B9 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM
Service service to connect.

Error - 1/14/2011 5:18:58 PM | Computer Name = COMPAQ-033HB3B9 | Source = Service Control Manager | ID = 7000
Description = The IMAPI CD-Burning COM Service service failed to start due to the
following error: %%1053

Error - 1/14/2011 5:26:08 PM | Computer Name = COMPAQ-033HB3B9 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
i8042prt

Error - 1/14/2011 5:42:35 PM | Computer Name = COMPAQ-033HB3B9 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
i8042prt

Error - 1/15/2011 9:20:12 PM | Computer Name = COMPAQ-033HB3B9 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
i8042prt

Error - 1/15/2011 11:38:04 PM | Computer Name = COMPAQ-033HB3B9 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
i8042prt


< End of report >

#7 TheGreat.308

TheGreat.308

    Authentic Member

  • Authentic Member
  • PipPip
  • 31 posts

Posted 15 January 2011 - 10:21 PM

OTL logfile posted below

OTL logfile created on: 1/15/2011 9:59:07 PM - Run 1
OTL by OldTimer - Version 3.2.20.2 Folder = C:\Documents and Settings\user1\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

255.00 Mb Total Physical Memory | 125.00 Mb Available Physical Memory | 49.00% Memory free
989.00 Mb Paging File | 679.00 Mb Available in Paging File | 69.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 18.64 Gb Total Space | 8.94 Gb Free Space | 47.98% Space Free | Partition Type: NTFS
Drive E: | 618.77 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: COMPAQ-033HB3B9 | User Name: user1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/15 21:57:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user1\Desktop\OTL.exe
PRC - [2010/12/31 14:06:35 | 003,395,600 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/12/31 14:06:34 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/09/02 08:22:30 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2010/09/02 08:21:04 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2010/08/17 15:33:42 | 000,429,312 | ---- | M] () -- C:\Program Files\TweakNow PowerPack 2010\CDAuto.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/12/18 14:20:00 | 000,401,408 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe
PRC - [2007/04/02 14:15:40 | 000,061,440 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTDevSrv.exe
PRC - [2004/09/29 11:14:36 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2002/09/20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


========== Modules (SafeList) ==========

MOD - [2011/01/15 21:57:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user1\Desktop\OTL.exe
MOD - [2010/12/31 14:06:33 | 000,187,144 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2010/08/23 10:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/12/31 14:06:34 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/09/02 08:22:30 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2010/03/29 07:51:54 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2007/04/02 14:15:40 | 000,061,440 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTDevSrv.exe -- (CTDevice_Srv)
SRV - [2004/09/29 11:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2002/09/20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))


========== Driver Services (SafeList) ==========

DRV - [2010/12/31 14:00:18 | 000,293,968 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/12/31 13:59:23 | 000,047,440 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/12/31 13:59:11 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/12/31 13:56:49 | 000,023,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/12/31 13:56:29 | 000,029,264 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/12/31 13:56:27 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/05/13 09:02:32 | 000,532,224 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2008/04/13 12:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2007/03/02 13:53:18 | 001,972,224 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/08/17 21:44:50 | 000,049,867 | R--- | M] (Mobile Action Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mardp2k.sys -- (MaRdPnp)
DRV - [2005/08/17 21:44:44 | 000,011,473 | R--- | M] (Mobile Action Technology Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\MaVc2K.sys -- (MaVctrl)
DRV - [2005/08/10 08:06:28 | 000,019,968 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x)
DRV - [2005/08/10 06:44:04 | 000,050,688 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2005/05/27 03:31:28 | 000,022,016 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2005/05/16 07:20:39 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2004/09/16 03:11:02 | 000,025,300 | R--- | M] (Mobile Action Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MA8512M.sys -- (MA8512M)
DRV - [2004/09/16 03:11:00 | 000,049,106 | R--- | M] (Mobile Action Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MA8512U.sys -- (MA8512U)
DRV - [2001/08/17 11:12:26 | 000,164,586 | ---- | M] (Madge Networks Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mdgndis5.sys -- (MadgeTRN)
DRV - [2001/08/17 11:11:18 | 000,020,160 | ---- | M] (ADMtek Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ADM8511.SYS -- (ADM8511)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-839522115-2146812355-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-839522115-2146812355-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


[2009/08/13 14:52:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user1\Application Data\Mozilla\Extensions
[2009/08/13 14:52:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user1\Application Data\Mozilla\Extensions\mozswing@mozswing.org

O1 HOSTS File: ([2008/07/13 17:31:43 | 000,250,896 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.1001-search.info
O1 - Hosts: 127.0.0.1 1001-search.info
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 8770 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CD Autorun] C:\Program Files\TweakNow PowerPack 2010\CDAuto.exe ()
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKU\S-1-5-21-839522115-2146812355-725345543-1003..\Run: [CTZDetec.exe] C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe (Creative Technology Ltd.)
O4 - HKU\S-1-5-21-839522115-2146812355-725345543-1003..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-839522115-2146812355-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-839522115-2146812355-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-839522115-2146812355-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MaxRecentDocs = 2
O7 - HKU\S-1-5-21-839522115-2146812355-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O7 - HKU\S-1-5-21-839522115-2146812355-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O7 - HKU\S-1-5-21-839522115-2146812355-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKU\S-1-5-21-839522115-2146812355-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O7 - HKU\S-1-5-21-839522115-2146812355-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O15 - HKU\S-1-5-21-839522115-2146812355-725345543-1003\..Trusted Domains: akamai.net ([a248.e] https in Trusted sites)
O15 - HKU\S-1-5-21-839522115-2146812355-725345543-1003\..Trusted Domains: bitdefender.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-839522115-2146812355-725345543-1003\..Trusted Domains: netflame.cc ([ssl-hints] https in Trusted sites)
O15 - HKU\S-1-5-21-839522115-2146812355-725345543-1003\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-839522115-2146812355-725345543-1003\..Trusted Domains: yahoo.com ([]https in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitd...can8/oscan8.cab (Reg Error: Key error.)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://www.creative....101/CTSUEng.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://www.creative....15106/CTPID.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.15.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\user1\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\user1\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/07/25 12:11:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005/01/26 14:19:21 | 000,000,147 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{38750cd4-1ce6-11db-9705-000802c0a41f}\Shell - "" = AutoRun
O33 - MountPoints2\{38750cd4-1ce6-11db-9705-000802c0a41f}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/01/15 21:57:46 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\user1\Desktop\OTL.exe
[2011/01/12 13:19:10 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\user1\Desktop\HiJackThis.exe
[2011/01/12 09:49:30 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/12/17 01:39:37 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys
[2010/12/17 01:38:41 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/01/15 21:57:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user1\Desktop\OTL.exe
[2011/01/15 21:56:06 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2011/01/15 21:38:59 | 000,000,201 | ---- | M] () -- C:\Documents and Settings\user1\Desktop\CoDUO1.lnk
[2011/01/15 21:38:09 | 000,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/01/15 21:37:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/01/14 16:11:51 | 000,133,632 | ---- | M] () -- C:\Documents and Settings\user1\Desktop\RKUnhookerLE.EXE
[2011/01/12 18:00:50 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/01/12 13:19:13 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\user1\Desktop\HiJackThis.exe
[2010/12/31 14:06:36 | 000,038,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2010/12/31 14:06:33 | 000,188,216 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/12/31 14:00:18 | 000,293,968 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/12/31 13:59:23 | 000,047,440 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/12/31 13:59:11 | 000,100,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/12/31 13:59:07 | 000,094,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/12/31 13:56:49 | 000,023,632 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/12/31 13:56:29 | 000,029,264 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/12/31 13:56:27 | 000,017,744 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/12/17 13:47:00 | 000,117,360 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/12/17 02:28:54 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/01/15 21:38:58 | 000,000,201 | ---- | C] () -- C:\Documents and Settings\user1\Desktop\CoDUO1.lnk
[2011/01/14 16:11:51 | 000,133,632 | ---- | C] () -- C:\Documents and Settings\user1\Desktop\RKUnhookerLE.EXE
[2010/10/10 19:51:26 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\user1\Local Settings\Application Data\housecall.guid.cache
[2010/05/22 13:41:29 | 000,000,869 | ---- | C] () -- C:\WINDOWS\CODUO.ini
[2010/05/22 13:12:26 | 000,000,766 | ---- | C] () -- C:\WINDOWS\COD.INI
[2009/08/26 18:47:27 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\ZPORT4AS.dll
[2009/07/25 12:21:50 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2008/11/09 16:13:00 | 000,796,048 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2008/07/07 14:39:27 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008/06/29 20:28:13 | 000,000,121 | ---- | C] () -- C:\WINDOWS\bdagent.INI
[2008/06/21 18:58:53 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2008/05/07 11:37:58 | 000,000,135 | ---- | C] () -- C:\WINDOWS\ChssBase.ini
[2008/04/21 15:30:14 | 000,002,950 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/04/17 12:23:29 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\user1\Application Data\Setup.txt
[2008/02/07 18:27:18 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2008/01/12 22:06:18 | 000,000,092 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2008/01/12 22:06:16 | 000,000,365 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2008/01/12 22:05:50 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxczvs.dll
[2008/01/12 22:05:15 | 000,000,270 | ---- | C] () -- C:\WINDOWS\System32\lxczcoin.ini
[2008/01/09 15:01:48 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2007/06/19 07:59:36 | 000,070,400 | ---- | C] () -- C:\WINDOWS\System32\PhysXLoader.dll
[2007/04/20 06:57:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2007/04/20 06:57:28 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2007/04/20 06:57:28 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2007/04/20 06:57:28 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2007/04/20 06:57:28 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2007/04/20 06:57:28 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2007/04/20 06:57:28 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2007/04/20 06:57:28 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2007/04/20 06:57:28 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2006/10/13 09:46:56 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\hndlt.ini
[2006/09/12 13:21:38 | 000,054,272 | ---- | C] () -- C:\Documents and Settings\user1\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/08/28 09:25:39 | 000,009,255 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2006/08/08 10:58:28 | 000,008,040 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/07/25 15:56:46 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2006/07/25 06:49:47 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

========== LOP Check ==========

[2010/10/26 22:14:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2007/12/12 14:06:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2008/06/18 10:17:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Friends Games
[2010/08/25 15:38:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\magicJack
[2008/12/13 09:40:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2010/10/26 19:18:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2009/11/01 15:18:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2008/06/20 18:10:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NeoEdge Networks
[2008/05/02 23:41:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oberon Media
[2008/06/21 16:55:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2008/06/19 15:01:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecretsOfOlympus
[2010/11/22 09:32:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/06/17 12:06:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TERMINAL Studio
[2008/06/17 15:54:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\7Wonders
[2010/02/07 14:26:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\Big Fish
[2009/05/20 16:53:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\Big Fish Games
[2010/10/26 21:12:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\CheckPoint
[2008/05/07 12:11:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\ChessBase
[2008/07/24 18:56:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\Disney Mix It Plug-in
[2009/10/12 14:52:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\Eyeblaster
[2009/09/25 15:08:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\Gearbox Software
[2009/07/19 20:54:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\Groove Games
[2008/03/20 19:11:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\Leadertech
[2009/08/13 16:16:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\LimeWire
[2007/12/08 18:07:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\Paltalk
[2008/06/21 16:59:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\PlayFirst
[2010/11/22 09:30:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\Registry Mechanic
[2008/01/12 21:50:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\Simple Star
[2008/01/12 22:04:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\Snapfish
[2010/11/22 09:51:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\TweakNow PowerPack 2010
[2010/11/22 10:17:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\TweakNow PowerPack Professional

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 156 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:90D89144
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AF54CFFD
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3991CD7D
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1

< End of report >

#8 Jack&Jill

Jack&Jill

    MRU Emeritus

  • Authentic Member
  • PipPip
  • 247 posts
  • Interests:Non-stop & life-long learning

Posted 17 January 2011 - 06:23 AM

Hello TheGreat.308 :),

Remove P2P software
  • IMPORTANT: I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

    eMule

  • Our policy as pointed out in the Terms of Use:

    We will not support or allow the discussion of any peer to peer (P2P) applications, except for their removal.

  • Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.
  • Go to Control Panel > Add/Remove Programs and uninstall the P2P program(s) listed above (in red).
  • Please remove them before we continue with fixing your computer.
Please rerun OTL with the same settings and post back a new Extras.txt.
Jack&Jill
MRU Teacher of Malware Removal University - A Cooperative Effort with WhatTheTech Classroom.
Member of ASAP and UNITE.

If you have been helped and wish to donate to support this volunteer site, go to Donations For What The Tech.

#9 TheGreat.308

TheGreat.308

    Authentic Member

  • Authentic Member
  • PipPip
  • 31 posts

Posted 18 January 2011 - 01:34 AM

Jack & Jill,

Removed Emule and posted a new OTL Extras Logfile.

I did have Limewire on the cmptr some time ago and had friends tell of bad experiences using it so I removed it, didn't realize emule shared files and perhaps that is the "new network" that zonealarm reminds me of every so often. I do not allow it access to zone alarms trusted zone.






OTL Extras logfile created on: 1/18/2011 1:23:29 AM - Run 2
OTL by OldTimer - Version 3.2.20.2 Folder = C:\Documents and Settings\user1\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

255.00 Mb Total Physical Memory | 87.00 Mb Available Physical Memory | 34.00% Memory free
989.00 Mb Paging File | 601.00 Mb Available in Paging File | 61.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 18.64 Gb Total Space | 8.99 Gb Free Space | 48.25% Space Free | Partition Type: NTFS
Drive E: | 618.77 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: COMPAQ-033HB3B9 | User Name: user1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Disabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Program Files\EA GAMES\Battlefield 1942\BF1942.exe" = C:\Program Files\EA GAMES\Battlefield 1942\BF1942.exe:*:Enabled:BF1942
"F:\GAMES\Battlefield Vietnam\bfvietnam.exe" = F:\GAMES\Battlefield Vietnam\bfvietnam.exe:*:Enabled:bfvietnam
"F:\Turbo tax\TurboTax Deluxe 2006\32bit\ttax.exe" = F:\Turbo tax\TurboTax Deluxe 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax
"F:\Turbo tax\TurboTax Deluxe 2006\32bit\updatemgr.exe" = F:\Turbo tax\TurboTax Deluxe 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager
"F:\MofH Pacific Assault\mohpa.exe" = F:\MofH Pacific Assault\mohpa.exe:*:Enabled:Medal of Honor Pacific Assault™
"C:\Program Files\EA GAMES\Medal of Honor Pacific Assault™\mohpa.exe" = C:\Program Files\EA GAMES\Medal of Honor Pacific Assault™\mohpa.exe:*:Enabled:Medal of Honor Pacific Assault™
"C:\WINDOWS\system32\ZoneLabs\vsmon.exe" = C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:vsmon -- (Check Point Software Technologies LTD)
"C:5\Medal of Honor Airborne\UnrealEngine3\Binaries\MOHA.exe" = C:5\Medal of Honor Airborne\UnrealEngine3\Binaries\MOHA.exe:*:Enabled:Medal of Honor Airborne
"C:5\Medal of Honor Pacific Assault\mohpa.exe" = C:5\Medal of Honor Pacific Assault\mohpa.exe:*:Enabled:Medal of Honor Pacific Assault™


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0DEA94ED-915A-4834-A87E-388D012C8E02}" = Medal of Honor Allied Assault
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{14AA72DA-DB40-4A34-93A6-401A81D7AF9E}" = Unreal Anthology
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20676B6E-3A89-9D8B-DF0B-66B52C007864}" = CCC Help French
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 22
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3F6535CB-8385-14E8-0BC6-136CB9750A85}" = ccc-core-preinstall
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{42B10D50-68F9-0C65-D7AE-3602A9852041}" = Catalyst Control Center Graphics Light
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BEC42A2-B060-C560-B177-5A955F527160}" = CCC Help Spanish
"{5659C1C6-FBBC-2019-854C-8D5D68AFB877}" = Catalyst Control Center Graphics Full New
"{56CFA833-F44F-4199-8C58-7F8B38F2BC7B}" = Medal of Honor Pacific Assault™
"{5BDEC021-A430-5531-76C1-10FE3ED2E405}" = CCC Help English
"{65F1CF63-31E0-450B-96F3-4A88BE7361A6}" = AGEIA PhysX v7.07.09
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}" = Battlefield 1942
"{6FA88A80-45C3-4B3E-999E-FE9FB9B3C0DA}" = CCC Help German
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75BED4BB-2580-7D68-840C-A6A25AAED4B1}" = Catalyst Control Center Core Implementation
"{7914BE1E-F186-4790-B8F4-9F63C52A41C1}" = Medal of Honor Allied Assault™ Spearhead
"{7E0CDB79-91DA-BDFB-B88C-E869942784CE}" = Catalyst Control Center Localization Spanish
"{7ED80209-18CB-61CD-7CD2-C9197BD6AA0B}" = Catalyst Control Center Localization German
"{823A68CC-3049-4A6B-8F63-7DC85E4BB1C9}" = Medal of Honor Allied Assault™ Breakthrough
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{95120000-003F-0409-0000-0000000FF1CE}" = Microsoft Office Excel Viewer
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9862B19F-4CAD-4EED-920F-2F378D84393F}" = ATI Parental Control & Encoder
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{A041C7FC-1E1B-4DD9-4CCC-306AB36DA087}" = Catalyst Control Center Graphics Full Existing
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A662E280-64A8-4CF5-8407-13D0808602B3}" = Call of Duty - United Offensive
"{A918DE8A-98C8-0800-0000-0000000C0001}" = Sanyo PM8200 USB - Handset Manager V8
"{A918DE8A-98C8-0800-0001-000000000000}" = Multimedia Samples
"{ABB7151E-754A-351A-4F7A-5292591937E6}" = CCC Help Chinese Standard
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.5
"{B54D3E98-8757-FCFF-398F-199B618D36B6}" = Catalyst Control Center Localization French
"{B73B4A99-4173-4747-BBEC-0F05E966F9D2}" = Battlefield 1942: Secret Weapons of WWII
"{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = Broadcom 570x Driver Installer
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C941F1F1-25B3-4DF5-83E6-888C51A1AAB6}" = AVIVO Codecs
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D057AA08-8CBF-42E3-9EAB-23B8FED1C279}" = Battlefield 1942: The Road To Rome
"{D1696920-9794-4BBC-8A30-7A88763DE5A2}" = ABBYY FineReader 5.0 Sprint
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E35B3C63-E958-4E31-A178-95D22024109A}" = Battlefield Vietnam™
"{E35E55BC-BC35-4303-2C46-D3E63C5EDC2F}" = ccc-utility
"{EA767019-E9AD-4B96-FF31-C1A816612D1F}" = ccc-core-static
"{EB10E764-79C1-BCE7-6526-D3A4B7220BF8}" = Skins
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F45298E5-0083-426F-A668-1A2C5F04B8A0}" = FaxTools
"{F9089224-6CBA-B814-0A58-77EEBA7A9579}" = Catalyst Control Center Localization Chinese Standard
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"avast5" = avast! Free Antivirus
"Battlecraft 19422.1" = Battlecraft 1942
"BFG-Mystery in London" = Mystery in London
"Call of Duty Game of the Year Edition" = Call of Duty Game of the Year Edition
"Creative Media Lite" = Creative Media Lite
"ie8" = Windows Internet Explorer 8
"InstallShield_{A662E280-64A8-4CF5-8407-13D0808602B3}" = Call of Duty - United Offensive
"InstallShield_{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = Broadcom 570x Driver Installer
"Lexmark 1200 Series" = Lexmark 1200 Series
"MDT" = Battlefield Mod Development Toolkit 2.0 Beta
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"PROSet" = Intel® PRO Network Connections Drivers
"TweakNow PowerPack 2010_is1" = TweakNow PowerPack 2010
"Vietcong" = Vietcong
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"YInstHelper" = Yahoo! Install Manager
"ZENStoneUG" = Creative ZEN Stone User's Guide
"ZoneAlarm" = ZoneAlarm

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-839522115-2146812355-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"notify" = License Manager

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/26/2010 6:53:15 PM | Computer Name = COMPAQ-033HB3B9 | Source = | ID = 0
Description =

Error - 12/26/2010 6:53:15 PM | Computer Name = COMPAQ-033HB3B9 | Source = | ID = 0
Description =

Error - 12/30/2010 7:33:41 PM | Computer Name = COMPAQ-033HB3B9 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/30/2010 7:33:41 PM | Computer Name = COMPAQ-033HB3B9 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/30/2010 7:33:53 PM | Computer Name = COMPAQ-033HB3B9 | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

Error - 12/30/2010 7:33:53 PM | Computer Name = COMPAQ-033HB3B9 | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

Error - 1/7/2011 11:19:58 PM | Computer Name = COMPAQ-033HB3B9 | Source = Application Hang | ID = 1002
Description = Hanging application WORDVIEW.EXE, version 11.0.8169.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/10/2011 6:51:41 PM | Computer Name = COMPAQ-033HB3B9 | Source = Application Hang | ID = 1002
Description = Hanging application wmplayer.exe, version 11.0.5721.5145, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/10/2011 6:51:41 PM | Computer Name = COMPAQ-033HB3B9 | Source = Application Hang | ID = 1002
Description = Hanging application wmplayer.exe, version 11.0.5721.5145, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/10/2011 6:51:41 PM | Computer Name = COMPAQ-033HB3B9 | Source = Application Hang | ID = 1002
Description = Hanging application wmplayer.exe, version 11.0.5721.5145, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 1/13/2011 8:17:04 PM | Computer Name = COMPAQ-033HB3B9 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
i8042prt

Error - 1/14/2011 5:08:40 PM | Computer Name = COMPAQ-033HB3B9 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
i8042prt

Error - 1/14/2011 5:18:58 PM | Computer Name = COMPAQ-033HB3B9 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM
Service service to connect.

Error - 1/14/2011 5:18:58 PM | Computer Name = COMPAQ-033HB3B9 | Source = Service Control Manager | ID = 7000
Description = The IMAPI CD-Burning COM Service service failed to start due to the
following error: %%1053

Error - 1/14/2011 5:26:08 PM | Computer Name = COMPAQ-033HB3B9 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
i8042prt

Error - 1/14/2011 5:42:35 PM | Computer Name = COMPAQ-033HB3B9 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
i8042prt

Error - 1/15/2011 9:20:12 PM | Computer Name = COMPAQ-033HB3B9 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
i8042prt

Error - 1/15/2011 11:38:04 PM | Computer Name = COMPAQ-033HB3B9 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
i8042prt

Error - 1/16/2011 9:38:11 AM | Computer Name = COMPAQ-033HB3B9 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
i8042prt

Error - 1/18/2011 2:27:52 AM | Computer Name = COMPAQ-033HB3B9 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
i8042prt


< End of report >

#10 Jack&Jill

Jack&Jill

    MRU Emeritus

  • Authentic Member
  • PipPip
  • 247 posts
  • Interests:Non-stop & life-long learning

Posted 18 January 2011 - 10:30 AM

Hello TheGreat.308 :),

255.00 Mb Total Physical Memory | 125.00 Mb Available Physical Memory | 49.00% Memory free

The computer is low on RAM. Although Windows XP works with what you have, most programs nowadays may need more than that to have a decent performance. Upgrading would be a good idea.

--------------------

I see that you have some programs that are not recommended or not safe on board your computer. You may uninstall them through Add/Remove Programs at the Control Panel.

Registry Cleaner(s)

TweakNow PowerPack 2010

Personally, I do not recommend any such programs. Here is an excerpt from a discussion on Registry Cleaners:

Most Registry Cleaners aren't bad as such, but they aren't perfect and even the best have been known to cause problems. The point we are trying to make is that the risk of using one far outweighs any benefit. If it does work perfectly you will not see any difference. If it doesn't work properly you may end up with an expensive doorstop.


See here and here for additional information.

--------------------

Please download Malwarebytes' Anti-Malware (MBAM)© from Malwarebytes and save it to your desktop. Click here.

Run MBAM
  • Double click on mbam-setup.exe and follow the prompts to install the program.
  • At the end of installation, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • MBAM will now check for updates. If your firewall prompts, please allow it. If you can't update it, select the Update tab. Under Update mirror, select one of the websites and click on Check for Updates.
  • Upon completion of update and loading, select the Scanner tab. Click on Perform full scan, then click on Scan.
  • Leave the default options as it is and click on Start Scan.
  • If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process.
  • When done, you will be prompted. Click OK, then click on Show Results.
  • Check (tick) all items except items in the C:\System Volume Information folder and click on Remove Selected.
  • After it has removed the items, a log in Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest.
If asked to restart the computer, please do so. Failure to reboot will prevent MBAM from removing all the malware. If you receive an (Error Loading) error on reboot, please reboot a second time . It is normal for this error to occur once and does not need to be reported unless it returns on future reboots.

--------------------

Please post back:
1. the MBAM log
Jack&Jill
MRU Teacher of Malware Removal University - A Cooperative Effort with WhatTheTech Classroom.
Member of ASAP and UNITE.

If you have been helped and wish to donate to support this volunteer site, go to Donations For What The Tech.

    Advertisements

Register to Remove

#11 TheGreat.308

TheGreat.308

    Authentic Member

  • Authentic Member
  • PipPip
  • 31 posts

Posted 18 January 2011 - 03:03 PM

Jack & Jill, Malware log is posted. You suggested that I upgrade because RAM on pc is low how do I add more? I don't know much about computers and was only recently able to fumble my way through to add a dvd drive and a new vid card to the pc. Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 5549 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 1/18/2011 2:50:55 PM mbam-log-2011-01-18 (14-50-55).txt Scan type: Full scan (C:\|) Objects scanned: 170257 Time elapsed: 51 minute(s), 54 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)

#12 Jack&Jill

Jack&Jill

    MRU Emeritus

  • Authentic Member
  • PipPip
  • 247 posts
  • Interests:Non-stop & life-long learning

Posted 19 January 2011 - 04:31 AM

Hello TheGreat.308 :),

Some pages requiring a log in id and password will reload themselves after I partially type in a user id they reload themselves and have the entry fields blank as if I never entered info. into them

Could you please explain about this a bit more? Are you saying that when you visit sites that need log in, for example your Gmail or something similar, you key in your ID or password halfway and the page reloads? Is it because the page have not finish loading? Besides these, are there any other symptoms to your problem?

You suggested that I upgrade because RAM on pc is low how do I add more? I don't know much about computers and was only recently able to fumble my way through to add a dvd drive and a new vid card to the pc.

Not my area of expertise either. If you google "how to add ram", you will get quite a few articles on how to do it. Here is one from Microsoft which is quite comprehensive.

If you are not comfortable doing it yourself, you should get some help from someone with experience or engage computer shops to do it for you.

--------------------

Do an online scan with ESET Online Scanner.
Please be patient as scanning will take quite some time. If you have problem running the scan, you might want to disable any real time protection that you have.
  • Click here to go to ESET Online Scanner page.
  • Click on ESET Online Scanner. A new window will open.
    For FireFox user, you will need to download and install esetsmartinstaller_enu.exe. Click on it and save the file to a convenient location. Double click on it to install and a new window will open.
  • After reading through the Terms of Use, check YES, I accept the Terms of Use and click Start to begin scan.
  • You will be prompted to install an ActiveX Control from ESET. Please install.
  • At the Computer scan settings section, uncheck (untick) Remove found threats and then check Scan archives.
  • Now, click on Advanced settings and make sure all these are checked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click on Scan to proceed.
  • When done, the scan result will be shown. Look for C:\Program Files\ESET\ESET Online Scanner\log.txt and open the file.
  • Post the contents in your reply.
If the contents of log.txt do not reflect what is shown in the result window, click on List of found threats, then Export to text file..., save a file and post that instead.

--------------------

Please post back:
1. the ESET online scan result
Jack&Jill
MRU Teacher of Malware Removal University - A Cooperative Effort with WhatTheTech Classroom.
Member of ASAP and UNITE.

If you have been helped and wish to donate to support this volunteer site, go to Donations For What The Tech.

#13 TheGreat.308

TheGreat.308

    Authentic Member

  • Authentic Member
  • PipPip
  • 31 posts

Posted 19 January 2011 - 07:18 PM

Howdy Jack & Jill, The pages I need to log in to such as e-mail , library account etc are loaded before I key in ny log in info. I can get through putting in my user id and part of a password and the screen will reload itself with the user id fields being blank. I worried about that because I am not sure if that means someone is trying or has taken my information. I also recieve messages from the zone alarm asking if I want 2 ip addresses added to my safe zone. It states that it has found that the addresses are trying to access the internet and are part of a new network. Sometimes when my H drive is on ( it's external used for my pictures, and music) I am unable to close some of the music or pic folders because I receive a message saying that the file is in use by someone else. Thanks for the information on adding ram.I posted the eset results showing that there is an infected file. ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6419 # api_version=3.0.2 # EOSSerial=73370da78fae0b42a60d52a7cdcbdb41 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2011-01-19 10:11:46 # local_time=2011-01-19 04:11:46 (-0600, Central Standard Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=512 16777215 100 0 0 0 0 0 # compatibility_mode=768 16777215 100 0 6397695 6397695 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # compatibility_mode=9217 16777214 100 70 6142799 11115311 0 0 # scanned=43062 # found=1 # cleaned=0 # scan_time=2938 C:\Documents and Settings\user1\Application Data\Sun\Java\Deployment\cache\6.0\54\3148e336-64993b08 multiple threats (unable to clean) 00000000000000000000000000000000 I

#14 Jack&Jill

Jack&Jill

    MRU Emeritus

  • Authentic Member
  • PipPip
  • 247 posts
  • Interests:Non-stop & life-long learning

Posted 20 January 2011 - 10:15 AM

Hello TheGreat.308 :),

Please download ERUNT© by Lars Hederer from one of the links below and save it to your desktop.

Link 1
Link 2
Link 3

Backup your registry with ERUNT
  • Double click on erunt-setup.exe and run the installation setup.
  • Follow the setup instructions until you reach Select Additional Tasks, uncheck (untick) Create NTREGOPT desktop icon.
  • Continue until you get prompted to run ERUNT at startup. Choose No.
  • Next, make sure Launch ERUNT is checked (ticked) and click Finish.
  • Click OK when ERUNT is launched, and accept all default setting. ERUNT will then backup the registry.
--------------------

Fix with OTL
  • Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily. They will interfere and may cause unexpected results.
  • If you need help to disable your protection programs see here and here.
  • Double click on OTL.exe to run it.
  • Copy and paste the following text into the white box below Custom Scans/Fixes:
    :otl
O2 - BHO: (no name) - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - No CLSID value found.
O15 - HKU\S-1-5-21-839522115-2146812355-725345543-1003\..Trusted Domains: akamai.net ([a248.e] https in Trusted sites)
O15 - HKU\S-1-5-21-839522115-2146812355-725345543-1003\..Trusted Domains: bitdefender.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-839522115-2146812355-725345543-1003\..Trusted Domains: netflame.cc ([ssl-hints] https in Trusted sites)
O15 - HKU\S-1-5-21-839522115-2146812355-725345543-1003\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-839522115-2146812355-725345543-1003\..Trusted Domains: yahoo.com ([]https in Trusted sites)
O33 - MountPoints2\{38750cd4-1ce6-11db-9705-000802c0a41f}\Shell - "" = AutoRun
O33 - MountPoints2\{38750cd4-1ce6-11db-9705-000802c0a41f}\Shell\AutoRun - "" = Auto&Play
[2010/11/22 09:32:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/08/13 16:16:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\LimeWire
@Alternate Data Stream - 156 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:90D89144
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AF54CFFD
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3991CD7D
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1

:files
C:\Documents and Settings\user1\Application Data\Sun\Java\Deployment\cache\6.0\54\3148e336-64993b08

:commands
[CREATERESTOREPOINT]
[emptytemp]
  • Click Run Fix.
  • Please post the contents of the fix log file back here if you are prompted to open the file. It can also be found at C:\_OTL\Moved Files as MMDDYYY_HHMMSS.log where MMDDYYY is date format and HHMMSS is time format.
  • If requested to reboot, please do so. The log file will open after restart.
  • Enable back your security softwares as soon as you completed the OTL fix steps.
--------------------

Do the messages from ZoneAlarm appear after the webpages reload? What are the IP addresses? Please try to take them down for me. Have you tried with other browsers like Firefox or Opera and has the same problem happened?

--------------------

Please post back:
1. the OTL fix log
2. the answers to my questions
Jack&Jill
MRU Teacher of Malware Removal University - A Cooperative Effort with WhatTheTech Classroom.
Member of ASAP and UNITE.

If you have been helped and wish to donate to support this volunteer site, go to Donations For What The Tech.

#15 TheGreat.308

TheGreat.308

    Authentic Member

  • Authentic Member
  • PipPip
  • 31 posts

Posted 20 January 2011 - 02:10 PM

Hello Jack & Jill, Messages from zone alarm appear at startup or when the computer is rebooted. The message a private networkis connecting to the computer or internet has an address of 192.168.15.0 and the other address is 169.254.0.0 I have not tried firefox or opera. All processes killed ========== OTL ========== Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}\ not found. Registry key HKEY_USERS\S-1-5-21-839522115-2146812355-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\akamai.net\a248.e\ deleted successfully. Registry key HKEY_USERS\S-1-5-21-839522115-2146812355-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\bitdefender.com\ deleted successfully. Registry key HKEY_USERS\S-1-5-21-839522115-2146812355-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\netflame.cc\ssl-hints\ deleted successfully. Registry key HKEY_USERS\S-1-5-21-839522115-2146812355-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\turbotax.com\ deleted successfully. Registry key HKEY_USERS\S-1-5-21-839522115-2146812355-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\yahoo.com\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{38750cd4-1ce6-11db-9705-000802c0a41f}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{38750cd4-1ce6-11db-9705-000802c0a41f}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{38750cd4-1ce6-11db-9705-000802c0a41f}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{38750cd4-1ce6-11db-9705-000802c0a41f}\ not found. C:\Documents and Settings\All Users\Application Data\TEMP folder moved successfully. C:\Documents and Settings\user1\Application Data\LimeWire\xml\data folder moved successfully. C:\Documents and Settings\user1\Application Data\LimeWire\xml folder moved successfully. C:\Documents and Settings\user1\Application Data\LimeWire\themes\windows_theme folder moved successfully. C:\Documents and Settings\user1\Application Data\LimeWire\themes folder moved successfully. C:\Documents and Settings\user1\Application Data\LimeWire\promotion folder moved successfully. C:\Documents and Settings\user1\Application Data\LimeWire\mozilla-profile\updates\0 folder moved successfully. C:\Documents and Settings\user1\Application Data\LimeWire\mozilla-profile\updates folder moved successfully. C:\Documents and Settings\user1\Application Data\LimeWire\mozilla-profile\extensions folder moved successfully. C:\Documents and Settings\user1\Application Data\LimeWire\mozilla-profile\Cache folder moved successfully. C:\Documents and Settings\user1\Application Data\LimeWire\mozilla-profile folder moved successfully. C:\Documents and Settings\user1\Application Data\LimeWire\certificate folder moved successfully. C:\Documents and Settings\user1\Application Data\LimeWire\browser\xulrunner\res\html folder moved successfully. C:\Documents and Settings\user1\Application Data\LimeWire\browser\xulrunner\res\fonts folder moved successfully. C:\Documents and Settings\user1\Application Data\LimeWire\browser\xulrunner\res\entityTables folder moved successfully. C:\Documents and Settings\user1\Application Data\LimeWire\browser\xulrunner\res\dtd folder moved successfully. C:\Documents and Settings\user1\Application Data\LimeWire\browser\xulrunner\res folder moved successfully. C:\Documents and Settings\user1\Application Data\LimeWire\browser\xulrunner\plugins folder moved successfully. C:\Documents and Settings\user1\Application Data\LimeWire\browser\xulrunner\modules folder moved successfully. C:\Documents and Settings\user1\Application Data\LimeWire\browser\xulrunner\greprefs folder moved successfully. C:\Documents and Settings\user1\Application Data\LimeWire\browser\xulrunner\dictionaries folder moved successfully. C:\Documents and Settings\user1\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\chrome folder moved successfully. C:\Documents and Settings\user1\Application Data\LimeWire\browser\xulrunner\defaults\profile\US folder moved successfully. C:\Documents and Settings\user1\Application Data\LimeWire\browser\xulrunner\defaults\profile\chrome folder moved successfully. C:\Documents and Settings\user1\Application Data\LimeWire\browser\xulrunner\defaults\profile folder moved successfully. C:\Documents and Settings\user1\Application Data\LimeWire\browser\xulrunner\defaults\pref folder moved successfully. C:\Documents and Settings\user1\Application Data\LimeWire\browser\xulrunner\defaults\autoconfig folder moved successfully. C:\Documents and Settings\user1\Application Data\LimeWire\browser\xulrunner\defaults folder moved successfully. C:\Documents and Settings\user1\Application Data\LimeWire\browser\xulrunner\components folder moved successfully. C:\Documents and Settings\user1\Application Data\LimeWire\browser\xulrunner\chrome folder moved successfully. C:\Documents and Settings\user1\Application Data\LimeWire\browser\xulrunner folder moved successfully. C:\Documents and Settings\user1\Application Data\LimeWire\browser folder moved successfully. C:\Documents and Settings\user1\Application Data\LimeWire\.AppSpecialShare folder moved successfully. C:\Documents and Settings\user1\Application Data\LimeWire folder moved successfully. Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:90D89144 . Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 . Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 . Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:AF54CFFD . Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:3991CD7D . Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1 . ========== FILES ========== C:\Documents and Settings\user1\Application Data\Sun\Java\Deployment\cache\6.0\54\3148e336-64993b08 moved successfully. ========== COMMANDS ========== Restore point Set: OTL Restore Point (0) [EMPTYTEMP] User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: LocalService ->Temp folder emptied: 2052536 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: NetworkService ->Temp folder emptied: 1987816 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: user1 ->Temp folder emptied: 4639330 bytes ->Temporary Internet Files folder emptied: 3356318 bytes ->Java cache emptied: 15389574 bytes ->Flash cache emptied: 352270 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 1138887 bytes %systemroot%\System32 .tmp files removed: 2577 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 275427 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 13475938 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 41.00 mb OTL by OldTimer - Version 3.2.20.3 log created on 01202011_130051 Files\Folders moved on Reboot... File\Folder C:\Documents and Settings\user1\Local Settings\Temporary Internet Files\Content.IE5\6YKV45W5\gsprite_20100302[1].png not found! Registry entries deleted on Reboot...

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·