View Full Version : SVCHOST trojan
musicalpulltoy
2012-03-09, 21:29
hello
superantispyware found a trojan. just want to find out if theres any remnants
thank you
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.0.0
Run by DAD at 12:18:08 on 2012-03-09
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1271.390 [GMT -7:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated*
{17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Free Firewall *Enabled*
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\charmap.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) =
hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
uURLSearchHooks: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} -
c:\program files\zonealarm_security\prxtbZon2.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program
files\avg\avg2012\avgssie.dll
BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} -
c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - c:\program
files\zonealarm_security\prxtbZon2.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program
files\java\jre7\bin\jp2ssv.dll
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
TB: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - c:\program
files\zonealarm_security\prxtbZon2.dll
TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program
files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [Task Catcher] c:\program files\billp studios\task catcher\tasktrap.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [ISW] c:\program files\checkpoint\zaforcefield\ForceField.exe /icon="hidden"
mRun: [ZoneAlarm] c:\program files\checkpoint\zonealarm\zatray.exe
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\dad\startm~1\programs\startup\erunta~1.lnk - c:\program
files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program
files\netgear\wg111v3\WG111v3.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\system~1\micros~1.lnk -
c:\program files\microsoft office\office10\OSA.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} -
c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} -
c:\progra~1\spybot~1\SDHelper.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -
hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1246
219383859
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} -
hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -
hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
TCP: Interfaces\{D3C8F517-0E02-41EF-88B6-50CFBAF7D6D0} : NameServer =
68.105.28.11,68.105.28.12,68.105.29.12
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program
files\avg\avg2012\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} -
c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} -
c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program
files\superantispyware\SASSEH.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common
files\lightscribe\LSRunOnce.exe"
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\dad\application
data\mozilla\firefox\profiles\fn2dlw99.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\dad\application
data\mozilla\firefox\profiles\fn2dlw99.default\extensions\{91da5e8a-3318-4f8c-b67e-5964de3a
b546}\components\RadioWMPCoreGecko19.dll
FF - component: c:\documents and settings\dad\application
data\mozilla\firefox\profiles\fn2dlw99.default\extensions\{91da5e8a-3318-4f8c-b67e-5964de3a
b546}\components\RadioWMPCoreGecko5.dll
FF - component: c:\documents and settings\dad\application
data\mozilla\firefox\profiles\fn2dlw99.default\extensions\{91da5e8a-3318-4f8c-b67e-5964de3a
b546}\components\RadioWMPCoreGecko6.dll
FF - component: c:\documents and settings\dad\application
data\mozilla\firefox\profiles\fn2dlw99.default\extensions\{91da5e8a-3318-4f8c-b67e-5964de3a
b546}\components\RadioWMPCoreGecko7.dll
FF - component: c:\documents and settings\dad\application
data\mozilla\firefox\profiles\fn2dlw99.default\extensions\{91da5e8a-3318-4f8c-b67e-5964de3a
b546}\components\RadioWMPCoreGecko8.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff10.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff4.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff5.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff6.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff7.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff8.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff9.dll
FF - plugin: c:\documents and settings\dad\application
data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\dad\application
data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\dad\local settings\application
data\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\checkpoint\zaforcefield\trustchecker\bin\npFFApi.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npjp2.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla
firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - c:\program files\mozilla
firefox\extensions\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} -
%profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: User Agent Switcher: {e968fc70-8f95-4ab9-9e79-304de2a71ee1} -
%profile%\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
FF - Ext: Split Browser: {29c4afe1-db19-4298-8785-fcc94d1d6c1d} -
%profile%\extensions\{29c4afe1-db19-4298-8785-fcc94d1d6c1d}
FF - Ext: Easy YouTube Video Downloader: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} -
%profile%\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
FF - Ext: Ghostery: firefox@ghostery.com - %profile%\extensions\firefox@ghostery.com
FF - Ext: WorldIP: {f36c6cd1-da73-491d-b290-8fc9115bfa55} -
%profile%\extensions\{f36c6cd1-da73-491d-b290-8fc9115bfa55}
FF - Ext: JavaScript Deobfuscator: jsdeobfuscator@adblockplus.org -
%profile%\extensions\jsdeobfuscator@adblockplus.org
FF - Ext: DOM Inspector: inspector@mozilla.org - %profile%\extensions\inspector@mozilla.org
FF - Ext: Firebug: firebug@software.joehewitt.com -
%profile%\extensions\firebug@software.joehewitt.com
FF - Ext: ZoneAlarm Security Community Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} -
%profile%\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} -
c:\windows\microsoft.net\framework\v3.5\windows presentation
foundation\DotNetAssistantExtension
FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program
files\avg\avg2012\Firefox4
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7
32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8
230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus
Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 295248]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R1 Vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2011-11-9 525840]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12
4433248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys
[2011-11-3 27016]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe
[2011-11-3 497280]
R2 vsmon;TrueVector Internet Monitor;c:\program files\checkpoint\zonealarm\vsmon.exe
-service --> c:\program files\checkpoint\zonealarm\vsmon.exe -service [?]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-3 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-3 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-3 16720]
R3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista
Driver;c:\windows\system32\drivers\wg111v3.sys [2007-4-23 224896]
R3 s3legacy;s3legacy;c:\windows\system32\drivers\s3legacy.sys [2011-9-23 65664]
S2 DCService.exe;DCService.exe;c:\documents and settings\all users\application
data\datacardservice\dcservice.exe --> c:\documents and settings\all users\application
data\datacardservice\DCService.exe [?]
S3 epstw2k;SCM Parallel Port SCSI Driver;c:\windows\system32\drivers\epstw2k.sys [2011-7-31
114944]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys -->
c:\windows\system32\drivers\ewusbnet.sys [?]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys -->
c:\windows\system32\drivers\ew_jubusenum.sys [?]
S3 N3AB;N3AB Wireless Network Adapter Service;c:\windows\system32\drivers\N3AB.sys
[2005-12-23 457312]
S3 PTDUBus;PANTECH UM175 Composite Device Driver ;c:\windows\system32\drivers\PTDUBus.sys
[2009-3-14 29824]
S3 PTDUMdm;PANTECH UM175 Drivers;c:\windows\system32\drivers\PTDUMdm.sys [2009-3-14 41344]
S3 PTDUVsp;PANTECH UM175 Diagnostic Port;c:\windows\system32\drivers\PTDUVsp.sys [2009-3-14
39936]
S3 PTDUWWAN;PANTECH UM175 WWAN Driver;c:\windows\system32\drivers\PTDUWWAN.sys [2009-3-14
59776]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys
[2011-5-3 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem
Filter;c:\windows\system32\drivers\s1018mdfl.sys [2011-5-3 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem
Driver;c:\windows\system32\drivers\s1018mdm.sys [2011-5-3 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers
(WDM);c:\windows\system32\drivers\s1018mgmt.sys [2011-5-3 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation
(NDIS);c:\windows\system32\drivers\s1018nd5.sys [2011-5-3 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX
Interface;c:\windows\system32\drivers\s1018obex.sys [2011-5-3 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation
(WDM);c:\windows\system32\drivers\s1018unic.sys [2011-5-3 109864]
S3 s3m;s3m;c:\windows\system32\drivers\s3m.sys [2011-4-12 166720]
S3 scsiscan;SCSI Scanner Driver;c:\windows\system32\drivers\scsiscan.sys [2011-7-31 11520]
S3 SiSV;SiSV;c:\windows\system32\drivers\SiSV.sys [2011-4-12 50432]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\sony ericsson\sony
ericsson pc companion\PCCService.exe [2011-5-3 150528]
S4 DirMon2;DirMon2;C:/Program Files/Dragon Global/DirMon2/DirMon2.exe -be_the_service -->
C:/Program Files/Dragon Global/DirMon2/DirMon2.exe -be_the_service [?]
S4 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k
nosGetPlusHelper [2004-8-10 14336]
S4 TridWnW;PCI Audio Driver;c:\windows\system32\drivers\TridWnW.sys [2011-4-30 150872]
.
=============== Created Last 30 ================
.
2012-02-14 19:42:50 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-14 19:42:50 3072 ------w- c:\windows\system32\dllcache\iacenc.dll
2012-02-10 22:15:34 -------- d-----w- C:\OEMSettings
.
==================== Find3M ====================
.
2012-01-12 16:53:24 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-17 19:46:36 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46:36 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-17 19:46:36 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:22:58 385024 ----a-w- c:\windows\system32\html.iec
2011-12-10 22:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 12:20:41.88 ===============
Scolabar
2012-03-10, 10:45
Hi musicalpulltoy,
Firstly, welcome to the Safer-Networking Malware Removal Forum. I see this is not the first time you have requested help here. ;)
My name is Scolabar, and I'll be helping you with your malware problems.
Logs can take a while to research, so please be patient.
If you no longer require help I would be grateful if you would let me know.
Please note the following important guidelines before proceeding:
The instructions that will be provided are for YOUR computer and system only!
Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
If you have any questions or do not understand something, please do not hesitate to ask, don't guess or assume.
Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
Only reply to this thread, do not start another. Please, continue responding, until I give you the All Clean.
Absence of symptoms does not necessarily mean that everything is clear.
DO NOT run any other fix or removal tools unless instructed to do so!
DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
Print each set of instructions, if possible. Your Internet connection will not be available during some fix processes.
Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
Note: No Reply Within 3 Days Will Result In Your Topic Being Closed!
Please Note: If you haven't done so already, please read this topic "BEFORE You POST"(Please read this Procedure Before Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288) where the conditions for receiving help here are explained.
Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.
In light of this, it would be advisable for you to back up any important files and folders that you don't want to lose before we start.
Backup Your Data - Windows XP (http://support.microsoft.com/kb/308422)
If you follow these guidelines, things should proceed smoothly. :)
I am currently reviewing your log and will return, as soon as possible, with additional instructions.
Thank you for your patience.
Scolabar
Scolabar
2012-03-10, 20:26
Hi musicalpulltoy,
Thank you again for your patience. :)
Please read these instructions carefully before executing and perform the steps, in the order given.
lf you have any questions about or problems with, executing these instructions, <STOP> do not proceed, post back with the question or problem before going any further.
Before we proceed please make sure any open programs are closed.
Step 1:
Business Use Computer?
Entries in the log you have provided lead me to believe that this computer may be being used for business purposes.
Please could you confirm whether or not this is the case? If not, please proceed with Step 2 and clarify for what purposes this computer is used in your next post.
Step 2:
Advisory - P2P Software Present!
IMPORTANT There are signs of a P2P (Peer-to-Peer) File Sharing Program installed on your computer.
µTorrent
P2P File Sharing Programs are used as a major conduit for spreading malware infection to computer systems these days.
P2P programs open up access to the computer on which the program is installed. The computer's settings are more often than not changed in a manner that renders the computer insecure and access to the computer remains open even when the program is not in use. Consequently, the system's security is completely compromised.
So be aware that it is not just what is downloaded that causes problems, just having a P2P program installed is like leaving all the doors to your house unlocked.
I advise you take the time to read the following articles that explain the risk of installing these programs:
Perils of P2P File Sharing (http://www.techsupportforum.com/forums/f50/perils-of-p2p-file-sharing-305923.html)
Use of P2P File Sharing Programs (http://spywarewarrior.com/viewtopic.php?t=26216)
Clean/Infected P2P Programs (http://malwareremoval.com/p2pindex.php)
Risks of Peer-to-Peer Systems (http://www.fbi.gov/scams-safety/peertopeer/oeertopeer)
File sharing infects 500,000 computers (http://www.itpro.co.uk/195672/file-sharing-infects-500-000-computers)
File-sharing dangers involve more than legal troubles (http://www.usatoday.com/tech/columnist/kimkomando/2006-04-13-file-sharing-woes_x.htm)
How to Prevent the Online Invasion of Spyware and Adware (http://www.internetworldstats.com/articles/art053.htm)
I strongly recommend that you uninstall the P2P software as follows:
Remove P2P Program
Click on Start > Control Panel and double-click on Programs and Features.
Locate the following program:
µTorrent
Click on the Change/Remove button to uninstall it.
When the program has been uninstalled Close the Programs and Features and Control Panel windows.
Step 3:
Disable Wordwrap
You logs indicate that the Wordwrap feature is enabled in Notepad. Please follow the instructions to disable that feature.
Launch Notepad.
Then click on the Format menu and make sure Wordwrap is Unchecked.
Close Notepad.
Step 4:
CKScanner
Please download CKScanner (http://downloads.malwareremoval.com/CKScanner.exe) and Save it to your Desktop.
Make sure that CKScanner.exe is on your Desktop before running the application!
Double-click on the CKScanner.exe icon to run the program.
Then click on the Search For Files button.
When the scan has finished (- the hourglass cursor will disappear when the scan has completed) click on the Save List To File button.
A text file will be created on your Desktop named ckfiles.txt. A message box will verify the file saved.
Note: Please run the program ONCE only.
Click on the Exit button to close the program.
Double-click on the ckfiles.txt file to open it.
Then Copy and Paste the entire contents of the file into your next reply.
Step 5:
Security Check
Please download Security Check (http://screen317.spywareinfoforum.org/SecurityCheck.exe) by screen317 and Save it to your Desktop.
Alternate download site: Link 2 (http://screen317.changelog.fr/SecurityCheck.exe)
Double-click on the SecurityCheck.exe icon to run the program.
If you receive an Open File Security Warning click the Run button.
Press the Space Bar when you see the Press any key to continue... message.
Please Note: This scan will take a short while to complete, so please be patient.
When the scan has completed, a Notepad file will automatically open called checkup.txt.
Save the file checkup.txt to your Desktop.
Please Note: This output file is NOT automatically saved!
Then Copy and Paste the entire contents of the checkup.txt file into your next reply.
Step 6:
Re-Run DDS
Please re-run DDS. Then Copy and Paste the contents of both the DDS.txt and Attach.txt logs into your next reply.
Step 7:
Include in Next Post
Did you have any problems carrying out the instructions?
ckfiles.txt.
checkup.txt.
DDS.txt.
Attach.txt.
Do you have the original Windows installation media for your PC?
Scolabar
--------------------------------------------------------------------------
No Reply Within 3 Days Will Result In Your Topic Being Closed
musicalpulltoy
2012-03-11, 04:33
hello scolabar
thank you for your help
this may have been a business pc with previous owner but not any more.
NO, i do not have originl install disc, just a c: drive backup i made saved to e: drive.
below are the 4 text files you requested
CKScanner - Additional Security Risks - These are not necessarily bad
c:\documents and settings\dad\my documents\802ether\aircrack.exe
c:\documents and settings\dad\my documents\802ether\aircrack.html
c:\documents and settings\dad\my documents\downloads\windows_wifi_collection_-_aircrack_airsnort_airopeek.rar
c:\documents and settings\dad\my documents\keygen\file_id.diz
c:\documents and settings\dad\my documents\keygen\keygen.exe
c:\documents and settings\dad\my documents\keygen\ror.nfo
c:\documents and settings\dad\my documents\keygen\airopeeknx202\readme.txt
c:\documents and settings\dad\my documents\keygen\airopeeknx202\setup.exe
c:\documents and settings\dad\my documents\keygen\airopeeknx202\airopeeknx\data.tag
c:\documents and settings\dad\my documents\keygen\airopeeknx202\airopeeknx\data1.cab
c:\documents and settings\dad\my documents\keygen\airopeeknx202\airopeeknx\data1.hdr
c:\documents and settings\dad\my documents\keygen\airopeeknx202\airopeeknx\lang.dat
c:\documents and settings\dad\my documents\keygen\airopeeknx202\airopeeknx\layout.bin
c:\documents and settings\dad\my documents\keygen\airopeeknx202\airopeeknx\manual.pdf
c:\documents and settings\dad\my documents\keygen\airopeeknx202\airopeeknx\os.dat
c:\documents and settings\dad\my documents\keygen\airopeeknx202\airopeeknx\palettes.reg
c:\documents and settings\dad\my documents\keygen\airopeeknx202\airopeeknx\quicktour.pdf
c:\documents and settings\dad\my documents\keygen\airopeeknx202\airopeeknx\readme.txt
c:\documents and settings\dad\my documents\keygen\airopeeknx202\airopeeknx\rfgrabber probe manual.pdf
c:\documents and settings\dad\my documents\keygen\airopeeknx202\airopeeknx\sernumdll.dll
c:\documents and settings\dad\my documents\keygen\airopeeknx202\airopeeknx\setup.exe
c:\documents and settings\dad\my documents\keygen\airopeeknx202\airopeeknx\setup.ini
c:\documents and settings\dad\my documents\keygen\airopeeknx202\airopeeknx\setup.ins
c:\documents and settings\dad\my documents\keygen\airopeeknx202\airopeeknx\setup.lid
c:\documents and settings\dad\my documents\keygen\airopeeknx202\airopeeknx\_inst32i.ex_
c:\documents and settings\dad\my documents\keygen\airopeeknx202\airopeeknx\_isdel.exe
c:\documents and settings\dad\my documents\keygen\airopeeknx202\airopeeknx\_setup.dll
c:\documents and settings\dad\my documents\keygen\airopeeknx202\airopeeknx\_sys1.cab
c:\documents and settings\dad\my documents\keygen\airopeeknx202\airopeeknx\_sys1.hdr
c:\documents and settings\dad\my documents\keygen\airopeeknx202\airopeeknx\_user1.cab
c:\documents and settings\dad\my documents\keygen\airopeeknx202\airopeeknx\_user1.hdr
c:\documents and settings\dad\my documents\keygen\airopeeknx202\airopeeknx\peek sdk\decoders.html
c:\documents and settings\dad\my documents\keygen\airopeeknx202\airopeeknx\peek sdk\nametableformat.html
c:\documents and settings\dad\my documents\keygen\airopeeknx202\airopeeknx\peek sdk\peekpluginsdk.html
c:\documents and settings\dad\my documents\keygen\airopeeknx202\airopeeknx\peek sdk\protospecsxml.html
c:\documents and settings\dad\my documents\keygen\airopeeknx202\airopeeknx\peek sdk\psids.h
c:\documents and settings\dad\my documents\keygen\airopeeknx202\airopeeknx\peek sdk\pspecs.xsd
c:\documents and settings\dad\my documents\keygen\airopeeknx202\airopeeknx\peek sdk\readme.html
c:\documents and settings\dad\my documents\keygen\airopeeknx202\airopeeknx\peek sdk\source\agtypes.h
c:\documents and settings\dad\my documents\keygen\airopeeknx202\airopeeknx\peek sdk\source\memutil.h
c:\documents and settings\dad\my documents\keygen\airopeeknx202\airopeeknx\peek sdk\source\packetheaders.h
c:\documents and settings\dad\my documents\keygen\airopeeknx202\airopeeknx\peek sdk\source\peekplug.h
c:\documents and settings\dad\my documents\keygen\airopeeknx202\airopeeknx\peek sdk\source\plugbase.cpp
c:\documents and settings\dad\my documents\keygen\airopeeknx202\airopeeknx\peek sdk\source\plugbase.h
c:\documents and settings\dad\my documents\keygen\airopeeknx202\airopeeknx\peek sdk\source\plugindebug.cpp
c:\documents and settings\dad\my documents\keygen\airopeeknx202\airopeeknx\peek sdk\source\plugindebug.h
c:\documents and settings\dad\my documents\keygen\airopeeknx202\airopeeknx\peek sdk\source\tabber\resource.h
c:\documents and settings\dad\my documents\keygen\airopeeknx202\airopeeknx\peek sdk\source\tabber\stdafx.cpp
c:\documents and settings\dad\my documents\keygen\airopeeknx202\airopeeknx\peek sdk\source\tabber\stdafx.h
c:\documents and settings\dad\my documents\keygen\airopeeknx202\airopeeknx\peek sdk\source\tabber\tabber.cpp
c:\documents and settings\dad\my documents\keygen\airopeeknx202\airopeeknx\peek sdk\source\tabber\tabber.def
c:\documents and settings\dad\my documents\keygen\airopeeknx202\airopeeknx\peek sdk\source\tabber\tabber.h
c:\documents and settings\dad\my documents\keygen\airopeeknx202\airopeeknx\peek sdk\source\tabber\tabber.rc
c:\documents and settings\dad\my documents\keygen\airopeeknx202\airopeeknx\peek sdk\source\tabber\tabber.sln
c:\documents and settings\dad\my documents\keygen\airopeeknx202\airopeeknx\peek sdk\source\tabber\tabber.vcproj
c:\documents and settings\dad\my documents\keygen\airopeeknx202\inettools\data.tag
c:\documents and settings\dad\my documents\keygen\airopeeknx202\inettools\data1.cab
c:\documents and settings\dad\my documents\keygen\airopeeknx202\inettools\data1.hdr
c:\documents and settings\dad\my documents\keygen\airopeeknx202\inettools\lang.dat
c:\documents and settings\dad\my documents\keygen\airopeeknx202\inettools\layout.bin
c:\documents and settings\dad\my documents\keygen\airopeeknx202\inettools\os.dat
c:\documents and settings\dad\my documents\keygen\airopeeknx202\inettools\setup.exe
c:\documents and settings\dad\my documents\keygen\airopeeknx202\inettools\setup.ini
c:\documents and settings\dad\my documents\keygen\airopeeknx202\inettools\setup.ins
c:\documents and settings\dad\my documents\keygen\airopeeknx202\inettools\setup.lid
c:\documents and settings\dad\my documents\keygen\airopeeknx202\inettools\_inst32i.ex_
c:\documents and settings\dad\my documents\keygen\airopeeknx202\inettools\_isdel.exe
c:\documents and settings\dad\my documents\keygen\airopeeknx202\inettools\_setup.dll
c:\documents and settings\dad\my documents\keygen\airopeeknx202\inettools\_sys1.cab
c:\documents and settings\dad\my documents\keygen\airopeeknx202\inettools\_sys1.hdr
c:\documents and settings\dad\my documents\keygen\airopeeknx202\inettools\_user1.cab
c:\documents and settings\dad\my documents\keygen\airopeeknx202\inettools\_user1.hdr
c:\program files\gimp-2.0\share\gimp\2.0\patterns\cracked.pat
c:\_otl\movedfiles\10012011_143750\c_documents and settings\dad\local settings\application data\im\sound\tchaikovsky_the_nutcracker.imw
scanner sequence 3.ZZ.11.AJNAHG
----- EOF -----
Results of screen317's Security Check version 0.99.31
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
AVG 2012
ESET Online Scanner v3
ZoneAlarm Firewall
ZoneAlarm Free
ZoneAlarm Toolbar
ZoneAlarm Security Toolbar
ZoneAlarm Security
```````````````````````````````
Anti-malware/Other Utilities Check:
MVPS Hosts File
Spybot - Search & Destroy
SUPERAntiSpyware
IE SpyAd
Java(TM) 7
Adobe Flash Player 10.3.183.7 Flash Player out of Date!
Mozilla Firefox (3.6.12) Firefox out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
WinPatrol winpatrol.exe
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
BillP Studios WinPatrol winpatrol.exe
CheckPoint ZoneAlarm vsmon.exe
CheckPoint ZoneAlarm zatray.exe
``````````End of Log````````````
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.0.0
Run by DAD at 19:18:24 on 2012-03-10
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1271.571 [GMT -7:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Free Firewall *Enabled*
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
uURLSearchHooks: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - c:\program files\zonealarm_security\prxtbZon2.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - c:\program files\zonealarm_security\prxtbZon2.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
TB: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - c:\program files\zonealarm_security\prxtbZon2.dll
TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [Task Catcher] c:\program files\billp studios\task catcher\tasktrap.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [ISW] c:\program files\checkpoint\zaforcefield\ForceField.exe /icon="hidden"
mRun: [ZoneAlarm] c:\program files\checkpoint\zonealarm\zatray.exe
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\dad\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg111v3\WG111v3.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\system~1\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1246219383859
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
TCP: Interfaces\{D3C8F517-0E02-41EF-88B6-50CFBAF7D6D0} : NameServer = 68.105.28.11,68.105.28.12,68.105.29.12
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\dad\application data\mozilla\firefox\profiles\fn2dlw99.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\dad\application data\mozilla\firefox\profiles\fn2dlw99.default\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}\components\RadioWMPCoreGecko19.dll
FF - component: c:\documents and settings\dad\application data\mozilla\firefox\profiles\fn2dlw99.default\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}\components\RadioWMPCoreGecko5.dll
FF - component: c:\documents and settings\dad\application data\mozilla\firefox\profiles\fn2dlw99.default\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}\components\RadioWMPCoreGecko6.dll
FF - component: c:\documents and settings\dad\application data\mozilla\firefox\profiles\fn2dlw99.default\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}\components\RadioWMPCoreGecko7.dll
FF - component: c:\documents and settings\dad\application data\mozilla\firefox\profiles\fn2dlw99.default\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}\components\RadioWMPCoreGecko8.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff10.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff4.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff5.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff6.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff7.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff8.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff9.dll
FF - plugin: c:\documents and settings\dad\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\dad\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\dad\local settings\application data\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\checkpoint\zaforcefield\trustchecker\bin\npFFApi.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npjp2.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: User Agent Switcher: {e968fc70-8f95-4ab9-9e79-304de2a71ee1} - %profile%\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
FF - Ext: Split Browser: {29c4afe1-db19-4298-8785-fcc94d1d6c1d} - %profile%\extensions\{29c4afe1-db19-4298-8785-fcc94d1d6c1d}
FF - Ext: Easy YouTube Video Downloader: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} - %profile%\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
FF - Ext: Ghostery: firefox@ghostery.com - %profile%\extensions\firefox@ghostery.com
FF - Ext: WorldIP: {f36c6cd1-da73-491d-b290-8fc9115bfa55} - %profile%\extensions\{f36c6cd1-da73-491d-b290-8fc9115bfa55}
FF - Ext: JavaScript Deobfuscator: jsdeobfuscator@adblockplus.org - %profile%\extensions\jsdeobfuscator@adblockplus.org
FF - Ext: DOM Inspector: inspector@mozilla.org - %profile%\extensions\inspector@mozilla.org
FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com
FF - Ext: ZoneAlarm Security Community Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - %profile%\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\avg\avg2012\Firefox4
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 295248]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R1 Vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2011-11-9 525840]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2011-11-3 27016]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2011-11-3 497280]
R2 vsmon;TrueVector Internet Monitor;c:\program files\checkpoint\zonealarm\vsmon.exe -service --> c:\program files\checkpoint\zonealarm\vsmon.exe -service [?]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-3 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-3 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-3 16720]
R3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [2007-4-23 224896]
R3 s3legacy;s3legacy;c:\windows\system32\drivers\s3legacy.sys [2011-9-23 65664]
S2 DCService.exe;DCService.exe;c:\documents and settings\all users\application data\datacardservice\dcservice.exe --> c:\documents and settings\all users\application data\datacardservice\DCService.exe [?]
S3 epstw2k;SCM Parallel Port SCSI Driver;c:\windows\system32\drivers\epstw2k.sys [2011-7-31 114944]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys --> c:\windows\system32\drivers\ewusbnet.sys [?]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys --> c:\windows\system32\drivers\ew_jubusenum.sys [?]
S3 N3AB;N3AB Wireless Network Adapter Service;c:\windows\system32\drivers\N3AB.sys [2005-12-23 457312]
S3 PTDUBus;PANTECH UM175 Composite Device Driver ;c:\windows\system32\drivers\PTDUBus.sys [2009-3-14 29824]
S3 PTDUMdm;PANTECH UM175 Drivers;c:\windows\system32\drivers\PTDUMdm.sys [2009-3-14 41344]
S3 PTDUVsp;PANTECH UM175 Diagnostic Port;c:\windows\system32\drivers\PTDUVsp.sys [2009-3-14 39936]
S3 PTDUWWAN;PANTECH UM175 WWAN Driver;c:\windows\system32\drivers\PTDUWWAN.sys [2009-3-14 59776]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [2011-5-3 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [2011-5-3 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [2011-5-3 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [2011-5-3 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [2011-5-3 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [2011-5-3 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [2011-5-3 109864]
S3 s3m;s3m;c:\windows\system32\drivers\s3m.sys [2011-4-12 166720]
S3 scsiscan;SCSI Scanner Driver;c:\windows\system32\drivers\scsiscan.sys [2011-7-31 11520]
S3 SiSV;SiSV;c:\windows\system32\drivers\SiSV.sys [2011-4-12 50432]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\sony ericsson\sony ericsson pc companion\PCCService.exe [2011-5-3 150528]
S4 DirMon2;DirMon2;C:/Program Files/Dragon Global/DirMon2/DirMon2.exe -be_the_service --> C:/Program Files/Dragon Global/DirMon2/DirMon2.exe -be_the_service [?]
S4 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2004-8-10 14336]
S4 TridWnW;PCI Audio Driver;c:\windows\system32\drivers\TridWnW.sys [2011-4-30 150872]
.
=============== Created Last 30 ================
.
2012-02-14 19:42:50 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-14 19:42:50 3072 ------w- c:\windows\system32\dllcache\iacenc.dll
2012-02-10 22:15:34 -------- d-----w- C:\OEMSettings
.
==================== Find3M ====================
.
2012-01-12 16:53:24 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-17 19:46:36 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46:36 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-17 19:46:36 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:22:58 385024 ----a-w- c:\windows\system32\html.iec
.
============= FINISH: 19:21:08.87 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 12/23/2005 3:47:02 PM
System Uptime: 3/9/2012 9:36:13 PM (22 hours ago)
.
Motherboard: Dell Computer Corp. | | 0CF458
Processor: Intel(R) Celeron(R) CPU 2.53GHz | Microprocessor | 2527/533mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 34 GiB total, 11.286 GiB free.
E: is FIXED (NTFS) - 233 GiB total, 160.223 GiB free.
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1149: 2/7/2012 8:30:17 AM - System Checkpoint
RP1150: 2/8/2012 8:51:41 AM - System Checkpoint
RP1151: 2/10/2012 7:40:58 AM - System Checkpoint
RP1152: 2/10/2012 3:12:15 PM - Configured NETGEAR WG111v3 wireless USB 2.0 adapter
RP1153: 2/10/2012 3:14:53 PM - Installed NETGEAR WG111v3 wireless USB 2.0 adapter
RP1154: 2/11/2012 3:49:07 PM - System Checkpoint
RP1155: 2/12/2012 4:34:57 PM - System Checkpoint
RP1156: 2/13/2012 7:55:23 PM - System Checkpoint
RP1157: 2/14/2012 5:48:14 PM - Software Distribution Service 3.0
RP1158: 2/15/2012 6:06:04 PM - System Checkpoint
RP1159: 2/16/2012 6:34:43 PM - System Checkpoint
RP1160: 2/17/2012 7:32:00 PM - System Checkpoint
RP1161: 2/18/2012 8:04:38 PM - System Checkpoint
RP1162: 2/19/2012 8:32:01 PM - System Checkpoint
RP1163: 2/20/2012 9:32:05 PM - System Checkpoint
RP1164: 2/21/2012 10:32:00 PM - System Checkpoint
RP1165: 2/22/2012 11:32:00 PM - System Checkpoint
RP1166: 2/23/2012 11:33:09 PM - System Checkpoint
RP1167: 2/25/2012 1:19:01 PM - System Checkpoint
RP1168: 2/26/2012 1:37:52 PM - System Checkpoint
RP1169: 2/27/2012 2:50:45 PM - System Checkpoint
RP1170: 2/28/2012 3:03:49 PM - System Checkpoint
RP1171: 2/29/2012 3:36:47 PM - System Checkpoint
RP1172: 3/1/2012 4:36:44 PM - System Checkpoint
RP1173: 3/2/2012 5:37:49 PM - System Checkpoint
RP1174: 3/7/2012 10:32:21 AM - System Checkpoint
RP1175: 3/8/2012 10:45:57 AM - System Checkpoint
RP1176: 3/9/2012 3:35:17 PM - System Checkpoint
.
==== Installed Programs ======================
.
µTorrent
7-Zip 4.42
Adobe Flash Player 10 Plugin
AOLIcon
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Avanquest update
AVG 2012
Calculator Powertoy for Windows XP
Critical Update for Windows Media Player 11 (KB959772)
Dell Digital Jukebox Driver
Dell Driver Download Manager
Dell Driver Reset Tool
Dell Game Console
Dell Media Experience
Dell Support 3.1
Dell Support Center (Support Software)
Dell System Restore
ERUNT 1.1j
ESET Online Scanner v3
EVEREST Home Edition v2.20
GIMP 2.6.11
Google Chrome
Google Talk (remove only)
Google Talk Plugin
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB981793)
Intel(R) Extreme Graphics 2 Driver
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet for Wired Connections
Internet Explorer Default Page
iTunes
Java Auto Updater
Java(TM) 7
LAME v3.98.3 for Audacity
LightScribe System Software 1.14.17.1
Malwarebytes Anti-Malware version 1.60.1.1000
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Halo
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Standard
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Modem Helper
Mozilla Firefox (3.6.12)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6 Service Pack 2 (KB973686)
Nero 7 Essentials
neroxml
NetAlyzer
NETGEAR WG111v3 wireless USB 2.0 adapter
PANTECH UM175 Driver
Photo Click
QuickBooks Pro 2006
QuickTime
RealPlayer Basic
Rosetta Stone 2.1.4.1A
Safari
Scrapbooks Plus Workshop
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
Sony Ericsson PC Companion 2.01.149
Spybot - Search & Destroy
SUPERAntiSpyware
System Explorer 3.0.4
Task Catcher
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB972636)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC 9.0 Runtime
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WD Diagnostics
WebFldrs XP
Windows Backup Utility
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows Search 4.0
Windows XP Service Pack 3
WinPatrol
Yahoo! Messenger
ZoneAlarm Firewall
ZoneAlarm Free
ZoneAlarm Security
ZoneAlarm Security Toolbar
ZoneAlarm Toolbar
.
==== Event Viewer Messages From Past Week ========
.
3/9/2012 9:39:08 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.
3/9/2012 9:39:08 PM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/8/2012 4:53:24 AM, error: Service Control Manager [7034] - The Windows Image Acquisition (WIA) service terminated unexpectedly. It has done this 1 time(s).
3/7/2012 8:41:50 AM, error: Service Control Manager [7034] - The HTTP SSL service terminated unexpectedly. It has done this 3 time(s).
3/7/2012 8:21:42 AM, error: Service Control Manager [7034] - The HTTP SSL service terminated unexpectedly. It has done this 2 time(s).
3/7/2012 8:19:02 AM, error: Service Control Manager [7034] - The HTTP SSL service terminated unexpectedly. It has done this 1 time(s).
3/7/2012 7:42:15 AM, error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
3/7/2012 7:42:15 AM, error: Service Control Manager [7000] - The DCService.exe service failed to start due to the following error: The system cannot find the file specified.
3/7/2012 7:36:12 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
3/7/2012 7:36:12 AM, error: Service Control Manager [7031] - The ZoneAlarm Toolbar IswSvc service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
3/7/2012 4:24:56 PM, error: Service Control Manager [7034] - The HTTP SSL service terminated unexpectedly. It has done this 4 time(s).
3/7/2012 11:13:16 PM, error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.1.117 with the system having network hardware address 00:1C:BE:B1:AF:36. Network operations on this system may be disrupted as a result.
3/6/2012 8:21:58 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Dnscache service.
3/6/2012 11:15:24 PM, error: Service Control Manager [7034] - The Windows Image Acquisition (WIA) service terminated unexpectedly. It has done this 2 time(s).
.
==== End Of File ===========================
Scolabar
2012-03-12, 13:38
Hi musicalpulltoy,
Thank you for the logs and feedback.
I notice that the µTorrent P2P File Sharing software is still installed on the computer. If you wish to continue receiving assistance, please remove the program as requested in my previous post.
In addition to the instructions below please confirm how many people use the computer.
Again, please remember to read the instructions below carefully before executing and perform the steps, in the order given.
If you have any questions about or problems executing these instructions, <STOP> do not proceed, post back with the question or problem before going any further.
Before proceeding please make sure any open programs are closed.
Step 1:
MGA Diagnostics
Please download this tool (http://go.microsoft.com/fwlink/?linkid=52012) from Microsoft and Save it to your Desktop.
Double-click on MGADiag.exe to launch the program.
Click on the Continue button to proceed.
The program will now run. It will take a short while to complete its diagnosis, please be patient.
When it has finished click on the Copy button.
Click on Start > Run.
In the text entry box type:
Notepad
Then click on the OK button.
This will open an empty Notepad file.
Paste the copied contents into the new Notepad window and Save the file as mgadiag.txt to your Desktop.
Click on the OK button to exit the MGA Diagnostics program.
Then Copy and Paste the entire contents of mgadiag.txt into your next reply.
Step 2:
Re-Run DDS
Please re-run DDS. Then Copy and Paste the contents of the Attach.txt log into your next reply.
Step3:
Include in Next Post
Did you have any problems carrying out the instructions?
Confirm the removal of the µTorrent P2P File Sharing software.
How many people use the computer?
mgadiag.txt
Attach.txt.
Scolabar
--------------------------------------------------------------------------
No Reply Within 3 Days Will Result In Your Topic Being Closed
musicalpulltoy
2012-03-12, 16:01
HIYA
just me and my daughter use thi pc on the 1 profile.
utorentz is gone.
everything has gone smooth so far.
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Genuine
Validation Code: 0
Cached Validation Code: N/A
Windows Product Key: *****-*****-GD6GR-K6DP3-4C8MT
Windows Product Key Hash: s2kt66ZJWfV4nS1wFD5F9bxTSDw=
Windows Product ID: 76477-OEM-2111907-00102
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 5.1.2600.2.00010300.3.0.hom
ID: {05D19138-9C93-473E-B1C2-CF7405AB822F}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: Registered, 1.7.69.2
Signed By: Microsoft
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-230-1
Resolution Status: N/A
Vista WgaER Data-->
ThreatID(s): N/A
Version: N/A
Windows XP Notifications Data-->
Cached Result: 0
File Exists: Yes
Version: 1.7.17.0
WgaTray.exe Signed By: Microsoft
WgaLogon.dll Signed By: Microsoft
OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002
OGA Data-->
Office Status: 100 Genuine
Microsoft Office XP Standard - 100 Genuine
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-230-1_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005
Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed
File Scan Data-->
Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{05D19138-9C93-473E-B1C2-CF7405AB822F}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010300.3.0.hom</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-4C8MT</PKey><PID>76477-OEM-2111907-00102</PID><PIDType>2</PIDType><SID>S-1-5-21-1668751319-4250827956-263943839</SID><SYSTEM><Manufacturer>Dell Computer Corporation</Manufacturer><Model>Dell DE051 </Model></SYSTEM><BIOS><Manufacturer>Dell Computer Corporation</Manufacturer><Version>A01</Version><SMBIOSVersion major="2" minor="3"/><Date>20060103000000.000000+000</Date><SLPBIOS>Dell System,Dell Computer,Dell System,Dell System</SLPBIOS></BIOS><HWID>BC083B6F0184607C</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>US Mountain Standard Time(GMT-07:00)</TimeZone><iJoin>0</iJoin><SBID><stat>2</stat><msppid></msppid><name>Dell Dimension DE051</name><model></model></SBID><OEM/><GANotification><File Name="WgaTray.exe" Version="1.7.17.0"/><File Name="WgaLogon.dll" Version="1.7.17.0"/></GANotification></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{91120409-6000-11D3-8CFE-0050048383C9}"><LegitResult>100</LegitResult><Name>Microsoft Office XP Standard</Name><Ver>10</Ver><Val>D654C153799E2A</Val><Hash>PTShsZJqiZBUt44bnPrpOz/7tas=</Hash><Pid>54187-700-2396375-17948</Pid><PidType>1</PidType></Product></Products><Applications><App Id="16" Version="10" Result="100"/><App Id="18" Version="10" Result="100"/><App Id="1A" Version="10" Result="100"/><App Id="1B" Version="10" Result="100"/></Applications></Office></Software></GenuineResults>
Licensing Data-->
N/A
Windows Activation Technologies-->
N/A
HWID Data-->
N/A
OEM Activation 1.0 Data-->
BIOS string matches: yes
Marker string from BIOS: 1B2B6:Dell Inc|1B2B6:Microsoft Corporation
Marker string from OEMBIOS.DAT: Dell System,Dell Computer,Dell System,Dell System
OEM Activation 2.0 Data-->
N/A
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 12/23/2005 3:47:02 PM
System Uptime: 3/9/2012 9:36:13 PM (57 hours ago)
.
Motherboard: Dell Computer Corp. | | 0CF458
Processor: Intel(R) Celeron(R) CPU 2.53GHz | Microprocessor | 2527/533mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 34 GiB total, 11.192 GiB free.
E: is FIXED (NTFS) - 233 GiB total, 160.223 GiB free.
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1149: 2/7/2012 8:30:17 AM - System Checkpoint
RP1150: 2/8/2012 8:51:41 AM - System Checkpoint
RP1151: 2/10/2012 7:40:58 AM - System Checkpoint
RP1152: 2/10/2012 3:12:15 PM - Configured NETGEAR WG111v3 wireless USB 2.0 adapter
RP1153: 2/10/2012 3:14:53 PM - Installed NETGEAR WG111v3 wireless USB 2.0 adapter
RP1154: 2/11/2012 3:49:07 PM - System Checkpoint
RP1155: 2/12/2012 4:34:57 PM - System Checkpoint
RP1156: 2/13/2012 7:55:23 PM - System Checkpoint
RP1157: 2/14/2012 5:48:14 PM - Software Distribution Service 3.0
RP1158: 2/15/2012 6:06:04 PM - System Checkpoint
RP1159: 2/16/2012 6:34:43 PM - System Checkpoint
RP1160: 2/17/2012 7:32:00 PM - System Checkpoint
RP1161: 2/18/2012 8:04:38 PM - System Checkpoint
RP1162: 2/19/2012 8:32:01 PM - System Checkpoint
RP1163: 2/20/2012 9:32:05 PM - System Checkpoint
RP1164: 2/21/2012 10:32:00 PM - System Checkpoint
RP1165: 2/22/2012 11:32:00 PM - System Checkpoint
RP1166: 2/23/2012 11:33:09 PM - System Checkpoint
RP1167: 2/25/2012 1:19:01 PM - System Checkpoint
RP1168: 2/26/2012 1:37:52 PM - System Checkpoint
RP1169: 2/27/2012 2:50:45 PM - System Checkpoint
RP1170: 2/28/2012 3:03:49 PM - System Checkpoint
RP1171: 2/29/2012 3:36:47 PM - System Checkpoint
RP1172: 3/1/2012 4:36:44 PM - System Checkpoint
RP1173: 3/2/2012 5:37:49 PM - System Checkpoint
RP1174: 3/7/2012 10:32:21 AM - System Checkpoint
RP1175: 3/8/2012 10:45:57 AM - System Checkpoint
RP1176: 3/9/2012 3:35:17 PM - System Checkpoint
RP1177: 3/10/2012 8:10:06 PM - System Checkpoint
RP1178: 3/11/2012 8:41:36 PM - System Checkpoint
.
==== Installed Programs ======================
.
7-Zip 4.42
Adobe Flash Player 10 Plugin
AOLIcon
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Avanquest update
AVG 2012
Calculator Powertoy for Windows XP
Critical Update for Windows Media Player 11 (KB959772)
Dell Digital Jukebox Driver
Dell Driver Download Manager
Dell Driver Reset Tool
Dell Game Console
Dell Media Experience
Dell Support 3.1
Dell Support Center (Support Software)
Dell System Restore
ERUNT 1.1j
ESET Online Scanner v3
EVEREST Home Edition v2.20
GIMP 2.6.11
Google Chrome
Google Talk (remove only)
Google Talk Plugin
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB981793)
Intel(R) Extreme Graphics 2 Driver
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet for Wired Connections
Internet Explorer Default Page
iTunes
Java Auto Updater
Java(TM) 7
LAME v3.98.3 for Audacity
LightScribe System Software 1.14.17.1
Malwarebytes Anti-Malware version 1.60.1.1000
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Halo
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Standard
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Modem Helper
Mozilla Firefox (3.6.12)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6 Service Pack 2 (KB973686)
Nero 7 Essentials
neroxml
NetAlyzer
NETGEAR WG111v3 wireless USB 2.0 adapter
PANTECH UM175 Driver
Photo Click
QuickBooks Pro 2006
QuickTime
RealPlayer Basic
Rosetta Stone 2.1.4.1A
Safari
Scrapbooks Plus Workshop
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
Sony Ericsson PC Companion 2.01.149
Spybot - Search & Destroy
SUPERAntiSpyware
System Explorer 3.0.4
Task Catcher
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB972636)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC 9.0 Runtime
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WD Diagnostics
WebFldrs XP
Windows Backup Utility
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows Search 4.0
Windows XP Service Pack 3
WinPatrol
Yahoo! Messenger
ZoneAlarm Firewall
ZoneAlarm Free
ZoneAlarm Security
ZoneAlarm Security Toolbar
ZoneAlarm Toolbar
.
==== Event Viewer Messages From Past Week ========
.
3/9/2012 9:39:08 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.
3/9/2012 9:39:08 PM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/8/2012 4:53:24 AM, error: Service Control Manager [7034] - The Windows Image Acquisition (WIA) service terminated unexpectedly. It has done this 1 time(s).
3/7/2012 8:41:50 AM, error: Service Control Manager [7034] - The HTTP SSL service terminated unexpectedly. It has done this 3 time(s).
3/7/2012 8:21:42 AM, error: Service Control Manager [7034] - The HTTP SSL service terminated unexpectedly. It has done this 2 time(s).
3/7/2012 8:19:02 AM, error: Service Control Manager [7034] - The HTTP SSL service terminated unexpectedly. It has done this 1 time(s).
3/7/2012 7:42:15 AM, error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
3/7/2012 7:42:15 AM, error: Service Control Manager [7000] - The DCService.exe service failed to start due to the following error: The system cannot find the file specified.
3/7/2012 7:36:12 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
3/7/2012 7:36:12 AM, error: Service Control Manager [7031] - The ZoneAlarm Toolbar IswSvc service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
3/7/2012 4:24:56 PM, error: Service Control Manager [7034] - The HTTP SSL service terminated unexpectedly. It has done this 4 time(s).
3/7/2012 11:13:16 PM, error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.1.117 with the system having network hardware address 00:1C:BE:B1:AF:36. Network operations on this system may be disrupted as a result.
3/6/2012 8:21:58 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Dnscache service.
3/6/2012 11:15:24 PM, error: Service Control Manager [7034] - The Windows Image Acquisition (WIA) service terminated unexpectedly. It has done this 2 time(s).
.
==== End Of File ===========================
Scolabar
2012-03-13, 12:57
Hi musicalpulltoy,
Thank you for the logs.
Before proceeding we need to deal with the following issue:
Step 1:
Cracks, Keygens and Warez
The recent logs you have posted show that cracked software has been downloaded and installed on this computer.
In using a crack, the 'cracker' has broken the 'End User Licence Agreement' (EULA) of the product.
The distribution and use of cracked copies is illegal in almost every developed country.
This forum's policy on the matter of illegal Pirated/Warez/Cracked software is clearly stated HERE (http://forums.spybot.info/showthread.php?t=288&p=25290) under the "BEFORE You POST"(Please read this Procedure Before Requesting Assistance).
I strongly advise you stay away from using Cracks, Keygens and/or Warez in future.
They are one of the biggest causes of malware infection around. It is little wonder you systems have become infected what with the P2P software and the cracks!
In line with this forum's policy ALL such software present on the system will need to be removed in order to proceed with continued assistance. If you in agreement with this please continue with Step 2 below.
Step 2:
Remove/Uninstall Cracked Programs
Please remove/uninstall ALL illegal/cracked programs present on the system.
Step 3:
CKScanner
Please re-run the CKScanner tool just ONCE again.
Then Copy and Paste the entire contents of the ckfiles.txt file into your next reply.
Step 4:
Re-Run DDS
Please re-run DDS. Then Copy and Paste the contents of the Attach.txt log into your next reply.
Step 5:
Include in Next Post
Did you have any problems carrying out the instructions?
ckfiles.txt
Attach.txt.
Scolabar
--------------------------------------------------------------------------
No Reply Within 3 Days Will Result In Your Topic Being Closed
musicalpulltoy
2012-03-13, 22:02
hi!
guess their all gone although it not right to tell people what they can and cannot have.
they probably came with the pc, remember its used.
CKScanner - Additional Security Risks - These are not necessarily bad
c:\program files\gimp-2.0\share\gimp\2.0\patterns\cracked.pat
c:\_otl\movedfiles\10012011_143750\c_documents and settings\dad\local settings\application data\im\sound\tchaikovsky_the_nutcracker.imw
scanner sequence 3.AA.11.UGEMEF
----- EOF -----
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 12/23/2005 3:47:02 PM
System Uptime: 3/9/2012 9:36:13 PM (87 hours ago)
.
Motherboard: Dell Computer Corp. | | 0CF458
Processor: Intel(R) Celeron(R) CPU 2.53GHz | Microprocessor | 2527/533mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 34 GiB total, 11.161 GiB free.
E: is FIXED (NTFS) - 233 GiB total, 160.223 GiB free.
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1149: 2/7/2012 8:30:17 AM - System Checkpoint
RP1150: 2/8/2012 8:51:41 AM - System Checkpoint
RP1151: 2/10/2012 7:40:58 AM - System Checkpoint
RP1152: 2/10/2012 3:12:15 PM - Configured NETGEAR WG111v3 wireless USB 2.0 adapter
RP1153: 2/10/2012 3:14:53 PM - Installed NETGEAR WG111v3 wireless USB 2.0 adapter
RP1154: 2/11/2012 3:49:07 PM - System Checkpoint
RP1155: 2/12/2012 4:34:57 PM - System Checkpoint
RP1156: 2/13/2012 7:55:23 PM - System Checkpoint
RP1157: 2/14/2012 5:48:14 PM - Software Distribution Service 3.0
RP1158: 2/15/2012 6:06:04 PM - System Checkpoint
RP1159: 2/16/2012 6:34:43 PM - System Checkpoint
RP1160: 2/17/2012 7:32:00 PM - System Checkpoint
RP1161: 2/18/2012 8:04:38 PM - System Checkpoint
RP1162: 2/19/2012 8:32:01 PM - System Checkpoint
RP1163: 2/20/2012 9:32:05 PM - System Checkpoint
RP1164: 2/21/2012 10:32:00 PM - System Checkpoint
RP1165: 2/22/2012 11:32:00 PM - System Checkpoint
RP1166: 2/23/2012 11:33:09 PM - System Checkpoint
RP1167: 2/25/2012 1:19:01 PM - System Checkpoint
RP1168: 2/26/2012 1:37:52 PM - System Checkpoint
RP1169: 2/27/2012 2:50:45 PM - System Checkpoint
RP1170: 2/28/2012 3:03:49 PM - System Checkpoint
RP1171: 2/29/2012 3:36:47 PM - System Checkpoint
RP1172: 3/1/2012 4:36:44 PM - System Checkpoint
RP1173: 3/2/2012 5:37:49 PM - System Checkpoint
RP1174: 3/7/2012 10:32:21 AM - System Checkpoint
RP1175: 3/8/2012 10:45:57 AM - System Checkpoint
RP1176: 3/9/2012 3:35:17 PM - System Checkpoint
RP1177: 3/10/2012 8:10:06 PM - System Checkpoint
RP1178: 3/11/2012 8:41:36 PM - System Checkpoint
.
==== Installed Programs ======================
.
7-Zip 4.42
Adobe Flash Player 10 Plugin
AOLIcon
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Avanquest update
AVG 2012
Calculator Powertoy for Windows XP
Critical Update for Windows Media Player 11 (KB959772)
Dell Digital Jukebox Driver
Dell Driver Download Manager
Dell Driver Reset Tool
Dell Game Console
Dell Media Experience
Dell Support 3.1
Dell Support Center (Support Software)
Dell System Restore
ERUNT 1.1j
ESET Online Scanner v3
EVEREST Home Edition v2.20
GIMP 2.6.11
Google Chrome
Google Talk (remove only)
Google Talk Plugin
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB981793)
Intel(R) Extreme Graphics 2 Driver
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet for Wired Connections
Internet Explorer Default Page
iTunes
Java Auto Updater
Java(TM) 7
LAME v3.98.3 for Audacity
LightScribe System Software 1.14.17.1
Malwarebytes Anti-Malware version 1.60.1.1000
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Halo
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Standard
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Modem Helper
Mozilla Firefox (3.6.12)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6 Service Pack 2 (KB973686)
Nero 7 Essentials
neroxml
NetAlyzer
NETGEAR WG111v3 wireless USB 2.0 adapter
PANTECH UM175 Driver
Photo Click
QuickBooks Pro 2006
QuickTime
RealPlayer Basic
Rosetta Stone 2.1.4.1A
Safari
Scrapbooks Plus Workshop
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
Sony Ericsson PC Companion 2.01.149
Spybot - Search & Destroy
SUPERAntiSpyware
System Explorer 3.0.4
Task Catcher
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB972636)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC 9.0 Runtime
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WD Diagnostics
WebFldrs XP
Windows Backup Utility
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows Search 4.0
Windows XP Service Pack 3
WinPatrol
Yahoo! Messenger
ZoneAlarm Firewall
ZoneAlarm Free
ZoneAlarm Security
ZoneAlarm Security Toolbar
ZoneAlarm Toolbar
.
==== Event Viewer Messages From Past Week ========
.
3/9/2012 9:39:08 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.
3/9/2012 9:39:08 PM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/8/2012 4:53:24 AM, error: Service Control Manager [7034] - The Windows Image Acquisition (WIA) service terminated unexpectedly. It has done this 1 time(s).
3/7/2012 8:41:50 AM, error: Service Control Manager [7034] - The HTTP SSL service terminated unexpectedly. It has done this 3 time(s).
3/7/2012 8:21:42 AM, error: Service Control Manager [7034] - The HTTP SSL service terminated unexpectedly. It has done this 2 time(s).
3/7/2012 8:19:02 AM, error: Service Control Manager [7034] - The HTTP SSL service terminated unexpectedly. It has done this 1 time(s).
3/7/2012 7:42:15 AM, error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
3/7/2012 7:42:15 AM, error: Service Control Manager [7000] - The DCService.exe service failed to start due to the following error: The system cannot find the file specified.
3/7/2012 7:36:12 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
3/7/2012 7:36:12 AM, error: Service Control Manager [7031] - The ZoneAlarm Toolbar IswSvc service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
3/7/2012 4:24:56 PM, error: Service Control Manager [7034] - The HTTP SSL service terminated unexpectedly. It has done this 4 time(s).
3/7/2012 11:13:16 PM, error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.1.117 with the system having network hardware address 00:1C:BE:B1:AF:36. Network operations on this system may be disrupted as a result.
3/6/2012 8:21:58 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Dnscache service.
3/6/2012 11:15:24 PM, error: Service Control Manager [7034] - The Windows Image Acquisition (WIA) service terminated unexpectedly. It has done this 2 time(s).
.
==== End Of File ===========================
Scolabar
2012-03-14, 18:10
Hi musicalpulltoy,
guess their all gone although it not right to tell people what they can and cannot have.
they probably came with the pc, remember its used.I agree that it the user's choice to be able to choose what software to run.
However, it is not reasonable to expect helpers here at S-N, or at any other respectable help forum for that matter, to assist users with illegal software on their systems.
That would be tantamount to condoning the use of such software.
It is important to remember that it is the helpers who give their own time freely to assist users such as yourself with their malware problems, and it is the helper's prerogative to continue to assist the user or withdraw their support. ;)
CKScanner Query
Please confirm whether or not the CKScanner tool was run once only, as per my instructions.
Scolabar
--------------------------------------------------------------------------
No Reply Within 3 Days Will Result In Your Topic Being Closed
musicalpulltoy
2012-03-14, 20:50
hellooo
i ran it a second time after reading it and deleting another part of the cracks.
also i have had no problems running any of then programs you asked about earlier.
are we good now?
Scolabar
2012-03-15, 10:33
Hi musicalpulltoy,
I'll accept your answer this time, but in future I would appreciate it if you would answer any questions put to you openly and accurately. ;)
Let's continue with the cleanup.
Again, please remember to read the instructions below carefully before executing and perform the steps, in the order given.
If you have any questions about or problems executing these instructions, <STOP> do not proceed, post back with the question or problem before going any further.
Before proceeding please make sure any open programs are closed.
Step 1:
OTL - Scan
Please download OTL (http://oldtimer.geekstogo.com/OTL.exe) by Old Timer. Save it to your Desktop.
Double-click on OTL.exe to launch the program. If you receive a UAC prompt, please allow it.
Under Output, ensure that the Standard Output option is selected.
Under the Extra Registry section, select the Use SafeList option.
Click the Scan All Users checkbox.
Tick the LOP Check and Purity Check checkboxes.
Note: Please leave the remaining selections on the default settings.
Click on the Run Scan button in the top left-hand corner of the program window.
When done, two Notepad files will automatically open:
OTL.txt <-- Will be opened, maximized.
Extras.txt <-- Will be minimized on task bar.
Please Copy and Paste the entire contents of both OTL.txt and Extras.txt files into your next reply.
Step 2:
Rootkit UnHooker (RkU)
Please download Rootkit UnHooker (http://www.kernelmode.info/ARKs/RKUnhookerLE.EXE). Save it to your Desktop.
Please Note: The resulting log file can be very long. You may need to post it separately.
Double-click on the RKUnhookerLE.exe icon to run the program.
Click the Report tab, then click Scan.
Check the Drivers, Stealth Code, Files and Code Hooks options.
Uncheck the rest of the options. Then click on the OK button. (See the image below for reference.)
http://i526.photobucket.com/albums/cc345/MPKwings/RKUcheck-1.gif
The scanning will toggle through the Checked items "tabs". This can take a while, so please be patient.
When the scanner is finished, select File > Save Report.
Save the file Report.txt to your Desktop.
Click on the Close button and then click the Yes button to confirm.
Copy and Paste the entire contents of the Report.txt file into your next reply.
Step 3:
Include in Next Post
Did you have any problems carrying out the instructions?
OTL.txt.
Extras.txt.
Report.txt.
Scolabar
--------------------------------------------------------------------------
No Reply Within 3 Days Will Result In Your Topic Being Closed
musicalpulltoy
2012-03-16, 02:05
happy thursday
first i ran the clean up on a past OTL so as to download latest.
OTL ran fine but during root uhkooker i got "error starting helper service during drive selection scan" clicked ok 2 time before it continued.
scotty popped up with "C:\WINDOWS\system32\89F5848D.exe" i clicked NO.
lately firefox has started a mild lag.
OTL logfile created on: 3/15/2012 4:07:14 PM - Run 1
OTL by OldTimer - Version 3.2.37.1 Folder = C:\Documents and Settings\DAD\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.24 Gb Total Physical Memory | 0.62 Gb Available Physical Memory | 49.97% Memory free
4.22 Gb Paging File | 3.63 Gb Available in Paging File | 85.82% Paging File free
Paging file location(s): [Binary data over 100 bytes]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.21 Gb Total Space | 10.93 Gb Free Space | 31.94% Space Free | Partition Type: NTFS
Drive E: | 232.88 Gb Total Space | 160.22 Gb Free Space | 68.80% Space Free | Partition Type: NTFS
Computer Name: DJJXF091 | User Name: DAD | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/03/15 16:05:34 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\DAD\Desktop\OTL.exe
PRC - [2012/01/24 17:24:26 | 002,416,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2011/11/28 01:19:04 | 001,229,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/11/09 20:05:42 | 002,420,616 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
PRC - [2011/11/09 20:01:38 | 000,073,360 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
PRC - [2011/11/03 07:44:28 | 000,497,280 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
PRC - [2011/11/03 07:44:24 | 000,738,944 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
PRC - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/09/08 20:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/08/18 08:45:28 | 000,161,664 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2011/08/15 06:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/03/16 15:32:59 | 000,325,000 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2010/10/26 23:10:00 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/12 15:14:42 | 001,527,808 | ---- | M] () -- C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
========== Modules (No Company Name) ==========
MOD - [2010/10/26 23:10:01 | 001,018,840 | ---- | M] () -- C:\Program Files\Mozilla Firefox\js3250.dll
MOD - [2010/03/29 13:02:48 | 000,520,234 | ---- | M] () -- C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll
MOD - [2007/09/14 10:27:14 | 000,024,576 | ---- | M] () -- C:\Program Files\NETGEAR\WG111v3\CheckSessions.dll
MOD - [2007/09/12 15:14:42 | 001,527,808 | ---- | M] () -- C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
MOD - [2006/12/15 11:30:38 | 000,966,765 | ---- | M] () -- C:\Program Files\NETGEAR\WG111v3\acAuth.dll
MOD - [2006/05/16 18:35:00 | 000,049,152 | ---- | M] () -- C:\Program Files\NETGEAR\WG111v3\WlanDll.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R)
SRV - File not found [Disabled | Stopped] -- C:/Program Files/Dragon Global/DirMon2/DirMon2.exe -- (DirMon2)
SRV - File not found [Auto | Stopped] -- C:\Documents and Settings\All Users\Application Data\DatacardService\DCService.exe -- (DCService.exe)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2011/11/09 20:05:42 | 002,420,616 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2011/11/03 07:44:28 | 000,497,280 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe -- (IswSvc)
SRV - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/18 08:45:28 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/02/10 15:29:24 | 000,150,528 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion)
SRV - [2008/08/26 15:58:12 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Disabled | Stopped] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2007/06/25 08:47:12 | 001,552,680 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\HSF_CNXT.sys -- (winachsf)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RimUsb.sys -- (RimUsb)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\point32.sys -- (Point32)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_jubusenum.sys -- (huawei_enumerator)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\HSFHWBS2.sys -- (HSFHWBS2)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\HSF_DPV.sys -- (HSF_DPV)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbnet.sys -- (ewusbnet)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (bvrp_pci)
DRV - [2011/11/09 20:01:38 | 000,525,840 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (Vsdatant)
DRV - [2011/11/03 07:44:20 | 000,027,016 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2011/10/07 06:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/10/04 06:21:42 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/09/13 06:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/11 01:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 01:14:28 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 01:14:28 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV - [2011/07/11 01:14:26 | 000,134,608 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/05/10 11:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 11:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/11 05:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009/03/25 16:48:00 | 000,114,728 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018mdm.sys -- (s1018mdm)
DRV - [2009/03/25 16:48:00 | 000,109,864 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018unic.sys -- (s1018unic) Sony Ericsson Device 1018 USB Ethernet Emulation (WDM)
DRV - [2009/03/25 16:48:00 | 000,106,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018mgmt.sys -- (s1018mgmt) Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM)
DRV - [2009/03/25 16:48:00 | 000,104,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018obex.sys -- (s1018obex)
DRV - [2009/03/25 16:48:00 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018bus.sys -- (s1018bus) Sony Ericsson Device 1018 driver (WDM)
DRV - [2009/03/25 16:48:00 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018nd5.sys -- (s1018nd5) Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS)
DRV - [2009/03/25 16:48:00 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018mdfl.sys -- (s1018mdfl)
DRV - [2008/04/14 00:26:08 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/14 00:23:10 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/14 00:15:34 | 000,011,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\scsiscan.sys -- (scsiscan)
DRV - [2008/03/11 15:58:56 | 000,059,776 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PTDUWWAN.sys -- (PTDUWWAN)
DRV - [2008/03/11 15:58:50 | 000,039,936 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PTDUVsp.sys -- (PTDUVsp)
DRV - [2008/03/11 15:58:48 | 000,041,344 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PTDUMdm.sys -- (PTDUMdm)
DRV - [2008/03/11 15:58:44 | 000,029,824 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PTDUBus.sys -- (PTDUBus)
DRV - [2007/06/25 08:47:12 | 000,038,440 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDRm.sys -- (incdrm)
DRV - [2007/06/25 08:47:12 | 000,036,776 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDPass.sys -- (InCDPass)
DRV - [2007/06/25 08:47:12 | 000,016,040 | ---- | M] (Nero AG) [Recognizer | System | Unknown] -- C:\WINDOWS\System32\drivers\InCDrec.sys -- (InCDrec)
DRV - [2007/06/25 08:47:02 | 000,119,080 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2007/04/23 14:11:54 | 000,224,896 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wg111v3.sys -- (RTL8187B)
DRV - [2006/02/23 14:58:25 | 000,167,808 | R--- | M] (Hauppauge Computer Works, Inc.) [23|25|26]xxx) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hcwPP2.sys -- (hcwPP2)
DRV - [2005/12/14 21:03:19 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2005/05/12 22:17:00 | 000,457,312 | R--- | M] (Atheros Communications, Inc. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\N3AB.sys -- (N3AB)
DRV - [2005/03/14 14:01:38 | 000,041,984 | ---- | M] (DeviceGuys, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\DGIVECP.SYS -- (DgiVecp)
DRV - [2004/09/17 13:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2004/08/04 04:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/08/04 04:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2002/04/11 11:47:52 | 000,011,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ipfilter.sys -- (IPFilter)
DRV - [2001/08/17 13:57:46 | 000,065,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\s3legacy.sys -- (s3legacy)
DRV - [2001/08/17 13:50:20 | 000,114,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\epstw2k.sys -- (epstw2k)
DRV - [2001/08/17 12:50:56 | 000,050,432 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SiSV.sys -- (SiSV)
DRV - [2001/08/17 12:50:34 | 000,166,720 | ---- | M] (S3 Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3m.sys -- (s3m)
DRV - [1999/05/28 14:53:30 | 000,150,872 | R--- | M] (Trident Microsystems Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\TridWnW.sys -- (TridWnW)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-19\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-20\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
IE - HKU\S-1-5-21-1668751319-4250827956-263943839-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1668751319-4250827956-263943839-1006\..\URLSearchHook: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\prxtbZon2.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1668751319-4250827956-263943839-1006\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1668751319-4250827956-263943839-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1668751319-4250827956-263943839-1006\..\SearchScopes\{9215ECFA-54BC-4C22-9CB5-2109EB6BB912}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b2ie7
IE - HKU\S-1-5-21-1668751319-4250827956-263943839-1006\..\SearchScopes\{9C126488-C099-43C9-A00E-5A43495AC51F}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKU\S-1-5-21-1668751319-4250827956-263943839-1006\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
IE - HKU\S-1-5-21-1668751319-4250827956-263943839-1006\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2645238
IE - HKU\S-1-5-21-1668751319-4250827956-263943839-1006\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredimail.com/mb59/?search={searchTerms}&loc=search_box&u=92822879073603948
IE - HKU\S-1-5-21-1668751319-4250827956-263943839-1006\..\SearchScopes\{E8930232-4B31-4251-986C-98061BDC75B4}: "URL" = http://www.ant.com/web/{searchTerms}/
IE - HKU\S-1-5-21-1668751319-4250827956-263943839-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1668751319-4250827956-263943839-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
========== FireFox ==========
FF - prefs.js..browser.search.defaultthis.engineName: "ZoneAlarm Security Customized Web Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.update: false
FF - prefs.js..extensions.enabledItems: {e968fc70-8f95-4ab9-9e79-304de2a71ee1}:0.7.3
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:12.0.0.1912
FF - prefs.js..extensions.enabledItems: {29c4afe1-db19-4298-8785-fcc94d1d6c1d}:0.6.2009110501
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}:7.0
FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:5.4
FF - prefs.js..extensions.enabledItems: firefox@ghostery.com:2.6.0.1
FF - prefs.js..extensions.enabledItems: {f36c6cd1-da73-491d-b290-8fc9115bfa55}:2.2.0
FF - prefs.js..extensions.enabledItems: jsdeobfuscator@adblockplus.org:1.5.7
FF - prefs.js..extensions.enabledItems: inspector@mozilla.org:2.0.10
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.7.3
FF - prefs.js..extensions.enabledItems: {91da5e8a-3318-4f8c-b67e-5964de3ab546}:3.8.0.8
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\DAD\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\DAD\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\DAD\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\DAD\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/01/31 13:21:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2012/03/09 07:58:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/08/18 08:27:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/08 20:38:57 | 000,000,000 | ---D | M]
[2009/11/23 22:10:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\DAD\Application Data\Mozilla\Extensions
[2012/03/07 23:39:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\DAD\Application Data\Mozilla\Firefox\Profiles\fn2dlw99.default\extensions
[2010/11/07 10:53:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\DAD\Application Data\Mozilla\Firefox\Profiles\fn2dlw99.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/04/14 16:22:47 | 000,000,000 | ---D | M] ("Split Browser") -- C:\Documents and Settings\DAD\Application Data\Mozilla\Firefox\Profiles\fn2dlw99.default\extensions\{29c4afe1-db19-4298-8785-fcc94d1d6c1d}
[2011/11/23 16:09:25 | 000,000,000 | ---D | M] (ZoneAlarm Security Community Toolbar) -- C:\Documents and Settings\DAD\Application Data\Mozilla\Firefox\Profiles\fn2dlw99.default\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}
[2011/09/07 19:41:45 | 000,000,000 | ---D | M] (Tor-Proxy.NET Toolbar) -- C:\Documents and Settings\DAD\Application Data\Mozilla\Firefox\Profiles\fn2dlw99.default\extensions\{9815d32d-08c2-42ca-a8c6-43e501a4512f}
[2011/07/31 18:11:47 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\DAD\Application Data\Mozilla\Firefox\Profiles\fn2dlw99.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/09/07 23:43:07 | 000,000,000 | ---D | M] (Easy YouTube Video Downloader) -- C:\Documents and Settings\DAD\Application Data\Mozilla\Firefox\Profiles\fn2dlw99.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
[2011/08/18 08:34:41 | 000,000,000 | ---D | M] (User Agent Switcher) -- C:\Documents and Settings\DAD\Application Data\Mozilla\Firefox\Profiles\fn2dlw99.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
[2011/09/27 00:14:34 | 000,000,000 | ---D | M] (WorldIP) -- C:\Documents and Settings\DAD\Application Data\Mozilla\Firefox\Profiles\fn2dlw99.default\extensions\{f36c6cd1-da73-491d-b290-8fc9115bfa55}
[2011/07/13 05:36:08 | 000,000,000 | ---D | M] (Ant Video Downloader) -- C:\Documents and Settings\DAD\Application Data\Mozilla\Firefox\Profiles\fn2dlw99.default\extensions\anttoolbar@ant(2).com
[2011/09/27 02:18:16 | 000,000,000 | ---D | M] (Firebug) -- C:\Documents and Settings\DAD\Application Data\Mozilla\Firefox\Profiles\fn2dlw99.default\extensions\firebug@software.joehewitt.com
[2011/09/07 23:43:07 | 000,000,000 | ---D | M] (Ghostery) -- C:\Documents and Settings\DAD\Application Data\Mozilla\Firefox\Profiles\fn2dlw99.default\extensions\firefox@ghostery.com
[2011/07/13 05:36:10 | 000,000,000 | ---D | M] (FlashFirebug) -- C:\Documents and Settings\DAD\Application Data\Mozilla\Firefox\Profiles\fn2dlw99.default\extensions\flashfirebug@o-minds(2).com
[2011/09/27 02:14:47 | 000,000,000 | ---D | M] (DOM Inspector) -- C:\Documents and Settings\DAD\Application Data\Mozilla\Firefox\Profiles\fn2dlw99.default\extensions\inspector@mozilla.org
[2011/09/27 00:13:32 | 000,000,000 | ---D | M] (JavaScript Deobfuscator) -- C:\Documents and Settings\DAD\Application Data\Mozilla\Firefox\Profiles\fn2dlw99.default\extensions\jsdeobfuscator@adblockplus.org
[2011/03/23 20:42:20 | 000,000,939 | ---- | M] () -- C:\Documents and Settings\DAD\Application Data\Mozilla\Firefox\Profiles\fn2dlw99.default\searchplugins\conduit.xml
[2011/08/26 23:22:11 | 000,002,207 | ---- | M] () -- C:\Documents and Settings\DAD\Application Data\Mozilla\Firefox\Profiles\fn2dlw99.default\searchplugins\MyStart Search.xml
[2012/03/07 23:39:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/08/18 08:46:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}
[2012/01/31 13:21:12 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX4
[2011/08/18 08:45:29 | 000,611,224 | ---- | M] (Oracle Corporation) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\DAD\Local Settings\Application Data\Google\Chrome\Application\13.0.782.215\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Chrome NaCl (Disabled) = C:\Documents and Settings\DAD\Local Settings\Application Data\Google\Chrome\Application\13.0.782.215\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\DAD\Local Settings\Application Data\Google\Chrome\Application\13.0.782.215\pdf.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Documents and Settings\DAD\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1390_1\plugins/avgnpss.dll
CHR - plugin: getPlusPlus for Adobe 162102 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\DAD\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: AVG Safe Search = C:\Documents and Settings\DAD\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1390_0\
CHR - Extension: AVG Safe Search = C:\Documents and Settings\DAD\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\
O1 HOSTS File: ([2012/02/13 19:18:35 | 000,440,549 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15168 more lines...
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (ZoneAlarm Security Toolbar) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\prxtbZon2.dll (Conduit Ltd.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\prxtbZon2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKU\S-1-5-21-1668751319-4250827956-263943839-1006\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-1668751319-4250827956-263943839-1006\..\Toolbar\WebBrowser: (ZoneAlarm Security Toolbar) - {91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - C:\Program Files\ZoneAlarm_Security\prxtbZon2.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1668751319-4250827956-263943839-1006\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [Task Catcher] C:\Program Files\BillP Studios\Task Catcher\TaskTrap.exe (BillP Studios)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SystemExplorerDisabled [2011/09/01 03:51:19 | 000,000,000 | ---D | M]
O4 - Startup: C:\Documents and Settings\DAD\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1668751319-4250827956-263943839-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1668751319-4250827956-263943839-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1668751319-4250827956-263943839-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\S-1-5-21-1668751319-4250827956-263943839-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1668751319-4250827956-263943839-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1246219383859 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D3C8F517-0E02-41EF-88B6-50CFBAF7D6D0}: NameServer = 68.105.28.11,68.105.28.12,68.105.29.12
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\DAD\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\DAD\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 12:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2012/03/15 16:05:37 | 000,594,944 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\DAD\Desktop\OTL.exe
[2012/03/12 06:46:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[2012/03/12 06:43:21 | 002,031,992 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\DAD\Desktop\MGADiag.exe
[2012/02/15 22:33:57 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012/02/15 22:33:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2012/02/15 22:27:41 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\DAD\Desktop\erunt-setup.exe
[90 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/03/15 16:05:34 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\DAD\Desktop\OTL.exe
[2012/03/15 16:01:34 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/03/15 16:00:35 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/03/15 16:00:33 | 000,167,504 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/03/15 09:43:58 | 091,897,464 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/03/14 23:59:58 | 000,006,522 | ---- | M] () -- C:\Documents and Settings\DAD\My Documents\ALLLYRICSTODATE.RTF
[2012/03/13 15:59:50 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/03/12 06:44:12 | 002,031,992 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\DAD\Desktop\MGADiag.exe
[2012/03/10 19:08:25 | 000,879,700 | ---- | M] () -- C:\Documents and Settings\DAD\Desktop\SecurityCheck.exe
[2012/03/10 17:09:41 | 000,287,652 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2012/03/09 12:23:17 | 000,004,198 | ---- | M] () -- C:\Documents and Settings\DAD\Desktop\attach.zip
[2012/03/06 11:32:01 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/02/18 02:01:41 | 000,003,082 | ---- | M] () -- C:\Documents and Settings\DAD\My Documents\claimform.rtf
[2012/02/15 22:34:09 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\DAD\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/02/15 22:34:02 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\DAD\Desktop\ERUNT.lnk
[2012/02/15 22:32:01 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\DAD\Desktop\erunt-setup.exe
[2012/02/14 18:07:40 | 000,463,932 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/02/14 18:07:40 | 000,079,208 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
========== Files Created - No Company Name ==========
[2012/03/10 19:08:14 | 000,879,700 | ---- | C] () -- C:\Documents and Settings\DAD\Desktop\SecurityCheck.exe
[2012/03/09 12:23:16 | 000,004,198 | ---- | C] () -- C:\Documents and Settings\DAD\Desktop\attach.zip
[2012/02/18 02:01:41 | 000,003,082 | ---- | C] () -- C:\Documents and Settings\DAD\My Documents\claimform.rtf
[2012/02/15 22:34:09 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\DAD\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/02/15 22:34:02 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\DAD\Desktop\ERUNT.lnk
[2012/02/14 12:42:50 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/09/09 02:12:30 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2011/08/27 16:32:41 | 000,000,059 | ---- | C] () -- C:\WINDOWS\System32\everest_cpl.ini
[2011/05/28 00:47:06 | 000,037,540 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/04/30 11:53:26 | 000,166,400 | ---- | C] () -- C:\WINDOWS\System32\TridTray.exe
[2011/04/12 23:13:27 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2011/03/31 23:15:01 | 000,021,312 | ---- | C] () -- C:\WINDOWS\choice.exe
========== LOP Check ==========
[2011/04/21 18:54:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.DJJXF091\Application Data\Program Files
[2011/04/21 18:16:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.DJJXF091\Application Data\Windows Search
[2011/05/28 00:33:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ant.com
[2005/12/23 16:59:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Authentium
[2011/05/03 13:54:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avanquest
[2012/01/13 21:40:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2011/05/03 13:52:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2011/05/14 20:13:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CheckPoint
[2011/04/01 00:15:02 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/03/29 04:57:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cricket Broadband EC1705
[2011/04/21 18:54:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DatacardService
[2011/09/23 14:43:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Innovative Solutions
[2011/04/02 02:38:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2009/11/30 16:35:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2011/03/30 16:32:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2012/03/15 09:44:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/04/01 22:33:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC-Doctor
[2011/04/01 22:33:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr
[2006/08/14 20:55:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SnapStream
[2011/04/01 22:33:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2011/08/02 20:56:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SystemExplorer
[2011/04/21 12:51:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp
[2010/10/31 12:34:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/10/03 17:17:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/07/08 20:47:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2011/04/01 00:25:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAD\Application Data\AVG10
[2012/01/13 18:41:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAD\Application Data\AVG2012
[2011/08/04 18:53:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAD\Application Data\Canon
[2011/03/31 00:30:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAD\Application Data\CheckPoint
[2011/11/07 22:15:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAD\Application Data\gtk-2.0
[2009/12/01 10:44:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAD\Application Data\IObit
[2006/01/01 18:20:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAD\Application Data\Leadertech
[2011/05/03 02:45:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAD\Application Data\MOBILedit
[2006/05/21 15:48:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAD\Application Data\MSNInstaller
[2011/03/29 04:53:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAD\Application Data\Program Files
[2005/12/23 19:01:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAD\Application Data\QMCache
[2010/10/19 11:35:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAD\Application Data\Research In Motion
[2011/09/09 09:12:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAD\Application Data\Safer Networking
[2009/03/14 19:05:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAD\Application Data\Smith Micro
[2006/04/16 21:24:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAD\Application Data\Snapfish
[2011/05/03 15:31:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAD\Application Data\Sony
[2012/03/12 06:41:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAD\Application Data\uTorrent
[2009/06/28 13:20:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAD\Application Data\Windows Desktop Search
[2009/07/03 18:48:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAD\Application Data\Windows Search
[2011/04/02 02:39:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAD\Application Data\WinPatrol
========== Purity Check ==========
< End of report >
OTL Extras logfile created on: 3/15/2012 4:07:14 PM - Run 1
OTL by OldTimer - Version 3.2.37.1 Folder = C:\Documents and Settings\DAD\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.24 Gb Total Physical Memory | 0.62 Gb Available Physical Memory | 49.97% Memory free
4.22 Gb Paging File | 3.63 Gb Available in Paging File | 85.82% Paging File free
Paging file location(s): [Binary data over 100 bytes]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.21 Gb Total Space | 10.93 Gb Free Space | 31.94% Space Free | Partition Type: NTFS
Drive E: | 232.88 Gb Total Space | 160.22 Gb Free Space | 68.80% Space Free | Partition Type: NTFS
Computer Name: DJJXF091 | User Name: DAD | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_USERS\S-1-5-21-1668751319-4250827956-263943839-1006\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015
"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016
"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
musicalpulltoy
2012-03-16, 02:06
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007811BF-E310-4285-BFC6-55DB29B3EDDE}" = WinPatrol
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}" = Intel(R) PROSet for Wired Connections
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{26A24AE4-039D-4CA4-87B4-2F83217000FF}" = Java(TM) 7
"{296B2D8E-CE82-92AF-B2E8-937294733038}_is1" = NetAlyzer
"{2B120B1D-1908-4FB3-8C9D-72128A74E80A}" = ZoneAlarm Security
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{3134052E-B1F0-465C-B320-5042095B1033}" = Nero 7 Essentials
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EFC72DA-2314-4E5D-AC8E-1C954CDB8BBF}" = AVG 2012
"{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter
"{548EEA8E-8299-497F-8057-811D2D7097DC}" = Dell Support 3.1
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69B02159-7622-4DBB-B9EE-F933039830AD}" = QuickBooks Pro 2006
"{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}" = Safari
"{6E179C77-7335-458D-9537-4F4EAC0181ED}" = Photo Click
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics 2 Driver
"{91120409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Standard
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99F0545E-D93D-481D-8088-7F50FD76DE55}" = Scrapbooks Plus Workshop
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A386CC19-1E79-4D4C-A54B-C8747871E4AD}" = ZoneAlarm Firewall
"{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}" = Dell Media Experience
"{B37C842A-B624-46B8-A727-654E72F1C91A}" = Calculator Powertoy for Windows XP
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C13AF9C7-8E06-4354-B629-DF6192CE4A66}" = PANTECH UM175 Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D403FFC3-DED7-36DB-AC5C-2967541F32A8}" = Google Talk Plugin
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E7E84E23-C5C0-4B15-B13A-C63149E59C98}" = AVG 2012
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 2.01.149
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"7-Zip" = 7-Zip 4.42
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AVG" = AVG 2012
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Dell Game Console" = Dell Game Console
"ERUNT_is1" = ERUNT 1.1j
"ESET Online Scanner" = ESET Online Scanner v3
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Halo" = Microsoft Halo
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PROSet" = Intel(R) PRO Network Adapters and Drivers
"RealPlayer 6.0" = RealPlayer Basic
"Rosetta Stone 2.1.4.1A" = Rosetta Stone 2.1.4.1A
"System Explorer_is1" = System Explorer 3.0.4
"Task Catcher" = Task Catcher
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger
"ZoneAlarm Free" = ZoneAlarm Free
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar
"ZoneAlarm_Security Toolbar" = ZoneAlarm Security Toolbar
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1668751319-4250827956-263943839-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f031ef6ac137efc5" = Dell Driver Download Manager
"Google Chrome" = Google Chrome
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 8/21/2011 4:31:25 AM | Computer Name = DJJXF091 | Source = Application Error | ID = 1000
Description = Faulting application wg111v3.exe, version 3.6.28.314, faulting module
dnsapi.dll, version 5.1.2600.2180, fault address 0x00005b87.
Error - 8/25/2011 12:27:22 AM | Computer Name = DJJXF091 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module mshtml.dll, version 8.0.6001.18928, fault address 0x000ec345.
Error - 8/27/2011 11:04:35 PM | Computer Name = DJJXF091 | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 0.0.0.0, faulting module
chrome.dll, version 13.0.782.215, fault address 0x001123df.
Error - 8/29/2011 1:26:30 AM | Computer Name = DJJXF091 | Source = Application Error | ID = 1000
Description = Faulting application safari.exe, version 5.33.21.1, faulting module
objc.dll, version 1.435.16.1, fault address 0x000085f0.
Error - 8/30/2011 1:59:58 PM | Computer Name = DJJXF091 | Source = Application Error | ID = 1000
Description = Faulting application wg111v3.exe, version 3.6.28.314, faulting module
dnsapi.dll, version 5.1.2600.2180, fault address 0x000037bf.
Error - 9/5/2011 8:03:42 AM | Computer Name = DJJXF091 | Source = Application Error | ID = 1000
Description = Faulting application wg111v3.exe, version 3.6.28.314, faulting module
unknown, version 0.0.0.0, fault address 0x62206568.
Error - 9/5/2011 5:33:51 PM | Computer Name = DJJXF091 | Source = Application Error | ID = 1000
Description = Faulting application wg111v3.exe, version 3.6.28.314, faulting module
dnsapi.dll, version 5.1.2600.2180, fault address 0x00003ba8.
Error - 9/7/2011 2:02:02 PM | Computer Name = DJJXF091 | Source = crypt32 | ID = 131075
Description = Failed auto update retrieval of third-party root list cab from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: This operation returned because the timeout period expired.
Error - 9/7/2011 11:44:02 PM | Computer Name = DJJXF091 | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.
Error - 9/16/2011 10:02:53 PM | Computer Name = DJJXF091 | Source = Application Error | ID = 1000
Description = Faulting application wg111v3.exe, version 3.6.28.314, faulting module
ntdll.dll, version 5.1.2600.5755, fault address 0x000101b3.
[ System Events ]
Error - 3/10/2012 12:39:08 AM | Computer Name = DJJXF091 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Application Layer Gateway
Service service to connect.
Error - 3/10/2012 12:39:08 AM | Computer Name = DJJXF091 | Source = Service Control Manager | ID = 7000
Description = The Application Layer Gateway Service service failed to start due
to the following error: %%1053
Error - 3/13/2012 4:35:10 PM | Computer Name = DJJXF091 | Source = Service Control Manager | ID = 7034
Description = The Windows Image Acquisition (WIA) service terminated unexpectedly.
It has done this 1 time(s).
Error - 3/13/2012 8:20:14 PM | Computer Name = DJJXF091 | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1058
Error - 3/13/2012 8:20:14 PM | Computer Name = DJJXF091 | Source = Service Control Manager | ID = 7000
Description = The DCService.exe service failed to start due to the following error:
%%2
Error - 3/13/2012 8:20:14 PM | Computer Name = DJJXF091 | Source = Service Control Manager | ID = 7000
Description = The Microsoft Kernel Wave Audio Mixer service failed to start due
to the following error: %%1058
Error - 3/14/2012 9:27:12 PM | Computer Name = DJJXF091 | Source = Service Control Manager | ID = 7034
Description = The HTTP SSL service terminated unexpectedly. It has done this 1
time(s).
Error - 3/15/2012 10:07:06 AM | Computer Name = DJJXF091 | Source = Service Control Manager | ID = 7034
Description = The HTTP SSL service terminated unexpectedly. It has done this 2
time(s).
Error - 3/15/2012 7:01:21 PM | Computer Name = DJJXF091 | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1058
Error - 3/15/2012 7:01:21 PM | Computer Name = DJJXF091 | Source = Service Control Manager | ID = 7000
Description = The DCService.exe service failed to start due to the following error:
%%2
< End of report >
RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
>Drivers
==============================================
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2192768 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2192768 bytes
0x804D7000 RAW 2192768 bytes
0x804D7000 WMIxWDM 2192768 bytes
0xBF800000 Win32k 1863680 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1863680 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xB9DD2000 C:\WINDOWS\system32\DRIVERS\ialmnt5.sys 1302528 bytes (Intel Corporation, Intel Graphics Miniport Driver)
0xBF077000 C:\WINDOWS\System32\ialmdd5.DLL 925696 bytes (Intel Corporation, DirectDraw(R) Driver for Intel(R) Graphics Technology)
0xB9C15000 C:\WINDOWS\system32\drivers\senfilt.sys 733184 bytes (Creative Technology Ltd., Creative WDM Audio Driver)
0xF7B52000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xB1651000 C:\WINDOWS\System32\vsdatant.sys 520192 bytes (Check Point Software Technologies LTD, ZoneAlarm Firewalling Driver)
0xB14FB000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xB9AEF000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xB18DA000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xBF159000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xB185B000 C:\WINDOWS\system32\DRIVERS\avgtdix.sys 290816 bytes (AVG Technologies CZ, s.r.o., AVG Network connection watcher)
0xB030A000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xB9D0F000 C:\WINDOWS\system32\drivers\smwdm.sys 262144 bytes (Analog Devices, Inc., SoundMAX Integrated Digital Audio )
0xB18A2000 C:\WINDOWS\system32\DRIVERS\tcpip6.sys 229376 bytes (Microsoft Corporation, IPv6 driver)
0xB14BA000 C:\WINDOWS\system32\DRIVERS\avgldx86.sys 225280 bytes (AVG Technologies CZ, s.r.o., AVG AVI Loader Driver)
0xB16F8000 C:\WINDOWS\system32\DRIVERS\wg111v3.sys 225280 bytes (Realtek Semiconductor Corporation , NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter NDIS Driver)
0xBF042000 C:\WINDOWS\System32\ialmdev5.DLL 217088 bytes (Intel Corporation, Component GHAL Driver)
0xF75A8000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xF7419000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xB156B000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xB16D0000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xB9D63000 C:\WINDOWS\system32\DRIVERS\e100b325.sys 155648 bytes (Intel Corporation, Intel(R) PRO/100 Adapter NDIS 5.1 driver)
0xB17F7000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xB9CEB000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB9D9A000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB9CC8000 C:\WINDOWS\system32\drivers\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xB15B8000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xBF020000 C:\WINDOWS\System32\ialmdnt5.dll 139264 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0xB1596000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0x806EF000 ACPI_HAL 131840 bytes
0x806EF000 C:\WINDOWS\system32\hal.dll 131840 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xB06BB000 C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys 131072 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Driver.)
0xF7482000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF74BA000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xF74D9000 pcmcia.sys 122880 bytes (Microsoft Corporation, PCMCIA Bus Driver)
0xB1946000 C:\WINDOWS\system32\drivers\InCDFs.sys 114688 bytes (Nero AG, InCD File System Driver)
0xF787D000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF74A2000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xB12CC000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xF7459000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB9BFE000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xB0CDE000 C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys 90112 bytes (Microsoft Corporation, NWLINK2 IPX Protocol Driver)
0xB0A71000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xB9D4F000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xB9DBE000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xB1933000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xF7446000 WudfPf.sys 77824 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF7470000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF7597000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xB9BED000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xBFF40000 C:\WINDOWS\System32\s3legacy.dll 69632 bytes (Microsoft Corporation, S3 Display Driver)
0xB9D89000 C:\WINDOWS\system32\DRIVERS\s3legacy.sys 69632 bytes (Microsoft Corporation, s3 Miniport Driver)
0xF76B7000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xBA71F000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xB9B7D000 C:\WINDOWS\system32\DRIVERS\nwlnknb.sys 65536 bytes (Microsoft Corporation, NWLINK2 IPX Netbios Protocol Driver)
0xBA73F000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xB9BDD000 C:\WINDOWS\System32\Drivers\DgiVecp.sys 61440 bytes (DeviceGuys, Inc., Windows NT 4.0 IEEE-1284 parallel class driver for ECP, Byte, and Nibble modes)
0xBA6FF000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xB0BC6000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF76E7000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xBF012000 C:\WINDOWS\System32\ialmrnt5.dll 57344 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0xB0AAE000 C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys 57344 bytes (Microsoft Corporation, NWLINK2 SPX Protocol Driver)
0xF7557000 C:\WINDOWS\system32\DRIVERS\avgmfx86.sys 53248 bytes (AVG Technologies CZ, s.r.o., AVG Resident Shield Minifilter Driver)
0xF7637000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xBA74F000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF7667000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF7617000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF7687000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xB9BCD000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xBA72F000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF7607000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF7677000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF75F7000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF76D7000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF76A7000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xB074B000 C:\WINDOWS\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0xF7627000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF7567000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xBA70F000 C:\WINDOWS\system32\drivers\InCDRm.sys 36864 bytes (Nero AG, Nero MRW Filter Driver)
0xBA75F000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF7547000 C:\WINDOWS\system32\drivers\ip6fw.sys 36864 bytes (Microsoft Corporation, IPv6 Windows Firewall Driver)
0xF7697000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xBA76F000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xF7647000 PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xF7537000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xB9FD6000 C:\WINDOWS\system32\drivers\InCDPass.sys 32768 bytes (Nero AG, Ahead RW Filter Driver)
0xF775F000 C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys 32768 bytes (Check Point Software Technologies, ZoneAlarm Browser Security)
0xF7777000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xB9FF6000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF7717000 avgrkx86.sys 28672 bytes (AVG Technologies CZ, s.r.o., AVG Anti-Rootkit Driver)
0xB9FEE000 C:\WINDOWS\system32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xF7757000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF7707000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xB9FDE000 C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xB9FE6000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF7747000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF778F000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0xB9FFE000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF7767000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF780F000 C:\WINDOWS\system32\DRIVERS\AegisP.sys 20480 bytes (Meetinghouse Data Communications, IEEE 802.1X Protocol Driver)
0xF77AF000 C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys 20480 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Filter Driver.)
0xF776F000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF770F000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF7737000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF773F000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
0xB9FCE000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF77E7000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF789B000 AVGIDSEH.Sys 16384 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Helper Driver.)
0xBA7E0000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xB0E00000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xBA7F8000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xB0B92000 C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys 12288 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Loader Driver.)
0xF7897000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xB1350000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xBA7B0000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xBA7B8000 C:\WINDOWS\System32\Drivers\i2omgmt.SYS 12288 bytes (Microsoft Corporation, I2O Utility Filter)
0xBA57B000 C:\WINDOWS\System32\Drivers\InCDrec.SYS 12288 bytes (Nero AG, InCD File System Recognizer)
0xB0AA6000 C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 12288 bytes (Conexant, Diagnostic Interface DRIVER)
0xBA55B000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xBA7F0000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xBA577000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xBA7FC000 C:\WINDOWS\system32\DRIVERS\tunmp.sys 12288 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0xF79E5000 C:\WINDOWS\System32\Drivers\ASCTRM.SYS 8192 bytes (Windows (R) 2000 DDK provider, TR Manager)
0xF79B3000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF798D000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF79B1000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF798B000 intelide.sys 8192 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0xF7987000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF79B5000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF79B7000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF79A9000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF79AB000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7989000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7A88000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF7AA6000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF7A97000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7A4F000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================
WARNING: Virus alike driver modification [adpu160m.sys]
WARNING: Virus alike driver modification [ipfilter.sys]
WARNING: Virus alike driver modification [acpiec.sys]
WARNING: Virus alike driver modification [cpqdap01.sys]
WARNING: Virus alike driver modification [amsint.sys]
WARNING: Virus alike driver modification [nikedrv.sys]
WARNING: Virus alike driver modification [rio8drv.sys]
WARNING: Virus alike driver modification [riodrv.sys]
WARNING: Virus alike driver modification [ws2ifsl.sys]
WARNING: Virus alike driver modification [fsvga.sys]
WARNING: Virus alike driver modification [nwlnkflt.sys]
WARNING: Virus alike driver modification [ftdisk.sys]
WARNING: Virus alike driver modification [aha154x.sys]
WARNING: Virus alike driver modification [cbidf2k.sys]
WARNING: Virus alike driver modification [smclib.sys]
WARNING: Virus alike driver modification [dac960nt.sys]
WARNING: Virus alike driver modification [asc3550.sys]
WARNING: Virus alike driver modification [cpqarray.sys]
WARNING: Virus alike driver modification [ini910u.sys]
WARNING: Virus alike driver modification [symc810.sys]
WARNING: Virus alike driver modification [mraid35x.sys]
WARNING: Virus alike driver modification [dac2w2k.sys]
WARNING: Virus alike driver modification [nv4_mini.sys]
WARNING: Virus alike driver modification [sparrow.sys]
WARNING: Virus alike driver modification [iqvw32.sys]
WARNING: Virus alike driver modification [dpti2o.sys]
WARNING: Virus alike driver modification [tsbvcap.sys]
WARNING: Virus alike driver modification [asc3350p.sys]
WARNING: Virus alike driver modification [ABP480N5.SYS]
WARNING: Virus alike driver modification [hpn.sys]
WARNING: Virus alike driver modification [cinemst2.sys]
WARNING: Virus alike driver modification [asc.sys]
WARNING: Virus alike driver modification [perc2.sys]
WARNING: Virus alike driver modification [sym_hi.sys]
WARNING: Virus alike driver modification [PTDUBus.sys]
WARNING: Virus alike driver modification [sym_u3.sys]
WARNING: Virus alike driver modification [atmepvc.sys]
WARNING: Virus alike driver modification [nwlnkfwd.sys]
WARNING: Virus alike driver modification [symc8xx.sys]
WARNING: Virus alike driver modification [ipfltdrv.sys]
WARNING: Virus alike driver modification [ql10wnt.sys]
WARNING: Virus alike driver modification [rawwan.sys]
WARNING: Virus alike driver modification [atmuni.sys]
WARNING: Virus alike driver modification [ultra.sys]
WARNING: Virus alike driver modification [StMp3Rec.sys]
WARNING: Virus alike driver modification [wpdusb.sys]
WARNING: Virus alike driver modification [PTDUVsp.sys]
WARNING: Virus alike driver modification [ql1080.sys]
WARNING: Virus alike driver modification [ql1240.sys]
WARNING: Virus alike driver modification [PTDUMdm.sys]
WARNING: Virus alike driver modification [ql12160.sys]
WARNING: Virus alike driver modification [ql1280.sys]
WARNING: Virus alike driver modification [toside.sys]
WARNING: Virus alike driver modification [tosdvd.sys]
WARNING: Virus alike driver modification [aliide.sys]
WARNING: Virus alike driver modification [perc2hib.sys]
WARNING: Virus alike driver modification [aic78u2.sys]
WARNING: Virus alike driver modification [nwlnkspx.sys]
WARNING: Virus alike driver modification [aic78xx.sys]
WARNING: Virus alike driver modification [vdmindvd.sys]
WARNING: Virus alike driver modification [dmload.sys]
WARNING: Virus alike driver modification [rootmdm.sys]
WARNING: Virus alike driver modification [PTDUWWAN.sys]
WARNING: Virus alike driver modification [nwlnknb.sys]
WARNING: Virus alike driver modification [cmdide.sys]
WARNING: Virus alike driver modification [parvdm.sys]
WARNING: Virus alike driver modification [cd20xrnt.sys]
WARNING: Virus alike driver modification [mcd.sys]
WARNING: Virus alike driver modification [WudfPf.sys]
WARNING: Virus alike driver modification [WudfRd.sys]
==============================================
>Files
==============================================
==============================================
>Hooks
==============================================
ntoskrnl.exe+0x00004AA2, Type: Inline - RelativeJump 0x804DBAA2-->804DBAA9 [ntoskrnl.exe]
ntoskrnl.exe+0x0000BA94, Type: Inline - RelativeJump 0x804E2A94-->804E2A59 [ntoskrnl.exe]
tcpip.sys-->ndis.sys-->NdisCloseAdapter, Type: IAT modification 0xB1919428-->B1677A3E [vsdatant.sys]
tcpip.sys-->ndis.sys-->NdisOpenAdapter, Type: IAT modification 0xB1919454-->B167724C [vsdatant.sys]
tcpip.sys-->ndis.sys-->NdisRegisterProtocol, Type: IAT modification 0xB1919460-->B16773F6 [vsdatant.sys]
wanarp.sys-->ndis.sys-->NdisCloseAdapter, Type: IAT modification 0xF753CB4C-->B1677A3E [vsdatant.sys]
wanarp.sys-->ndis.sys-->NdisDeregisterProtocol, Type: IAT modification 0xF753CB1C-->B16759A6 [vsdatant.sys]
wanarp.sys-->ndis.sys-->NdisOpenAdapter, Type: IAT modification 0xF753CB3C-->B167724C [vsdatant.sys]
wanarp.sys-->ndis.sys-->NdisRegisterProtocol, Type: IAT modification 0xF753CB28-->B16773F6 [vsdatant.sys]
[1372]winlogon.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->20CB8E5D [ISWSHEX.dll]
[1372]winlogon.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->20CB9036 [ISWSHEX.dll]
[1372]winlogon.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x7C8309E9-->20CB846C [ISWSHEX.dll]
[1372]winlogon.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->20CB8791 [ISWSHEX.dll]
[1372]winlogon.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->20CB8D58 [ISWSHEX.dll]
[1372]winlogon.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->20CB89AB [ISWSHEX.dll]
[1372]winlogon.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x7E4282E1-->20CB828F [ISWSHEX.dll]
[1372]winlogon.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x7E42C9C3-->20CB825A [ISWSHEX.dll]
[1372]winlogon.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->20CB835C [ISWSHEX.dll]
[1420]services.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->20CB8E5D [ISWSHEX.dll]
[1420]services.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->20CB9036 [ISWSHEX.dll]
[1420]services.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x7C8309E9-->20CB846C [ISWSHEX.dll]
[1420]services.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->20CB8791 [ISWSHEX.dll]
[1420]services.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->20CB8D58 [ISWSHEX.dll]
[1420]services.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->20CB89AB [ISWSHEX.dll]
[1420]services.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x7E4282E1-->20CB828F [ISWSHEX.dll]
[1420]services.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x7E42C9C3-->20CB825A [ISWSHEX.dll]
[1420]services.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->20CB835C [ISWSHEX.dll]
[1432]lsass.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->20CB8E5D [ISWSHEX.dll]
[1432]lsass.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->20CB9036 [ISWSHEX.dll]
[1432]lsass.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->20CB8791 [ISWSHEX.dll]
[1432]lsass.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->20CB8D58 [ISWSHEX.dll]
[1432]lsass.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->20CB89AB [ISWSHEX.dll]
[1432]lsass.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x7E4282E1-->20CB828F [ISWSHEX.dll]
[1432]lsass.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x7E42C9C3-->20CB825A [ISWSHEX.dll]
[1432]lsass.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->20CB835C [ISWSHEX.dll]
[1592]svchost.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->20CB8E5D [ISWSHEX.dll]
[1592]svchost.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->20CB9036 [ISWSHEX.dll]
[1592]svchost.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x7C8309E9-->20CB846C [ISWSHEX.dll]
[1592]svchost.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->20CB8791 [ISWSHEX.dll]
[1592]svchost.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->20CB8D58 [ISWSHEX.dll]
[1592]svchost.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->20CB89AB [ISWSHEX.dll]
[1592]svchost.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x7E4282E1-->20CB828F [ISWSHEX.dll]
[1592]svchost.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x7E42C9C3-->20CB825A [ISWSHEX.dll]
[1592]svchost.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->20CB835C [ISWSHEX.dll]
[1680]svchost.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->20CB8E5D [ISWSHEX.dll]
[1680]svchost.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->20CB9036 [ISWSHEX.dll]
[1680]svchost.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x7C8309E9-->20CB846C [ISWSHEX.dll]
[1680]svchost.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->20CB8791 [ISWSHEX.dll]
[1680]svchost.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->20CB8D58 [ISWSHEX.dll]
[1680]svchost.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->20CB89AB [ISWSHEX.dll]
[1680]svchost.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x7E4282E1-->20CB828F [ISWSHEX.dll]
[1680]svchost.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x7E42C9C3-->20CB825A [ISWSHEX.dll]
[1680]svchost.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->20CB835C [ISWSHEX.dll]
[1860]svchost.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->20CB8E5D [ISWSHEX.dll]
[1860]svchost.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->20CB9036 [ISWSHEX.dll]
[1860]svchost.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x7C8309E9-->20CB846C [ISWSHEX.dll]
[1860]svchost.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->20CB8791 [ISWSHEX.dll]
[1860]svchost.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->20CB8D58 [ISWSHEX.dll]
[1860]svchost.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->20CB89AB [ISWSHEX.dll]
[1860]svchost.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x7E4282E1-->20CB828F [ISWSHEX.dll]
[1860]svchost.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x7E42C9C3-->20CB825A [ISWSHEX.dll]
[1860]svchost.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->20CB835C [ISWSHEX.dll]
[1904]svchost.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->20CB8E5D [ISWSHEX.dll]
[1904]svchost.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->20CB9036 [ISWSHEX.dll]
[1904]svchost.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x7C8309E9-->20CB846C [ISWSHEX.dll]
[1904]svchost.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->20CB8791 [ISWSHEX.dll]
[1904]svchost.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->20CB8D58 [ISWSHEX.dll]
[1904]svchost.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->20CB89AB [ISWSHEX.dll]
[1904]svchost.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x7E4282E1-->20CB828F [ISWSHEX.dll]
[1904]svchost.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x7E42C9C3-->20CB825A [ISWSHEX.dll]
[1904]svchost.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->20CB835C [ISWSHEX.dll]
[1948]searchindexer.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->20CB8E5D [ISWSHEX.dll]
[1948]searchindexer.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->20CB9036 [ISWSHEX.dll]
[1948]searchindexer.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x7C8309E9-->20CB846C [ISWSHEX.dll]
[1948]searchindexer.exe-->kernel32.dll-->WriteFile, Type: Inline - RelativeJump 0x7C810E27-->00585C0C [mssrch.dll]
[1948]searchindexer.exe-->kernel32.dll-->WriteFile, Type: Inline - SEH 0x7C810E2C [unknown_code_page]
[1948]searchindexer.exe-->kernel32.dll-->WriteFile, Type: Inline - SEH 0x7C810E2D [unknown_code_page]
[1948]searchindexer.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->20CB8791 [ISWSHEX.dll]
[1948]searchindexer.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->20CB8D58 [ISWSHEX.dll]
[1948]searchindexer.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->20CB89AB [ISWSHEX.dll]
[1948]searchindexer.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x7E4282E1-->20CB828F [ISWSHEX.dll]
[1948]searchindexer.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x7E42C9C3-->20CB825A [ISWSHEX.dll]
[1948]searchindexer.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->20CB835C [ISWSHEX.dll]
[200]notepad.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->20CB8E5D [ISWSHEX.dll]
[200]notepad.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->20CB9036 [ISWSHEX.dll]
[200]notepad.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x7C8309E9-->20CB846C [ISWSHEX.dll]
[200]notepad.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->20CB8791 [ISWSHEX.dll]
[200]notepad.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->20CB8D58 [ISWSHEX.dll]
[200]notepad.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->20CB89AB [ISWSHEX.dll]
[200]notepad.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x7E4282E1-->20CB828F [ISWSHEX.dll]
[200]notepad.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x7E42C9C3-->20CB825A [ISWSHEX.dll]
[200]notepad.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->20CB835C [ISWSHEX.dll]
[2164]WinPatrol.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->20CB8E5D [ISWSHEX.dll]
[2164]WinPatrol.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->20CB9036 [ISWSHEX.dll]
[2164]WinPatrol.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x7C8309E9-->20CB846C [ISWSHEX.dll]
[2164]WinPatrol.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->20CB8791 [ISWSHEX.dll]
[2164]WinPatrol.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->20CB8D58 [ISWSHEX.dll]
[2164]WinPatrol.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->20CB89AB [ISWSHEX.dll]
[2164]WinPatrol.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x7E4282E1-->20CB828F [ISWSHEX.dll]
[2164]WinPatrol.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x7E42C9C3-->20CB825A [ISWSHEX.dll]
[2164]WinPatrol.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->20CB835C [ISWSHEX.dll]
[2240]ctfmon.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->20CB8E5D [ISWSHEX.dll]
[2240]ctfmon.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->20CB9036 [ISWSHEX.dll]
[2240]ctfmon.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x7C8309E9-->20CB846C [ISWSHEX.dll]
[2240]ctfmon.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->20CB8791 [ISWSHEX.dll]
[2240]ctfmon.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->20CB8D58 [ISWSHEX.dll]
[2240]ctfmon.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->20CB89AB [ISWSHEX.dll]
[2240]ctfmon.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x7E4282E1-->20CB828F [ISWSHEX.dll]
[2240]ctfmon.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x7E42C9C3-->20CB825A [ISWSHEX.dll]
[2240]ctfmon.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->20CB835C [ISWSHEX.dll]
[2264]WG111v3.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->20CB8E5D [ISWSHEX.dll]
[2264]WG111v3.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->20CB9036 [ISWSHEX.dll]
[2264]WG111v3.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x7C8309E9-->20CB846C [ISWSHEX.dll]
[2264]WG111v3.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->20CB8791 [ISWSHEX.dll]
[2264]WG111v3.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->20CB8D58 [ISWSHEX.dll]
[2264]WG111v3.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->20CB89AB [ISWSHEX.dll]
[2264]WG111v3.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x7E4282E1-->20CB828F [ISWSHEX.dll]
[2264]WG111v3.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x7E42C9C3-->20CB825A [ISWSHEX.dll]
[2264]WG111v3.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->20CB835C [ISWSHEX.dll]
[2300]taskmgr.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->20CB8E5D [ISWSHEX.dll]
[2300]taskmgr.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->20CB9036 [ISWSHEX.dll]
[2300]taskmgr.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x7C8309E9-->20CB846C [ISWSHEX.dll]
[2300]taskmgr.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->20CB8791 [ISWSHEX.dll]
[2300]taskmgr.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->20CB8D58 [ISWSHEX.dll]
[2300]taskmgr.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->20CB89AB [ISWSHEX.dll]
[2300]taskmgr.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x7E4282E1-->20CB828F [ISWSHEX.dll]
[2300]taskmgr.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x7E42C9C3-->20CB825A [ISWSHEX.dll]
[2300]taskmgr.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->20CB835C [ISWSHEX.dll]
[256]svchost.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->20CB8E5D [ISWSHEX.dll]
[256]svchost.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->20CB9036 [ISWSHEX.dll]
[256]svchost.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x7C8309E9-->20CB846C [ISWSHEX.dll]
[256]svchost.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->20CB8791 [ISWSHEX.dll]
[256]svchost.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->20CB8D58 [ISWSHEX.dll]
[256]svchost.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->20CB89AB [ISWSHEX.dll]
[256]svchost.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x7E4282E1-->20CB828F [ISWSHEX.dll]
[256]svchost.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x7E42C9C3-->20CB825A [ISWSHEX.dll]
[256]svchost.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->20CB835C [ISWSHEX.dll]
[2888]alg.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->20CB8E5D [ISWSHEX.dll]
[2888]alg.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->20CB9036 [ISWSHEX.dll]
[2888]alg.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x7C8309E9-->20CB846C [ISWSHEX.dll]
[2888]alg.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->20CB8791 [ISWSHEX.dll]
[2888]alg.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->20CB8D58 [ISWSHEX.dll]
[2888]alg.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->20CB89AB [ISWSHEX.dll]
[2888]alg.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x7E4282E1-->20CB828F [ISWSHEX.dll]
[2888]alg.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x7E42C9C3-->20CB825A [ISWSHEX.dll]
[2888]alg.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->20CB835C [ISWSHEX.dll]
[312]svchost.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->20CB8E5D [ISWSHEX.dll]
[312]svchost.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->20CB9036 [ISWSHEX.dll]
[312]svchost.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x7C8309E9-->20CB846C [ISWSHEX.dll]
[312]svchost.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->20CB8791 [ISWSHEX.dll]
[312]svchost.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->20CB8D58 [ISWSHEX.dll]
[312]svchost.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->20CB89AB [ISWSHEX.dll]
[312]svchost.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x7E4282E1-->20CB828F [ISWSHEX.dll]
[312]svchost.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x7E42C9C3-->20CB825A [ISWSHEX.dll]
[312]svchost.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->20CB835C [ISWSHEX.dll]
[3196]notepad.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->20CB8E5D [ISWSHEX.dll]
[3196]notepad.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->20CB9036 [ISWSHEX.dll]
[3196]notepad.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x7C8309E9-->20CB846C [ISWSHEX.dll]
[3196]notepad.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->20CB8791 [ISWSHEX.dll]
[3196]notepad.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->20CB8D58 [ISWSHEX.dll]
[3196]notepad.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->20CB89AB [ISWSHEX.dll]
[3196]notepad.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x7E4282E1-->20CB828F [ISWSHEX.dll]
[3196]notepad.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x7E42C9C3-->20CB825A [ISWSHEX.dll]
[3196]notepad.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->20CB835C [ISWSHEX.dll]
[428]ForceField.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->20CB8E5D [ISWSHEX.dll]
[428]ForceField.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->20CB9036 [ISWSHEX.dll]
[428]ForceField.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x7C8309E9-->20CB846C [ISWSHEX.dll]
[428]ForceField.exe-->kernel32.dll-->SetUnhandledExceptionFilter, Type: Inline - RelativeJump 0x7C84495D-->209F37DD [ISWDMP.dll]
[428]ForceField.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->20CB8791 [ISWSHEX.dll]
[428]ForceField.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->20CB8D58 [ISWSHEX.dll]
[428]ForceField.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->20CB89AB [ISWSHEX.dll]
[428]ForceField.exe-->user32.dll+0x000142A8, Type: Inline - RelativeJump 0x7E4242A8-->20CB9270 [ISWSHEX.dll]
[428]ForceField.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->20CB835C [ISWSHEX.dll]
[460]notepad.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->20CB8E5D [ISWSHEX.dll]
[460]notepad.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->20CB9036 [ISWSHEX.dll]
[460]notepad.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x7C8309E9-->20CB846C [ISWSHEX.dll]
[460]notepad.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->20CB8791 [ISWSHEX.dll]
[460]notepad.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->20CB8D58 [ISWSHEX.dll]
[460]notepad.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->20CB89AB [ISWSHEX.dll]
[460]notepad.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x7E4282E1-->20CB828F [ISWSHEX.dll]
[460]notepad.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x7E42C9C3-->20CB825A [ISWSHEX.dll]
[460]notepad.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->20CB835C [ISWSHEX.dll]
[716]explorer.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->20CB8E5D [ISWSHEX.dll]
[716]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->5CB77774 [shimeng.dll]
[716]explorer.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->20CB9036 [ISWSHEX.dll]
[716]explorer.exe-->crypt32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77A81188-->5CB77774 [shimeng.dll]
[716]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->5CB77774 [shimeng.dll]
[716]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->5CB77774 [shimeng.dll]
[716]explorer.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x7C8309E9-->20CB846C [ISWSHEX.dll]
[716]explorer.exe-->mswsock.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71A51178-->5CB77774 [shimeng.dll]
[716]explorer.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->20CB8791 [ISWSHEX.dll]
[716]explorer.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->20CB8D58 [ISWSHEX.dll]
[716]explorer.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->20CB89AB [ISWSHEX.dll]
[716]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->5CB77774 [shimeng.dll]
[716]explorer.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x7E4282E1-->20CB828F [ISWSHEX.dll]
[716]explorer.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x7E42C9C3-->20CB825A [ISWSHEX.dll]
[716]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->5CB77774 [shimeng.dll]
[716]explorer.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->20CB835C [ISWSHEX.dll]
[716]explorer.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x3D9314B0-->5CB77774 [shimeng.dll]
[716]explorer.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71AB109C-->5CB77774 [shimeng.dll]
[736]jqs.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->20CB8E5D [ISWSHEX.dll]
[736]jqs.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->20CB9036 [ISWSHEX.dll]
[736]jqs.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x7C8309E9-->20CB846C [ISWSHEX.dll]
[736]jqs.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->20CB8791 [ISWSHEX.dll]
[736]jqs.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->20CB8D58 [ISWSHEX.dll]
[736]jqs.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->20CB89AB [ISWSHEX.dll]
[736]jqs.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x7E4282E1-->20CB828F [ISWSHEX.dll]
[736]jqs.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x7E42C9C3-->20CB825A [ISWSHEX.dll]
[736]jqs.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->20CB835C [ISWSHEX.dll]
[924]mdm.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->20CB8E5D [ISWSHEX.dll]
[924]mdm.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->20CB9036 [ISWSHEX.dll]
[924]mdm.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x7C8309E9-->20CB846C [ISWSHEX.dll]
[924]mdm.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->20CB8791 [ISWSHEX.dll]
[924]mdm.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->20CB8D58 [ISWSHEX.dll]
[924]mdm.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->20CB89AB [ISWSHEX.dll]
[924]mdm.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x7E4282E1-->20CB828F [ISWSHEX.dll]
[924]mdm.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x7E42C9C3-->20CB825A [ISWSHEX.dll]
[924]mdm.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->20CB835C [ISWSHEX.dll]
[984]ISWSVC.exe-->advapi32.dll-->kernel32.dll-->CreateThread, Type: IAT modification 0x77DD10CC-->10009EF0 [vsinit.dll]
[984]ISWSVC.exe-->crypt32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77A81188-->100020F0 [vsinit.dll]
[984]ISWSVC.exe-->kernel32.dll+0x00002804, Type: Code Mismatch 0x7C802804 + 10244 [F8 41 08]
[984]ISWSVC.exe-->kernel32.dll+0x00002C2C, Type: Code Mismatch 0x7C802C2C + 11308 [EE 41 08]
[984]ISWSVC.exe-->kernel32.dll+0x00002C38, Type: Code Mismatch 0x7C802C38 + 11320 [F3 41 08]
[984]ISWSVC.exe-->kernel32.dll+0x00003330, Type: Inline - RelativeJump 0x7C803330-->18803B76 [unknown_code_page]
[984]ISWSVC.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x7C8309E9-->20CB846C [ISWSHEX.dll]
[984]ISWSVC.exe-->user32.dll+0x000142A8, Type: Inline - RelativeJump 0x7E4242A8-->20CB9270 [ISWSHEX.dll]
[984]ISWSVC.exe-->wininet.dll-->kernel32.dll-->CreateThread, Type: IAT modification 0x3D931370-->7C8841F8 [kernel32.dll]
[984]ISWSVC.exe-->wininet.dll-->kernel32.dll-->GetModuleHandleA, Type: IAT modification 0x3D9313DC-->7C8841EE [kernel32.dll]
[984]ISWSVC.exe-->wininet.dll-->kernel32.dll-->GetModuleHandleW, Type: IAT modification 0x3D9313E4-->7C8841F3 [kernel32.dll]
[984]ISWSVC.exe-->wininet.dll-->kernel32.dll-->SetUnhandledExceptionFilter, Type: IAT modification 0x3D931444-->7C8841E9 [kernel32.dll]
[984]ISWSVC.exe-->ws2_32.dll-->kernel32.dll-->CreateThread, Type: IAT modification 0x71AB10AC-->7C8841F8 [kernel32.dll]
[984]ISWSVC.exe-->ws2_32.dll-->kernel32.dll-->SetUnhandledExceptionFilter, Type: IAT modification 0x71AB10DC-->7C8841E9 [kernel32.dll]
Scolabar
2012-03-17, 07:07
Hi musicalpulltoy,
Thank you for the logs and feedback. :)
I think the active security tools may have caused the Rootkit UnHooker tool to produce false results.
Again, please remember to read the instructions below carefully before executing and perform the steps, in the order given.
If you have any questions about or problems executing these instructions, <STOP> do not proceed, post back with the question or problem before going any further.
Before proceeding please make sure any open programs are closed.
Step 1:
Temporarily Disable Active Security Tools
Please can you temporarily disable WinPatrol and Zone Alarm. If required, please refer to the following reference to achieve this:
Disable WinPatrol
Right-click on the WinPatrol (Scotty the dog) icon in the sytem tray.
Then select Exit Program.
Disable ZoneAlarm
Right-click on the ZoneAlarm icon in the sytem tray and select Shutdown ZoneAlarm.
An pop-up ZoneAlarm alert window will appear. Click on the Yes button to confirm the closure of the ZoneAlarm program
Note: Don't forget to re-enable WinPatrol and ZoneAlarm afterwards. To do this, simply relaunch the both of the programs or restart the computer.
Step 2:
Rootkit UnHooker
Then run the Rootkit UnHooker tool again and post back the contents of the log file.
Step 3:
Include in Next Post
Did you have any problems carrying out the instructions?
Report.txt.
Scolabar
--------------------------------------------------------------------------
No Reply Within 3 Days Will Result In Your Topic Being Closed
musicalpulltoy
2012-03-17, 10:48
hiya
had exit both ZA dont have a shutdown option.
AVG has no resident shield and popped up with "spr/tool.xooba.a" moved it to vault.
supose i have to do it again?
RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
>Drivers
==============================================
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2192768 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2192768 bytes
0x804D7000 RAW 2192768 bytes
0x804D7000 WMIxWDM 2192768 bytes
0xBF800000 Win32k 1863680 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1863680 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xB9F0F000 C:\WINDOWS\system32\DRIVERS\ialmnt5.sys 1302528 bytes (Intel Corporation, Intel Graphics Miniport Driver)
0xBF077000 C:\WINDOWS\System32\ialmdd5.DLL 925696 bytes (Intel Corporation, DirectDraw(R) Driver for Intel(R) Graphics Technology)
0xB9D52000 C:\WINDOWS\system32\drivers\senfilt.sys 733184 bytes (Creative Technology Ltd., Creative WDM Audio Driver)
0xF7B52000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xB188C000 C:\WINDOWS\System32\vsdatant.sys 520192 bytes (Check Point Software Technologies LTD, ZoneAlarm Firewalling Driver)
0xB168F000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xB9C2C000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xB1A3E000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xBF159000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xB19BF000 C:\WINDOWS\system32\DRIVERS\avgtdix.sys 290816 bytes (AVG Technologies CZ, s.r.o., AVG Network connection watcher)
0xB0089000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xB9E4C000 C:\WINDOWS\system32\drivers\smwdm.sys 262144 bytes (Analog Devices, Inc., SoundMAX Integrated Digital Audio )
0xB1A06000 C:\WINDOWS\system32\DRIVERS\tcpip6.sys 229376 bytes (Microsoft Corporation, IPv6 driver)
0xB12C4000 C:\WINDOWS\system32\DRIVERS\avgldx86.sys 225280 bytes (AVG Technologies CZ, s.r.o., AVG AVI Loader Driver)
0xB1AE6000 C:\WINDOWS\system32\DRIVERS\wg111v3.sys 225280 bytes (Realtek Semiconductor Corporation , NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter NDIS Driver)
0xBF042000 C:\WINDOWS\System32\ialmdev5.DLL 217088 bytes (Intel Corporation, Component GHAL Driver)
0xF75A8000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xF7419000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xB16FF000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xB190B000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xB9EA0000 C:\WINDOWS\system32\DRIVERS\e100b325.sys 155648 bytes (Intel Corporation, Intel(R) PRO/100 Adapter NDIS 5.1 driver)
0xB1999000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xB9E28000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB9ED7000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB9E05000 C:\WINDOWS\system32\drivers\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xB174C000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xBF020000 C:\WINDOWS\System32\ialmdnt5.dll 139264 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0xB172A000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0x806EF000 ACPI_HAL 131840 bytes
0x806EF000 C:\WINDOWS\system32\hal.dll 131840 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xB0412000 C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys 131072 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Driver.)
0xF7482000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF74BA000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xF74D9000 pcmcia.sys 122880 bytes (Microsoft Corporation, PCMCIA Bus Driver)
0xB1AAA000 C:\WINDOWS\system32\drivers\InCDFs.sys 114688 bytes (Nero AG, InCD File System Driver)
0xF787D000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF74A2000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xB1073000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xF7459000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB9D3B000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xB0A85000 C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys 90112 bytes (Microsoft Corporation, NWLINK2 IPX Protocol Driver)
0xB0818000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xB9E8C000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xB9EFB000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xB1A97000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xF7446000 WudfPf.sys 77824 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF7470000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF7597000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xB9D2A000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xBFF40000 C:\WINDOWS\System32\s3legacy.dll 69632 bytes (Microsoft Corporation, S3 Display Driver)
0xB9EC6000 C:\WINDOWS\system32\DRIVERS\s3legacy.sys 69632 bytes (Microsoft Corporation, s3 Miniport Driver)
0xB9C9A000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xBA6FA000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xB9CEA000 C:\WINDOWS\system32\DRIVERS\nwlnknb.sys 65536 bytes (Microsoft Corporation, NWLINK2 IPX Netbios Protocol Driver)
0xBA71A000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xF7557000 C:\WINDOWS\System32\Drivers\DgiVecp.sys 61440 bytes (DeviceGuys, Inc., Windows NT 4.0 IEEE-1284 parallel class driver for ECP, Byte, and Nibble modes)
0xBA6DA000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xB17C7000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF76C7000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xBF012000 C:\WINDOWS\System32\ialmrnt5.dll 57344 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0xB07AA000 C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys 57344 bytes (Microsoft Corporation, NWLINK2 SPX Protocol Driver)
0xF7587000 C:\WINDOWS\system32\DRIVERS\avgmfx86.sys 53248 bytes (AVG Technologies CZ, s.r.o., AVG Resident Shield Minifilter Driver)
0xF7637000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xBA72A000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF7667000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF7617000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF7687000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF7507000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xBA70A000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF7607000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF7677000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF75F7000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF76B7000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF76A7000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xB0011000 C:\WINDOWS\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0xF7627000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF76F7000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xBA6EA000 C:\WINDOWS\system32\drivers\InCDRm.sys 36864 bytes (Nero AG, Nero MRW Filter Driver)
0xBA73A000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF7577000 C:\WINDOWS\system32\drivers\ip6fw.sys 36864 bytes (Microsoft Corporation, IPv6 Windows Firewall Driver)
0xF7697000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF7527000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xF7647000 PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xF7567000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xBA05F000 C:\WINDOWS\system32\drivers\InCDPass.sys 32768 bytes (Nero AG, Ahead RW Filter Driver)
0xF774F000 C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys 32768 bytes (Check Point Software Technologies, ZoneAlarm Browser Security)
0xF777F000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xBA07F000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF7717000 avgrkx86.sys 28672 bytes (AVG Technologies CZ, s.r.o., AVG Anti-Rootkit Driver)
0xBA077000 C:\WINDOWS\system32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xF775F000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF7707000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xBA067000 C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xBA06F000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF7747000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF7787000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0xBA087000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF776F000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF781F000 C:\WINDOWS\system32\DRIVERS\AegisP.sys 20480 bytes (Meetinghouse Data Communications, IEEE 802.1X Protocol Driver)
0xF772F000 C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys 20480 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Filter Driver.)
0xF7777000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF770F000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF7737000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF773F000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
0xBA057000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF77EF000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF789B000 AVGIDSEH.Sys 16384 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Helper Driver.)
0xBA7DC000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xB0BAF000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xBA7F4000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xB091D000 C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys 12288 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Loader Driver.)
0xF7897000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xB9C1C000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xBA574000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xBA7B4000 C:\WINDOWS\System32\Drivers\i2omgmt.SYS 12288 bytes (Microsoft Corporation, I2O Utility Filter)
0xBA56C000 C:\WINDOWS\System32\Drivers\InCDrec.SYS 12288 bytes (Nero AG, InCD File System Recognizer)
0xB092D000 C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 12288 bytes (Conexant, Diagnostic Interface DRIVER)
0xF7927000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xBA7EC000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xBA568000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xBA7FC000 C:\WINDOWS\system32\DRIVERS\tunmp.sys 12288 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0xF79F7000 C:\WINDOWS\System32\Drivers\ASCTRM.SYS 8192 bytes (Windows (R) 2000 DDK provider, TR Manager)
0xF79B9000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF7997000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF79B7000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF798B000 intelide.sys 8192 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0xF7987000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF79BB000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF79BD000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF79AF000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF79B5000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7989000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7A98000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xB12B2000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xBA260000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7A4F000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================
WARNING: Virus alike driver modification [adpu160m.sys]
WARNING: Virus alike driver modification [ipfilter.sys]
WARNING: Virus alike driver modification [acpiec.sys]
WARNING: Virus alike driver modification [cpqdap01.sys]
WARNING: Virus alike driver modification [amsint.sys]
WARNING: Virus alike driver modification [nikedrv.sys]
WARNING: Virus alike driver modification [rio8drv.sys]
WARNING: Virus alike driver modification [riodrv.sys]
WARNING: Virus alike driver modification [ws2ifsl.sys]
WARNING: Virus alike driver modification [fsvga.sys]
WARNING: Virus alike driver modification [nwlnkflt.sys]
WARNING: Virus alike driver modification [ftdisk.sys]
WARNING: Virus alike driver modification [aha154x.sys]
WARNING: Virus alike driver modification [cbidf2k.sys]
WARNING: Virus alike driver modification [smclib.sys]
WARNING: Virus alike driver modification [dac960nt.sys]
WARNING: Virus alike driver modification [asc3550.sys]
WARNING: Virus alike driver modification [cpqarray.sys]
WARNING: Virus alike driver modification [ini910u.sys]
WARNING: Virus alike driver modification [symc810.sys]
WARNING: Virus alike driver modification [mraid35x.sys]
WARNING: Virus alike driver modification [dac2w2k.sys]
WARNING: Virus alike driver modification [nv4_mini.sys]
WARNING: Virus alike driver modification [sparrow.sys]
WARNING: Virus alike driver modification [iqvw32.sys]
WARNING: Virus alike driver modification [dpti2o.sys]
WARNING: Virus alike driver modification [tsbvcap.sys]
WARNING: Virus alike driver modification [asc3350p.sys]
WARNING: Virus alike driver modification [ABP480N5.SYS]
WARNING: Virus alike driver modification [hpn.sys]
WARNING: Virus alike driver modification [cinemst2.sys]
WARNING: Virus alike driver modification [asc.sys]
WARNING: Virus alike driver modification [perc2.sys]
WARNING: Virus alike driver modification [sym_hi.sys]
WARNING: Virus alike driver modification [PTDUBus.sys]
WARNING: Virus alike driver modification [sym_u3.sys]
WARNING: Virus alike driver modification [atmepvc.sys]
WARNING: Virus alike driver modification [nwlnkfwd.sys]
WARNING: Virus alike driver modification [symc8xx.sys]
WARNING: Virus alike driver modification [ipfltdrv.sys]
WARNING: Virus alike driver modification [ql10wnt.sys]
WARNING: Virus alike driver modification [rawwan.sys]
WARNING: Virus alike driver modification [atmuni.sys]
WARNING: Virus alike driver modification [ultra.sys]
WARNING: Virus alike driver modification [StMp3Rec.sys]
WARNING: Virus alike driver modification [wpdusb.sys]
WARNING: Virus alike driver modification [PTDUVsp.sys]
WARNING: Virus alike driver modification [ql1080.sys]
WARNING: Virus alike driver modification [ql1240.sys]
WARNING: Virus alike driver modification [PTDUMdm.sys]
WARNING: Virus alike driver modification [ql12160.sys]
WARNING: Virus alike driver modification [ql1280.sys]
WARNING: Virus alike driver modification [toside.sys]
WARNING: Virus alike driver modification [tosdvd.sys]
WARNING: Virus alike driver modification [aliide.sys]
WARNING: Virus alike driver modification [perc2hib.sys]
WARNING: Virus alike driver modification [aic78u2.sys]
WARNING: Virus alike driver modification [nwlnkspx.sys]
WARNING: Virus alike driver modification [aic78xx.sys]
WARNING: Virus alike driver modification [vdmindvd.sys]
WARNING: Virus alike driver modification [dmload.sys]
WARNING: Virus alike driver modification [rootmdm.sys]
WARNING: Virus alike driver modification [PTDUWWAN.sys]
WARNING: Virus alike driver modification [nwlnknb.sys]
WARNING: Virus alike driver modification [cmdide.sys]
WARNING: Virus alike driver modification [parvdm.sys]
WARNING: Virus alike driver modification [cd20xrnt.sys]
WARNING: Virus alike driver modification [mcd.sys]
WARNING: Virus alike driver modification [WudfPf.sys]
WARNING: Virus alike driver modification [WudfRd.sys]
==============================================
>Files
==============================================
==============================================
>Hooks
==============================================
ntoskrnl.exe+0x00004AA2, Type: Inline - RelativeJump 0x804DBAA2-->804DBAA9 [ntoskrnl.exe]
ntoskrnl.exe+0x0000B888, Type: Inline - RelativeJump 0x804E2888-->804E2818 [ntoskrnl.exe]
ntoskrnl.exe+0x0000BA94, Type: Inline - RelativeJump 0x804E2A94-->804E2B09 [ntoskrnl.exe]
ntoskrnl.exe-->KeFindConfigurationEntry, Type: Inline - RelativeJump 0x806C5F1A-->806C5F8D [ntoskrnl.exe]
ntoskrnl.exe-->KeFindConfigurationEntry, Type: Inline - RelativeCall 0x806C5F22-->F76C5F34 [unknown_code_page]
tcpip.sys-->ndis.sys-->NdisCloseAdapter, Type: IAT modification 0xB1A7D428-->B18B2A3E [vsdatant.sys]
tcpip.sys-->ndis.sys-->NdisOpenAdapter, Type: IAT modification 0xB1A7D454-->B18B224C [vsdatant.sys]
tcpip.sys-->ndis.sys-->NdisRegisterProtocol, Type: IAT modification 0xB1A7D460-->B18B23F6 [vsdatant.sys]
wanarp.sys-->ndis.sys-->NdisCloseAdapter, Type: IAT modification 0xF756CB4C-->B18B2A3E [vsdatant.sys]
wanarp.sys-->ndis.sys-->NdisDeregisterProtocol, Type: IAT modification 0xF756CB1C-->B18B09A6 [vsdatant.sys]
wanarp.sys-->ndis.sys-->NdisOpenAdapter, Type: IAT modification 0xF756CB3C-->B18B224C [vsdatant.sys]
wanarp.sys-->ndis.sys-->NdisRegisterProtocol, Type: IAT modification 0xF756CB28-->B18B23F6 [vsdatant.sys]
[1276]mdm.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->20CB8E5D [ISWSHEX.dll]
[1276]mdm.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->20CB9036 [ISWSHEX.dll]
[1276]mdm.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x7C8309E9-->20CB846C [ISWSHEX.dll]
[1276]mdm.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->20CB8791 [ISWSHEX.dll]
[1276]mdm.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->20CB8D58 [ISWSHEX.dll]
[1276]mdm.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->20CB89AB [ISWSHEX.dll]
[1276]mdm.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x7E4282E1-->20CB828F [ISWSHEX.dll]
[1276]mdm.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x7E42C9C3-->20CB825A [ISWSHEX.dll]
[1276]mdm.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->20CB835C [ISWSHEX.dll]
[1364]winlogon.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->20CB8E5D [ISWSHEX.dll]
[1364]winlogon.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->20CB9036 [ISWSHEX.dll]
[1364]winlogon.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x7C8309E9-->20CB846C [ISWSHEX.dll]
[1364]winlogon.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->20CB8791 [ISWSHEX.dll]
[1364]winlogon.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->20CB8D58 [ISWSHEX.dll]
[1364]winlogon.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->20CB89AB [ISWSHEX.dll]
[1364]winlogon.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x7E4282E1-->20CB828F [ISWSHEX.dll]
[1364]winlogon.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x7E42C9C3-->20CB825A [ISWSHEX.dll]
[1364]winlogon.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->20CB835C [ISWSHEX.dll]
[1412]services.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->20CB8E5D [ISWSHEX.dll]
[1412]services.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->20CB9036 [ISWSHEX.dll]
[1412]services.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x7C8309E9-->20CB846C [ISWSHEX.dll]
[1412]services.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->20CB8791 [ISWSHEX.dll]
[1412]services.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->20CB8D58 [ISWSHEX.dll]
[1412]services.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->20CB89AB [ISWSHEX.dll]
[1412]services.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x7E4282E1-->20CB828F [ISWSHEX.dll]
[1412]services.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x7E42C9C3-->20CB825A [ISWSHEX.dll]
[1412]services.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->20CB835C [ISWSHEX.dll]
[1424]lsass.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->20CB8E5D [ISWSHEX.dll]
[1424]lsass.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->20CB9036 [ISWSHEX.dll]
[1424]lsass.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->20CB8791 [ISWSHEX.dll]
[1424]lsass.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->20CB8D58 [ISWSHEX.dll]
[1424]lsass.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->20CB89AB [ISWSHEX.dll]
[1424]lsass.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x7E4282E1-->20CB828F [ISWSHEX.dll]
[1424]lsass.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x7E42C9C3-->20CB825A [ISWSHEX.dll]
[1424]lsass.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->20CB835C [ISWSHEX.dll]
[1592]svchost.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->20CB8E5D [ISWSHEX.dll]
[1592]svchost.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->20CB9036 [ISWSHEX.dll]
[1592]svchost.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x7C8309E9-->20CB846C [ISWSHEX.dll]
[1592]svchost.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->20CB8791 [ISWSHEX.dll]
[1592]svchost.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->20CB8D58 [ISWSHEX.dll]
[1592]svchost.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->20CB89AB [ISWSHEX.dll]
[1592]svchost.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x7E4282E1-->20CB828F [ISWSHEX.dll]
[1592]svchost.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x7E42C9C3-->20CB825A [ISWSHEX.dll]
[1592]svchost.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->20CB835C [ISWSHEX.dll]
[1648]svchost.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->20CB8E5D [ISWSHEX.dll]
[1648]svchost.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->20CB9036 [ISWSHEX.dll]
[1648]svchost.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x7C8309E9-->20CB846C [ISWSHEX.dll]
[1648]svchost.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->20CB8791 [ISWSHEX.dll]
[1648]svchost.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->20CB8D58 [ISWSHEX.dll]
[1648]svchost.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->20CB89AB [ISWSHEX.dll]
[1648]svchost.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x7E4282E1-->20CB828F [ISWSHEX.dll]
[1648]svchost.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x7E42C9C3-->20CB825A [ISWSHEX.dll]
[1648]svchost.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->20CB835C [ISWSHEX.dll]
[1744]searchindexer.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->20CB8E5D [ISWSHEX.dll]
[1744]searchindexer.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->20CB9036 [ISWSHEX.dll]
[1744]searchindexer.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x7C8309E9-->20CB846C [ISWSHEX.dll]
[1744]searchindexer.exe-->kernel32.dll-->WriteFile, Type: Inline - RelativeJump 0x7C810E27-->00585C0C [mssrch.dll]
[1744]searchindexer.exe-->kernel32.dll-->WriteFile, Type: Inline - SEH 0x7C810E2C [unknown_code_page]
[1744]searchindexer.exe-->kernel32.dll-->WriteFile, Type: Inline - SEH 0x7C810E2D [unknown_code_page]
[1744]searchindexer.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->20CB8791 [ISWSHEX.dll]
[1744]searchindexer.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->20CB8D58 [ISWSHEX.dll]
[1744]searchindexer.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->20CB89AB [ISWSHEX.dll]
[1744]searchindexer.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x7E4282E1-->20CB828F [ISWSHEX.dll]
[1744]searchindexer.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x7E42C9C3-->20CB825A [ISWSHEX.dll]
[1744]searchindexer.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->20CB835C [ISWSHEX.dll]
[1776]svchost.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->20CB8E5D [ISWSHEX.dll]
[1776]svchost.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->20CB9036 [ISWSHEX.dll]
[1776]svchost.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x7C8309E9-->20CB846C [ISWSHEX.dll]
[1776]svchost.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->20CB8791 [ISWSHEX.dll]
[1776]svchost.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->20CB8D58 [ISWSHEX.dll]
[1776]svchost.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->20CB89AB [ISWSHEX.dll]
[1776]svchost.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x7E4282E1-->20CB828F [ISWSHEX.dll]
[1776]svchost.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x7E42C9C3-->20CB825A [ISWSHEX.dll]
[1776]svchost.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->20CB835C [ISWSHEX.dll]
[1816]svchost.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->20CB8E5D [ISWSHEX.dll]
[1816]svchost.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->20CB9036 [ISWSHEX.dll]
[1816]svchost.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x7C8309E9-->20CB846C [ISWSHEX.dll]
[1816]svchost.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->20CB8791 [ISWSHEX.dll]
[1816]svchost.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->20CB8D58 [ISWSHEX.dll]
[1816]svchost.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->20CB89AB [ISWSHEX.dll]
[1816]svchost.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x7E4282E1-->20CB828F [ISWSHEX.dll]
[1816]svchost.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x7E42C9C3-->20CB825A [ISWSHEX.dll]
[1816]svchost.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->20CB835C [ISWSHEX.dll]
[1852]svchost.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->20CB8E5D [ISWSHEX.dll]
[1852]svchost.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->20CB9036 [ISWSHEX.dll]
[1852]svchost.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x7C8309E9-->20CB846C [ISWSHEX.dll]
[1852]svchost.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->20CB8791 [ISWSHEX.dll]
[1852]svchost.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->20CB8D58 [ISWSHEX.dll]
[1852]svchost.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->20CB89AB [ISWSHEX.dll]
[1852]svchost.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x7E4282E1-->20CB828F [ISWSHEX.dll]
[1852]svchost.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x7E42C9C3-->20CB825A [ISWSHEX.dll]
[1852]svchost.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->20CB835C [ISWSHEX.dll]
[212]ctfmon.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->20CB8E5D [ISWSHEX.dll]
[212]ctfmon.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->20CB9036 [ISWSHEX.dll]
[212]ctfmon.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x7C8309E9-->20CB846C [ISWSHEX.dll]
[212]ctfmon.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->20CB8791 [ISWSHEX.dll]
[212]ctfmon.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->20CB8D58 [ISWSHEX.dll]
[212]ctfmon.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->20CB89AB [ISWSHEX.dll]
[212]ctfmon.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x7E4282E1-->20CB828F [ISWSHEX.dll]
[212]ctfmon.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x7E42C9C3-->20CB825A [ISWSHEX.dll]
[212]ctfmon.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->20CB835C [ISWSHEX.dll]
[2184]taskmgr.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->20CB8E5D [ISWSHEX.dll]
[2184]taskmgr.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->20CB9036 [ISWSHEX.dll]
[2184]taskmgr.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x7C8309E9-->20CB846C [ISWSHEX.dll]
[2184]taskmgr.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->20CB8791 [ISWSHEX.dll]
[2184]taskmgr.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->20CB8D58 [ISWSHEX.dll]
[2184]taskmgr.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->20CB89AB [ISWSHEX.dll]
[2184]taskmgr.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x7E4282E1-->20CB828F [ISWSHEX.dll]
[2184]taskmgr.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x7E42C9C3-->20CB825A [ISWSHEX.dll]
[2184]taskmgr.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->20CB835C [ISWSHEX.dll]
[220]svchost.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->20CB8E5D [ISWSHEX.dll]
[220]svchost.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->20CB9036 [ISWSHEX.dll]
[220]svchost.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x7C8309E9-->20CB846C [ISWSHEX.dll]
[220]svchost.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->20CB8791 [ISWSHEX.dll]
[220]svchost.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->20CB8D58 [ISWSHEX.dll]
[220]svchost.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->20CB89AB [ISWSHEX.dll]
[220]svchost.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x7E4282E1-->20CB828F [ISWSHEX.dll]
[220]svchost.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x7E42C9C3-->20CB825A [ISWSHEX.dll]
[220]svchost.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->20CB835C [ISWSHEX.dll]
[308]svchost.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->20CB8E5D [ISWSHEX.dll]
[308]svchost.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->20CB9036 [ISWSHEX.dll]
[308]svchost.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x7C8309E9-->20CB846C [ISWSHEX.dll]
[308]svchost.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->20CB8791 [ISWSHEX.dll]
[308]svchost.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->20CB8D58 [ISWSHEX.dll]
[308]svchost.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->20CB89AB [ISWSHEX.dll]
[308]svchost.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x7E4282E1-->20CB828F [ISWSHEX.dll]
[308]svchost.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x7E42C9C3-->20CB825A [ISWSHEX.dll]
[308]svchost.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->20CB835C [ISWSHEX.dll]
[3092]WG111v3.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->20CB8E5D [ISWSHEX.dll]
[3092]WG111v3.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->20CB9036 [ISWSHEX.dll]
[3092]WG111v3.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x7C8309E9-->20CB846C [ISWSHEX.dll]
[3092]WG111v3.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->20CB8791 [ISWSHEX.dll]
[3092]WG111v3.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->20CB8D58 [ISWSHEX.dll]
[3092]WG111v3.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->20CB89AB [ISWSHEX.dll]
[3092]WG111v3.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x7E4282E1-->20CB828F [ISWSHEX.dll]
[3092]WG111v3.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x7E42C9C3-->20CB825A [ISWSHEX.dll]
[3092]WG111v3.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->20CB835C [ISWSHEX.dll]
[648]explorer.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->20CB8E5D [ISWSHEX.dll]
[648]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->5CB77774 [shimeng.dll]
[648]explorer.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->20CB9036 [ISWSHEX.dll]
[648]explorer.exe-->crypt32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77A81188-->5CB77774 [shimeng.dll]
[648]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->5CB77774 [shimeng.dll]
[648]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->5CB77774 [shimeng.dll]
[648]explorer.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x7C8309E9-->20CB846C [ISWSHEX.dll]
[648]explorer.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->20CB8791 [ISWSHEX.dll]
[648]explorer.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->20CB8D58 [ISWSHEX.dll]
[648]explorer.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->20CB89AB [ISWSHEX.dll]
[648]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->5CB77774 [shimeng.dll]
[648]explorer.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x7E4282E1-->20CB828F [ISWSHEX.dll]
[648]explorer.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x7E42C9C3-->20CB825A [ISWSHEX.dll]
[648]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->5CB77774 [shimeng.dll]
[648]explorer.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->20CB835C [ISWSHEX.dll]
[648]explorer.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x3D9314B0-->5CB77774 [shimeng.dll]
[648]explorer.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71AB109C-->5CB77774 [shimeng.dll]
[768]jqs.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->20CB8E5D [ISWSHEX.dll]
[768]jqs.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->20CB9036 [ISWSHEX.dll]
[768]jqs.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x7C8309E9-->20CB846C [ISWSHEX.dll]
[768]jqs.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->20CB8791 [ISWSHEX.dll]
[768]jqs.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->20CB8D58 [ISWSHEX.dll]
[768]jqs.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->20CB89AB [ISWSHEX.dll]
[768]jqs.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x7E4282E1-->20CB828F [ISWSHEX.dll]
[768]jqs.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x7E42C9C3-->20CB825A [ISWSHEX.dll]
[768]jqs.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->20CB835C [ISWSHEX.dll]
[972]ISWSVC.exe-->advapi32.dll-->kernel32.dll-->CreateThread, Type: IAT modification 0x77DD10CC-->10009EF0 [vsinit.dll]
[972]ISWSVC.exe-->crypt32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77A81188-->100020F0 [vsinit.dll]
[972]ISWSVC.exe-->kernel32.dll+0x00002804, Type: Code Mismatch 0x7C802804 + 10244 [F8 41 08]
[972]ISWSVC.exe-->kernel32.dll+0x00002C2C, Type: Code Mismatch 0x7C802C2C + 11308 [EE 41 08]
[972]ISWSVC.exe-->kernel32.dll+0x00002C38, Type: Code Mismatch 0x7C802C38 + 11320 [F3 41 08]
[972]ISWSVC.exe-->kernel32.dll+0x00003330, Type: Inline - RelativeJump 0x7C803330-->18803B76 [unknown_code_page]
[972]ISWSVC.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x7C8309E9-->20CB846C [ISWSHEX.dll]
[972]ISWSVC.exe-->mswsock.dll-->kernel32.dll-->CreateThread, Type: IAT modification 0x71A51160-->7C8841F8 [kernel32.dll]
[972]ISWSVC.exe-->mswsock.dll-->kernel32.dll-->SetUnhandledExceptionFilter, Type: IAT modification 0x71A510BC-->7C8841E9 [kernel32.dll]
[972]ISWSVC.exe-->user32.dll+0x000142A8, Type: Inline - RelativeJump 0x7E4242A8-->20CB9270 [ISWSHEX.dll]
[972]ISWSVC.exe-->wininet.dll-->kernel32.dll-->CreateThread, Type: IAT modification 0x3D931370-->7C8841F8 [kernel32.dll]
[972]ISWSVC.exe-->wininet.dll-->kernel32.dll-->GetModuleHandleA, Type: IAT modification 0x3D9313DC-->7C8841EE [kernel32.dll]
[972]ISWSVC.exe-->wininet.dll-->kernel32.dll-->GetModuleHandleW, Type: IAT modification 0x3D9313E4-->7C8841F3 [kernel32.dll]
[972]ISWSVC.exe-->wininet.dll-->kernel32.dll-->SetUnhandledExceptionFilter, Type: IAT modification 0x3D931444-->7C8841E9 [kernel32.dll]
[972]ISWSVC.exe-->ws2_32.dll-->kernel32.dll-->CreateThread, Type: IAT modification 0x71AB10AC-->7C8841F8 [kernel32.dll]
[972]ISWSVC.exe-->ws2_32.dll-->kernel32.dll-->SetUnhandledExceptionFilter, Type: IAT modification 0x71AB10DC-->7C8841E9 [kernel32.dll]
Scolabar
2012-03-18, 09:14
Hi musicalpulltoy,
OK, let's try a different tack. ;)
Again, please remember to read the instructions below carefully before executing and perform the steps, in the order given.
If you have any questions about or problems executing these instructions, <STOP> do not proceed, post back with the question or problem before going any further.
Before proceeding please make sure any open programs are closed.
Step 1:
MBRCheck - Scan
Let's see if we can get some more information on this MBR infection.
Please download MBRCheck.exe (http://download.bleepingcomputer.com/rootrepeal/MBRCheck.exe) © a_d_13 to your Desktop.
Alternate links: Link 2 (http://ad13.geekstogo.com/MBRCheck.exe) or Link 3 (http://www.kernelmode.info/MBRCheck.exe)
Double-click on MBRCheck.exe to launch the program.
A small black window will open with some information. Please do not fix anything (- if it gives you an option).
If an unknown boot code is detected additional options will be presented. At this time press N then press Enter twice to continue.
When the scan has completed you should see the message Done! Press ENTER to exit... Press Enter to exit the program.
A file named MBRCheck_mm.dd.yy_hh.mm.ss.txt will appear on your Desktop.
Please Copy and Paste the entire contents of the MBRCheck_mm.dd.yy_hh.mm.ss.txt file into your next reply.
Step 2:
GMER
Please Note: The downloaded file will have a random filename. This prevents malware from detecting and blocking it.
Please download GMER ... random named.exe (http://www2.gmer.net/download.php) by GMER. An alternative (zip file) download is available here (http://www2.gmer.net/gmer.zip).
IMPORTANT: Do not run any programs while GMER is running.
CAUTION: Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries.
Double click on the random named.exe to execute. If asked, allow the gmer.sys driver to load.
If it gives you a warning about rootkit activity and asks if you want to run a scan click on NO. <--- Important!
On the right side panel, several boxes have been checked. Please UNCHECK the following: (See image below.)
IAT/EAT
Drives/Partition other than Systemdrive (typically C: drive)
Show All <-- don't miss this one
http://i28.photobucket.com/albums/c227/tetonbob/gmer_th.gif (http://i28.photobucket.com/albums/c227/tetonbob/gmer_screen2-1.gif)
Click on image to enlarge
If you don't get a warning, then click on the Rootkit/Malware tab at the top of the GMER window.
Click on the Scan button.
Once the scan has finished, click on Save. The Save window will open.
Save the scan results as ark.txt to your Desktop.
Double-click on the ark.txt file on the Desktop to open it in Notepad.
Copy and Paste the entire contents of ark.txt into your next reply.
Step 3:
Include in Next Post
Did you have any problems carrying out the instructions?
MBRCheck_mm.dd.yy_hh.mm.ss.txt.
ark.txt.
Scolabar
--------------------------------------------------------------------------
No Reply Within 3 Days Will Result In Your Topic Being Closed
musicalpulltoy
2012-03-18, 13:30
howdy
no problems.
maybe this helps "C:\WINDOWS\system32\01BA7819.exe" is what scotty said wanted to be a start up program more then once.
its in the vault now.
MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x00000034
Kernel Drivers (total 138):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EF000 \WINDOWS\system32\hal.dll
0xF7987000 \WINDOWS\system32\KDCOM.DLL
0xF7897000 \WINDOWS\system32\BOOTVID.dll
0xF75A8000 ACPI.sys
0xF7989000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7597000 pci.sys
0xF75F7000 isapnp.sys
0xF7A4F000 pciide.sys
0xF7707000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF798B000 intelide.sys
0xF74D9000 pcmcia.sys
0xF7607000 MountMgr.sys
0xF74BA000 ftdisk.sys
0xF770F000 PartMgr.sys
0xF7617000 VolSnap.sys
0xF74A2000 atapi.sys
0xF7627000 disk.sys
0xF7637000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF7482000 fltmgr.sys
0xF7470000 sr.sys
0xF7647000 PxHelp20.sys
0xF7459000 KSecDD.sys
0xF7446000 WudfPf.sys
0xF7B52000 Ntfs.sys
0xF7419000 NDIS.sys
0xF787D000 Mup.sys
0xF7717000 avgrkx86.sys
0xF789B000 AVGIDSEH.Sys
0xBA7FC000 \SystemRoot\system32\DRIVERS\tunmp.sys
0xBA73A000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB9F0F000 \SystemRoot\system32\DRIVERS\ialmnt5.sys
0xB9EFB000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xBA087000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB9ED7000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA07F000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB9EC6000 \SystemRoot\system32\DRIVERS\s3legacy.sys
0xB9EA0000 \SystemRoot\system32\DRIVERS\e100b325.sys
0xBA077000 \SystemRoot\system32\DRIVERS\fdc.sys
0xBA72A000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xBA06F000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBA71A000 \SystemRoot\system32\DRIVERS\serial.sys
0xBA7F4000 \SystemRoot\system32\DRIVERS\serenum.sys
0xB9E8C000 \SystemRoot\system32\DRIVERS\parport.sys
0xBA70A000 \SystemRoot\system32\DRIVERS\imapi.sys
0xBA6FA000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xBA067000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0xBA05F000 \SystemRoot\system32\drivers\InCDPass.sys
0xBA6EA000 \SystemRoot\system32\drivers\InCDRm.sys
0xB9E4C000 \SystemRoot\system32\drivers\smwdm.sys
0xB9E28000 \SystemRoot\system32\drivers\portcls.sys
0xBA6DA000 \SystemRoot\system32\drivers\drmk.sys
0xB9E05000 \SystemRoot\system32\drivers\ks.sys
0xB9D52000 \SystemRoot\system32\drivers\senfilt.sys
0xF7A98000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF7667000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xBA7EC000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB9D3B000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF7677000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF7687000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xBA057000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB9D2A000 \SystemRoot\system32\DRIVERS\psched.sys
0xF7697000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF7737000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF773F000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF76A7000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7747000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF79AF000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB9C2C000 \SystemRoot\system32\DRIVERS\update.sys
0xBA7DC000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF76B7000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF76C7000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF79B5000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xBA7B4000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xBA574000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF76F7000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF775F000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xB1AE6000 \SystemRoot\system32\DRIVERS\wg111v3.sys
0xF7587000 \SystemRoot\system32\DRIVERS\avgmfx86.sys
0xF79B7000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA260000 \SystemRoot\System32\Drivers\Null.SYS
0xF79B9000 \SystemRoot\System32\Drivers\Beep.SYS
0xF776F000 \SystemRoot\System32\drivers\vga.sys
0xF79BB000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF79BD000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xBA56C000 \SystemRoot\System32\Drivers\InCDrec.SYS
0xB1AAA000 \SystemRoot\system32\drivers\InCDFs.sys
0xF7777000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF777F000 \SystemRoot\System32\Drivers\Npfs.SYS
0xBA568000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB1A97000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB1A3E000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB1A06000 \SystemRoot\system32\DRIVERS\tcpip6.sys
0xB19BF000 \SystemRoot\system32\DRIVERS\avgtdix.sys
0xB1999000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF7577000 \SystemRoot\system32\drivers\ip6fw.sys
0xF7567000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xB190B000 \SystemRoot\system32\DRIVERS\netbt.sys
0xB188C000 \SystemRoot\System32\vsdatant.sys
0xF7927000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xB174C000 \SystemRoot\System32\drivers\afd.sys
0xF7527000 \SystemRoot\system32\DRIVERS\netbios.sys
0xB172A000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0xF7787000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xB16FF000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB168F000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF7507000 \SystemRoot\System32\Drivers\Fips.SYS
0xB12C4000 \SystemRoot\system32\DRIVERS\avgldx86.sys
0xB9C9A000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB1073000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7997000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB9C1C000 \SystemRoot\System32\drivers\Dxapi.sys
0xF77EF000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xB12B2000 \SystemRoot\System32\drivers\dxgthk.sys
0xBFF40000 \SystemRoot\System32\s3legacy.dll
0xBF020000 \SystemRoot\System32\ialmdnt5.dll
0xBF012000 \SystemRoot\System32\ialmrnt5.dll
0xBF042000 \SystemRoot\System32\ialmdev5.DLL
0xBF077000 \SystemRoot\System32\ialmdd5.DLL
0xBF159000 \SystemRoot\System32\ATMFD.DLL
0xF781F000 \SystemRoot\system32\DRIVERS\AegisP.sys
0xB0A85000 \SystemRoot\system32\DRIVERS\nwlnkipx.sys
0xB9CEA000 \SystemRoot\system32\DRIVERS\nwlnknb.sys
0xB0BAF000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xF774F000 \??\C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
0xB0818000 \SystemRoot\system32\drivers\wdmaud.sys
0xB17C7000 \SystemRoot\system32\drivers\sysaudio.sys
0xF79F7000 \SystemRoot\System32\Drivers\ASCTRM.SYS
0xB091D000 \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys
0xF7557000 \SystemRoot\System32\Drivers\DgiVecp.sys
0xB092D000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xB07AA000 \SystemRoot\system32\DRIVERS\nwlnkspx.sys
0xF772F000 \SystemRoot\system32\DRIVERS\AVGIDSFilter.Sys
0xB0412000 \SystemRoot\system32\DRIVERS\AVGIDSDriver.Sys
0xB0089000 \SystemRoot\System32\Drivers\HTTP.sys
0x7C900000 \WINDOWS\system32\ntdll.dll
Processes (total 37):
0 System Idle Process
4 System
1044 C:\WINDOWS\system32\smss.exe
1108 C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
1140 C:\Program Files\AVG\AVG2012\avgcsrvx.exe
1340 csrss.exe
1364 C:\WINDOWS\system32\winlogon.exe
1412 C:\WINDOWS\system32\services.exe
1424 C:\WINDOWS\system32\lsass.exe
1592 C:\WINDOWS\system32\svchost.exe
1648 svchost.exe
1816 C:\WINDOWS\system32\svchost.exe
1852 C:\WINDOWS\system32\svchost.exe
220 svchost.exe
308 svchost.exe
972 C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
648 C:\WINDOWS\explorer.exe
684 C:\Program Files\AVG\AVG2012\avgwdsvc.exe
768 C:\Program Files\Java\jre7\bin\jqs.exe
1276 C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
132 C:\Program Files\AVG\AVG2012\avgnsx.exe
1744 C:\WINDOWS\system32\searchindexer.exe
152 C:\Program Files\AVG\AVG2012\avgtray.exe
212 C:\WINDOWS\system32\ctfmon.exe
820 C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
2184 C:\WINDOWS\system32\taskmgr.exe
3092 C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
3772 C:\Program Files\Mozilla Firefox\firefox.exe
3308 C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
3012 C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
1788 C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
2828 C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
628 C:\Program Files\Internet Explorer\iexplore.exe
3336 C:\Program Files\Internet Explorer\iexplore.exe
2464 C:\Program Files\Windows NT\Accessories\wordpad.exe
1332 C:\WINDOWS\system32\charmap.exe
3936 C:\Documents and Settings\DAD\Desktop\MBRCheck.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`01f60800 (NTFS)
\\.\E: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)
PhysicalDrive0 Model Number: ST340014A, Rev: 8.16
PhysicalDrive1 Model Number: ST3250824A, Rev: 3.AAE
Size Device Name MBR Status
--------------------------------------------
37 GB \\.\PhysicalDrive0 Dell MBR code detected
SHA1: 57BDF501CE769EF2720C705B6C71C893DA31574E
232 GB \\.\PhysicalDrive1 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
Done!
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-03-18 03:56:43
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 ST340014A rev.8.16
Running: tttbrg75.exe; Driver: C:\DOCUME~1\DAD\LOCALS~1\Temp\kxlyapog.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwConnectPort [0xB18AD2F4]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateFile [0xB18A75CA]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateKey [0xB18C658A]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreatePort [0xB18ADA80]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0xB18ADBB6]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteFile [0xB18A81E0]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteKey [0xB18C7E3C]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteValueKey [0xB18C77B2]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey [0xB18C8794]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0xB18C899C]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenFile [0xB18A7DF2]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xB091DF3C]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRenameKey [0xB18C972A]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwReplaceKey [0xB18C9060]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0xB18ACEC4]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRestoreKey [0xB18CA0FC]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0xB18A85A4]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetSecurityObject [0xB18C9C6A]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetValueKey [0xB18C6F72]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xB091DFE4]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xB091E080]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xB091E11C]
---- Kernel code sections - GMER 1.0.15 ----
init C:\WINDOWS\system32\drivers\senfilt.sys entry point in "init" section [0xB9DD6F80]
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\ctfmon.exe[212] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[212] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[212] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[212] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[212] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[212] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[212] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\ctfmon.exe[212] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[220] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[220] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[220] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[220] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[220] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[220] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[220] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[220] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[308] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[308] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[308] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[308] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[308] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[308] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[308] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[308] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[648] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[648] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[648] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[648] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[648] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[648] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[648] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\Explorer.EXE[648] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Java\jre7\bin\jqs.exe[768] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Java\jre7\bin\jqs.exe[768] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Java\jre7\bin\jqs.exe[768] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Java\jre7\bin\jqs.exe[768] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Java\jre7\bin\jqs.exe[768] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Java\jre7\bin\jqs.exe[768] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Java\jre7\bin\jqs.exe[768] user32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Java\jre7\bin\jqs.exe[768] user32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[972] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[972] USER32.dll!DefDlgProcW + 56E 7E4242A8 5 Bytes JMP 20CB9270 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1276] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1276] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1276] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1276] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1276] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1276] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1276] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1276] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[1364] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[1364] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[1364] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[1364] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[1364] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[1364] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[1364] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\winlogon.exe[1364] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[1412] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[1412] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[1412] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[1412] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[1412] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[1412] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[1412] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\services.exe[1412] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[1424] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[1424] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[1424] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[1424] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[1424] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[1424] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\lsass.exe[1424] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1592] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1592] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1592] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1592] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1592] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1592] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1592] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1592] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1648] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1648] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1648] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1648] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1648] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1648] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1648] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1648] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\SearchIndexer.exe[1744] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\SearchIndexer.exe[1744] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\SearchIndexer.exe[1744] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\SearchIndexer.exe[1744] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text C:\WINDOWS\system32\SearchIndexer.exe[1744] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\SearchIndexer.exe[1744] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\SearchIndexer.exe[1744] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\SearchIndexer.exe[1744] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\SearchIndexer.exe[1744] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1816] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1816] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1816] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1816] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1816] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1816] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1816] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\System32\svchost.exe[1816] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1852] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1852] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1852] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1852] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1852] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1852] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1852] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\WINDOWS\system32\svchost.exe[1852] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\NETGEAR\WG111v3\WG111v3.exe[3092] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\NETGEAR\WG111v3\WG111v3.exe[3092] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\NETGEAR\WG111v3\WG111v3.exe[3092] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\NETGEAR\WG111v3\WG111v3.exe[3092] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\NETGEAR\WG111v3\WG111v3.exe[3092] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\NETGEAR\WG111v3\WG111v3.exe[3092] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\NETGEAR\WG111v3\WG111v3.exe[3092] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Program Files\NETGEAR\WG111v3\WG111v3.exe[3092] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Documents and Settings\DAD\Desktop\tttbrg75.exe[3952] ntdll.dll!NtAccessCheckByType 7C90CE8E 5 Bytes JMP 20CB8791 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Documents and Settings\DAD\Desktop\tttbrg75.exe[3952] ntdll.dll!NtImpersonateClientOfPort 7C90D3FE 5 Bytes JMP 20CB8D58 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Documents and Settings\DAD\Desktop\tttbrg75.exe[3952] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 20CB89AB C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Documents and Settings\DAD\Desktop\tttbrg75.exe[3952] kernel32.dll!OpenProcess 7C8309E9 5 Bytes JMP 20CB846C C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Documents and Settings\DAD\Desktop\tttbrg75.exe[3952] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 20CB828F C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Documents and Settings\DAD\Desktop\tttbrg75.exe[3952] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 20CB825A C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Documents and Settings\DAD\Desktop\tttbrg75.exe[3952] ADVAPI32.dll!ImpersonateNamedPipeClient 77DD7426 5 Bytes JMP 20CB8E5D C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
.text C:\Documents and Settings\DAD\Desktop\tttbrg75.exe[3952] ADVAPI32.dll!SetThreadToken 77DDF193 5 Bytes JMP 20CB9036 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (ZoneAlarm Browser Security/Check Point Software Technologies)
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
Device \Driver\Tcpip \Device\Ip vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\Tcpip \Device\Tcp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\Tcpip \Device\Udp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\Tcpip \Device\RawIp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
Device \FileSystem\Fastfat \Fat AF920D20
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
---- EOF - GMER 1.0.15 ----
Scolabar
2012-03-19, 13:12
Hi musicalpulltoy,
Thank you for the logs and feedback.
C:\WINDOWS\system32\89F5848D.exe and C:\WINDOWS\system32\01BA7819.exe are legitimate files created by Rootkit UnHooker when you ran the tool.
If you run the tool again another such file will be created and an alert to allow the associated service will pop-up. There's no harm done, though. ;)
Again, please remember to read the instructions below carefully before executing and perform the steps, in the order given.
If you have any questions about or problems executing these instructions, <STOP> do not proceed, post back with the question or problem before going any further.
Before proceeding please make sure any open programs are closed.
Step 1:
ERUNT - Emergency Recovery Utility NT
I notice you already have ERUNT installed on your system. Let's backup the Registry before we go any further. ;)
Modifying the Registry can create unforeseen problems, so it's always wise to create a backup before doing so.
ERUNT (Emergency Recovery Utility NT) by Lars Hederer is a free program that allows you to create a complete backup of your registry and restore it when needed.
Double-click on the ERUNT desktop icon to run the program.
Click on the OK button in the Welcome! screen.
Choose a location for the backup. Note: the default location is C:\WINDOWS\ERDNT\DD-MM-YYYY (where DD-MM-YYYY is the date of the backup) which is fine.
under Backup options make sure both of the first two options: System registry and Current user registry are checked.
Click on the Yes button to allow the folder to be created.
After a short duration the Registry backup is complete! pop-up message will appear.
Now click on OK. A registry backup has now been created.
< STOP > If you are unable to complete this step successfully, < STOP > do not continue with any fix steps, let me know immediately in your next post!
Step 2:
Uninstall Programs
Select Start > Control Panel > Add/Remove Programs.
Scroll down the list of installed programs and select the following program:
ZoneAlarm Security Toolbar
Click on the Remove button to uninstall the program.
Click on the Yes button at the prompt.
Close the Add/Remove Programs control panel when the removal has been completed.
Step 3:
Temporarily Disable Active Security Tools
Please temporarily disable your real-time security protection using the instructions provided previously before continuing.
Step 4:
OTL - Script
Double-click on OTL.exe. If you receive a UAC prompt, please allow it.
Copy and Paste the following code into the http://billy-oneal.com/Canned%20Speeches/speechimages/OTL/customFix.png textbox. Do not include the word Code.
:otl
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/...ch/search.html
IE - HKLM\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
IE - HKU\S-1-5-19\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
IE - HKU\S-1-5-20\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
IE - HKU\S-1-5-21-1668751319-4250827956-263943839-1006\..\URLSearchHook: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\prxtbZon2.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1668751319-4250827956-263943839-1006\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
IE - HKU\S-1-5-21-1668751319-4250827956-263943839-1006\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2645238
IE - HKU\S-1-5-21-1668751319-4250827956-263943839-1006\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredimail.com/mb59/?search={searchTerms}&loc=search_box&u=92822879073603948
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}:7.0
FF - prefs.js..extensions.enabledItems: {91da5e8a-3318-4f8c-b67e-5964de3ab546}:3.8.0.8
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
[2011/11/23 16:09:25 | 000,000,000 | ---D | M] (ZoneAlarm Security Community Toolbar) -- C:\Documents and Settings\DAD\Application Data\Mozilla\Firefox\Profiles\fn2dlw99.default\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}
[2011/03/23 20:42:20 | 000,000,939 | ---- | M] () -- C:\Documents and Settings\DAD\Application Data\Mozilla\Firefox\Profiles\fn2dlw99.default\searchplugins\conduit.xml
[2011/08/26 23:22:11 | 000,002,207 | ---- | M] () -- C:\Documents and Settings\DAD\Application Data\Mozilla\Firefox\Profiles\fn2dlw99.default\searchplugins\MyStart Search.xml
O2 - BHO: (ZoneAlarm Security Toolbar) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\prxtbZon2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\prxtbZon2.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1668751319-4250827956-263943839-1006\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-1668751319-4250827956-263943839-1006\..\Toolbar\WebBrowser: (ZoneAlarm Security Toolbar) - {91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - C:\Program Files\ZoneAlarm_Security\prxtbZon2.dll (Conduit Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SystemExplorerDisabled [2011/09/01 03:51:19 | 000,000,000 | ---D | M]
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
:files
C:\Documents and Settings\All Users\Application Data\Authentium
C:\Documents and Settings\All Users\Application Data\IObit
C:\Documents and Settings\All Users\Application Data\PC-Doctor
C:\Documents and Settings\All Users\Application Data\PCDr
C:\Documents and Settings\DAD\Application Data\AVG10
C:\Documents and Settings\DAD\Application Data\IObit
C:\Documents and Settings\DAD\Application Data\uTorrent
:commands
[PURITY]
[EMPTYTEMP]
[CREATERESTOREPOINT]
[REBOOT]
Then click the Run Fix button at the top.
Click http://billy-oneal.com/Canned%20Speeches/speechimages/OTL/btnOK.png.
OTL may ask to reboot the machine. Please do so if asked.
The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.
Step 5:
Include in Next Post
Did you have any problems carrying out the instructions?
OTL Fix Log.
Scolabar
--------------------------------------------------------------------------
No Reply Within 3 Days Will Result In Your Topic Being Closed
musicalpulltoy
2012-03-19, 20:58
helllo
no problems encountered.
will this put me in control of iexplorer now? (flashplayer will not instal)
that must have reset firefox too.
All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\CustomSearch| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ not found.
Registry key HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ not found.
Registry key HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ not found.
Registry value HKEY_USERS\S-1-5-21-1668751319-4250827956-263943839-1006\Software\Microsoft\Internet Explorer\URLSearchHooks\\{91da5e8a-3318-4f8c-b67e-5964de3ab546} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91da5e8a-3318-4f8c-b67e-5964de3ab546}\ not found.
File C:\Program Files\ZoneAlarm_Security\prxtbZon2.dll not found.
Registry key HKEY_USERS\S-1-5-21-1668751319-4250827956-263943839-1006\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ not found.
Registry key HKEY_USERS\S-1-5-21-1668751319-4250827956-263943839-1006\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_USERS\S-1-5-21-1668751319-4250827956-263943839-1006\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ not found.
Prefs.js: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}:7.0 removed from extensions.enabledItems
Prefs.js: {91da5e8a-3318-4f8c-b67e-5964de3ab546}:3.8.0.8 removed from extensions.enabledItems
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
C:\Documents and Settings\DAD\Application Data\Mozilla\Firefox\Profiles\fn2dlw99.default\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}\searchplugin folder moved successfully.
C:\Documents and Settings\DAD\Application Data\Mozilla\Firefox\Profiles\fn2dlw99.default\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}\modules folder moved successfully.
C:\Documents and Settings\DAD\Application Data\Mozilla\Firefox\Profiles\fn2dlw99.default\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}\META-INF folder moved successfully.
C:\Documents and Settings\DAD\Application Data\Mozilla\Firefox\Profiles\fn2dlw99.default\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}\defaults folder moved successfully.
C:\Documents and Settings\DAD\Application Data\Mozilla\Firefox\Profiles\fn2dlw99.default\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}\components folder moved successfully.
C:\Documents and Settings\DAD\Application Data\Mozilla\Firefox\Profiles\fn2dlw99.default\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}\chrome folder moved successfully.
C:\Documents and Settings\DAD\Application Data\Mozilla\Firefox\Profiles\fn2dlw99.default\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546} folder moved successfully.
C:\Documents and Settings\DAD\Application Data\Mozilla\Firefox\Profiles\fn2dlw99.default\searchplugins\conduit.xml moved successfully.
C:\Documents and Settings\DAD\Application Data\Mozilla\Firefox\Profiles\fn2dlw99.default\searchplugins\MyStart Search.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{91da5e8a-3318-4f8c-b67e-5964de3ab546}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91da5e8a-3318-4f8c-b67e-5964de3ab546}\ not found.
File C:\Program Files\ZoneAlarm_Security\prxtbZon2.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0BF43445-2F28-4351-9252-17FE6E806AA0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BF43445-2F28-4351-9252-17FE6E806AA0}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{91da5e8a-3318-4f8c-b67e-5964de3ab546} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91da5e8a-3318-4f8c-b67e-5964de3ab546}\ not found.
File C:\Program Files\ZoneAlarm_Security\prxtbZon2.dll not found.
Registry value HKEY_USERS\S-1-5-21-1668751319-4250827956-263943839-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-21-1668751319-4250827956-263943839-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{91DA5E8A-3318-4F8C-B67E-5964DE3AB546} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91DA5E8A-3318-4F8C-B67E-5964DE3AB546}\ not found.
File C:\Program Files\ZoneAlarm_Security\prxtbZon2.dll not found.
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SystemExplorerDisabled folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
========== FILES ==========
C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq44.tmp folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq43.tmp\root\magnet10 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq43.tmp\root folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq43.tmp\.NetworkShare folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq43.tmp folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\log folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Authentium folder moved successfully.
C:\Documents and Settings\All Users\Application Data\IObit\IObit Security 360 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\IObit folder moved successfully.
C:\Documents and Settings\All Users\Application Data\PC-Doctor\certs folder moved successfully.
C:\Documents and Settings\All Users\Application Data\PC-Doctor folder moved successfully.
C:\Documents and Settings\All Users\Application Data\PCDr folder moved successfully.
C:\Documents and Settings\DAD\Application Data\AVG10\cfgall folder moved successfully.
C:\Documents and Settings\DAD\Application Data\AVG10 folder moved successfully.
C:\Documents and Settings\DAD\Application Data\IObit\IObit SmartDefrag folder moved successfully.
C:\Documents and Settings\DAD\Application Data\IObit\Advanced SystemCare\Backup\Registry folder moved successfully.
C:\Documents and Settings\DAD\Application Data\IObit\Advanced SystemCare\Backup folder moved successfully.
C:\Documents and Settings\DAD\Application Data\IObit\Advanced SystemCare folder moved successfully.
C:\Documents and Settings\DAD\Application Data\IObit folder moved successfully.
C:\Documents and Settings\DAD\Application Data\uTorrent\dlimagecache folder moved successfully.
C:\Documents and Settings\DAD\Application Data\uTorrent\apps folder moved successfully.
C:\Documents and Settings\DAD\Application Data\uTorrent folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Administrator.DJJXF091
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: All Users
User: DAD
->Temp folder emptied: 7736678 bytes
->Temporary Internet Files folder emptied: 1358879 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 65920565 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 615 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: LocalService
->Temp folder emptied: 990424 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 1985256 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1130008 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 78066972 bytes
Total Files Cleaned = 150.00 mb
Restore point Set: OTL Restore Point (0)
OTL by OldTimer - Version 3.2.37.1 log created on 03192012_114041
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
Scolabar
2012-03-20, 10:59
Hi musicalpulltoy,
Thank you for the log file and feedback. :)
Let's try resetting both web browsers (- and updating Firefox) and see if that resolves your Flash Player installation issue.
Please Note: There are separate Flash Player installers Internet Explorer and all other browsers, if you are not already aware. ;)
Again, please remember to read the instructions below carefully before executing and perform the steps, in the order given.
If you have any questions about or problems executing these instructions, <STOP> do not proceed, post back with the question or problem before going any further.
Before proceeding please make sure any open programs are closed.
Step 1:
Browser Reset - Internet Explorer
Let's Reset Internet Explorer to see if this helps improve things.
Launch Internet Explorer.
Under the Tools menu, click on Internet Options.
In the pop-up Internet Options window, click on the Advanced tab and then click on the Reset button.
Tick the Delete Personal Settings option.
Then click on the Reset button to process the browser reset.
When complete, click the Close button.
Click on the OK button in the Internet Explorer restart reminder window.
Restart Internet Explorer.
Note: A visual step by step guide is available here (http://support.microsoft.com/kb/318378), if required.
Step 2:
Browser Reset - FireFox
Click on Start > Run...
Enter the following command:
firefox.exe -safe-mode
Then click on the OK button.
In the open window, tick the Reset all preferences to default Firefox option.
Click on the Make the changes and restart button.
After FireFox restarts click on the Help menu, select Check for Updates... and allow Firefox to process any updates it finds.
Step 3:
Update FireFox
The version of Firefox installed on your computer is very out-of-date - version 3.6.12.
I strongly advise that you install the latest available verion of the program for your operating system. The latest currently available version is version 11.0.
The latest version can be downloaded from Here (http://www.mozilla.org/en-US/firefox/all.html).
Step 4:
DNS Flush
Now let's flush the DNS on the computer:
Click on Start > Run.
Enter the following command:
cmd
Then click on the OK button.
A black Command window will now open.
Please enter after the command prompt - it may appear as:
C:\> or C:\path to user account\>
the following text in that window:
ipconfig /flushdns
Then press Enter to process the command.
When then command prompt reappears Close the Command window.
Step 5:
Malwarebytes' Anti-Malware
I notice you already have this program installed on your computer. ;)
Let's check for updates and run the program.
Please save any items you have been working on and close any open programs. You may be asked to reboot your machine.
Launch Malwarebytes' Anti-Malware
You will be asked to update the program before performing a scan. Please do so.
If an update is found, the program will automatically downoad and install the update.
Click on the OK button to close that box and continue.
If you have any problems downloading updates download them manually from here (http://data.mbamupdates.com/tools/mbam-rules.exe) and double-click on mbam-rules.exe to complete the installation.
On the Scanner tab:
Make sure the Perform quick scan option is selected.
Then click on the Scan button.
If asked to select the drives to scan, leave all the drives selected and then click on the Start Scan button.
The scan will begin and Scan in progress will show at the top. It may take some time to complete so please be patient.
When the scan is finished, a message box will be displayed saying The scan completed successfully. Click 'Show Results' to display all objects found.
Click on the OK button to close the message box and continue with the removal process.
Back at the main Scanner screen:
Click on the Show Results button to see a list of any malware that was found.
Check all items except items in the C:\System Volume Information folder and then click on the Remove Selected button.
The System Volume Information items will be taken care of later.
When the removal has been completed, a log report will open in Notepad and you may be prompted to restart your computer. (See Note below).
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
The log can also be found here:
C:\Documents and Settings\Account Name\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
Please Copy and Paste the entire contents of mbam-log-date (time).txt into your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either prompt and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
Step 6:
Include in Next Post
Did you have any problems carrying out the instructions?
Did the browser reset resolve the Flash Player installation issue?
mbam-log-date (time).txt.
How is the computer now running?
Scolabar
--------------------------------------------------------------------------
No Reply Within 3 Days Will Result In Your Topic Being Closed
musicalpulltoy
2012-03-21, 04:50
helloo
all went smooth ieplorer flash player works.
didnt update firefox.
the site i mostly use it for the older version allows option the newer doesnt.
pc has been running without the lag (except iexplorer which is their factory defect)
mbam had no select drives option, thjought it should..
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org
Database version: v2012.03.21.01
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
DAD :: DJJXF091 [administrator]
3/20/2012 7:12:38 PM
mbam-log-2012-03-20 (19-12-38).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 222105
Time elapsed: 12 minute(s), 23 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
musicalpulltoy
2012-03-21, 04:55
oops
forgot this happened when opening firefox after last instructions.
warning unresponsive script
A script on this page may be busy, or it may have stopped responding. You can stop the script now, or you can continue to see if the script will complete.
Script: file:///C:/Program%20Files/Mozilla%20Firefox/components/nsAddonRepository.js:342
Scolabar
2012-03-21, 15:44
Hi musicalpulltoy,
Thank you for the log file and feedback, once again.
Regarding the Firefox unresponsive script warning, this Mozilla Help Page (http://support.mozilla.org/en-US/kb/Warning%20Unresponsive%20script) will help to provide a better understanding of the causes as well as possible solutions to such issues.
Again, please remember to read the instructions below carefully before executing and perform the steps, in the order given.
If you have any questions about or problems executing these instructions, <STOP> do not proceed, post back with the question or problem before going any further.
Before proceeding please make sure any open programs are closed.
Step 1:
Re-Run ERUNT
Please backup the registry with ERUNT again before proceeding with the rest of the instructions.
Step 2:
Java Runtime Environment Update Needed!
Your Java Runtime Environment is out of date. The latest currently available version is Java 7 Update 3.
The program can be updated simply by using the Java control panel.
Click on Start > Control Panel (Classic View) > Java (looks like a coffee cup).
Then under the Update tab click on the Update Now button.
The update process should then commence.
Note: There may be a short delay before the Update window appears. Please be patient.
Just follow the prompts to complete the update.
Repeat the instructions no further updates are available.
Step 3:
ESET NOD32 Online Scan
Please Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted. Then double-click on it to install.
Please temporarily disable your Anti-virus real-time protection. If active, it could impact the online scan.
Please go to ESET Online Scanner (http://www.eset.com/us/online-scanner/run) - © ESET (All Rights Reserved) to run an online scan.
** Make sure you are using an account that has Administrative privileges **
Click on the ESET Online Scanner button.
Check the box next to "YES, I accept the Terms of Use."
Click Start.
A window will open. It may appear nothing is happening, but please be patient.
Click Yes to the run ActiveX prompt.
Click Install at the install ActiveX prompt.
Once installed, the scanner will be initialized.
Click on the Start button.
Make sure that the options:
Remove found threats is UNCHECKED
Leave the "default" settings under Advanced as they are. If not set, please check:
Scan for potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth Technology
Click on the Start button.
ESET scanner will begin to download the virus signatures database. When the signatures have been downloaded, the scan will start automatically.
Wait for the scan to finish. It may take a while but, again, please be patient. When the scan is finished:
Use Notepad to open the log file located at C:\Program Files\ESET\ESET Online Scanner\log.txt.
Copy and Paste the entire contents of log.txt into your next reply.
Remember to re-enable your Anti-virus protection before continuing!
Step 4:
Include in Next Post
Did you have any problems carrying out the instructions?
log.txt.
How is the computer now running?
Scolabar
musicalpulltoy
2012-03-22, 15:18
hi
java says its up to date.
in the past it had to be unistalled before getting latest.
Scolabar
2012-03-23, 09:06
Hi musicalpulltoy,
It is not not uncommon for the Java update utility to erroneously report that the program is up-to-date. ;)
Again, please remember to read the instructions below carefully before executing and perform the steps, in the order given.
If you have any questions about or problems executing these instructions, <STOP> do not proceed, post back with the question or problem before going any further.
Before proceeding please make sure any open programs are closed.
Step 1:
Check Java RE Version
You can check the version as follows:
Select Start > Control Panel > Programs.
Double-click on the Java icon.
Then under the General tab click on the About... button.
Please post the version and build that is displayed in the pop-up window in your next reply.
If the version reported is Version 7 Update 3 please continue with Step 3 below.
Otherwise, please continue as follows:
Step 2:
Java Runtime Environment Update Needed!
Your Java Runtime Environment is out of date.
Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.
Please follow these steps to remove older versions of Java components and update:
Attention: Print these instructions or copy them. You will be closing your browser!!
DOWNLOAD UPDATED VERSION:
Get the latest version of Java Runtime Environment (JRE) (http://www.oracle.com/technetwork/java/javase/downloads/index.html) © Oracle Corporation.
Look for Java SE 7u3.
Click on the JRE Download button to the right.
Then check the Accept License Agreement option.
Locate the entry for Windows x86 (32-bit) Offline, click on the file name jre-7u3-windows-i586.exe and save the file to your Desktop.
<STOP> Do not install the new version of Java yet. We need to do some cleanup first!
REMOVE OLD JAVA VERSIONS:
Close any programs you may have running - especially your web browser.
Click on Start > Control Panel > Programs.
Depending on your current view setting, then:
Double-click on Programs and Features.
Under Programs, click on Uninstall a program and remove all older versions of Java as follows:
Scroll down to locate the following program(s):
Java(TM) 7
Select the program and click on Uninstall to uninstall it.
When finished Close the Control Panel window.
Delete Old Java Folder
Click on Start > Computer.
Then navigate to and find the following folder: if found, delete it.
It is possible it may have been removed by the uninstall steps.
C:\Program Files\Java\ <==== delete this entire folder
When finished, Close and Exit Explorer.
INSTALL UPDATED VERSION:
Close all open applications (standard), especially your browser.
From the Desktop double-click on jre-7u3-windows-i586.exe to install the latest version.
Follow the on-screen instructions. When the installation has completed successfully, Reboot your computer normally.
Once the computer has been restarted, you can delete the downloaded installation file from your desktop.
OPTIONAL:
To prevent some unnecessary JAVA components from running when you boot your computer each time:
Click on Start > Control Panel > Programs and then click on the JAVA icon.
Click on the Update tab and UNCHECK the Check for Updates Automatically option. (You can check for updates manually.)
Reply Never Check to the warning prompt.
Now click on the Advanced tab and then click on the [+] to expand the Miscellaneous options.
UNCHECK the Java Quick Starter option.
Click on the Apply button and then the OK button to save the changes.
Then Close the Java Control Panel and Close and Exit Control Panel.
Step 3:
ESET NOD32 Online Scan
Please complete the instructions to perform an ESET Online Scan ad return the conents of the log file as provided in my last post.
Step 4:
Include in Next Post
Did you have any problems carrying out the instructions?
What is the version and build of your existing Java Runtime Environment installation?
log.txt.
How is the computer now running?
Scolabar
--------------------------------------------------------------------------
No Reply Within 3 Days Will Result In Your Topic Being Closed
musicalpulltoy
2012-03-24, 00:02
OMG
5 bugs!
java went ok , old version. version 7 (build 1.7.0-b147)
i had to shred files before i could delete java folder which brings to mind the lack of control over changes made to windows on restart it reverts back to old settings.
now the internet connection is visable in task bar, properties showed connections for a few skype, MANY teredo, 1 xbox.
these are not mine. (i connect through a neighbor sshh) deleted them but expect them to return.
firefox crashed first try to get eset scan.
scan ran fine.
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=0
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=99779418306ea548a76c964e6383425b
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-08-05 04:27:46
# local_time=2011-08-05 09:27:46 (-0700, US Mountain Standard Time)
# country="United States"
# lang=9
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=768 16777215 100 0 57695383 57695383 0 0
# compatibility_mode=1032 16777189 100 96 0 54898058 0 0
# compatibility_mode=3073 16777213 80 75 0 3864752 0 0
# compatibility_mode=8192 67108863 100 0 8844948 8844948 0 0
# scanned=0
# found=0
# cleaned=0
# scan_time=0
esets_scanner_update returned -1 esets_gle=0
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=99779418306ea548a76c964e6383425b
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-08-05 04:37:59
# local_time=2011-08-05 09:37:59 (-0700, US Mountain Standard Time)
# country="United States"
# lang=9
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=768 16777215 100 0 57695996 57695996 0 0
# compatibility_mode=1032 16777189 100 96 0 54898671 0 0
# compatibility_mode=3073 16777213 80 75 0 3865365 0 0
# compatibility_mode=8192 67108863 100 0 8845561 8845561 0 0
# scanned=0
# found=0
# cleaned=0
# scan_time=0
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6541
# api_version=3.0.2
# EOSSerial=99779418306ea548a76c964e6383425b
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-08-05 08:14:43
# local_time=2011-08-05 01:14:43 (-0700, US Mountain Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=768 16777215 100 0 57699660 57699660 0 0
# compatibility_mode=1032 16777189 100 96 0 54902335 0 0
# compatibility_mode=3073 16777213 80 75 0 3869029 0 0
# compatibility_mode=8192 67108863 100 0 8849225 8849225 0 0
# scanned=84663
# found=2
# cleaned=2
# scan_time=9363
C:\Documents and Settings\DAD\Desktop\sdsdSDFix.exe Win32/PrcView application (deleted - quarantined) 00000000000000000000000000000000 C
C:\SDFix\apps\Process.exe Win32/PrcView application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
esets_scanner_update returned -1 esets_gle=0
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6541
# api_version=3.0.2
# EOSSerial=99779418306ea548a76c964e6383425b
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-09-04 06:22:14
# local_time=2011-09-04 11:22:14 (-0700, US Mountain Standard Time)
# country="United States"
# lang=9
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=768 16777215 100 0 60284175 60284175 0 0
# compatibility_mode=1032 16777189 100 96 0 57486850 0 0
# compatibility_mode=8192 67108863 100 0 11433740 11433740 0 0
# compatibility_mode=9217 16777214 75 70 0 13793770 0 0
# scanned=87571
# found=1
# cleaned=0
# scan_time=10101
E:\My Downloads\DriverReviverSetup.exe a variant of Win32/RegistryReviver application (unable to clean) 00000000000000000000000000000000 I
ESETSmartInstaller@High as downloader log:
Can not read file from internet.ESETSmartInstaller@High as downloader log:
Can not read file from internet.Can not read file from internet.ESETSmartInstaller@High as downloader log:
Can not read file from internet.esets_scanner_update returned -1 esets_gle=0
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=99779418306ea548a76c964e6383425b
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-02-10 04:05:55
# local_time=2012-02-10 09:05:55 (-0700, US Mountain Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=768 16777215 100 0 74018595 74018595 0 0
# compatibility_mode=1024 16777191 100 0 2321829 2321829 0 0
# compatibility_mode=8192 67108863 100 0 25168160 25168160 0 0
# compatibility_mode=9217 16777214 75 4 6708834 6708834 0 0
# scanned=95468
# found=0
# cleaned=0
# scan_time=5160
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=99779418306ea548a76c964e6383425b
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-03-23 09:32:04
# local_time=2012-03-23 02:32:04 (-0700, US Mountain Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=768 16777215 100 0 77666727 77666727 0 0
# compatibility_mode=1024 16777191 100 0 5969961 5969961 0 0
# compatibility_mode=8192 67108863 100 0 28816292 28816292 0 0
# compatibility_mode=9217 16777214 75 4 10356966 10356966 0 0
# scanned=95073
# found=5
# cleaned=0
# scan_time=5334
C:\Documents and Settings\Administrator.DJJXF091\Desktop\SmitfraudFix.exe multiple threats (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Administrator.DJJXF091\Desktop\SmitfraudFix\Process.exe Win32/PrcView application (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Administrator.DJJXF091\Desktop\SmitfraudFix\restart.exe Win32/Shutdown.NAA application (unable to clean) 00000000000000000000000000000000 I
E:\MOVED DESKTOP\cnet_aports_zip.exe a variant of Win32/InstallCore.D application (unable to clean) 00000000000000000000000000000000 I
E:\My Downloads\64soundmax 64cnet_40k8511_zip.exe a variant of Win32/InstallCore.D application (unable to clean) 00000000000000000000000000000000 I
musicalpulltoy
2012-03-24, 00:04
oh yea....it seems be running little better
Scolabar
2012-03-24, 10:21
Hi musicalpulltoy,
Thank you for the log and update.
oh yea....it seems be running little better That's good news. :bigthumb:
A number of those ESET detections will be dealt with as part of the final instructions I provide.
In the meantime, again, please remember to read the instructions below carefully before executing and perform the steps, in the order given.
If you have any questions about or problems executing these instructions, <STOP> do not proceed, post back with the question or problem before going any further.
Before proceeding please make sure any open programs are closed.
Step 1:
Temporarily Disable Active Security Tools
Please temporarily disable your real-time security protection using the instructions provided previously before continuing.
Step 2:
OTL - Script
Double-click on OTL.exe. If you receive a UAC prompt, please allow it.
Copy and Paste the following code into the http://billy-oneal.com/Canned%20Speeches/speechimages/OTL/customFix.png textbox. Do not include the word Code.
:files
E:\MOVED DESKTOP\cnet_aports_zip.exe
E:\My Downloads\64soundmax 64cnet_40k8511_zip.exe
:commands
[EMPTYTEMP]
[CREATERESTOREPOINT]
[REBOOT]
Then click the Run Fix button at the top.
Click http://billy-oneal.com/Canned%20Speeches/speechimages/OTL/btnOK.png.
OTL may ask to reboot the machine. Please do so if asked.
The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.
Remember to re-enable your real-time security protection.
Step 3:
Include in Next Post
Did you have any problems carrying out the instructions?
OTL Fix Log.
Scolabar
--------------------------------------------------------------------------
No Reply Within 3 Days Will Result In Your Topic Being Closed
musicalpulltoy
2012-03-24, 19:50
hello
all went smooth.
All processes killed
========== FILES ==========
E:\MOVED DESKTOP\cnet_aports_zip.exe moved successfully.
E:\My Downloads\64soundmax 64cnet_40k8511_zip.exe moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Administrator.DJJXF091
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: All Users
User: DAD
->Temp folder emptied: 3340012 bytes
->Temporary Internet Files folder emptied: 12891474 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 49786143 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 470 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: LocalService
->Temp folder emptied: 990152 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 995304 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1132540 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 66.00 mb
Restore point Set: OTL Restore Point (0)
OTL by OldTimer - Version 3.2.37.1 log created on 03242012_103929
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
Scolabar
2012-03-25, 13:19
Hi musicalpulltoy,
Congratulations! I can now confirm that your system now appears to be clean. :2thumb:
Now that your computer appears to clear of malware infection we need to tidy a few things up and deal with a few remaining items:
Step 1:
Housekeeping
It's now time for some housekeeping. Please follow the instructions below to remove the tools we have used to clean up your computer. :cleaning:
OTL - Cleanup
Double-click on OTL.exe to launch the program. If you receive a UAC prompt, please allow it.
This will remove most, if not all, of the tools we used to clean your PC.
Close all other programs apart from OTL as this step will require a reboot.
On the OTL main screen, press the CleanUp! button.
Click on the Yes button at the prompt and then allow the program to reboot your computer.
Remove Tools Used
You can now safely delete the tools used in cleaning up the infection. Please remove the following tools from your system along with any related .zip files.
MBRCheck.exe
MGADiag.exe
RKUnhookerLE.exe
SecurityCheck.exe
Please Note: These tools are updated on a regular basis and so, if required in future, should be downloaded afresh under supervision.
Step 2:
Create Clean System Restore Point
Create a new, clean System Restore point which be used in the event of future system problems:
Click on Start > All Programs > Accessories > System Tools > System Restore.
Select the Create a restore point option then click on Next.
You can name your new Restore Point something like All Clean, for example, and then select Create.
Once the Restore Point has been created you can click on Close.
Now remove old, infected System Restore points:
Next click on Start > Run.
Copy and Paste the following command into the text entry box:
cleanmgr
Then click on the OK button.
Make sure the boxes for Recycle Bin, Temporary Files and Temporary Internet Files are checked. You can choose to check other boxes if you wish but they are not required.
Select the More Options tab, under System Restore and click on the Clean up... button and reply Yes to the prompt.
Click on the OK button and the Yes button to confirm.
Step 3:
Improve Your Computer's Security
MalwareBytes' AntiMalware
It is worth keeping MalwareBytes' AntiMalware on your system. Updating the program and running a scan once every couple of weeks will help you to keep malware free.
Anti-Spyware Programs
I notice you have both the Spybot - Search & Destroy and SUPERAntiSpyware Anti-Spyware products installed both of which have their active protection disabled. I presume these have just been used in stand-alone scanner mode. It would be advisable to remove one of them as running more than one Anti-Spyware product can be less than helpful. Of the two, I would be inclined to keep the Spybot - Search & Destroy program and turn on its active protection.
Below are additional (free) programs that can help improve your computer's security.
Many feel that having a "layered" protection scheme is beneficial. You'll need to decide what works best for your situation. You may like to give them a try. :)
SiteAdvisor
SiteAdvisor is a toolbar for Microsoft Internet Explorer and Mozilla Firefox which alerts you if you're about to enter a potentially dangerous website.
You can find more information and download it from here (http://www.siteadvisor.com/).
Web of Trust (WOT)
Install Web of Trust (WOT). WOT keeps you from dangerous websites with warnings and blockings.
You can find more information about the program and download it from Here (http://www.siteadvisor.com/).
Panda USB Vaccine
Protect your computer from removable or USB drive infections with Panda USB Vaccine. It is an effective method of preventing the spread of malware.
You can download and learn more about this product from Here (http://www.pandasecurity.com/homeusers/downloads/usbvaccine/).
Step 4:
Further Guidelines
Please follow these simple guidelines in order to help keep your computer more secure:
Update your Anti-virus program and other programs regularly.
Online Secunia Software Inspector (http://secunia.com/vulnerability_scanning/online/) - Copyright © Secunia.
FileHippo.com Update Checker (http://www.filehippo.com/updatechecker/) - Copyright © FileHippo.com
F-secure Health Check (http://www.f-secure.com/en_EMEA/security/security-center/health-check/) - Copyright © F-Secure Corporation.
Visit Microsoft often
Keep on top of critical updates, as well as other updates for your computer.
How to configure and use Automatic Updates in Windows XP (http://support.microsoft.com/kb/306525)
Using Windows Update for Windows XP (http://www.microsoft.com/windows/downloads/windowsupdate/learn/windowsxp.mspx)
Microsoft Update Home (http://www.update.microsoft.com)
Read, stay informed.
To help minimize the chances of becoming re-infected, please read:
Computer Security - a short guide to staying safer online (http://www.malwareremoval.com/forum/viewtopic.php?p=557960#p557960)
If your computer is running slowly after your clean up, please read:
What to do if your Computer is running slowly (http://www.malwareremoval.com/tutorials/runningslowly.php)
Please let me know when you have read this post and I will arrange to have the topic closed.
Stay Safe! :bigthumb:
Scolabar
--------------------------------------------------------------------------
No Reply Within 3 Days Will Result In Your Topic Being Closed
musicalpulltoy
2012-03-26, 22:24
hey!
ok, all must be well.
thank you fer your help you fellows are great!!
*<];-D
musicalpulltoy
2012-03-27, 22:56
hey
i dont think its all gone.
a svchost opens in and when shut down things pick up.
?
Scolabar
2012-03-28, 05:49
Hi musicalpulltoy,
Please can clarify what you what you mean by:
a svchost opens in and when shut down things pick up
Try to describe exactly what happens and provide any error message(s) you receive.
Did this issue start immediately following the final cleanup instructions or has it started since following further use of the computer?
Scolabar
--------------------------------------------------------------------------
No Reply Within 3 Days Will Result In Your Topic Being Closed
musicalpulltoy
2012-03-29, 00:22
hey..
when online page loading goes from good to super slow.
at a restart ( after finding the svchost fake) i wrote down the PID of each svchost running.
when it slowed id shut down the new one and things returned to normal.
go figure ..
Scolabar
2012-03-29, 05:56
Hi musicalpulltoy,
Does the slowdown issue recur each time you restart the computer?
If so, please complete the instructions below so we can get a handle on what might be causing the slowdown.
Again, please remember to read the instructions below carefully before executing and perform the steps, in the order given.
If you have any questions about or problems executing these instructions, <STOP> do not proceed, post back with the question or problem before going any further.
Before proceeding please make sure any open programs are closed.
Step 1:
Tasklist Utility - XP Home
Please download the Tasklist Utility (http://www.computerhope.com/download/winxp/tasklist.exe) for Windows XP Home. Save the file to your Desktop.
Note: If the utility is not saved to the Desktop the following batch query will not work.
Step 2:
Batch - Query
Please follow the instructions below BEFORE killing off the "fake" new svchost process:
Click on Start > Run.
In the text entry box type:
notepad
Then click on the OK button.
This will open an empty Notepad file.
Copy and Paste the contents of the box below into the Notepad window:
@echo off
cd "%userprofile%"\desktop
tasklist /svc /fi "imagename eq svchost.exe" > "%userprofile%"\desktop\svclook.txt
notepad.exe "%userprofile%"\desktop\svclook.txt
del %0
exit
Click Format and ensure Wordwrap is Unchecked.
Save as svcquery.bat to the Desktop.
Save as file type All Files otherwise it will not work.
Now double-click on svcquery.bat to allow it to run the query.
(A command prompt window will flash on the screen briefly.)
Please Copy and Paste the contents of the file svclook.txt into your next reply.
Step 3:
"Fake" New Svchost Process - Feedback
When you shutdown the "fake" new svchost process this time, please make a note of the PID and post that information into your next reply.
Step 4:
Include in Next Post
Did you have any problems carrying out the instructions?
Does the slowdown issue recur each time you restart the computer?
svclook.txt.
What was the PID of the "fake" new svchost process you needed to shutdown?
Scolabar
--------------------------------------------------------------------------
No Reply Within 3 Days Will Result In Your Topic Being Closed
Scolabar
2012-03-31, 08:10
Hi musicalpulltoy,
It has been over 48 hours since my last post.
Do you still need help?
Do you need more time?
Are you having problems following my instructions?
In line with Safer-Networking's Forum Guidelines, topics will be closed after 3 days without a response.
If you do not reply within the next 24 hours, this topic will be closed.
Scolabar
--------------------------------------------------------------------------
No Reply Within 3 Days Will Result In Your Topic Being Closed
musicalpulltoy
2012-03-31, 13:21
hi.,.
was busy
when running the query i got "access denied ".
there were 2 pid 672 and2880.
after query 2460 appeared.
no, the new svchost can appear at any time.
Image Name PID Services
========================= ====== =============================================
svchost.exe 1612 DcomLaunch, TermService
svchost.exe 1712 RpcSs
svchost.exe 1884 AudioSrv, CryptSvc, Dhcp, EventSystem,
FastUserSwitchingCompatibility,
lanmanworkstation, Netman, Nla, RasMan,
Schedule, SENS, SharedAccess,
ShellHWDetection, srservice, TapiSrv,
Themes, w32time, winmgmt, wscsvc, wuauserv,
WZCSVC
svchost.exe 196 Dnscache
svchost.exe 364 LmHosts, SSDPSRV
svchost.exe 672 HTTPFilter
svchost.exe 2880 WudfSvc
svchost.exe 2460 stisvc
musicalpulltoy
2012-03-31, 21:39
a second 1
pid 2052 and 3998
Image Name PID Services
========================= ====== =============================================
svchost.exe 1268 DcomLaunch, TermService
svchost.exe 1352 RpcSs
svchost.exe 1432 AudioSrv, CryptSvc, Dhcp, EventSystem,
FastUserSwitchingCompatibility,
lanmanworkstation, Netman, Nla, RasMan,
Schedule, SENS, SharedAccess,
ShellHWDetection, srservice, TapiSrv,
Themes, w32time, winmgmt, wscsvc, wuauserv,
WZCSVC
svchost.exe 1484 WudfSvc
svchost.exe 1696 Dnscache
svchost.exe 1724 LmHosts, SSDPSRV
svchost.exe 2052 HTTPFilter
svchost.exe 3988 stisvc
Scolabar
2012-04-03, 05:37
Hi musicalpulltoy,
Were you logged into an account with administrative privileges when you tried to run the query?
Did you get the "access denied" error the second time you ran the query as well?
Was the "access denied" error a standard Windows error message dialogu box? Or was error generated by the AVG or ZoneAlarm software?
Regarding the second query do you actually mean you killed the services:
pid 2052 and 3998or do you mean:
pid 2052 and 3988?
Please try running the steps for the query again with both AVG and ZoneAlarm temporarily dsabled.
Have you attached a scanner or camera recently to your computer?
Or have you installed scanner- or camera-related software?
Scolabar
--------------------------------------------------------------------------
No Reply Within 3 Days Will Result In Your Topic Being Closed
musicalpulltoy
2012-04-03, 13:48
hiya
yes its an administrator.
3988.
got access denied every time "standard windows".
there is a scanner connected but no new installs.
Image Name PID Services
========================= ====== =============================================
svchost.exe 1268 DcomLaunch, TermService
svchost.exe 1352 RpcSs
svchost.exe 1432 AudioSrv, CryptSvc, Dhcp, EventSystem,
FastUserSwitchingCompatibility,
lanmanworkstation, Netman, Nla, RasMan,
Schedule, SENS, SharedAccess,
ShellHWDetection, srservice, TapiSrv,
Themes, w32time, winmgmt, wscsvc, wuauserv,
WZCSVC
svchost.exe 1484 WudfSvc
svchost.exe 1696 Dnscache
svchost.exe 1724 LmHosts, SSDPSRV
svchost.exe 2052 HTTPFilter
svchost.exe 3988 stisvc
Scolabar
2012-04-04, 12:11
Hi musicalpulltoy,
Thank you for your feedback.
As far as I can see all of the entries from the Query in each of the log files you have posted are legitimate Windows services.
FYI the descriptions of the services you appear to have been trying to stop or kill are as follows:
HTPFilter
Display Name: HTTP SSL
Implements the secure hypertext transfer protocol (HTTPS) for the HTTP service, using the Secure Socket Layer (SSL). If this service is disabled, any services that explicitly depend on it will fail to start.
WudfSvc
Display Name: Windows Driver Foundation – User-mode Driver Framework
Manages user-mode driver host processes. User-mode driver framework is a method of having drivers run in “user space” instead of “kernel space.” This provides better system stability due to a situation of a driver crashing, it only brings down the driver and not the system. Such possible devices include cameras, media players, PDA’s and other USB connected devices.
stisvc
Display Name: Windows Image Acquisition (WIA)
Provides image acquisition services for scanners and cameras. It is used by some scanners, web cams, and cameras. If, after disabling this service, your scanner or camera fails to function properly, you will need to re-enable the service by setting its startup setting to Automatic.
As far as I can tell your system is now clear of malware infection.
Not A Malware Issue
If you are still experiencing system performance issues I recommend you try a good System/Hardware Help Forum. Some suggested links are provided below. ;)
These sites have a variety of experts, that are better equipped to investigate and resolve these kinds of issues.
Good System/Hardware Help Forums
Computer Trouble (http://forum.computertrouble.co.uk/index.php)
GeekstoGo (http://www.geekstogo.com/forum/Windows-XP-2000-2003-NT-f5.html)
NutNWorks (http://www.nutnworks.com/forums/forumdisplay.php?f=60)
TechSupportGuy (http://forums.techguy.org/21-windows-nt-2000-xp/)
Whatthetech (http://forums.whatthetech.com/forums.html)
Free registration may be required in order to post at these forums and will only take a few minutes. :)
Please let me know when you have read this post and I will arrange for this thread to be closed.
Stay Safe ;)
Scolabar
--------------------------------------------------------------------------
No Reply Within 3 Days Will Result In Your Topic Being Closed
musicalpulltoy
2012-04-05, 00:51
hi
oki doki, maybe its the nieghbors system.
thanks for your help ;-)