PROBLEM: My PC locks up after it sets idle for and extended period of time. Receiving not enough system resource errors.
Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows XP Professional, Service Pack 3, 32 bit
Processor: Intel(R) Pentium(R) 4 CPU 2.40GHz, x86 Family 15 Model 2 Stepping 4
Processor Count: 1
RAM: 1278 Mb
Graphics Card: NVIDIA GeForce4 MX 420, 64 Mb
Hard Drives: C: Total - 55882 MB, Free - 31814 MB; D: Total - 58580 MB, Free - 54505 MB; G: Total - 152625 MB, Free - 65673 MB;
Motherboard: Dell Computer Corp.,
Antivirus: PC Cleaner Pro, Updated: Yes, On-Demand Scanner: Disabled
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:25:30 PM, on 12/9/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Roxio\GoBack\GBPoll.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton AntiVirus\Engine\20.2.0.19\ccSvcHst.exe
C:\Program Files\Norton Identity Safe\Engine\2013.2.0.18\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Norton AntiVirus\Engine\20.2.0.19\ccSvcHst.exe
C:\Program Files\Common Files\Motive\pcCMService.exe
C:\Program Files\Common Files\Motive\pcServiceHost.exe
C:\Program Files\Norton Identity Safe\Engine\2013.2.0.18\ccSvcHst.exe
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\PC Cleaners\PCCleaners.exe
C:\Program Files\ATT-SST\pcTrayApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Roxio\GoBack\GBTray.exe
C:\Program Files\HP\HP Photosmart 6510 series\Bin\HPNetworkCommunicator.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\FastStone Capture\FastStone Capture 5.3\FSCapture.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\20.2.0.19\IPS\IPSBHO.DLL
O2 - BHO: WindowShopper - {74F475FA-6C75-43BD-AAB9-ECDA6184F600} - C:\Program Files\Superfish\Window Shopper\SuperfishIEAddon.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Norton Identity Protection - {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files\Norton Identity Safe\Engine\2013.2.0.18\coIEPlg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files\Norton Identity Safe\Engine\2013.2.0.18\coIEPlg.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [PC Cleaners] "C:\Program Files\PC Cleaners\PCCleaners.exe" /minimize
O4 - HKLM\..\Run: [ATT-SST_McciTrayApp] "C:\Program Files\ATT-SST\pcTrayApp.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [StrgSync.exe] C:\Program Files\StorageSync\StrgSync.exe -w
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [HP Photosmart 6510 series (NET)] "C:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN1BJ4103N05QB:NW" -scfn "HP Photosmart 6510 series (NET)" -AutoStart 1
O4 - HKCU\..\Run: [93BDFB8E35BFC01D73B090163BC1144A8EF10A34._service_run] "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=service
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: GoBack.lnk = C:\Program Files\Roxio\GoBack\GBTray.exe
O4 - Global Startup: Refresh.lnk = C:\Program Files\Iomega\Tools_NT\refresh.exe
O4 - Global Startup: Splash.lnk = C:\Program Files\Iomega\Tools_NT\splash.exe
O9 - Extra button: Window Shopper - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - C:\Program Files\Superfish\Window Shopper\SuperfishIEAddon.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: GBPoll - Roxio, Inc. - C:\Program Files\Roxio\GoBack\GBPoll.exe
O23 - Service: IomegaAccess - Iomega Corporation - C:\Program Files\Iomega\Tools_NT\iomegaaccess.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Norton AntiVirus (NAV) - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\20.2.0.19\ccSvcHst.exe
O23 - Service: Norton Identity Safe (NCO) - Symantec Corporation - C:\Program Files\Norton Identity Safe\Engine\2013.2.0.18\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: pcCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\pcCMService.exe
O23 - Service: pcServiceHost - Alcatel-Lucent - C:\Program Files\Common Files\Motive\pcServiceHost.exe
O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
O23 - Service: ZipToA - Unknown owner - C:\WINDOWS\system32\ZipToA.exe
--
End of file - 9019 bytes
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by John at 14:26:29 on 2012-12-09
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1279.365 [GMT -5:00]
.
AV: PC Cleaner Pro *Disabled/Updated* {737A8864-C2D9-4337-B49A-B5E35815B9BB}
AV: Norton AntiVirus *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Roxio\GoBack\GBPoll.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton AntiVirus\Engine\20.2.0.19\ccSvcHst.exe
C:\Program Files\Norton Identity Safe\Engine\2013.2.0.18\ccSvcHst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Norton AntiVirus\Engine\20.2.0.19\ccSvcHst.exe
C:\Program Files\Common Files\Motive\pcCMService.exe
C:\Program Files\Common Files\Motive\pcServiceHost.exe
C:\Program Files\Norton Identity Safe\Engine\2013.2.0.18\ccSvcHst.exe
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\PC Cleaners\PCCleaners.exe
C:\Program Files\ATT-SST\pcTrayApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\Roxio\GoBack\GBTray.exe
C:\Program Files\HP\HP Photosmart 6510 series\Bin\HPNetworkCommunicator.exe
C:\Program Files\FastStone Capture\FastStone Capture 5.3\FSCapture.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.att.net/
uWindow Title = Windows Internet Explorer provided by Yahoo!
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: <No Name>: {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - c:\program files\microsoft money\system\mnyside.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton antivirus\engine\20.2.0.19\ips\ipsbho.dll
BHO: Window Shopper: {74F475FA-6C75-43BD-AAB9-ECDA6184F600} - c:\program files\superfish\window shopper\SuperfishIEAddon.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Norton Identity Protection: {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - c:\program files\norton identity safe\engine\2013.2.0.18\coieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Norton Identity Safe Toolbar: {A13C2648-91D4-4BF3-BC6D-0079707C4389} - c:\program files\norton identity safe\engine\2013.2.0.18\coieplg.dll
TB: Norton Identity Safe Toolbar: {A13C2648-91D4-4bf3-BC6D-0079707C4389} - c:\program files\norton identity safe\engine\2013.2.0.18\coieplg.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [StrgSync.exe] c:\program files\storagesync\StrgSync.exe -w
uRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NVMCTRAY.DLL,NvTaskbarInit
uRun: [HP Photosmart 6510 series (NET)] "c:\program files\hp\hp photosmart 6510 series\bin\ScanToPCActivationApp.exe" -deviceID "CN1BJ4103N05QB:NW" -scfn "HP Photosmart 6510 series (NET)" -AutoStart 1
uRun: [93BDFB8E35BFC01D73B090163BC1144A8EF10A34._service_run] "c:\program files\google\chrome\application\chrome.exe" --type=service
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [nwiz] nwiz.exe /install
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [PC Cleaners] "c:\program files\pc cleaners\PCCleaners.exe" /minimize
mRun: [ATT-SST_McciTrayApp] "c:\program files\att-sst\pcTrayApp.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
StartupFolder: c:\documents and settings\john\start menu\programs\startup\PowerReg Scheduler.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\goback.lnk - c:\program files\roxio\goback\GBTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\refresh.lnk - c:\program files\iomega\tools_nt\refresh.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\splash.lnk - c:\program files\iomega\tools_nt\splash.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - c:\program files\superfish\window shopper\SuperfishIEAddon.dll
IE: {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - {DD6687B5-CB43-4211-BFC9-2942CCBDCB3E} - c:\program files\microsoft money\system\mnyside.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: $talisma_url$
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{4F75E547-432B-4673-9978-FCF0993CD342} : DHCPNameServer = 192.168.1.254
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {6809e580-a3a7-11d1-9a00-00a0c945b006} - <orphaned>
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
============= SERVICES / DRIVERS ===============
.
R0 SMR311;Symantec SMR Utility Service 3.1.1;c:\windows\system32\drivers\SMR311.SYS [2012-12-9 97440]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nav\1402000.013\symds.sys [2012-10-28 368288]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1402000.013\symefa.sys [2012-10-28 927904]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_20.1.1.5\definitions\bashdefs\20121130.005\BHDrvx86.sys [2012-12-3 995488]
R1 ccSet_NAV;Norton AntiVirus Settings Manager;c:\windows\system32\drivers\nav\1402000.013\ccsetx86.sys [2012-10-28 134304]
R1 ccSet_NST;Norton Identity Safe Settings Manager;c:\windows\system32\drivers\nst\7dd02000.012\ccsetx86.sys [2012-10-29 134304]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nav\1402000.013\ironx86.sys [2012-10-28 175264]
R2 NAV;Norton AntiVirus;c:\program files\norton antivirus\engine\20.2.0.19\ccsvchst.exe [2012-10-28 143928]
R2 NCO;Norton Identity Safe;c:\program files\norton identity safe\engine\2013.2.0.18\ccsvchst.exe [2012-10-29 143928]
R2 pcCMService;pcCMService;c:\program files\common files\motive\pcCMService.exe [2012-9-19 361472]
R2 pcServiceHost;pcServiceHost;c:\program files\common files\motive\pcServiceHost.exe [2012-9-19 342016]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2012-12-2 794272]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-11-14 106656]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_20.1.1.5\definitions\ipsdefs\20121205.001\IDSXpx86.sys [2012-12-6 373728]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_20.1.1.5\definitions\virusdefs\20121208.007\NAVENG.SYS [2012-12-8 92704]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_20.1.1.5\definitions\virusdefs\20121208.007\NAVEX15.SYS [2012-12-8 1601184]
S2 SAVRTPEL;SAVRTPEL;\??\c:\windows\system32\drivers\savrtpel.sys --> c:\windows\system32\drivers\SAVRTPEL.SYS [?]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2011-6-13 267568]
S3 MTK;Media Technology Kernel Driver;c:\windows\system32\drivers\mtk.sys --> c:\windows\system32\drivers\mtk.sys [?]
S3 SAVRT;SAVRT;\??\c:\windows\system32\drivers\savrt.sys --> c:\windows\system32\drivers\SAVRT.SYS [?]
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2012-12-02 13:03:53 73656 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-02 13:03:53 697272 -c--a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-25 08:12:26 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-10-25 08:12:26 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-10-22 08:37:31 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-10-17 13:04:46 142496 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-10-09 01:00:02 586400 ----a-w- c:\windows\system32\drivers\nav\1402000.013\srtsp.sys
2012-10-04 01:40:35 927904 ----a-w- c:\windows\system32\drivers\nav\1402000.013\symefa.sys
2012-10-04 01:40:20 368288 ----a-w- c:\windows\system32\drivers\nav\1402000.013\symds.sys
2012-10-04 01:19:14 134304 ----a-w- c:\windows\system32\drivers\nst\7dd02000.012\ccsetx86.sys
2012-10-04 01:19:14 134304 ----a-w- c:\windows\system32\drivers\nav\1402000.013\ccsetx86.sys
2012-10-02 18:04:21 58368 -c--a-w- c:\windows\system32\synceng.dll
2012-09-24 19:32:24 477168 -c--a-w- c:\windows\system32\npdeployJava1.dll
2012-09-24 19:32:20 473072 -c--a-w- c:\windows\system32\deployJava1.dll
2012-09-24 17:51:47 73728 ----a-w- c:\windows\system32\javacpl.cpl
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntoskrnl.exe GoBack2K.sys CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys PCIIDEX.SYS
c:\windows\system32\drivers\GoBack2K.sys Roxio, Inc. GoBack
1 nt!IofCallDriver[0x804E37D5] -> \Device\Harddisk0\DR0[0x8A47EAB8]
3 CLASSPNP[0xF7637FD7] -> nt!IofCallDriver[0x804E37D5] -> \Device\Ide\IdeDeviceP0T0L0-3[0x8A507D98]
kernel: MBR read successfully
_asm { CALL 0x56; }
user != kernel MBR !!!
.
============= FINISH: 14:27:22.56 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 3/19/2011 10:39:27 PM
System Uptime: 12/9/2012 12:05:29 PM (2 hours ago)
.
Motherboard: Dell Computer Corp. | |
Processor: Intel(R) Pentium(R) 4 CPU 2.40GHz | Microprocessor | 2386/533mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 55 GiB total, 31.089 GiB free.
D: is FIXED (NTFS) - 57 GiB total, 53.228 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is FIXED (NTFS) - 149 GiB total, 64.135 GiB free.
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1: 12/9/2012 1:08:08 PM - System Checkpoint
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.4)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AT&T Troubleshoot & Resolve Tool
AT&T U-verse Media Share Wizard
Audacity 1.3.14 (Unicode)
Bing Rewards Client Installer
Bonjour
Coupon Printer for Windows
Dell Driver Download Manager
Dell ResourceCD
Easy CD Creator 5 Basic
EZ Vinyl/Tape Converter 7.7 by MixMeister
FastStone Image Viewer 4.5
FinalTorrent 2011
Free M4a to MP3 Converter 7.0
GoBack Personal Edition
Hewlett-Packard ACLM.NET v1.1.0.0
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
HP Photo Creations
HP Photosmart 6510 series Basic Device Software
HP Photosmart 6510 series Help
HP Photosmart 6510 series Product Improvement Study
HP Product Detection
HP Update
iLivid
Intel(R) PRO Ethernet Adapter and Software
Internet Explorer (Enable DEP)
IomegaWare for Windows NT
iTunes
Java Auto Updater
Java(TM) 6 Update 37
K-Lite Mega Codec Pack 8.1.0
LiveReg (Symantec Corporation)
LiveUpdate 1.80 (Symantec Corporation)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Automated Troubleshooting Services Shim
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Encarta Encyclopedia Standard 2003
Microsoft Fix it Center
Microsoft Money 2003
Microsoft Money 2003 System Pack
Microsoft Office 2000 Premium
Microsoft Picture It! Photo 7.0
Microsoft Silverlight
Microsoft Streets and Trips 2002
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Word 2002
Microsoft Works 2003 Setup Launcher
Microsoft Works 7.0
Microsoft Works Suite Add-in for Microsoft Word
MSXML 4.0 SP2 (KB973688)
Norton AntiVirus
Norton Identity Safe
NVIDIA Display Driver
NVIDIA Drivers
Orb
Orb Runtime libraries
PC Cleaners
PC Tools Registry Mechanic 11.1
QuickTime
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Shockwave
Sound Effects
StorageSync Backup Software
System Requirements Lab
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
Window Shopper
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell(TM) 1.0
Windows XP Service Pack 3
Works Suite OS Pack
Yahoo! Software Update
.
==== Event Viewer Messages From Past Week ========
.
12/3/2012 9:34:00 AM, error: Schedule [7901] - The At3.job command failed to start due to the following error: General access denied error
12/3/2012 7:43:58 AM, error: Service Control Manager [7000] - The SAVRTPEL service failed to start due to the following error: The system cannot find the file specified.
12/3/2012 7:30:41 AM, error: Srv [2019] - The server was unable to allocate from the system nonpaged pool because the pool was empty.
12/3/2012 10:10:00 AM, error: Schedule [7901] - The At1.job command failed to start due to the following error: General access denied error
12/2/2012 8:40:00 PM, error: Schedule [7901] - The At2.job command failed to start due to the following error: General access denied error
12/2/2012 2:00:00 PM, error: Schedule [7901] - The At4.job command failed to start due to the following error: General access denied error
.
==== End Of File ===========================
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-12-09 17:31:08
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 rev.
Running: oyh1kxb2.exe; Driver: C:\DOCUME~1\John\LOCALS~1\Temp\fxdcypog.sys
---- System - GMER 1.0.15 ----
SSDT 89CDAB68 ZwAlertResumeThread
SSDT 89CDAC48 ZwAlertThread
SSDT 89CA2C68 ZwAllocateVirtualMemory
SSDT 89CCB5F8 ZwAssignProcessToJobObject
SSDT GoBack2K.sys (GoBack Engine Driver/Roxio, Inc.) ZwClose [0xF74241A0]
SSDT 89D30A90 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xB43A7ED0]
SSDT 89CDA8B8 ZwCreateMutant
SSDT 89CCB418 ZwCreateSymbolicLinkObject
SSDT 89C52870 ZwCreateThread
SSDT 89CCB6D8 ZwDebugActiveProcess
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xB43A8150]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xB43A8810]
SSDT 89CA2DE0 ZwDuplicateObject
SSDT 89CA2A20 ZwFreeVirtualMemory
SSDT GoBack2K.sys (GoBack Engine Driver/Roxio, Inc.) ZwFsControlFile [0xF7424230]
SSDT 89CDA9A8 ZwImpersonateAnonymousToken
SSDT 89CDAA88 ZwImpersonateThread
SSDT 89CFF4C0 ZwLoadDriver
SSDT 89CA2920 ZwMapViewOfSection
SSDT 89CDA7D8 ZwOpenEvent
SSDT 89CA2F80 ZwOpenProcess
SSDT 89CB16B0 ZwOpenProcessToken
SSDT 89CCB900 ZwOpenSection
SSDT 89CA2EB0 ZwOpenThread
SSDT 89CCB508 ZwProtectVirtualMemory
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwRenameKey [0xB43A8D80]
SSDT 89CDAD28 ZwResumeThread
SSDT 89CA26B0 ZwSetContextThread
SSDT 89CA2750 ZwSetInformationProcess
SSDT 89CCB7B8 ZwSetSystemInformation
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xB43A8AA0]
SSDT 89CDA6F8 ZwSuspendProcess
SSDT 89CDAE08 ZwSuspendThread
SSDT 89CB9670 ZwTerminateProcess
SSDT 89CDAEE8 ZwTerminateThread
SSDT 89CA2840 ZwUnmapViewOfSection
SSDT 89CA2B10 ZwWriteVirtualMemory
---- Kernel code sections - GMER 1.0.15 ----
? SYMDS.SYS The system cannot find the file specified. !
? SYMEFA.SYS The system cannot find the file specified. !
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB90E7340, 0x121A5F, 0xF8000020]
.text C:\WINDOWS\System32\nv4_disp.dll section is writeable [0xBF012380, 0x25BA81, 0xF8000020]
? C:\DOCUME~1\John\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !
? C:\DOCUME~1\John\LOCALS~1\Temp\fxdcypob.sys The system cannot find the file specified. !
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Java\jre6\bin\jqs.exe[276] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 00390048
.text C:\Program Files\Java\jre6\bin\jqs.exe[276] ntdll.dll!NtTerminateThread 7C90DE7E 5 Bytes JMP 0037004C
.text C:\Program Files\Java\jre6\bin\jqs.exe[276] ADVAPI32.dll!OpenSCManagerW + A3 77DE6FF8 7 Bytes JMP 0039020E
.text C:\Program Files\Java\jre6\bin\jqs.exe[276] ADVAPI32.dll!LogonUserExW + 461 77DF4A04 7 Bytes JMP 0039012A
.text C:\Program Files\Java\jre6\bin\jqs.exe[276] ADVAPI32.dll!SystemFunction025 + 8D 77DF4C61 7 Bytes JMP 00390682
.text C:\Program Files\Java\jre6\bin\jqs.exe[276] ADVAPI32.dll!SetServiceObjectSecurity + E3 77E36E64 7 Bytes JMP 0039059E
.text C:\Program Files\Java\jre6\bin\jqs.exe[276] ADVAPI32.dll!ChangeServiceConfigA + 193 77E36FFC 7 Bytes JMP 003903D6
.text C:\Program Files\Java\jre6\bin\jqs.exe[276] ADVAPI32.dll!ChangeServiceConfig2W + 83 77E3720C 2 Bytes JMP 003902F2
.text C:\Program Files\Java\jre6\bin\jqs.exe[276] ADVAPI32.dll!ChangeServiceConfig2W + 86 77E3720F 4 Bytes [55, 88, EB, F9] {PUSH EBP; MOV BL, CH; STC }
.text C:\Program Files\Java\jre6\bin\jqs.exe[276] ADVAPI32.dll!CreateServiceA + 193 77E373A4 7 Bytes JMP 003904BA
.text C:\Program Files\Java\jre6\bin\jqs.exe[276] ADVAPI32.dll!CreateServiceW + 103 77E374AC 7 Bytes JMP 00390766
.text C:\Program Files\Java\jre6\bin\jqs.exe[276] USER32.dll!DeviceEventWorker + 178 7E45A270 7 Bytes JMP 0039084A
.text C:\Program Files\Common Files\Motive\pcCMService.exe[1232] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 00390048
.text C:\Program Files\Common Files\Motive\pcCMService.exe[1232] ntdll.dll!NtTerminateThread 7C90DE7E 5 Bytes JMP 0037004C
.text C:\Program Files\Common Files\Motive\pcCMService.exe[1232] USER32.dll!DeviceEventWorker + 178 7E45A270 7 Bytes JMP 0039084A
.text C:\Program Files\Common Files\Motive\pcCMService.exe[1232] ADVAPI32.dll!OpenSCManagerW + A3 77DE6FF8 7 Bytes JMP 0039020E
.text C:\Program Files\Common Files\Motive\pcCMService.exe[1232] ADVAPI32.dll!LogonUserExW + 461 77DF4A04 7 Bytes JMP 0039012A
.text C:\Program Files\Common Files\Motive\pcCMService.exe[1232] ADVAPI32.dll!SystemFunction025 + 8D 77DF4C61 7 Bytes JMP 00390682
.text C:\Program Files\Common Files\Motive\pcCMService.exe[1232] ADVAPI32.dll!SetServiceObjectSecurity + E3 77E36E64 7 Bytes JMP 0039059E
.text C:\Program Files\Common Files\Motive\pcCMService.exe[1232] ADVAPI32.dll!ChangeServiceConfigA + 193 77E36FFC 7 Bytes JMP 003903D6
.text C:\Program Files\Common Files\Motive\pcCMService.exe[1232] ADVAPI32.dll!ChangeServiceConfig2W + 83 77E3720C 2 Bytes JMP 003902F2
.text C:\Program Files\Common Files\Motive\pcCMService.exe[1232] ADVAPI32.dll!ChangeServiceConfig2W + 86 77E3720F 4 Bytes [55, 88, EB, F9] {PUSH EBP; MOV BL, CH; STC }
.text C:\Program Files\Common Files\Motive\pcCMService.exe[1232] ADVAPI32.dll!CreateServiceA + 193 77E373A4 7 Bytes JMP 003904BA
.text C:\Program Files\Common Files\Motive\pcCMService.exe[1232] ADVAPI32.dll!CreateServiceW + 103 77E374AC 7 Bytes JMP 00390766
.text C:\Program Files\Common Files\Motive\pcServiceHost.exe[1700] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 00390048
.text C:\Program Files\Common Files\Motive\pcServiceHost.exe[1700] ntdll.dll!NtTerminateThread 7C90DE7E 5 Bytes JMP 0037004C
.text C:\Program Files\Common Files\Motive\pcServiceHost.exe[1700] USER32.dll!DeviceEventWorker + 178 7E45A270 7 Bytes JMP 0039084A
.text C:\Program Files\Common Files\Motive\pcServiceHost.exe[1700] ADVAPI32.dll!OpenSCManagerW + A3 77DE6FF8 7 Bytes JMP 0039020E
.text C:\Program Files\Common Files\Motive\pcServiceHost.exe[1700] ADVAPI32.dll!LogonUserExW + 461 77DF4A04 7 Bytes JMP 0039012A
.text C:\Program Files\Common Files\Motive\pcServiceHost.exe[1700] ADVAPI32.dll!SystemFunction025 + 8D 77DF4C61 7 Bytes JMP 00390682
.text C:\Program Files\Common Files\Motive\pcServiceHost.exe[1700] ADVAPI32.dll!SetServiceObjectSecurity + E3 77E36E64 7 Bytes JMP 0039059E
.text C:\Program Files\Common Files\Motive\pcServiceHost.exe[1700] ADVAPI32.dll!ChangeServiceConfigA + 193 77E36FFC 7 Bytes JMP 003903D6
.text C:\Program Files\Common Files\Motive\pcServiceHost.exe[1700] ADVAPI32.dll!ChangeServiceConfig2W + 83 77E3720C 2 Bytes JMP 003902F2
.text C:\Program Files\Common Files\Motive\pcServiceHost.exe[1700] ADVAPI32.dll!ChangeServiceConfig2W + 86 77E3720F 4 Bytes [55, 88, EB, F9] {PUSH EBP; MOV BL, CH; STC }
.text C:\Program Files\Common Files\Motive\pcServiceHost.exe[1700] ADVAPI32.dll!CreateServiceA + 193 77E373A4 7 Bytes JMP 003904BA
.text C:\Program Files\Common Files\Motive\pcServiceHost.exe[1700] ADVAPI32.dll!CreateServiceW + 103 77E374AC 7 Bytes JMP 00390766
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1928] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 00390048
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1928] ntdll.dll!NtTerminateThread 7C90DE7E 5 Bytes JMP 0037004C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1928] ADVAPI32.dll!OpenSCManagerW + A3 77DE6FF8 7 Bytes JMP 0039020E
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1928] ADVAPI32.dll!LogonUserExW + 461 77DF4A04 7 Bytes JMP 0039012A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1928] ADVAPI32.dll!SystemFunction025 + 8D 77DF4C61 7 Bytes JMP 00390682
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1928] ADVAPI32.dll!SetServiceObjectSecurity + E3 77E36E64 7 Bytes JMP 0039059E
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1928] ADVAPI32.dll!ChangeServiceConfigA + 193 77E36FFC 7 Bytes JMP 003903D6
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1928] ADVAPI32.dll!ChangeServiceConfig2W + 83 77E3720C 2 Bytes JMP 003902F2
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1928] ADVAPI32.dll!ChangeServiceConfig2W + 86 77E3720F 4 Bytes [55, 88, EB, F9] {PUSH EBP; MOV BL, CH; STC }
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1928] ADVAPI32.dll!CreateServiceA + 193 77E373A4 7 Bytes JMP 003904BA
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1928] ADVAPI32.dll!CreateServiceW + 103 77E374AC 7 Bytes JMP 00390766
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1928] USER32.dll!DeviceEventWorker + 178 7E45A270 7 Bytes JMP 0039084A
.text C:\Program Files\Bonjour\mDNSResponder.exe[1948] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 00390048
.text C:\Program Files\Bonjour\mDNSResponder.exe[1948] ntdll.dll!NtTerminateThread 7C90DE7E 5 Bytes JMP 0037004C
.text C:\Program Files\Bonjour\mDNSResponder.exe[1948] ADVAPI32.dll!OpenSCManagerW + A3 77DE6FF8 7 Bytes JMP 0039020E
.text C:\Program Files\Bonjour\mDNSResponder.exe[1948] ADVAPI32.dll!LogonUserExW + 461 77DF4A04 7 Bytes JMP 0039012A
.text C:\Program Files\Bonjour\mDNSResponder.exe[1948] ADVAPI32.dll!SystemFunction025 + 8D 77DF4C61 7 Bytes JMP 00390682
.text C:\Program Files\Bonjour\mDNSResponder.exe[1948] ADVAPI32.dll!SetServiceObjectSecurity + E3 77E36E64 7 Bytes JMP 0039059E
.text C:\Program Files\Bonjour\mDNSResponder.exe[1948] ADVAPI32.dll!ChangeServiceConfigA + 193 77E36FFC 7 Bytes JMP 003903D6
.text C:\Program Files\Bonjour\mDNSResponder.exe[1948] ADVAPI32.dll!ChangeServiceConfig2W + 83 77E3720C 2 Bytes JMP 003902F2
.text C:\Program Files\Bonjour\mDNSResponder.exe[1948] ADVAPI32.dll!ChangeServiceConfig2W + 86 77E3720F 4 Bytes [55, 88, EB, F9] {PUSH EBP; MOV BL, CH; STC }
.text C:\Program Files\Bonjour\mDNSResponder.exe[1948] ADVAPI32.dll!CreateServiceA + 193 77E373A4 7 Bytes JMP 003904BA
.text C:\Program Files\Bonjour\mDNSResponder.exe[1948] ADVAPI32.dll!CreateServiceW + 103 77E374AC 7 Bytes JMP 00390766
.text C:\Program Files\Bonjour\mDNSResponder.exe[1948] USER32.dll!DeviceEventWorker + 178 7E45A270 7 Bytes JMP 0039084A
.text C:\Program Files\Roxio\GoBack\GBPoll.exe[2016] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 00380048
.text C:\Program Files\Roxio\GoBack\GBPoll.exe[2016] ntdll.dll!NtTerminateThread 7C90DE7E 5 Bytes JMP 0036004C
.text C:\Program Files\Roxio\GoBack\GBPoll.exe[2016] USER32.dll!DeviceEventWorker + 178 7E45A270 7 Bytes JMP 0038084A
.text C:\Program Files\Roxio\GoBack\GBPoll.exe[2016] ADVAPI32.dll!OpenSCManagerW + A3 77DE6FF8 7 Bytes JMP 0038020E
.text C:\Program Files\Roxio\GoBack\GBPoll.exe[2016] ADVAPI32.dll!LogonUserExW + 461 77DF4A04 7 Bytes JMP 0038012A
.text C:\Program Files\Roxio\GoBack\GBPoll.exe[2016] ADVAPI32.dll!SystemFunction025 + 8D 77DF4C61 7 Bytes JMP 00380682
.text C:\Program Files\Roxio\GoBack\GBPoll.exe[2016] ADVAPI32.dll!SetServiceObjectSecurity + E3 77E36E64 7 Bytes JMP 0038059E
.text C:\Program Files\Roxio\GoBack\GBPoll.exe[2016] ADVAPI32.dll!ChangeServiceConfigA + 193 77E36FFC 7 Bytes JMP 003803D6
.text C:\Program Files\Roxio\GoBack\GBPoll.exe[2016] ADVAPI32.dll!ChangeServiceConfig2W + 83 77E3720C 2 Bytes JMP 003802F2
.text C:\Program Files\Roxio\GoBack\GBPoll.exe[2016] ADVAPI32.dll!ChangeServiceConfig2W + 86 77E3720F 4 Bytes [54, 88, EB, F9] {PUSH ESP; MOV BL, CH; STC }
.text C:\Program Files\Roxio\GoBack\GBPoll.exe[2016] ADVAPI32.dll!CreateServiceA + 193 77E373A4 7 Bytes JMP 003804BA
.text C:\Program Files\Roxio\GoBack\GBPoll.exe[2016] ADVAPI32.dll!CreateServiceW + 103 77E374AC 7 Bytes JMP 00380766
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2268] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 00390048
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2268] ntdll.dll!NtTerminateThread 7C90DE7E 5 Bytes JMP 0037004C
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2268] ADVAPI32.dll!OpenSCManagerW + A3 77DE6FF8 7 Bytes JMP 0039020E
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2268] ADVAPI32.dll!LogonUserExW + 461 77DF4A04 7 Bytes JMP 0039012A
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2268] ADVAPI32.dll!SystemFunction025 + 8D 77DF4C61 7 Bytes JMP 00390682
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2268] ADVAPI32.dll!SetServiceObjectSecurity + E3 77E36E64 7 Bytes JMP 0039059E
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2268] ADVAPI32.dll!ChangeServiceConfigA + 193 77E36FFC 7 Bytes JMP 003903D6
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2268] ADVAPI32.dll!ChangeServiceConfig2W + 83 77E3720C 2 Bytes JMP 003902F2
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2268] ADVAPI32.dll!ChangeServiceConfig2W + 86 77E3720F 4 Bytes [55, 88, EB, F9] {PUSH EBP; MOV BL, CH; STC }
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2268] ADVAPI32.dll!CreateServiceA + 193 77E373A4 7 Bytes JMP 003904BA
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2268] ADVAPI32.dll!CreateServiceW + 103 77E374AC 7 Bytes JMP 00390766
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2268] USER32.dll!DeviceEventWorker + 178 7E45A270 7 Bytes JMP 0039084A
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3012] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 00390048
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3012] ntdll.dll!NtTerminateThread 7C90DE7E 5 Bytes JMP 0037004C
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3012] USER32.dll!DeviceEventWorker + 178 7E45A270 7 Bytes JMP 0039084A
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3012] ADVAPI32.dll!OpenSCManagerW + A3 77DE6FF8 7 Bytes JMP 0039020E
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3012] ADVAPI32.dll!LogonUserExW + 461 77DF4A04 7 Bytes JMP 0039012A
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3012] ADVAPI32.dll!SystemFunction025 + 8D 77DF4C61 7 Bytes JMP 00390682
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3012] ADVAPI32.dll!SetServiceObjectSecurity + E3 77E36E64 7 Bytes JMP 0039059E
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3012] ADVAPI32.dll!ChangeServiceConfigA + 193 77E36FFC 7 Bytes JMP 003903D6
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3012] ADVAPI32.dll!ChangeServiceConfig2W + 83 77E3720C 2 Bytes JMP 003902F2
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3012] ADVAPI32.dll!ChangeServiceConfig2W + 86 77E3720F 4 Bytes [55, 88, EB, F9] {PUSH EBP; MOV BL, CH; STC }
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3012] ADVAPI32.dll!CreateServiceA + 193 77E373A4 7 Bytes JMP 003904BA
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3012] ADVAPI32.dll!CreateServiceW + 103 77E374AC 7 Bytes JMP 00390766
.text C:\Program Files\PC Cleaners\PCCleaners.exe[3476] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 003A0048
.text C:\Program Files\PC Cleaners\PCCleaners.exe[3476] ntdll.dll!NtTerminateThread 7C90DE7E 5 Bytes JMP 0038004C
.text C:\Program Files\PC Cleaners\PCCleaners.exe[3476] ADVAPI32.dll!OpenSCManagerW + A3 77DE6FF8 7 Bytes JMP 003A020E
.text C:\Program Files\PC Cleaners\PCCleaners.exe[3476] ADVAPI32.dll!LogonUserExW + 461 77DF4A04 7 Bytes JMP 003A012A
.text C:\Program Files\PC Cleaners\PCCleaners.exe[3476] ADVAPI32.dll!SystemFunction025 + 8D 77DF4C61 7 Bytes JMP 003A0682
.text C:\Program Files\PC Cleaners\PCCleaners.exe[3476] ADVAPI32.dll!SetServiceObjectSecurity + E3 77E36E64 7 Bytes JMP 003A059E
.text C:\Program Files\PC Cleaners\PCCleaners.exe[3476] ADVAPI32.dll!ChangeServiceConfigA + 193 77E36FFC 7 Bytes JMP 003A03D6
.text C:\Program Files\PC Cleaners\PCCleaners.exe[3476] ADVAPI32.dll!ChangeServiceConfig2W + 83 77E3720C 2 Bytes JMP 003A02F2
.text C:\Program Files\PC Cleaners\PCCleaners.exe[3476] ADVAPI32.dll!ChangeServiceConfig2W + 86 77E3720F 4 Bytes [56, 88, EB, F9] {PUSH ESI; MOV BL, CH; STC }
.text C:\Program Files\PC Cleaners\PCCleaners.exe[3476] ADVAPI32.dll!CreateServiceA + 193 77E373A4 7 Bytes JMP 003A04BA
.text C:\Program Files\PC Cleaners\PCCleaners.exe[3476] ADVAPI32.dll!CreateServiceW + 103 77E374AC 7 Bytes JMP 003A0766
.text C:\Program Files\PC Cleaners\PCCleaners.exe[3476] USER32.dll!DeviceEventWorker + 178 7E45A270 7 Bytes JMP 003A0A0E
.text C:\Program Files\ATT-SST\pcTrayApp.exe[3500] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 00390048
.text C:\Program Files\ATT-SST\pcTrayApp.exe[3500] ntdll.dll!NtTerminateThread 7C90DE7E 5 Bytes JMP 0037004C
.text C:\Program Files\ATT-SST\pcTrayApp.exe[3500] USER32.dll!DeviceEventWorker + 178 7E45A270 7 Bytes JMP 00390A0E
.text C:\Program Files\ATT-SST\pcTrayApp.exe[3500] ADVAPI32.dll!OpenSCManagerW + A3 77DE6FF8 7 Bytes JMP 0039020E
.text C:\Program Files\ATT-SST\pcTrayApp.exe[3500] ADVAPI32.dll!LogonUserExW + 461 77DF4A04 7 Bytes JMP 0039012A
.text C:\Program Files\ATT-SST\pcTrayApp.exe[3500] ADVAPI32.dll!SystemFunction025 + 8D 77DF4C61 7 Bytes JMP 00390682
.text C:\Program Files\ATT-SST\pcTrayApp.exe[3500] ADVAPI32.dll!SetServiceObjectSecurity + E3 77E36E64 7 Bytes JMP 0039059E
.text C:\Program Files\ATT-SST\pcTrayApp.exe[3500] ADVAPI32.dll!ChangeServiceConfigA + 193 77E36FFC 7 Bytes JMP 003903D6
.text C:\Program Files\ATT-SST\pcTrayApp.exe[3500] ADVAPI32.dll!ChangeServiceConfig2W + 83 77E3720C 2 Bytes JMP 003902F2
.text C:\Program Files\ATT-SST\pcTrayApp.exe[3500] ADVAPI32.dll!ChangeServiceConfig2W + 86 77E3720F 4 Bytes [55, 88, EB, F9] {PUSH EBP; MOV BL, CH; STC }
.text C:\Program Files\ATT-SST\pcTrayApp.exe[3500] ADVAPI32.dll!CreateServiceA + 193 77E373A4 7 Bytes JMP 003904BA
.text C:\Program Files\ATT-SST\pcTrayApp.exe[3500] ADVAPI32.dll!CreateServiceW + 103 77E374AC 7 Bytes JMP 00390766
.text C:\Program Files\iTunes\iTunesHelper.exe[3580] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 00390048
.text C:\Program Files\iTunes\iTunesHelper.exe[3580] ntdll.dll!NtTerminateThread 7C90DE7E 5 Bytes JMP 0037004C
.text C:\Program Files\iTunes\iTunesHelper.exe[3580] ADVAPI32.dll!OpenSCManagerW + A3 77DE6FF8 7 Bytes JMP 0039020E
.text C:\Program Files\iTunes\iTunesHelper.exe[3580] ADVAPI32.dll!LogonUserExW + 461 77DF4A04 7 Bytes JMP 0039012A
.text C:\Program Files\iTunes\iTunesHelper.exe[3580] ADVAPI32.dll!SystemFunction025 + 8D 77DF4C61 7 Bytes JMP 00390682
.text C:\Program Files\iTunes\iTunesHelper.exe[3580] ADVAPI32.dll!SetServiceObjectSecurity + E3 77E36E64 7 Bytes JMP 0039059E
.text C:\Program Files\iTunes\iTunesHelper.exe[3580] ADVAPI32.dll!ChangeServiceConfigA + 193 77E36FFC 7 Bytes JMP 003903D6
.text C:\Program Files\iTunes\iTunesHelper.exe[3580] ADVAPI32.dll!ChangeServiceConfig2W + 83 77E3720C 2 Bytes JMP 003902F2
.text C:\Program Files\iTunes\iTunesHelper.exe[3580] ADVAPI32.dll!ChangeServiceConfig2W + 86 77E3720F 4 Bytes [55, 88, EB, F9] {PUSH EBP; MOV BL, CH; STC }
.text C:\Program Files\iTunes\iTunesHelper.exe[3580] ADVAPI32.dll!CreateServiceA + 193 77E373A4 7 Bytes JMP 003904BA
.text C:\Program Files\iTunes\iTunesHelper.exe[3580] ADVAPI32.dll!CreateServiceW + 103 77E374AC 7 Bytes JMP 00390766
.text C:\Program Files\iTunes\iTunesHelper.exe[3580] USER32.dll!DeviceEventWorker + 178 7E45A270 7 Bytes JMP 0039084A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3588] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 003A0048
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3588] ntdll.dll!NtTerminateThread 7C90DE7E 5 Bytes JMP 0038004C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3588] ADVAPI32.dll!OpenSCManagerW + A3 77DE6FF8 7 Bytes JMP 003A020E
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3588] ADVAPI32.dll!LogonUserExW + 461 77DF4A04 7 Bytes JMP 003A012A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3588] ADVAPI32.dll!SystemFunction025 + 8D 77DF4C61 7 Bytes JMP 003A0682
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3588] ADVAPI32.dll!SetServiceObjectSecurity + E3 77E36E64 7 Bytes JMP 003A059E
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3588] ADVAPI32.dll!ChangeServiceConfigA + 193 77E36FFC 7 Bytes JMP 003A03D6
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3588] ADVAPI32.dll!ChangeServiceConfig2W + 83 77E3720C 2 Bytes JMP 003A02F2
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3588] ADVAPI32.dll!ChangeServiceConfig2W + 86 77E3720F 4 Bytes [56, 88, EB, F9] {PUSH ESI; MOV BL, CH; STC }
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3588] ADVAPI32.dll!CreateServiceA + 193 77E373A4 7 Bytes JMP 003A04BA
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3588] ADVAPI32.dll!CreateServiceW + 103 77E374AC 7 Bytes JMP 003A0766
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3588] USER32.dll!DeviceEventWorker + 178 7E45A270 7 Bytes JMP 003A0A0E
.text C:\Program Files\iPod\bin\iPodService.exe[4044] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 00390048
.text C:\Program Files\iPod\bin\iPodService.exe[4044] ntdll.dll!NtTerminateThread 7C90DE7E 5 Bytes JMP 0037004C
.text C:\Program Files\iPod\bin\iPodService.exe[4044] ADVAPI32.dll!OpenSCManagerW + A3 77DE6FF8 7 Bytes JMP 0039020E
.text C:\Program Files\iPod\bin\iPodService.exe[4044] ADVAPI32.dll!LogonUserExW + 461 77DF4A04 7 Bytes JMP 0039012A
.text C:\Program Files\iPod\bin\iPodService.exe[4044] ADVAPI32.dll!SystemFunction025 + 8D 77DF4C61 7 Bytes JMP 00390682
.text C:\Program Files\iPod\bin\iPodService.exe[4044] ADVAPI32.dll!SetServiceObjectSecurity + E3 77E36E64 7 Bytes JMP 0039059E
.text C:\Program Files\iPod\bin\iPodService.exe[4044] ADVAPI32.dll!ChangeServiceConfigA + 193 77E36FFC 7 Bytes JMP 003903D6
.text C:\Program Files\iPod\bin\iPodService.exe[4044] ADVAPI32.dll!ChangeServiceConfig2W + 83 77E3720C 2 Bytes JMP 003902F2
.text C:\Program Files\iPod\bin\iPodService.exe[4044] ADVAPI32.dll!ChangeServiceConfig2W + 86 77E3720F 4 Bytes [55, 88, EB, F9] {PUSH EBP; MOV BL, CH; STC }
.text C:\Program Files\iPod\bin\iPodService.exe[4044] ADVAPI32.dll!CreateServiceA + 193 77E373A4 7 Bytes JMP 003904BA
.text C:\Program Files\iPod\bin\iPodService.exe[4044] ADVAPI32.dll!CreateServiceW + 103 77E374AC 7 Bytes JMP 00390766
.text C:\Program Files\iPod\bin\iPodService.exe[4044] USER32.dll!DeviceEventWorker + 178 7E45A270 7 Bytes JMP 0039084A
.text C:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe[4180] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 003A0048
.text C:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe[4180] ntdll.dll!NtTerminateThread 7C90DE7E 5 Bytes JMP 0038004C
.text C:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe[4180] USER32.dll!DeviceEventWorker + 178 7E45A270 7 Bytes JMP 003A0A0E
.text C:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe[4180] ADVAPI32.dll!OpenSCManagerW + A3 77DE6FF8 7 Bytes JMP 003A020E
.text C:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe[4180] ADVAPI32.dll!LogonUserExW + 461 77DF4A04 7 Bytes JMP 003A012A
.text C:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe[4180] ADVAPI32.dll!SystemFunction025 + 8D 77DF4C61 7 Bytes JMP 003A0682
.text C:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe[4180] ADVAPI32.dll!SetServiceObjectSecurity + E3 77E36E64 7 Bytes JMP 003A059E
.text C:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe[4180] ADVAPI32.dll!ChangeServiceConfigA + 193 77E36FFC 7 Bytes JMP 003A03D6
.text C:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe[4180] ADVAPI32.dll!ChangeServiceConfig2W + 83 77E3720C 2 Bytes JMP 003A02F2
.text C:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe[4180] ADVAPI32.dll!ChangeServiceConfig2W + 86 77E3720F 4 Bytes [56, 88, EB, F9] {PUSH ESI; MOV BL, CH; STC }
.text C:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe[4180] ADVAPI32.dll!CreateServiceA + 193 77E373A4 7 Bytes JMP 003A04BA
.text C:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe[4180] ADVAPI32.dll!CreateServiceW + 103 77E374AC 7 Bytes JMP 003A0766
.text C:\Program Files\Roxio\GoBack\GBTray.exe[4460] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 00380048
.text C:\Program Files\Roxio\GoBack\GBTray.exe[4460] ntdll.dll!NtTerminateThread 7C90DE7E 5 Bytes JMP 0036004C
.text C:\Program Files\Roxio\GoBack\GBTray.exe[4460] USER32.dll!DeviceEventWorker + 178 7E45A270 7 Bytes JMP 0038084A
.text C:\Program Files\Roxio\GoBack\GBTray.exe[4460] ADVAPI32.dll!OpenSCManagerW + A3 77DE6FF8 7 Bytes JMP 0038020E
.text C:\Program Files\Roxio\GoBack\GBTray.exe[4460] ADVAPI32.dll!LogonUserExW + 461 77DF4A04 7 Bytes JMP 0038012A
.text C:\Program Files\Roxio\GoBack\GBTray.exe[4460] ADVAPI32.dll!SystemFunction025 + 8D 77DF4C61 7 Bytes JMP 00380682
.text C:\Program Files\Roxio\GoBack\GBTray.exe[4460] ADVAPI32.dll!SetServiceObjectSecurity + E3 77E36E64 7 Bytes JMP 0038059E
.text C:\Program Files\Roxio\GoBack\GBTray.exe[4460] ADVAPI32.dll!ChangeServiceConfigA + 193 77E36FFC 7 Bytes JMP 003803D6
.text C:\Program Files\Roxio\GoBack\GBTray.exe[4460] ADVAPI32.dll!ChangeServiceConfig2W + 83 77E3720C 2 Bytes JMP 003802F2
.text C:\Program Files\Roxio\GoBack\GBTray.exe[4460] ADVAPI32.dll!ChangeServiceConfig2W + 86 77E3720F 4 Bytes [54, 88, EB, F9] {PUSH ESP; MOV BL, CH; STC }
.text C:\Program Files\Roxio\GoBack\GBTray.exe[4460] ADVAPI32.dll!CreateServiceA + 193 77E373A4 7 Bytes JMP 003804BA
.text C:\Program Files\Roxio\GoBack\GBTray.exe[4460] ADVAPI32.dll!CreateServiceW + 103 77E374AC 7 Bytes JMP 00380766
.text C:\Program Files\HP\HP Photosmart 6510 series\Bin\HPNetworkCommunicator.exe[5124] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 003A0048
.text C:\Program Files\HP\HP Photosmart 6510 series\Bin\HPNetworkCommunicator.exe[5124] ntdll.dll!NtTerminateThread 7C90DE7E 5 Bytes JMP 0038004C
.text C:\Program Files\HP\HP Photosmart 6510 series\Bin\HPNetworkCommunicator.exe[5124] ADVAPI32.dll!OpenSCManagerW + A3 77DE6FF8 7 Bytes JMP 003A020E
.text C:\Program Files\HP\HP Photosmart 6510 series\Bin\HPNetworkCommunicator.exe[5124] ADVAPI32.dll!LogonUserExW + 461 77DF4A04 7 Bytes JMP 003A012A
.text C:\Program Files\HP\HP Photosmart 6510 series\Bin\HPNetworkCommunicator.exe[5124] ADVAPI32.dll!SystemFunction025 + 8D 77DF4C61 7 Bytes JMP 003A0682
.text C:\Program Files\HP\HP Photosmart 6510 series\Bin\HPNetworkCommunicator.exe[5124] ADVAPI32.dll!SetServiceObjectSecurity + E3 77E36E64 7 Bytes JMP 003A059E
.text C:\Program Files\HP\HP Photosmart 6510 series\Bin\HPNetworkCommunicator.exe[5124] ADVAPI32.dll!ChangeServiceConfigA + 193 77E36FFC 7 Bytes JMP 003A03D6
.text C:\Program Files\HP\HP Photosmart 6510 series\Bin\HPNetworkCommunicator.exe[5124] ADVAPI32.dll!ChangeServiceConfig2W + 83 77E3720C 2 Bytes JMP 003A02F2
.text C:\Program Files\HP\HP Photosmart 6510 series\Bin\HPNetworkCommunicator.exe[5124] ADVAPI32.dll!ChangeServiceConfig2W + 86 77E3720F 4 Bytes [56, 88, EB, F9] {PUSH ESI; MOV BL, CH; STC }
.text C:\Program Files\HP\HP Photosmart 6510 series\Bin\HPNetworkCommunicator.exe[5124] ADVAPI32.dll!CreateServiceA + 193 77E373A4 7 Bytes JMP 003A04BA
.text C:\Program Files\HP\HP Photosmart 6510 series\Bin\HPNetworkCommunicator.exe[5124] ADVAPI32.dll!CreateServiceW + 103 77E374AC 7 Bytes JMP 003A0766
.text C:\Program Files\HP\HP Photosmart 6510 series\Bin\HPNetworkCommunicator.exe[5124] USER32.dll!DeviceEventWorker + 178 7E45A270 7 Bytes JMP 003A0A0E
.text C:\Program Files\FastStone Capture\FastStone Capture 5.3\FSCapture.exe[124444] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 00390048
.text C:\Program Files\FastStone Capture\FastStone Capture 5.3\FSCapture.exe[124444] ntdll.dll!NtTerminateThread 7C90DE7E 5 Bytes JMP 0037004C
.text C:\Program Files\FastStone Capture\FastStone Capture 5.3\FSCapture.exe[124444] advapi32.dll!OpenSCManagerW + A3 77DE6FF8 7 Bytes JMP 0039020E
.text C:\Program Files\FastStone Capture\FastStone Capture 5.3\FSCapture.exe[124444] advapi32.dll!LogonUserExW + 461 77DF4A04 7 Bytes JMP 0039012A
.text C:\Program Files\FastStone Capture\FastStone Capture 5.3\FSCapture.exe[124444] advapi32.dll!SystemFunction025 + 8D 77DF4C61 7 Bytes JMP 00390682
.text C:\Program Files\FastStone Capture\FastStone Capture 5.3\FSCapture.exe[124444] advapi32.dll!SetServiceObjectSecurity + E3 77E36E64 7 Bytes JMP 0039059E
.text C:\Program Files\FastStone Capture\FastStone Capture 5.3\FSCapture.exe[124444] advapi32.dll!ChangeServiceConfigA + 193 77E36FFC 7 Bytes JMP 003903D6
.text C:\Program Files\FastStone Capture\FastStone Capture 5.3\FSCapture.exe[124444] advapi32.dll!ChangeServiceConfig2W + 83 77E3720C 2 Bytes JMP 003902F2
.text C:\Program Files\FastStone Capture\FastStone Capture 5.3\FSCapture.exe[124444] advapi32.dll!ChangeServiceConfig2W + 86 77E3720F 4 Bytes [55, 88, EB, F9] {PUSH EBP; MOV BL, CH; STC }
.text C:\Program Files\FastStone Capture\FastStone Capture 5.3\FSCapture.exe[124444] advapi32.dll!CreateServiceA + 193 77E373A4 7 Bytes JMP 003904BA
.text C:\Program Files\FastStone Capture\FastStone Capture 5.3\FSCapture.exe[124444] advapi32.dll!CreateServiceW + 103 77E374AC 7 Bytes JMP 00390766
.text C:\Program Files\FastStone Capture\FastStone Capture 5.3\FSCapture.exe[124444] USER32.dll!DeviceEventWorker + 178 7E45A270 7 Bytes JMP 0039084A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[179620] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[179620] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[179620] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E725F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[179620] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E7191 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[179620] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E71FC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[179620] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E7062 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[179620] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E70C4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[179620] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E72C2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[179620] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E7126 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[179756] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 02B50048
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[179756] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 02B5012A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[179756] kernel32.dll!VirtualProtectEx + 6E 7C801ACF 7 Bytes JMP 02B50594
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[179756] kernel32.dll!ReadProcessMemory + 3E 7C80220E 7 Bytes JMP 02B502EE
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[179756] kernel32.dll!lstrlenW + 43 7C809AEC 7 Bytes JMP 02B504B2
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[179756] kernel32.dll!CreateRemoteThread + 206 7C8106D2 7 Bytes JMP 02B5020C
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[179756] kernel32.dll!GetVersionExA + D3 7C812C51 7 Bytes JMP 02B50676
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[179756] kernel32.dll!GetProcessHandleCount + 35 7C86229F 7 Bytes JMP 02B503D0
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[179756] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[179756] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AB5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[179756] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD12D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[179756] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[179756] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25466C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[179756] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E725F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[179756] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E7191 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[179756] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E71FC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[179756] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E7062 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[179756] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E70C4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[179756] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E72C2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[179756] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E7126 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[179756] ole32.dll!CreateBindCtx + B5F 774FF15F 7 Bytes JMP 02B5083A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[179756] ole32.dll!CoCreateInstance 774FF1BC 5 Bytes JMP 3E2EDB80 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[179756] ole32.dll!CoImpersonateClient + 51 77515200 7 Bytes JMP 02B50758
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[179756] ole32.dll!OleLoadFromStream 7752983B 5 Bytes JMP 3E3E75C7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Documents and Settings\John\Desktop\oyh1kxb2.exe[331692] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 00390048
.text C:\Documents and Settings\John\Desktop\oyh1kxb2.exe[331692] ntdll.dll!NtTerminateThread 7C90DE7E 5 Bytes JMP 0037004C
.text C:\Documents and Settings\John\Desktop\oyh1kxb2.exe[331692] ADVAPI32.dll!OpenSCManagerW + A3 77DE6FF8 7 Bytes JMP 0039020E
.text C:\Documents and Settings\John\Desktop\oyh1kxb2.exe[331692] ADVAPI32.dll!LogonUserExW + 461 77DF4A04 7 Bytes JMP 0039012A
.text C:\Documents and Settings\John\Desktop\oyh1kxb2.exe[331692] ADVAPI32.dll!SystemFunction025 + 8D 77DF4C61 7 Bytes JMP 00390682
.text C:\Documents and Settings\John\Desktop\oyh1kxb2.exe[331692] ADVAPI32.dll!SetServiceObjectSecurity + E3 77E36E64 7 Bytes JMP 0039059E
.text C:\Documents and Settings\John\Desktop\oyh1kxb2.exe[331692] ADVAPI32.dll!ChangeServiceConfigA + 193 77E36FFC 7 Bytes JMP 003903D6
.text C:\Documents and Settings\John\Desktop\oyh1kxb2.exe[331692] ADVAPI32.dll!ChangeServiceConfig2W + 83 77E3720C 2 Bytes JMP 003902F2
.text C:\Documents and Settings\John\Desktop\oyh1kxb2.exe[331692] ADVAPI32.dll!ChangeServiceConfig2W + 86 77E3720F 4 Bytes [55, 88, EB, F9] {PUSH EBP; MOV BL, CH; STC }
.text C:\Documents and Settings\John\Desktop\oyh1kxb2.exe[331692] ADVAPI32.dll!CreateServiceA + 193 77E373A4 7 Bytes JMP 003904BA
.text C:\Documents and Settings\John\Desktop\oyh1kxb2.exe[331692] ADVAPI32.dll!CreateServiceW + 103 77E374AC 7 Bytes JMP 00390766
.text C:\Documents and Settings\John\Desktop\oyh1kxb2.exe[331692] USER32.dll!DeviceEventWorker + 178 7E45A270 7 Bytes JMP 0039084A
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs GBFSHook.SYS (GoBack File System Hook Driver/Roxio, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
Device \Driver\Disk \Device\Harddisk0\DR0 GoBack2K.sys (GoBack Engine Driver/Roxio, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
Device \Driver\Disk \Device\Harddisk1\DR2 GoBack2K.sys (GoBack Engine Driver/Roxio, Inc.)
Device \Driver\Disk \Device\Harddisk1\DP(1)0-0+4 GoBack2K.sys (GoBack Engine Driver/Roxio, Inc.)
Device \Driver\Disk \Device\Harddisk2\DR3 GoBack2K.sys (GoBack Engine Driver/Roxio, Inc.)
Device \Driver\Disk \Device\Harddisk2\DP(1)0-0+5 GoBack2K.sys (GoBack Engine Driver/Roxio, Inc.)
Device \Driver\Disk \Device\Harddisk3\DR6 GoBack2K.sys (GoBack Engine Driver/Roxio, Inc.)
Device \Driver\Disk \Device\Harddisk4\DR18 GoBack2K.sys (GoBack Engine Driver/Roxio, Inc.)
Device \Driver\Disk \Device\Harddisk4\DP(1)0-0+13 GoBack2K.sys (GoBack Engine Driver/Roxio, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat FLTMGR.SYS (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Processes - GMER 1.0.15 ----
Process hidden process (*** hidden *** ) 4012
Process hidden process (*** hidden *** ) 12920
Process hidden process (*** hidden *** ) 43932
Process hidden process (*** hidden *** ) 48548
Process hidden process (*** hidden *** ) 48684
Process hidden process (*** hidden *** ) 58908
---- Registry - GMER 1.0.15 ----
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-854245398-1614895754-725345543-1003\Extension-List\{00000000-0000-0000-0000-000000000000}@StartTimeLo 216132214
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-854245398-1614895754-725345543-1003\Extension-List\{00000000-0000-0000-0000-000000000000}@StartTimeHi 30266941
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-854245398-1614895754-725345543-1003\Extension-List\{00000000-0000-0000-0000-000000000000}@EndTimeLo 216444714
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-854245398-1614895754-725345543-1003\Extension-List\{00000000-0000-0000-0000-000000000000}@EndTimeHi 30266941
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior
---- Files - GMER 1.0.15 ----
File C:\WINDOWS\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D\wuredir.cab.bak 16780 bytes
---- EOF - GMER 1.0.15 ----
Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows XP Professional, Service Pack 3, 32 bit
Processor: Intel(R) Pentium(R) 4 CPU 2.40GHz, x86 Family 15 Model 2 Stepping 4
Processor Count: 1
RAM: 1278 Mb
Graphics Card: NVIDIA GeForce4 MX 420, 64 Mb
Hard Drives: C: Total - 55882 MB, Free - 31814 MB; D: Total - 58580 MB, Free - 54505 MB; G: Total - 152625 MB, Free - 65673 MB;
Motherboard: Dell Computer Corp.,
Antivirus: PC Cleaner Pro, Updated: Yes, On-Demand Scanner: Disabled
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:25:30 PM, on 12/9/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Roxio\GoBack\GBPoll.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton AntiVirus\Engine\20.2.0.19\ccSvcHst.exe
C:\Program Files\Norton Identity Safe\Engine\2013.2.0.18\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Norton AntiVirus\Engine\20.2.0.19\ccSvcHst.exe
C:\Program Files\Common Files\Motive\pcCMService.exe
C:\Program Files\Common Files\Motive\pcServiceHost.exe
C:\Program Files\Norton Identity Safe\Engine\2013.2.0.18\ccSvcHst.exe
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\PC Cleaners\PCCleaners.exe
C:\Program Files\ATT-SST\pcTrayApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Roxio\GoBack\GBTray.exe
C:\Program Files\HP\HP Photosmart 6510 series\Bin\HPNetworkCommunicator.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\FastStone Capture\FastStone Capture 5.3\FSCapture.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\20.2.0.19\IPS\IPSBHO.DLL
O2 - BHO: WindowShopper - {74F475FA-6C75-43BD-AAB9-ECDA6184F600} - C:\Program Files\Superfish\Window Shopper\SuperfishIEAddon.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Norton Identity Protection - {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files\Norton Identity Safe\Engine\2013.2.0.18\coIEPlg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files\Norton Identity Safe\Engine\2013.2.0.18\coIEPlg.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [PC Cleaners] "C:\Program Files\PC Cleaners\PCCleaners.exe" /minimize
O4 - HKLM\..\Run: [ATT-SST_McciTrayApp] "C:\Program Files\ATT-SST\pcTrayApp.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [StrgSync.exe] C:\Program Files\StorageSync\StrgSync.exe -w
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [HP Photosmart 6510 series (NET)] "C:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN1BJ4103N05QB:NW" -scfn "HP Photosmart 6510 series (NET)" -AutoStart 1
O4 - HKCU\..\Run: [93BDFB8E35BFC01D73B090163BC1144A8EF10A34._service_run] "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=service
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: GoBack.lnk = C:\Program Files\Roxio\GoBack\GBTray.exe
O4 - Global Startup: Refresh.lnk = C:\Program Files\Iomega\Tools_NT\refresh.exe
O4 - Global Startup: Splash.lnk = C:\Program Files\Iomega\Tools_NT\splash.exe
O9 - Extra button: Window Shopper - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - C:\Program Files\Superfish\Window Shopper\SuperfishIEAddon.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: GBPoll - Roxio, Inc. - C:\Program Files\Roxio\GoBack\GBPoll.exe
O23 - Service: IomegaAccess - Iomega Corporation - C:\Program Files\Iomega\Tools_NT\iomegaaccess.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Norton AntiVirus (NAV) - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\20.2.0.19\ccSvcHst.exe
O23 - Service: Norton Identity Safe (NCO) - Symantec Corporation - C:\Program Files\Norton Identity Safe\Engine\2013.2.0.18\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: pcCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\pcCMService.exe
O23 - Service: pcServiceHost - Alcatel-Lucent - C:\Program Files\Common Files\Motive\pcServiceHost.exe
O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
O23 - Service: ZipToA - Unknown owner - C:\WINDOWS\system32\ZipToA.exe
--
End of file - 9019 bytes
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by John at 14:26:29 on 2012-12-09
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1279.365 [GMT -5:00]
.
AV: PC Cleaner Pro *Disabled/Updated* {737A8864-C2D9-4337-B49A-B5E35815B9BB}
AV: Norton AntiVirus *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Roxio\GoBack\GBPoll.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton AntiVirus\Engine\20.2.0.19\ccSvcHst.exe
C:\Program Files\Norton Identity Safe\Engine\2013.2.0.18\ccSvcHst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Norton AntiVirus\Engine\20.2.0.19\ccSvcHst.exe
C:\Program Files\Common Files\Motive\pcCMService.exe
C:\Program Files\Common Files\Motive\pcServiceHost.exe
C:\Program Files\Norton Identity Safe\Engine\2013.2.0.18\ccSvcHst.exe
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\PC Cleaners\PCCleaners.exe
C:\Program Files\ATT-SST\pcTrayApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\Roxio\GoBack\GBTray.exe
C:\Program Files\HP\HP Photosmart 6510 series\Bin\HPNetworkCommunicator.exe
C:\Program Files\FastStone Capture\FastStone Capture 5.3\FSCapture.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.att.net/
uWindow Title = Windows Internet Explorer provided by Yahoo!
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: <No Name>: {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - c:\program files\microsoft money\system\mnyside.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton antivirus\engine\20.2.0.19\ips\ipsbho.dll
BHO: Window Shopper: {74F475FA-6C75-43BD-AAB9-ECDA6184F600} - c:\program files\superfish\window shopper\SuperfishIEAddon.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Norton Identity Protection: {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - c:\program files\norton identity safe\engine\2013.2.0.18\coieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Norton Identity Safe Toolbar: {A13C2648-91D4-4BF3-BC6D-0079707C4389} - c:\program files\norton identity safe\engine\2013.2.0.18\coieplg.dll
TB: Norton Identity Safe Toolbar: {A13C2648-91D4-4bf3-BC6D-0079707C4389} - c:\program files\norton identity safe\engine\2013.2.0.18\coieplg.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [StrgSync.exe] c:\program files\storagesync\StrgSync.exe -w
uRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NVMCTRAY.DLL,NvTaskbarInit
uRun: [HP Photosmart 6510 series (NET)] "c:\program files\hp\hp photosmart 6510 series\bin\ScanToPCActivationApp.exe" -deviceID "CN1BJ4103N05QB:NW" -scfn "HP Photosmart 6510 series (NET)" -AutoStart 1
uRun: [93BDFB8E35BFC01D73B090163BC1144A8EF10A34._service_run] "c:\program files\google\chrome\application\chrome.exe" --type=service
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [nwiz] nwiz.exe /install
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [PC Cleaners] "c:\program files\pc cleaners\PCCleaners.exe" /minimize
mRun: [ATT-SST_McciTrayApp] "c:\program files\att-sst\pcTrayApp.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
StartupFolder: c:\documents and settings\john\start menu\programs\startup\PowerReg Scheduler.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\goback.lnk - c:\program files\roxio\goback\GBTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\refresh.lnk - c:\program files\iomega\tools_nt\refresh.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\splash.lnk - c:\program files\iomega\tools_nt\splash.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - c:\program files\superfish\window shopper\SuperfishIEAddon.dll
IE: {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - {DD6687B5-CB43-4211-BFC9-2942CCBDCB3E} - c:\program files\microsoft money\system\mnyside.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: $talisma_url$
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{4F75E547-432B-4673-9978-FCF0993CD342} : DHCPNameServer = 192.168.1.254
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {6809e580-a3a7-11d1-9a00-00a0c945b006} - <orphaned>
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
============= SERVICES / DRIVERS ===============
.
R0 SMR311;Symantec SMR Utility Service 3.1.1;c:\windows\system32\drivers\SMR311.SYS [2012-12-9 97440]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nav\1402000.013\symds.sys [2012-10-28 368288]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1402000.013\symefa.sys [2012-10-28 927904]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_20.1.1.5\definitions\bashdefs\20121130.005\BHDrvx86.sys [2012-12-3 995488]
R1 ccSet_NAV;Norton AntiVirus Settings Manager;c:\windows\system32\drivers\nav\1402000.013\ccsetx86.sys [2012-10-28 134304]
R1 ccSet_NST;Norton Identity Safe Settings Manager;c:\windows\system32\drivers\nst\7dd02000.012\ccsetx86.sys [2012-10-29 134304]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nav\1402000.013\ironx86.sys [2012-10-28 175264]
R2 NAV;Norton AntiVirus;c:\program files\norton antivirus\engine\20.2.0.19\ccsvchst.exe [2012-10-28 143928]
R2 NCO;Norton Identity Safe;c:\program files\norton identity safe\engine\2013.2.0.18\ccsvchst.exe [2012-10-29 143928]
R2 pcCMService;pcCMService;c:\program files\common files\motive\pcCMService.exe [2012-9-19 361472]
R2 pcServiceHost;pcServiceHost;c:\program files\common files\motive\pcServiceHost.exe [2012-9-19 342016]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2012-12-2 794272]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-11-14 106656]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_20.1.1.5\definitions\ipsdefs\20121205.001\IDSXpx86.sys [2012-12-6 373728]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_20.1.1.5\definitions\virusdefs\20121208.007\NAVENG.SYS [2012-12-8 92704]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_20.1.1.5\definitions\virusdefs\20121208.007\NAVEX15.SYS [2012-12-8 1601184]
S2 SAVRTPEL;SAVRTPEL;\??\c:\windows\system32\drivers\savrtpel.sys --> c:\windows\system32\drivers\SAVRTPEL.SYS [?]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2011-6-13 267568]
S3 MTK;Media Technology Kernel Driver;c:\windows\system32\drivers\mtk.sys --> c:\windows\system32\drivers\mtk.sys [?]
S3 SAVRT;SAVRT;\??\c:\windows\system32\drivers\savrt.sys --> c:\windows\system32\drivers\SAVRT.SYS [?]
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2012-12-02 13:03:53 73656 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-02 13:03:53 697272 -c--a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-25 08:12:26 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-10-25 08:12:26 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-10-22 08:37:31 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-10-17 13:04:46 142496 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-10-09 01:00:02 586400 ----a-w- c:\windows\system32\drivers\nav\1402000.013\srtsp.sys
2012-10-04 01:40:35 927904 ----a-w- c:\windows\system32\drivers\nav\1402000.013\symefa.sys
2012-10-04 01:40:20 368288 ----a-w- c:\windows\system32\drivers\nav\1402000.013\symds.sys
2012-10-04 01:19:14 134304 ----a-w- c:\windows\system32\drivers\nst\7dd02000.012\ccsetx86.sys
2012-10-04 01:19:14 134304 ----a-w- c:\windows\system32\drivers\nav\1402000.013\ccsetx86.sys
2012-10-02 18:04:21 58368 -c--a-w- c:\windows\system32\synceng.dll
2012-09-24 19:32:24 477168 -c--a-w- c:\windows\system32\npdeployJava1.dll
2012-09-24 19:32:20 473072 -c--a-w- c:\windows\system32\deployJava1.dll
2012-09-24 17:51:47 73728 ----a-w- c:\windows\system32\javacpl.cpl
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntoskrnl.exe GoBack2K.sys CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys PCIIDEX.SYS
c:\windows\system32\drivers\GoBack2K.sys Roxio, Inc. GoBack
1 nt!IofCallDriver[0x804E37D5] -> \Device\Harddisk0\DR0[0x8A47EAB8]
3 CLASSPNP[0xF7637FD7] -> nt!IofCallDriver[0x804E37D5] -> \Device\Ide\IdeDeviceP0T0L0-3[0x8A507D98]
kernel: MBR read successfully
_asm { CALL 0x56; }
user != kernel MBR !!!
.
============= FINISH: 14:27:22.56 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 3/19/2011 10:39:27 PM
System Uptime: 12/9/2012 12:05:29 PM (2 hours ago)
.
Motherboard: Dell Computer Corp. | |
Processor: Intel(R) Pentium(R) 4 CPU 2.40GHz | Microprocessor | 2386/533mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 55 GiB total, 31.089 GiB free.
D: is FIXED (NTFS) - 57 GiB total, 53.228 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is FIXED (NTFS) - 149 GiB total, 64.135 GiB free.
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1: 12/9/2012 1:08:08 PM - System Checkpoint
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.4)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AT&T Troubleshoot & Resolve Tool
AT&T U-verse Media Share Wizard
Audacity 1.3.14 (Unicode)
Bing Rewards Client Installer
Bonjour
Coupon Printer for Windows
Dell Driver Download Manager
Dell ResourceCD
Easy CD Creator 5 Basic
EZ Vinyl/Tape Converter 7.7 by MixMeister
FastStone Image Viewer 4.5
FinalTorrent 2011
Free M4a to MP3 Converter 7.0
GoBack Personal Edition
Hewlett-Packard ACLM.NET v1.1.0.0
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
HP Photo Creations
HP Photosmart 6510 series Basic Device Software
HP Photosmart 6510 series Help
HP Photosmart 6510 series Product Improvement Study
HP Product Detection
HP Update
iLivid
Intel(R) PRO Ethernet Adapter and Software
Internet Explorer (Enable DEP)
IomegaWare for Windows NT
iTunes
Java Auto Updater
Java(TM) 6 Update 37
K-Lite Mega Codec Pack 8.1.0
LiveReg (Symantec Corporation)
LiveUpdate 1.80 (Symantec Corporation)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Automated Troubleshooting Services Shim
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Encarta Encyclopedia Standard 2003
Microsoft Fix it Center
Microsoft Money 2003
Microsoft Money 2003 System Pack
Microsoft Office 2000 Premium
Microsoft Picture It! Photo 7.0
Microsoft Silverlight
Microsoft Streets and Trips 2002
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Word 2002
Microsoft Works 2003 Setup Launcher
Microsoft Works 7.0
Microsoft Works Suite Add-in for Microsoft Word
MSXML 4.0 SP2 (KB973688)
Norton AntiVirus
Norton Identity Safe
NVIDIA Display Driver
NVIDIA Drivers
Orb
Orb Runtime libraries
PC Cleaners
PC Tools Registry Mechanic 11.1
QuickTime
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Shockwave
Sound Effects
StorageSync Backup Software
System Requirements Lab
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
Window Shopper
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell(TM) 1.0
Windows XP Service Pack 3
Works Suite OS Pack
Yahoo! Software Update
.
==== Event Viewer Messages From Past Week ========
.
12/3/2012 9:34:00 AM, error: Schedule [7901] - The At3.job command failed to start due to the following error: General access denied error
12/3/2012 7:43:58 AM, error: Service Control Manager [7000] - The SAVRTPEL service failed to start due to the following error: The system cannot find the file specified.
12/3/2012 7:30:41 AM, error: Srv [2019] - The server was unable to allocate from the system nonpaged pool because the pool was empty.
12/3/2012 10:10:00 AM, error: Schedule [7901] - The At1.job command failed to start due to the following error: General access denied error
12/2/2012 8:40:00 PM, error: Schedule [7901] - The At2.job command failed to start due to the following error: General access denied error
12/2/2012 2:00:00 PM, error: Schedule [7901] - The At4.job command failed to start due to the following error: General access denied error
.
==== End Of File ===========================
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-12-09 17:31:08
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 rev.
Running: oyh1kxb2.exe; Driver: C:\DOCUME~1\John\LOCALS~1\Temp\fxdcypog.sys
---- System - GMER 1.0.15 ----
SSDT 89CDAB68 ZwAlertResumeThread
SSDT 89CDAC48 ZwAlertThread
SSDT 89CA2C68 ZwAllocateVirtualMemory
SSDT 89CCB5F8 ZwAssignProcessToJobObject
SSDT GoBack2K.sys (GoBack Engine Driver/Roxio, Inc.) ZwClose [0xF74241A0]
SSDT 89D30A90 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xB43A7ED0]
SSDT 89CDA8B8 ZwCreateMutant
SSDT 89CCB418 ZwCreateSymbolicLinkObject
SSDT 89C52870 ZwCreateThread
SSDT 89CCB6D8 ZwDebugActiveProcess
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xB43A8150]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xB43A8810]
SSDT 89CA2DE0 ZwDuplicateObject
SSDT 89CA2A20 ZwFreeVirtualMemory
SSDT GoBack2K.sys (GoBack Engine Driver/Roxio, Inc.) ZwFsControlFile [0xF7424230]
SSDT 89CDA9A8 ZwImpersonateAnonymousToken
SSDT 89CDAA88 ZwImpersonateThread
SSDT 89CFF4C0 ZwLoadDriver
SSDT 89CA2920 ZwMapViewOfSection
SSDT 89CDA7D8 ZwOpenEvent
SSDT 89CA2F80 ZwOpenProcess
SSDT 89CB16B0 ZwOpenProcessToken
SSDT 89CCB900 ZwOpenSection
SSDT 89CA2EB0 ZwOpenThread
SSDT 89CCB508 ZwProtectVirtualMemory
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwRenameKey [0xB43A8D80]
SSDT 89CDAD28 ZwResumeThread
SSDT 89CA26B0 ZwSetContextThread
SSDT 89CA2750 ZwSetInformationProcess
SSDT 89CCB7B8 ZwSetSystemInformation
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xB43A8AA0]
SSDT 89CDA6F8 ZwSuspendProcess
SSDT 89CDAE08 ZwSuspendThread
SSDT 89CB9670 ZwTerminateProcess
SSDT 89CDAEE8 ZwTerminateThread
SSDT 89CA2840 ZwUnmapViewOfSection
SSDT 89CA2B10 ZwWriteVirtualMemory
---- Kernel code sections - GMER 1.0.15 ----
? SYMDS.SYS The system cannot find the file specified. !
? SYMEFA.SYS The system cannot find the file specified. !
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB90E7340, 0x121A5F, 0xF8000020]
.text C:\WINDOWS\System32\nv4_disp.dll section is writeable [0xBF012380, 0x25BA81, 0xF8000020]
? C:\DOCUME~1\John\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !
? C:\DOCUME~1\John\LOCALS~1\Temp\fxdcypob.sys The system cannot find the file specified. !
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Java\jre6\bin\jqs.exe[276] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 00390048
.text C:\Program Files\Java\jre6\bin\jqs.exe[276] ntdll.dll!NtTerminateThread 7C90DE7E 5 Bytes JMP 0037004C
.text C:\Program Files\Java\jre6\bin\jqs.exe[276] ADVAPI32.dll!OpenSCManagerW + A3 77DE6FF8 7 Bytes JMP 0039020E
.text C:\Program Files\Java\jre6\bin\jqs.exe[276] ADVAPI32.dll!LogonUserExW + 461 77DF4A04 7 Bytes JMP 0039012A
.text C:\Program Files\Java\jre6\bin\jqs.exe[276] ADVAPI32.dll!SystemFunction025 + 8D 77DF4C61 7 Bytes JMP 00390682
.text C:\Program Files\Java\jre6\bin\jqs.exe[276] ADVAPI32.dll!SetServiceObjectSecurity + E3 77E36E64 7 Bytes JMP 0039059E
.text C:\Program Files\Java\jre6\bin\jqs.exe[276] ADVAPI32.dll!ChangeServiceConfigA + 193 77E36FFC 7 Bytes JMP 003903D6
.text C:\Program Files\Java\jre6\bin\jqs.exe[276] ADVAPI32.dll!ChangeServiceConfig2W + 83 77E3720C 2 Bytes JMP 003902F2
.text C:\Program Files\Java\jre6\bin\jqs.exe[276] ADVAPI32.dll!ChangeServiceConfig2W + 86 77E3720F 4 Bytes [55, 88, EB, F9] {PUSH EBP; MOV BL, CH; STC }
.text C:\Program Files\Java\jre6\bin\jqs.exe[276] ADVAPI32.dll!CreateServiceA + 193 77E373A4 7 Bytes JMP 003904BA
.text C:\Program Files\Java\jre6\bin\jqs.exe[276] ADVAPI32.dll!CreateServiceW + 103 77E374AC 7 Bytes JMP 00390766
.text C:\Program Files\Java\jre6\bin\jqs.exe[276] USER32.dll!DeviceEventWorker + 178 7E45A270 7 Bytes JMP 0039084A
.text C:\Program Files\Common Files\Motive\pcCMService.exe[1232] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 00390048
.text C:\Program Files\Common Files\Motive\pcCMService.exe[1232] ntdll.dll!NtTerminateThread 7C90DE7E 5 Bytes JMP 0037004C
.text C:\Program Files\Common Files\Motive\pcCMService.exe[1232] USER32.dll!DeviceEventWorker + 178 7E45A270 7 Bytes JMP 0039084A
.text C:\Program Files\Common Files\Motive\pcCMService.exe[1232] ADVAPI32.dll!OpenSCManagerW + A3 77DE6FF8 7 Bytes JMP 0039020E
.text C:\Program Files\Common Files\Motive\pcCMService.exe[1232] ADVAPI32.dll!LogonUserExW + 461 77DF4A04 7 Bytes JMP 0039012A
.text C:\Program Files\Common Files\Motive\pcCMService.exe[1232] ADVAPI32.dll!SystemFunction025 + 8D 77DF4C61 7 Bytes JMP 00390682
.text C:\Program Files\Common Files\Motive\pcCMService.exe[1232] ADVAPI32.dll!SetServiceObjectSecurity + E3 77E36E64 7 Bytes JMP 0039059E
.text C:\Program Files\Common Files\Motive\pcCMService.exe[1232] ADVAPI32.dll!ChangeServiceConfigA + 193 77E36FFC 7 Bytes JMP 003903D6
.text C:\Program Files\Common Files\Motive\pcCMService.exe[1232] ADVAPI32.dll!ChangeServiceConfig2W + 83 77E3720C 2 Bytes JMP 003902F2
.text C:\Program Files\Common Files\Motive\pcCMService.exe[1232] ADVAPI32.dll!ChangeServiceConfig2W + 86 77E3720F 4 Bytes [55, 88, EB, F9] {PUSH EBP; MOV BL, CH; STC }
.text C:\Program Files\Common Files\Motive\pcCMService.exe[1232] ADVAPI32.dll!CreateServiceA + 193 77E373A4 7 Bytes JMP 003904BA
.text C:\Program Files\Common Files\Motive\pcCMService.exe[1232] ADVAPI32.dll!CreateServiceW + 103 77E374AC 7 Bytes JMP 00390766
.text C:\Program Files\Common Files\Motive\pcServiceHost.exe[1700] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 00390048
.text C:\Program Files\Common Files\Motive\pcServiceHost.exe[1700] ntdll.dll!NtTerminateThread 7C90DE7E 5 Bytes JMP 0037004C
.text C:\Program Files\Common Files\Motive\pcServiceHost.exe[1700] USER32.dll!DeviceEventWorker + 178 7E45A270 7 Bytes JMP 0039084A
.text C:\Program Files\Common Files\Motive\pcServiceHost.exe[1700] ADVAPI32.dll!OpenSCManagerW + A3 77DE6FF8 7 Bytes JMP 0039020E
.text C:\Program Files\Common Files\Motive\pcServiceHost.exe[1700] ADVAPI32.dll!LogonUserExW + 461 77DF4A04 7 Bytes JMP 0039012A
.text C:\Program Files\Common Files\Motive\pcServiceHost.exe[1700] ADVAPI32.dll!SystemFunction025 + 8D 77DF4C61 7 Bytes JMP 00390682
.text C:\Program Files\Common Files\Motive\pcServiceHost.exe[1700] ADVAPI32.dll!SetServiceObjectSecurity + E3 77E36E64 7 Bytes JMP 0039059E
.text C:\Program Files\Common Files\Motive\pcServiceHost.exe[1700] ADVAPI32.dll!ChangeServiceConfigA + 193 77E36FFC 7 Bytes JMP 003903D6
.text C:\Program Files\Common Files\Motive\pcServiceHost.exe[1700] ADVAPI32.dll!ChangeServiceConfig2W + 83 77E3720C 2 Bytes JMP 003902F2
.text C:\Program Files\Common Files\Motive\pcServiceHost.exe[1700] ADVAPI32.dll!ChangeServiceConfig2W + 86 77E3720F 4 Bytes [55, 88, EB, F9] {PUSH EBP; MOV BL, CH; STC }
.text C:\Program Files\Common Files\Motive\pcServiceHost.exe[1700] ADVAPI32.dll!CreateServiceA + 193 77E373A4 7 Bytes JMP 003904BA
.text C:\Program Files\Common Files\Motive\pcServiceHost.exe[1700] ADVAPI32.dll!CreateServiceW + 103 77E374AC 7 Bytes JMP 00390766
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1928] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 00390048
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1928] ntdll.dll!NtTerminateThread 7C90DE7E 5 Bytes JMP 0037004C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1928] ADVAPI32.dll!OpenSCManagerW + A3 77DE6FF8 7 Bytes JMP 0039020E
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1928] ADVAPI32.dll!LogonUserExW + 461 77DF4A04 7 Bytes JMP 0039012A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1928] ADVAPI32.dll!SystemFunction025 + 8D 77DF4C61 7 Bytes JMP 00390682
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1928] ADVAPI32.dll!SetServiceObjectSecurity + E3 77E36E64 7 Bytes JMP 0039059E
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1928] ADVAPI32.dll!ChangeServiceConfigA + 193 77E36FFC 7 Bytes JMP 003903D6
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1928] ADVAPI32.dll!ChangeServiceConfig2W + 83 77E3720C 2 Bytes JMP 003902F2
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1928] ADVAPI32.dll!ChangeServiceConfig2W + 86 77E3720F 4 Bytes [55, 88, EB, F9] {PUSH EBP; MOV BL, CH; STC }
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1928] ADVAPI32.dll!CreateServiceA + 193 77E373A4 7 Bytes JMP 003904BA
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1928] ADVAPI32.dll!CreateServiceW + 103 77E374AC 7 Bytes JMP 00390766
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1928] USER32.dll!DeviceEventWorker + 178 7E45A270 7 Bytes JMP 0039084A
.text C:\Program Files\Bonjour\mDNSResponder.exe[1948] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 00390048
.text C:\Program Files\Bonjour\mDNSResponder.exe[1948] ntdll.dll!NtTerminateThread 7C90DE7E 5 Bytes JMP 0037004C
.text C:\Program Files\Bonjour\mDNSResponder.exe[1948] ADVAPI32.dll!OpenSCManagerW + A3 77DE6FF8 7 Bytes JMP 0039020E
.text C:\Program Files\Bonjour\mDNSResponder.exe[1948] ADVAPI32.dll!LogonUserExW + 461 77DF4A04 7 Bytes JMP 0039012A
.text C:\Program Files\Bonjour\mDNSResponder.exe[1948] ADVAPI32.dll!SystemFunction025 + 8D 77DF4C61 7 Bytes JMP 00390682
.text C:\Program Files\Bonjour\mDNSResponder.exe[1948] ADVAPI32.dll!SetServiceObjectSecurity + E3 77E36E64 7 Bytes JMP 0039059E
.text C:\Program Files\Bonjour\mDNSResponder.exe[1948] ADVAPI32.dll!ChangeServiceConfigA + 193 77E36FFC 7 Bytes JMP 003903D6
.text C:\Program Files\Bonjour\mDNSResponder.exe[1948] ADVAPI32.dll!ChangeServiceConfig2W + 83 77E3720C 2 Bytes JMP 003902F2
.text C:\Program Files\Bonjour\mDNSResponder.exe[1948] ADVAPI32.dll!ChangeServiceConfig2W + 86 77E3720F 4 Bytes [55, 88, EB, F9] {PUSH EBP; MOV BL, CH; STC }
.text C:\Program Files\Bonjour\mDNSResponder.exe[1948] ADVAPI32.dll!CreateServiceA + 193 77E373A4 7 Bytes JMP 003904BA
.text C:\Program Files\Bonjour\mDNSResponder.exe[1948] ADVAPI32.dll!CreateServiceW + 103 77E374AC 7 Bytes JMP 00390766
.text C:\Program Files\Bonjour\mDNSResponder.exe[1948] USER32.dll!DeviceEventWorker + 178 7E45A270 7 Bytes JMP 0039084A
.text C:\Program Files\Roxio\GoBack\GBPoll.exe[2016] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 00380048
.text C:\Program Files\Roxio\GoBack\GBPoll.exe[2016] ntdll.dll!NtTerminateThread 7C90DE7E 5 Bytes JMP 0036004C
.text C:\Program Files\Roxio\GoBack\GBPoll.exe[2016] USER32.dll!DeviceEventWorker + 178 7E45A270 7 Bytes JMP 0038084A
.text C:\Program Files\Roxio\GoBack\GBPoll.exe[2016] ADVAPI32.dll!OpenSCManagerW + A3 77DE6FF8 7 Bytes JMP 0038020E
.text C:\Program Files\Roxio\GoBack\GBPoll.exe[2016] ADVAPI32.dll!LogonUserExW + 461 77DF4A04 7 Bytes JMP 0038012A
.text C:\Program Files\Roxio\GoBack\GBPoll.exe[2016] ADVAPI32.dll!SystemFunction025 + 8D 77DF4C61 7 Bytes JMP 00380682
.text C:\Program Files\Roxio\GoBack\GBPoll.exe[2016] ADVAPI32.dll!SetServiceObjectSecurity + E3 77E36E64 7 Bytes JMP 0038059E
.text C:\Program Files\Roxio\GoBack\GBPoll.exe[2016] ADVAPI32.dll!ChangeServiceConfigA + 193 77E36FFC 7 Bytes JMP 003803D6
.text C:\Program Files\Roxio\GoBack\GBPoll.exe[2016] ADVAPI32.dll!ChangeServiceConfig2W + 83 77E3720C 2 Bytes JMP 003802F2
.text C:\Program Files\Roxio\GoBack\GBPoll.exe[2016] ADVAPI32.dll!ChangeServiceConfig2W + 86 77E3720F 4 Bytes [54, 88, EB, F9] {PUSH ESP; MOV BL, CH; STC }
.text C:\Program Files\Roxio\GoBack\GBPoll.exe[2016] ADVAPI32.dll!CreateServiceA + 193 77E373A4 7 Bytes JMP 003804BA
.text C:\Program Files\Roxio\GoBack\GBPoll.exe[2016] ADVAPI32.dll!CreateServiceW + 103 77E374AC 7 Bytes JMP 00380766
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2268] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 00390048
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2268] ntdll.dll!NtTerminateThread 7C90DE7E 5 Bytes JMP 0037004C
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2268] ADVAPI32.dll!OpenSCManagerW + A3 77DE6FF8 7 Bytes JMP 0039020E
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2268] ADVAPI32.dll!LogonUserExW + 461 77DF4A04 7 Bytes JMP 0039012A
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2268] ADVAPI32.dll!SystemFunction025 + 8D 77DF4C61 7 Bytes JMP 00390682
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2268] ADVAPI32.dll!SetServiceObjectSecurity + E3 77E36E64 7 Bytes JMP 0039059E
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2268] ADVAPI32.dll!ChangeServiceConfigA + 193 77E36FFC 7 Bytes JMP 003903D6
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2268] ADVAPI32.dll!ChangeServiceConfig2W + 83 77E3720C 2 Bytes JMP 003902F2
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2268] ADVAPI32.dll!ChangeServiceConfig2W + 86 77E3720F 4 Bytes [55, 88, EB, F9] {PUSH EBP; MOV BL, CH; STC }
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2268] ADVAPI32.dll!CreateServiceA + 193 77E373A4 7 Bytes JMP 003904BA
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2268] ADVAPI32.dll!CreateServiceW + 103 77E374AC 7 Bytes JMP 00390766
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2268] USER32.dll!DeviceEventWorker + 178 7E45A270 7 Bytes JMP 0039084A
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3012] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 00390048
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3012] ntdll.dll!NtTerminateThread 7C90DE7E 5 Bytes JMP 0037004C
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3012] USER32.dll!DeviceEventWorker + 178 7E45A270 7 Bytes JMP 0039084A
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3012] ADVAPI32.dll!OpenSCManagerW + A3 77DE6FF8 7 Bytes JMP 0039020E
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3012] ADVAPI32.dll!LogonUserExW + 461 77DF4A04 7 Bytes JMP 0039012A
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3012] ADVAPI32.dll!SystemFunction025 + 8D 77DF4C61 7 Bytes JMP 00390682
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3012] ADVAPI32.dll!SetServiceObjectSecurity + E3 77E36E64 7 Bytes JMP 0039059E
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3012] ADVAPI32.dll!ChangeServiceConfigA + 193 77E36FFC 7 Bytes JMP 003903D6
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3012] ADVAPI32.dll!ChangeServiceConfig2W + 83 77E3720C 2 Bytes JMP 003902F2
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3012] ADVAPI32.dll!ChangeServiceConfig2W + 86 77E3720F 4 Bytes [55, 88, EB, F9] {PUSH EBP; MOV BL, CH; STC }
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3012] ADVAPI32.dll!CreateServiceA + 193 77E373A4 7 Bytes JMP 003904BA
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3012] ADVAPI32.dll!CreateServiceW + 103 77E374AC 7 Bytes JMP 00390766
.text C:\Program Files\PC Cleaners\PCCleaners.exe[3476] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 003A0048
.text C:\Program Files\PC Cleaners\PCCleaners.exe[3476] ntdll.dll!NtTerminateThread 7C90DE7E 5 Bytes JMP 0038004C
.text C:\Program Files\PC Cleaners\PCCleaners.exe[3476] ADVAPI32.dll!OpenSCManagerW + A3 77DE6FF8 7 Bytes JMP 003A020E
.text C:\Program Files\PC Cleaners\PCCleaners.exe[3476] ADVAPI32.dll!LogonUserExW + 461 77DF4A04 7 Bytes JMP 003A012A
.text C:\Program Files\PC Cleaners\PCCleaners.exe[3476] ADVAPI32.dll!SystemFunction025 + 8D 77DF4C61 7 Bytes JMP 003A0682
.text C:\Program Files\PC Cleaners\PCCleaners.exe[3476] ADVAPI32.dll!SetServiceObjectSecurity + E3 77E36E64 7 Bytes JMP 003A059E
.text C:\Program Files\PC Cleaners\PCCleaners.exe[3476] ADVAPI32.dll!ChangeServiceConfigA + 193 77E36FFC 7 Bytes JMP 003A03D6
.text C:\Program Files\PC Cleaners\PCCleaners.exe[3476] ADVAPI32.dll!ChangeServiceConfig2W + 83 77E3720C 2 Bytes JMP 003A02F2
.text C:\Program Files\PC Cleaners\PCCleaners.exe[3476] ADVAPI32.dll!ChangeServiceConfig2W + 86 77E3720F 4 Bytes [56, 88, EB, F9] {PUSH ESI; MOV BL, CH; STC }
.text C:\Program Files\PC Cleaners\PCCleaners.exe[3476] ADVAPI32.dll!CreateServiceA + 193 77E373A4 7 Bytes JMP 003A04BA
.text C:\Program Files\PC Cleaners\PCCleaners.exe[3476] ADVAPI32.dll!CreateServiceW + 103 77E374AC 7 Bytes JMP 003A0766
.text C:\Program Files\PC Cleaners\PCCleaners.exe[3476] USER32.dll!DeviceEventWorker + 178 7E45A270 7 Bytes JMP 003A0A0E
.text C:\Program Files\ATT-SST\pcTrayApp.exe[3500] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 00390048
.text C:\Program Files\ATT-SST\pcTrayApp.exe[3500] ntdll.dll!NtTerminateThread 7C90DE7E 5 Bytes JMP 0037004C
.text C:\Program Files\ATT-SST\pcTrayApp.exe[3500] USER32.dll!DeviceEventWorker + 178 7E45A270 7 Bytes JMP 00390A0E
.text C:\Program Files\ATT-SST\pcTrayApp.exe[3500] ADVAPI32.dll!OpenSCManagerW + A3 77DE6FF8 7 Bytes JMP 0039020E
.text C:\Program Files\ATT-SST\pcTrayApp.exe[3500] ADVAPI32.dll!LogonUserExW + 461 77DF4A04 7 Bytes JMP 0039012A
.text C:\Program Files\ATT-SST\pcTrayApp.exe[3500] ADVAPI32.dll!SystemFunction025 + 8D 77DF4C61 7 Bytes JMP 00390682
.text C:\Program Files\ATT-SST\pcTrayApp.exe[3500] ADVAPI32.dll!SetServiceObjectSecurity + E3 77E36E64 7 Bytes JMP 0039059E
.text C:\Program Files\ATT-SST\pcTrayApp.exe[3500] ADVAPI32.dll!ChangeServiceConfigA + 193 77E36FFC 7 Bytes JMP 003903D6
.text C:\Program Files\ATT-SST\pcTrayApp.exe[3500] ADVAPI32.dll!ChangeServiceConfig2W + 83 77E3720C 2 Bytes JMP 003902F2
.text C:\Program Files\ATT-SST\pcTrayApp.exe[3500] ADVAPI32.dll!ChangeServiceConfig2W + 86 77E3720F 4 Bytes [55, 88, EB, F9] {PUSH EBP; MOV BL, CH; STC }
.text C:\Program Files\ATT-SST\pcTrayApp.exe[3500] ADVAPI32.dll!CreateServiceA + 193 77E373A4 7 Bytes JMP 003904BA
.text C:\Program Files\ATT-SST\pcTrayApp.exe[3500] ADVAPI32.dll!CreateServiceW + 103 77E374AC 7 Bytes JMP 00390766
.text C:\Program Files\iTunes\iTunesHelper.exe[3580] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 00390048
.text C:\Program Files\iTunes\iTunesHelper.exe[3580] ntdll.dll!NtTerminateThread 7C90DE7E 5 Bytes JMP 0037004C
.text C:\Program Files\iTunes\iTunesHelper.exe[3580] ADVAPI32.dll!OpenSCManagerW + A3 77DE6FF8 7 Bytes JMP 0039020E
.text C:\Program Files\iTunes\iTunesHelper.exe[3580] ADVAPI32.dll!LogonUserExW + 461 77DF4A04 7 Bytes JMP 0039012A
.text C:\Program Files\iTunes\iTunesHelper.exe[3580] ADVAPI32.dll!SystemFunction025 + 8D 77DF4C61 7 Bytes JMP 00390682
.text C:\Program Files\iTunes\iTunesHelper.exe[3580] ADVAPI32.dll!SetServiceObjectSecurity + E3 77E36E64 7 Bytes JMP 0039059E
.text C:\Program Files\iTunes\iTunesHelper.exe[3580] ADVAPI32.dll!ChangeServiceConfigA + 193 77E36FFC 7 Bytes JMP 003903D6
.text C:\Program Files\iTunes\iTunesHelper.exe[3580] ADVAPI32.dll!ChangeServiceConfig2W + 83 77E3720C 2 Bytes JMP 003902F2
.text C:\Program Files\iTunes\iTunesHelper.exe[3580] ADVAPI32.dll!ChangeServiceConfig2W + 86 77E3720F 4 Bytes [55, 88, EB, F9] {PUSH EBP; MOV BL, CH; STC }
.text C:\Program Files\iTunes\iTunesHelper.exe[3580] ADVAPI32.dll!CreateServiceA + 193 77E373A4 7 Bytes JMP 003904BA
.text C:\Program Files\iTunes\iTunesHelper.exe[3580] ADVAPI32.dll!CreateServiceW + 103 77E374AC 7 Bytes JMP 00390766
.text C:\Program Files\iTunes\iTunesHelper.exe[3580] USER32.dll!DeviceEventWorker + 178 7E45A270 7 Bytes JMP 0039084A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3588] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 003A0048
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3588] ntdll.dll!NtTerminateThread 7C90DE7E 5 Bytes JMP 0038004C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3588] ADVAPI32.dll!OpenSCManagerW + A3 77DE6FF8 7 Bytes JMP 003A020E
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3588] ADVAPI32.dll!LogonUserExW + 461 77DF4A04 7 Bytes JMP 003A012A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3588] ADVAPI32.dll!SystemFunction025 + 8D 77DF4C61 7 Bytes JMP 003A0682
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3588] ADVAPI32.dll!SetServiceObjectSecurity + E3 77E36E64 7 Bytes JMP 003A059E
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3588] ADVAPI32.dll!ChangeServiceConfigA + 193 77E36FFC 7 Bytes JMP 003A03D6
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3588] ADVAPI32.dll!ChangeServiceConfig2W + 83 77E3720C 2 Bytes JMP 003A02F2
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3588] ADVAPI32.dll!ChangeServiceConfig2W + 86 77E3720F 4 Bytes [56, 88, EB, F9] {PUSH ESI; MOV BL, CH; STC }
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3588] ADVAPI32.dll!CreateServiceA + 193 77E373A4 7 Bytes JMP 003A04BA
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3588] ADVAPI32.dll!CreateServiceW + 103 77E374AC 7 Bytes JMP 003A0766
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3588] USER32.dll!DeviceEventWorker + 178 7E45A270 7 Bytes JMP 003A0A0E
.text C:\Program Files\iPod\bin\iPodService.exe[4044] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 00390048
.text C:\Program Files\iPod\bin\iPodService.exe[4044] ntdll.dll!NtTerminateThread 7C90DE7E 5 Bytes JMP 0037004C
.text C:\Program Files\iPod\bin\iPodService.exe[4044] ADVAPI32.dll!OpenSCManagerW + A3 77DE6FF8 7 Bytes JMP 0039020E
.text C:\Program Files\iPod\bin\iPodService.exe[4044] ADVAPI32.dll!LogonUserExW + 461 77DF4A04 7 Bytes JMP 0039012A
.text C:\Program Files\iPod\bin\iPodService.exe[4044] ADVAPI32.dll!SystemFunction025 + 8D 77DF4C61 7 Bytes JMP 00390682
.text C:\Program Files\iPod\bin\iPodService.exe[4044] ADVAPI32.dll!SetServiceObjectSecurity + E3 77E36E64 7 Bytes JMP 0039059E
.text C:\Program Files\iPod\bin\iPodService.exe[4044] ADVAPI32.dll!ChangeServiceConfigA + 193 77E36FFC 7 Bytes JMP 003903D6
.text C:\Program Files\iPod\bin\iPodService.exe[4044] ADVAPI32.dll!ChangeServiceConfig2W + 83 77E3720C 2 Bytes JMP 003902F2
.text C:\Program Files\iPod\bin\iPodService.exe[4044] ADVAPI32.dll!ChangeServiceConfig2W + 86 77E3720F 4 Bytes [55, 88, EB, F9] {PUSH EBP; MOV BL, CH; STC }
.text C:\Program Files\iPod\bin\iPodService.exe[4044] ADVAPI32.dll!CreateServiceA + 193 77E373A4 7 Bytes JMP 003904BA
.text C:\Program Files\iPod\bin\iPodService.exe[4044] ADVAPI32.dll!CreateServiceW + 103 77E374AC 7 Bytes JMP 00390766
.text C:\Program Files\iPod\bin\iPodService.exe[4044] USER32.dll!DeviceEventWorker + 178 7E45A270 7 Bytes JMP 0039084A
.text C:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe[4180] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 003A0048
.text C:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe[4180] ntdll.dll!NtTerminateThread 7C90DE7E 5 Bytes JMP 0038004C
.text C:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe[4180] USER32.dll!DeviceEventWorker + 178 7E45A270 7 Bytes JMP 003A0A0E
.text C:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe[4180] ADVAPI32.dll!OpenSCManagerW + A3 77DE6FF8 7 Bytes JMP 003A020E
.text C:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe[4180] ADVAPI32.dll!LogonUserExW + 461 77DF4A04 7 Bytes JMP 003A012A
.text C:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe[4180] ADVAPI32.dll!SystemFunction025 + 8D 77DF4C61 7 Bytes JMP 003A0682
.text C:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe[4180] ADVAPI32.dll!SetServiceObjectSecurity + E3 77E36E64 7 Bytes JMP 003A059E
.text C:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe[4180] ADVAPI32.dll!ChangeServiceConfigA + 193 77E36FFC 7 Bytes JMP 003A03D6
.text C:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe[4180] ADVAPI32.dll!ChangeServiceConfig2W + 83 77E3720C 2 Bytes JMP 003A02F2
.text C:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe[4180] ADVAPI32.dll!ChangeServiceConfig2W + 86 77E3720F 4 Bytes [56, 88, EB, F9] {PUSH ESI; MOV BL, CH; STC }
.text C:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe[4180] ADVAPI32.dll!CreateServiceA + 193 77E373A4 7 Bytes JMP 003A04BA
.text C:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe[4180] ADVAPI32.dll!CreateServiceW + 103 77E374AC 7 Bytes JMP 003A0766
.text C:\Program Files\Roxio\GoBack\GBTray.exe[4460] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 00380048
.text C:\Program Files\Roxio\GoBack\GBTray.exe[4460] ntdll.dll!NtTerminateThread 7C90DE7E 5 Bytes JMP 0036004C
.text C:\Program Files\Roxio\GoBack\GBTray.exe[4460] USER32.dll!DeviceEventWorker + 178 7E45A270 7 Bytes JMP 0038084A
.text C:\Program Files\Roxio\GoBack\GBTray.exe[4460] ADVAPI32.dll!OpenSCManagerW + A3 77DE6FF8 7 Bytes JMP 0038020E
.text C:\Program Files\Roxio\GoBack\GBTray.exe[4460] ADVAPI32.dll!LogonUserExW + 461 77DF4A04 7 Bytes JMP 0038012A
.text C:\Program Files\Roxio\GoBack\GBTray.exe[4460] ADVAPI32.dll!SystemFunction025 + 8D 77DF4C61 7 Bytes JMP 00380682
.text C:\Program Files\Roxio\GoBack\GBTray.exe[4460] ADVAPI32.dll!SetServiceObjectSecurity + E3 77E36E64 7 Bytes JMP 0038059E
.text C:\Program Files\Roxio\GoBack\GBTray.exe[4460] ADVAPI32.dll!ChangeServiceConfigA + 193 77E36FFC 7 Bytes JMP 003803D6
.text C:\Program Files\Roxio\GoBack\GBTray.exe[4460] ADVAPI32.dll!ChangeServiceConfig2W + 83 77E3720C 2 Bytes JMP 003802F2
.text C:\Program Files\Roxio\GoBack\GBTray.exe[4460] ADVAPI32.dll!ChangeServiceConfig2W + 86 77E3720F 4 Bytes [54, 88, EB, F9] {PUSH ESP; MOV BL, CH; STC }
.text C:\Program Files\Roxio\GoBack\GBTray.exe[4460] ADVAPI32.dll!CreateServiceA + 193 77E373A4 7 Bytes JMP 003804BA
.text C:\Program Files\Roxio\GoBack\GBTray.exe[4460] ADVAPI32.dll!CreateServiceW + 103 77E374AC 7 Bytes JMP 00380766
.text C:\Program Files\HP\HP Photosmart 6510 series\Bin\HPNetworkCommunicator.exe[5124] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 003A0048
.text C:\Program Files\HP\HP Photosmart 6510 series\Bin\HPNetworkCommunicator.exe[5124] ntdll.dll!NtTerminateThread 7C90DE7E 5 Bytes JMP 0038004C
.text C:\Program Files\HP\HP Photosmart 6510 series\Bin\HPNetworkCommunicator.exe[5124] ADVAPI32.dll!OpenSCManagerW + A3 77DE6FF8 7 Bytes JMP 003A020E
.text C:\Program Files\HP\HP Photosmart 6510 series\Bin\HPNetworkCommunicator.exe[5124] ADVAPI32.dll!LogonUserExW + 461 77DF4A04 7 Bytes JMP 003A012A
.text C:\Program Files\HP\HP Photosmart 6510 series\Bin\HPNetworkCommunicator.exe[5124] ADVAPI32.dll!SystemFunction025 + 8D 77DF4C61 7 Bytes JMP 003A0682
.text C:\Program Files\HP\HP Photosmart 6510 series\Bin\HPNetworkCommunicator.exe[5124] ADVAPI32.dll!SetServiceObjectSecurity + E3 77E36E64 7 Bytes JMP 003A059E
.text C:\Program Files\HP\HP Photosmart 6510 series\Bin\HPNetworkCommunicator.exe[5124] ADVAPI32.dll!ChangeServiceConfigA + 193 77E36FFC 7 Bytes JMP 003A03D6
.text C:\Program Files\HP\HP Photosmart 6510 series\Bin\HPNetworkCommunicator.exe[5124] ADVAPI32.dll!ChangeServiceConfig2W + 83 77E3720C 2 Bytes JMP 003A02F2
.text C:\Program Files\HP\HP Photosmart 6510 series\Bin\HPNetworkCommunicator.exe[5124] ADVAPI32.dll!ChangeServiceConfig2W + 86 77E3720F 4 Bytes [56, 88, EB, F9] {PUSH ESI; MOV BL, CH; STC }
.text C:\Program Files\HP\HP Photosmart 6510 series\Bin\HPNetworkCommunicator.exe[5124] ADVAPI32.dll!CreateServiceA + 193 77E373A4 7 Bytes JMP 003A04BA
.text C:\Program Files\HP\HP Photosmart 6510 series\Bin\HPNetworkCommunicator.exe[5124] ADVAPI32.dll!CreateServiceW + 103 77E374AC 7 Bytes JMP 003A0766
.text C:\Program Files\HP\HP Photosmart 6510 series\Bin\HPNetworkCommunicator.exe[5124] USER32.dll!DeviceEventWorker + 178 7E45A270 7 Bytes JMP 003A0A0E
.text C:\Program Files\FastStone Capture\FastStone Capture 5.3\FSCapture.exe[124444] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 00390048
.text C:\Program Files\FastStone Capture\FastStone Capture 5.3\FSCapture.exe[124444] ntdll.dll!NtTerminateThread 7C90DE7E 5 Bytes JMP 0037004C
.text C:\Program Files\FastStone Capture\FastStone Capture 5.3\FSCapture.exe[124444] advapi32.dll!OpenSCManagerW + A3 77DE6FF8 7 Bytes JMP 0039020E
.text C:\Program Files\FastStone Capture\FastStone Capture 5.3\FSCapture.exe[124444] advapi32.dll!LogonUserExW + 461 77DF4A04 7 Bytes JMP 0039012A
.text C:\Program Files\FastStone Capture\FastStone Capture 5.3\FSCapture.exe[124444] advapi32.dll!SystemFunction025 + 8D 77DF4C61 7 Bytes JMP 00390682
.text C:\Program Files\FastStone Capture\FastStone Capture 5.3\FSCapture.exe[124444] advapi32.dll!SetServiceObjectSecurity + E3 77E36E64 7 Bytes JMP 0039059E
.text C:\Program Files\FastStone Capture\FastStone Capture 5.3\FSCapture.exe[124444] advapi32.dll!ChangeServiceConfigA + 193 77E36FFC 7 Bytes JMP 003903D6
.text C:\Program Files\FastStone Capture\FastStone Capture 5.3\FSCapture.exe[124444] advapi32.dll!ChangeServiceConfig2W + 83 77E3720C 2 Bytes JMP 003902F2
.text C:\Program Files\FastStone Capture\FastStone Capture 5.3\FSCapture.exe[124444] advapi32.dll!ChangeServiceConfig2W + 86 77E3720F 4 Bytes [55, 88, EB, F9] {PUSH EBP; MOV BL, CH; STC }
.text C:\Program Files\FastStone Capture\FastStone Capture 5.3\FSCapture.exe[124444] advapi32.dll!CreateServiceA + 193 77E373A4 7 Bytes JMP 003904BA
.text C:\Program Files\FastStone Capture\FastStone Capture 5.3\FSCapture.exe[124444] advapi32.dll!CreateServiceW + 103 77E374AC 7 Bytes JMP 00390766
.text C:\Program Files\FastStone Capture\FastStone Capture 5.3\FSCapture.exe[124444] USER32.dll!DeviceEventWorker + 178 7E45A270 7 Bytes JMP 0039084A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[179620] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[179620] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[179620] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E725F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[179620] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E7191 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[179620] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E71FC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[179620] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E7062 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[179620] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E70C4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[179620] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E72C2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[179620] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E7126 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[179756] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 02B50048
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[179756] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 02B5012A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[179756] kernel32.dll!VirtualProtectEx + 6E 7C801ACF 7 Bytes JMP 02B50594
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[179756] kernel32.dll!ReadProcessMemory + 3E 7C80220E 7 Bytes JMP 02B502EE
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[179756] kernel32.dll!lstrlenW + 43 7C809AEC 7 Bytes JMP 02B504B2
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[179756] kernel32.dll!CreateRemoteThread + 206 7C8106D2 7 Bytes JMP 02B5020C
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[179756] kernel32.dll!GetVersionExA + D3 7C812C51 7 Bytes JMP 02B50676
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[179756] kernel32.dll!GetProcessHandleCount + 35 7C86229F 7 Bytes JMP 02B503D0
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[179756] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[179756] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AB5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[179756] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD12D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[179756] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[179756] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25466C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[179756] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E725F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[179756] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E7191 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[179756] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E71FC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[179756] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E7062 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[179756] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E70C4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[179756] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E72C2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[179756] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E7126 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[179756] ole32.dll!CreateBindCtx + B5F 774FF15F 7 Bytes JMP 02B5083A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[179756] ole32.dll!CoCreateInstance 774FF1BC 5 Bytes JMP 3E2EDB80 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[179756] ole32.dll!CoImpersonateClient + 51 77515200 7 Bytes JMP 02B50758
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[179756] ole32.dll!OleLoadFromStream 7752983B 5 Bytes JMP 3E3E75C7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Documents and Settings\John\Desktop\oyh1kxb2.exe[331692] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 00390048
.text C:\Documents and Settings\John\Desktop\oyh1kxb2.exe[331692] ntdll.dll!NtTerminateThread 7C90DE7E 5 Bytes JMP 0037004C
.text C:\Documents and Settings\John\Desktop\oyh1kxb2.exe[331692] ADVAPI32.dll!OpenSCManagerW + A3 77DE6FF8 7 Bytes JMP 0039020E
.text C:\Documents and Settings\John\Desktop\oyh1kxb2.exe[331692] ADVAPI32.dll!LogonUserExW + 461 77DF4A04 7 Bytes JMP 0039012A
.text C:\Documents and Settings\John\Desktop\oyh1kxb2.exe[331692] ADVAPI32.dll!SystemFunction025 + 8D 77DF4C61 7 Bytes JMP 00390682
.text C:\Documents and Settings\John\Desktop\oyh1kxb2.exe[331692] ADVAPI32.dll!SetServiceObjectSecurity + E3 77E36E64 7 Bytes JMP 0039059E
.text C:\Documents and Settings\John\Desktop\oyh1kxb2.exe[331692] ADVAPI32.dll!ChangeServiceConfigA + 193 77E36FFC 7 Bytes JMP 003903D6
.text C:\Documents and Settings\John\Desktop\oyh1kxb2.exe[331692] ADVAPI32.dll!ChangeServiceConfig2W + 83 77E3720C 2 Bytes JMP 003902F2
.text C:\Documents and Settings\John\Desktop\oyh1kxb2.exe[331692] ADVAPI32.dll!ChangeServiceConfig2W + 86 77E3720F 4 Bytes [55, 88, EB, F9] {PUSH EBP; MOV BL, CH; STC }
.text C:\Documents and Settings\John\Desktop\oyh1kxb2.exe[331692] ADVAPI32.dll!CreateServiceA + 193 77E373A4 7 Bytes JMP 003904BA
.text C:\Documents and Settings\John\Desktop\oyh1kxb2.exe[331692] ADVAPI32.dll!CreateServiceW + 103 77E374AC 7 Bytes JMP 00390766
.text C:\Documents and Settings\John\Desktop\oyh1kxb2.exe[331692] USER32.dll!DeviceEventWorker + 178 7E45A270 7 Bytes JMP 0039084A
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs GBFSHook.SYS (GoBack File System Hook Driver/Roxio, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
Device \Driver\Disk \Device\Harddisk0\DR0 GoBack2K.sys (GoBack Engine Driver/Roxio, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
Device \Driver\Disk \Device\Harddisk1\DR2 GoBack2K.sys (GoBack Engine Driver/Roxio, Inc.)
Device \Driver\Disk \Device\Harddisk1\DP(1)0-0+4 GoBack2K.sys (GoBack Engine Driver/Roxio, Inc.)
Device \Driver\Disk \Device\Harddisk2\DR3 GoBack2K.sys (GoBack Engine Driver/Roxio, Inc.)
Device \Driver\Disk \Device\Harddisk2\DP(1)0-0+5 GoBack2K.sys (GoBack Engine Driver/Roxio, Inc.)
Device \Driver\Disk \Device\Harddisk3\DR6 GoBack2K.sys (GoBack Engine Driver/Roxio, Inc.)
Device \Driver\Disk \Device\Harddisk4\DR18 GoBack2K.sys (GoBack Engine Driver/Roxio, Inc.)
Device \Driver\Disk \Device\Harddisk4\DP(1)0-0+13 GoBack2K.sys (GoBack Engine Driver/Roxio, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat FLTMGR.SYS (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Processes - GMER 1.0.15 ----
Process hidden process (*** hidden *** ) 4012
Process hidden process (*** hidden *** ) 12920
Process hidden process (*** hidden *** ) 43932
Process hidden process (*** hidden *** ) 48548
Process hidden process (*** hidden *** ) 48684
Process hidden process (*** hidden *** ) 58908
---- Registry - GMER 1.0.15 ----
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-854245398-1614895754-725345543-1003\Extension-List\{00000000-0000-0000-0000-000000000000}@StartTimeLo 216132214
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-854245398-1614895754-725345543-1003\Extension-List\{00000000-0000-0000-0000-000000000000}@StartTimeHi 30266941
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-854245398-1614895754-725345543-1003\Extension-List\{00000000-0000-0000-0000-000000000000}@EndTimeLo 216444714
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-854245398-1614895754-725345543-1003\Extension-List\{00000000-0000-0000-0000-000000000000}@EndTimeHi 30266941
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior
---- Files - GMER 1.0.15 ----
File C:\WINDOWS\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D\wuredir.cab.bak 16780 bytes
---- EOF - GMER 1.0.15 ----