Inactive Windows Update Problem

sdculp · 2011/11/03

[Inactive] Windows Update Problem

This is a continuation of the "Windows Update Problem" thread posted in the Windows XP Forum.

First, I ran a complete scan with Avast! as well as the startup scan. It found IN:Cycbot-gen[Trj] in the documents and settings-application data folder. It also found 3 corrupted temp files. Deleting all of them didn’t help the update situation.

Then I shut down Avast! and went through the 4 steps.

Here is the mbam log:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8060

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

11/1/2011 9:13:55 AM
mbam-log-2011-11-01 (09-13-43).txt

Scan type: Quick scan
Objects scanned: 179660
Time elapsed: 4 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\documents and settings\Stuart\application data\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@gamevance.com (Adware.GamesVance) -> No action taken.

Files Infected:
c:\WINDOWS\system32\f3PSSavr.scr (PUP.FunWebProducts) -> No action taken.

sdculp · 2011/11/03

Here's more. Can't find a way to attach. Hope the file isn't too long.

Here is the GMER Log:

File is too large to send. How can I do it? Can't seem to find a way to attach it.

broni · 2011/11/03

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.

If you're stuck, or you're not sure about certain step, always ask before doing anything else.

Please refrain from running tools or applying updates other than those I suggest.

Never run more than one scan at a time.

Keep updating me regarding your computer behavior, good, or bad.

The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.

If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.

I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=============================================================

Split GMER log over several replies.

Also your MBAM log says "No action taken ".
Re-run it, FIX all issues and post new log.

Admin. · 2011/11/03

"sdculp said: ↑

Here's more. Can't find a way to attach. Hope the file isn't too long.

Here is the GMER Log:

File is too large to send. How can I do it? Can't seem to find a way to attach it.
Click to expand...

Don't attach logs, copy & post logs in your post & reply(s). You'll have to break up the logs to fit. You can post around 55,000 characters in a single post.

sdculp · 2011/11/06

Here is GMER Log #1:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-11-02 11:24:35
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD5000AAKS-00V1A0 rev.05.01D05
Running: dw3w6ot3.exe; Driver: C:\DOCUME~1\Stuart\LOCALS~1\Temp\kwlyykod.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xA83219CA]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xA839EA68]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xA8341AF5]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xA8323EAC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xA8323F04]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xA832401A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xA83414A9]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xA8323E02]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xA8323F54]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xA8323E56]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xA8323FC8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xA83219EE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xA83421BB]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xA8342471]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xA832429E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xA8342026]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xA8341E91]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xA839EB18]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xA83217B8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xA8321A12]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xA8324412]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xA83224AA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xA8323EDC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xA8323F2C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xA8324044]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xA8341805]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xA8323E2E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xA83240D6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xA8323F94]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xA8323E84]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xA83241BA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xA8323FF2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xA839EBB0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xA8341D0C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xA8322370]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xA8341B5E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xA83A6E26]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xA8340B1C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xA8321A36]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xA8321A5A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xA8321812]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xA832194E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xA83422C2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xA832192A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xA8321972]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xA8321A7E]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xA83B38DE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2C28 805044C4 4 Bytes [68, EA, 39, A8]
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 805A64A8 4 Bytes CALL A8322E25 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC556 5 Bytes JMP A83AF29E \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 805C2FDA 5 Bytes JMP A83B0D38 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D117A 7 Bytes JMP A83B38E2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB4D62000, 0x238E77, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

sdculp · 2011/11/06

Here is GMER Log #2:

GMER Log Page 2

.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[812] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00390030
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[812] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0039006C
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[812] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003900A8
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[812] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A00E4
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[812] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0120
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[812] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A00A8
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[812] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A0030
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[812] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A006C
.text C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe[820] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00150030
.text C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe[820] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0015006C
.text C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe[820] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003901D4
.text C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe[820] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003900E4
.text C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe[820] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390120
.text C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe[820] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 0039015C
.text C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe[820] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390198
.text C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe[820] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00390030
.text C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe[820] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0039006C
.text C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe[820] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003900A8
.text C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe[820] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A00E4
.text C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe[820] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0120
.text C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe[820] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A00A8
.text C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe[820] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A0030
.text C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe[820] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A006C
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[832] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00150030
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[832] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0015006C
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[832] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003901D4
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[832] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003900E4
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[832] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390120
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[832] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 0039015C
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[832] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390198
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[832] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00390030
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[832] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0039006C
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[832] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003900A8
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[832] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A00E4
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[832] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0120
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[832] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A00A8
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[832] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A0030
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[832] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A006C
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[852] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00150030
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[852] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0015006C
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[852] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003900E4
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[852] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390120
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[852] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003900A8
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[852] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00390030
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[852] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 0039006C
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[852] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A01D4
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[852] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A00E4
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[852] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0120
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[852] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A015C
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[852] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0198
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[852] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A0030
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[852] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A006C
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[852] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A00A8
.text C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe[856] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00090030
.text C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe[856] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0009006C
.text C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe[856] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002D01D4
.text C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe[856] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002D00E4
.text C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe[856] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002D0120
.text C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe[856] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002D015C
.text C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe[856] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002D0198
.text C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe[856] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002D0030
.text C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe[856] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002D006C
.text C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe[856] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002D00A8
.text C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe[856] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002E00E4
.text C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe[856] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002E0120
.text C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe[856] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002E00A8
.text C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe[856] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002E0030
.text C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe[856] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002E006C
.text C:\Program Files\Ask.com\Updater\Updater.exe[968] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00150030
.text C:\Program Files\Ask.com\Updater\Updater.exe[968] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0015006C
.text C:\Program Files\Ask.com\Updater\Updater.exe[968] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003900E4
.text C:\Program Files\Ask.com\Updater\Updater.exe[968] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390120
.text C:\Program Files\Ask.com\Updater\Updater.exe[968] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003900A8
.text C:\Program Files\Ask.com\Updater\Updater.exe[968] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00390030
.text C:\Program Files\Ask.com\Updater\Updater.exe[968] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 0039006C
.text C:\Program Files\Ask.com\Updater\Updater.exe[968] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A01D4
.text C:\Program Files\Ask.com\Updater\Updater.exe[968] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A00E4
.text C:\Program Files\Ask.com\Updater\Updater.exe[968] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0120
.text C:\Program Files\Ask.com\Updater\Updater.exe[968] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A015C
.text C:\Program Files\Ask.com\Updater\Updater.exe[968] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0198
.text C:\Program Files\Ask.com\Updater\Updater.exe[968] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A0030
.text C:\Program Files\Ask.com\Updater\Updater.exe[968] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A006C
.text C:\Program Files\Ask.com\Updater\Updater.exe[968] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A00A8
.text C:\Program Files\Messenger\msmsgs.exe[980] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00090030
.text C:\Program Files\Messenger\msmsgs.exe[980] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0009006C
.text C:\Program Files\Messenger\msmsgs.exe[980] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002D01D4
.text C:\Program Files\Messenger\msmsgs.exe[980] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002D00E4
.text C:\Program Files\Messenger\msmsgs.exe[980] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002D0120
.text C:\Program Files\Messenger\msmsgs.exe[980] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002D015C
.text C:\Program Files\Messenger\msmsgs.exe[980] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002D0198
.text C:\Program Files\Messenger\msmsgs.exe[980] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002D0030
.text C:\Program Files\Messenger\msmsgs.exe[980] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002D006C
.text C:\Program Files\Messenger\msmsgs.exe[980] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002D00A8
.text C:\Program Files\Messenger\msmsgs.exe[980] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002E00E4
.text C:\Program Files\Messenger\msmsgs.exe[980] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002E0120
.text C:\Program Files\Messenger\msmsgs.exe[980] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002E00A8
.text C:\Program Files\Messenger\msmsgs.exe[980] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002E0030
.text C:\Program Files\Messenger\msmsgs.exe[980] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002E006C
.text C:\WINDOWS\system32\winlogon.exe[1128] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00070030
.text C:\WINDOWS\system32\winlogon.exe[1128] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0007006C
.text C:\WINDOWS\system32\winlogon.exe[1128] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B01D4
.text C:\WINDOWS\system32\winlogon.exe[1128] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B00E4
.text C:\WINDOWS\system32\winlogon.exe[1128] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0120
.text C:\WINDOWS\system32\winlogon.exe[1128] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B015C
.text C:\WINDOWS\system32\winlogon.exe[1128] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0198
.text C:\WINDOWS\system32\winlogon.exe[1128] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B0030
.text C:\WINDOWS\system32\winlogon.exe[1128] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B006C
.text C:\WINDOWS\system32\winlogon.exe[1128] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B00A8
.text C:\WINDOWS\system32\winlogon.exe[1128] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C00E4
.text C:\WINDOWS\system32\winlogon.exe[1128] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0120
.text C:\WINDOWS\system32\winlogon.exe[1128] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C00A8
.text C:\WINDOWS\system32\winlogon.exe[1128] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C0030
.text C:\WINDOWS\system32\winlogon.exe[1128] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C006C
.text C:\WINDOWS\system32\services.exe[1172] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00090030
.text C:\WINDOWS\system32\services.exe[1172] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\services.exe[1172] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B01D4
.text C:\WINDOWS\system32\services.exe[1172] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B00E4
.text C:\WINDOWS\system32\services.exe[1172] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0120
.text C:\WINDOWS\system32\services.exe[1172] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B015C
.text C:\WINDOWS\system32\services.exe[1172] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0198
.text C:\WINDOWS\system32\services.exe[1172] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B0030
.text C:\WINDOWS\system32\services.exe[1172] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B006C
.text C:\WINDOWS\system32\services.exe[1172] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B00A8
.text C:\WINDOWS\system32\services.exe[1172] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C00E4
.text C:\WINDOWS\system32\services.exe[1172] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0120
.text C:\WINDOWS\system32\services.exe[1172] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C00A8
.text C:\WINDOWS\system32\services.exe[1172] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C0030
.text C:\WINDOWS\system32\services.exe[1172] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C006C

sdculp · 2011/11/06

Here is GMER Log #3:

GMER Log Page 3

.text C:\WINDOWS\system32\lsass.exe[1184] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00090030
.text C:\WINDOWS\system32\lsass.exe[1184] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\lsass.exe[1184] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B01D4
.text C:\WINDOWS\system32\lsass.exe[1184] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B00E4
.text C:\WINDOWS\system32\lsass.exe[1184] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0120
.text C:\WINDOWS\system32\lsass.exe[1184] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B015C
.text C:\WINDOWS\system32\lsass.exe[1184] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0198
.text C:\WINDOWS\system32\lsass.exe[1184] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B0030
.text C:\WINDOWS\system32\lsass.exe[1184] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B006C
.text C:\WINDOWS\system32\lsass.exe[1184] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B00A8
.text C:\WINDOWS\system32\lsass.exe[1184] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C00E4
.text C:\WINDOWS\system32\lsass.exe[1184] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0120
.text C:\WINDOWS\system32\lsass.exe[1184] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C00A8
.text C:\WINDOWS\system32\lsass.exe[1184] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C0030
.text C:\WINDOWS\system32\lsass.exe[1184] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C006C
.text C:\WINDOWS\system32\Ati2evxx.exe[1360] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00150030
.text C:\WINDOWS\system32\Ati2evxx.exe[1360] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0015006C
.text C:\WINDOWS\system32\Ati2evxx.exe[1360] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003900E4
.text C:\WINDOWS\system32\Ati2evxx.exe[1360] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390120
.text C:\WINDOWS\system32\Ati2evxx.exe[1360] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003900A8
.text C:\WINDOWS\system32\Ati2evxx.exe[1360] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00390030
.text C:\WINDOWS\system32\Ati2evxx.exe[1360] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 0039006C
.text C:\WINDOWS\system32\Ati2evxx.exe[1360] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A01D4
.text C:\WINDOWS\system32\Ati2evxx.exe[1360] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A00E4
.text C:\WINDOWS\system32\Ati2evxx.exe[1360] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0120
.text C:\WINDOWS\system32\Ati2evxx.exe[1360] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A015C
.text C:\WINDOWS\system32\Ati2evxx.exe[1360] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0198
.text C:\WINDOWS\system32\Ati2evxx.exe[1360] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A0030
.text C:\WINDOWS\system32\Ati2evxx.exe[1360] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A006C
.text C:\WINDOWS\system32\Ati2evxx.exe[1360] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A00A8
.text C:\WINDOWS\system32\svchost.exe[1380] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00090030
.text C:\WINDOWS\system32\svchost.exe[1380] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\svchost.exe[1380] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B01D4
.text C:\WINDOWS\system32\svchost.exe[1380] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B00E4
.text C:\WINDOWS\system32\svchost.exe[1380] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0120
.text C:\WINDOWS\system32\svchost.exe[1380] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B015C
.text C:\WINDOWS\system32\svchost.exe[1380] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0198
.text C:\WINDOWS\system32\svchost.exe[1380] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B0030
.text C:\WINDOWS\system32\svchost.exe[1380] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B006C
.text C:\WINDOWS\system32\svchost.exe[1380] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B00A8
.text C:\WINDOWS\system32\svchost.exe[1380] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C00E4
.text C:\WINDOWS\system32\svchost.exe[1380] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0120
.text C:\WINDOWS\system32\svchost.exe[1380] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C00A8
.text C:\WINDOWS\system32\svchost.exe[1380] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C0030
.text C:\WINDOWS\system32\svchost.exe[1380] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C006C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1396] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00080030
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1396] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0008006C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1396] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C01D4
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1396] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C00E4
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1396] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0120
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1396] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C015C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1396] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0198
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1396] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C0030
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1396] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C006C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1396] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C00A8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1396] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D00E4
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1396] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0120
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1396] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D00A8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1396] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D0030
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1396] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D006C
.text C:\WINDOWS\system32\svchost.exe[1480] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00090030
.text C:\WINDOWS\system32\svchost.exe[1480] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\svchost.exe[1480] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B01D4
.text C:\WINDOWS\system32\svchost.exe[1480] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B00E4
.text C:\WINDOWS\system32\svchost.exe[1480] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0120
.text C:\WINDOWS\system32\svchost.exe[1480] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B015C
.text C:\WINDOWS\system32\svchost.exe[1480] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0198
.text C:\WINDOWS\system32\svchost.exe[1480] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B0030
.text C:\WINDOWS\system32\svchost.exe[1480] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B006C
.text C:\WINDOWS\system32\svchost.exe[1480] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B00A8
.text C:\WINDOWS\system32\svchost.exe[1480] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C00E4
.text C:\WINDOWS\system32\svchost.exe[1480] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0120
.text C:\WINDOWS\system32\svchost.exe[1480] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C00A8
.text C:\WINDOWS\system32\svchost.exe[1480] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C0030
.text C:\WINDOWS\system32\svchost.exe[1480] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C006C
.text C:\WINDOWS\System32\svchost.exe[1604] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00090030
.text C:\WINDOWS\System32\svchost.exe[1604] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0009006C
.text C:\WINDOWS\System32\svchost.exe[1604] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B01D4
.text C:\WINDOWS\System32\svchost.exe[1604] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B00E4
.text C:\WINDOWS\System32\svchost.exe[1604] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0120
.text C:\WINDOWS\System32\svchost.exe[1604] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B015C
.text C:\WINDOWS\System32\svchost.exe[1604] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0198
.text C:\WINDOWS\System32\svchost.exe[1604] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B0030
.text C:\WINDOWS\System32\svchost.exe[1604] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B006C
.text C:\WINDOWS\System32\svchost.exe[1604] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B00A8
.text C:\WINDOWS\System32\svchost.exe[1604] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C00E4
.text C:\WINDOWS\System32\svchost.exe[1604] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0120
.text C:\WINDOWS\System32\svchost.exe[1604] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C00A8
.text C:\WINDOWS\System32\svchost.exe[1604] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C0030
.text C:\WINDOWS\System32\svchost.exe[1604] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C006C
.text C:\Program Files\Jacquie Lawson Advent Calendar\Jacquie Lawson Advent Calendar\Jacquie Lawson Advent Calendar.exe[1704] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00150030
.text C:\Program Files\Jacquie Lawson Advent Calendar\Jacquie Lawson Advent Calendar\Jacquie Lawson Advent Calendar.exe[1704] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0015006C
.text C:\Program Files\Jacquie Lawson Advent Calendar\Jacquie Lawson Advent Calendar\Jacquie Lawson Advent Calendar.exe[1704] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003901D4
.text C:\Program Files\Jacquie Lawson Advent Calendar\Jacquie Lawson Advent Calendar\Jacquie Lawson Advent Calendar.exe[1704] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003900E4
.text C:\Program Files\Jacquie Lawson Advent Calendar\Jacquie Lawson Advent Calendar\Jacquie Lawson Advent Calendar.exe[1704] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390120
.text C:\Program Files\Jacquie Lawson Advent Calendar\Jacquie Lawson Advent Calendar\Jacquie Lawson Advent Calendar.exe[1704] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 0039015C
.text C:\Program Files\Jacquie Lawson Advent Calendar\Jacquie Lawson Advent Calendar\Jacquie Lawson Advent Calendar.exe[1704] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390198
.text C:\Program Files\Jacquie Lawson Advent Calendar\Jacquie Lawson Advent Calendar\Jacquie Lawson Advent Calendar.exe[1704] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00390030
.text C:\Program Files\Jacquie Lawson Advent Calendar\Jacquie Lawson Advent Calendar\Jacquie Lawson Advent Calendar.exe[1704] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0039006C
.text C:\Program Files\Jacquie Lawson Advent Calendar\Jacquie Lawson Advent Calendar\Jacquie Lawson Advent Calendar.exe[1704] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003900A8
.text C:\Program Files\Jacquie Lawson Advent Calendar\Jacquie Lawson Advent Calendar\Jacquie Lawson Advent Calendar.exe[1704] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A00E4
.text C:\Program Files\Jacquie Lawson Advent Calendar\Jacquie Lawson Advent Calendar\Jacquie Lawson Advent Calendar.exe[1704] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0120
.text C:\Program Files\Jacquie Lawson Advent Calendar\Jacquie Lawson Advent Calendar\Jacquie Lawson Advent Calendar.exe[1704] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A00A8
.text C:\Program Files\Jacquie Lawson Advent Calendar\Jacquie Lawson Advent Calendar\Jacquie Lawson Advent Calendar.exe[1704] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A0030
.text C:\Program Files\Jacquie Lawson Advent Calendar\Jacquie Lawson Advent Calendar\Jacquie Lawson Advent Calendar.exe[1704] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A006C
.text C:\WINDOWS\system32\svchost.exe[1756] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00090030
.text C:\WINDOWS\system32\svchost.exe[1756] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\svchost.exe[1756] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B01D4
.text C:\WINDOWS\system32\svchost.exe[1756] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B00E4
.text C:\WINDOWS\system32\svchost.exe[1756] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0120
.text C:\WINDOWS\system32\svchost.exe[1756] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B015C
.text C:\WINDOWS\system32\svchost.exe[1756] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0198
.text C:\WINDOWS\system32\svchost.exe[1756] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B0030
.text C:\WINDOWS\system32\svchost.exe[1756] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B006C
.text C:\WINDOWS\system32\svchost.exe[1756] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B00A8
.text C:\WINDOWS\system32\svchost.exe[1756] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C00E4
.text C:\WINDOWS\system32\svchost.exe[1756] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0120
.text C:\WINDOWS\system32\svchost.exe[1756] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C00A8
.text C:\WINDOWS\system32\svchost.exe[1756] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C0030
.text C:\WINDOWS\system32\svchost.exe[1756] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C006C
.text C:\WINDOWS\system32\svchost.exe[1800] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00090030
.text C:\WINDOWS\system32\svchost.exe[1800] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\svchost.exe[1800] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B01D4
.text C:\WINDOWS\system32\svchost.exe[1800] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B00E4
.text C:\WINDOWS\system32\svchost.exe[1800] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0120
.text C:\WINDOWS\system32\svchost.exe[1800] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B015C
.text C:\WINDOWS\system32\svchost.exe[1800] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0198
.text C:\WINDOWS\system32\svchost.exe[1800] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B0030
.text C:\WINDOWS\system32\svchost.exe[1800] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B006C
.text C:\WINDOWS\system32\svchost.exe[1800] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B00A8
.text C:\WINDOWS\system32\svchost.exe[1800] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C00E4
.text C:\WINDOWS\system32\svchost.exe[1800] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0120
.text C:\WINDOWS\system32\svchost.exe[1800] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C00A8
.text C:\WINDOWS\system32\svchost.exe[1800] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C0030
.text C:\WINDOWS\system32\svchost.exe[1800] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C006C
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1844] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00150030
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1844] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0015006C
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1844] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A01D4
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1844] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A00E4
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1844] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0120
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1844] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A015C
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1844] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0198
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1844] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A0030
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1844] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A006C
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1844] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A00A8
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1844] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003B00E4
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1844] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003B0120
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1844] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003B00A8
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1844] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003B0030
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1844] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003B006C
.text C:\WINDOWS\system32\Ati2evxx.exe[1896] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00150030
.text C:\WINDOWS\system32\Ati2evxx.exe[1896] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0015006C
.text C:\WINDOWS\system32\Ati2evxx.exe[1896] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003900E4
.text C:\WINDOWS\system32\Ati2evxx.exe[1896] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390120
.text C:\WINDOWS\system32\Ati2evxx.exe[1896] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003900A8
.text C:\WINDOWS\system32\Ati2evxx.exe[1896] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00390030
.text C:\WINDOWS\system32\Ati2evxx.exe[1896] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 0039006C
.text C:\WINDOWS\system32\Ati2evxx.exe[1896] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A01D4
.text C:\WINDOWS\system32\Ati2evxx.exe[1896] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A00E4
.text C:\WINDOWS\system32\Ati2evxx.exe[1896] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0120
.text C:\WINDOWS\system32\Ati2evxx.exe[1896] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A015C
.text C:\WINDOWS\system32\Ati2evxx.exe[1896] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0198
.text C:\WINDOWS\system32\Ati2evxx.exe[1896] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A0030
.text C:\WINDOWS\system32\Ati2evxx.exe[1896] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A006C
.text C:\WINDOWS\system32\Ati2evxx.exe[1896] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A00A8
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[2016] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\Canon\CAL\CALMAIN.exe[2052] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00140030
.text C:\Program Files\Canon\CAL\CALMAIN.exe[2052] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0014006C
.text C:\Program Files\Canon\CAL\CALMAIN.exe[2052] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003801D4
.text C:\Program Files\Canon\CAL\CALMAIN.exe[2052] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003800E4
.text C:\Program Files\Canon\CAL\CALMAIN.exe[2052] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00380120
.text C:\Program Files\Canon\CAL\CALMAIN.exe[2052] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 0038015C
.text C:\Program Files\Canon\CAL\CALMAIN.exe[2052] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00380198
.text C:\Program Files\Canon\CAL\CALMAIN.exe[2052] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00380030
.text C:\Program Files\Canon\CAL\CALMAIN.exe[2052] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0038006C
.text C:\Program Files\Canon\CAL\CALMAIN.exe[2052] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003800A8
.text C:\Program Files\Canon\CAL\CALMAIN.exe[2052] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003900E4
.text C:\Program Files\Canon\CAL\CALMAIN.exe[2052] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390120
.text C:\Program Files\Canon\CAL\CALMAIN.exe[2052] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003900A8
.text C:\Program Files\Canon\CAL\CALMAIN.exe[2052] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00390030
.text C:\Program Files\Canon\CAL\CALMAIN.exe[2052] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 0039006C
.text C:\WINDOWS\system32\spoolsv.exe[2244] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00090030
.text C:\WINDOWS\system32\spoolsv.exe[2244] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\spoolsv.exe[2244] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B01D4
.text C:\WINDOWS\system32\spoolsv.exe[2244] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B00E4
.text C:\WINDOWS\system32\spoolsv.exe[2244] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0120
.text C:\WINDOWS\system32\spoolsv.exe[2244] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B015C
.text C:\WINDOWS\system32\spoolsv.exe[2244] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0198
.text C:\WINDOWS\system32\spoolsv.exe[2244] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B0030
.text C:\WINDOWS\system32\spoolsv.exe[2244] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B006C
.text C:\WINDOWS\system32\spoolsv.exe[2244] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B00A8
.text C:\WINDOWS\system32\spoolsv.exe[2244] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C00E4
.text C:\WINDOWS\system32\spoolsv.exe[2244] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0120
.text C:\WINDOWS\system32\spoolsv.exe[2244] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C00A8
.text C:\WINDOWS\system32\spoolsv.exe[2244] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C0030
.text C:\WINDOWS\system32\spoolsv.exe[2244] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C006C
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[2340] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00080030
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[2340] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0008006C
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[2340] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C01D4
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[2340] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C00E4
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[2340] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0120
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[2340] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C015C
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[2340] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0198

sdculp · 2011/11/06

Here is GMER Log #4:

GMER Log Page 4

.text C:\Program Files\Windows Media Player\WMPNetwk.exe[2340] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C0030
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[2340] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C006C
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[2340] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C00A8
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[2340] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D00E4
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[2340] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0120
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[2340] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D00A8
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[2340] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D0030
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[2340] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D006C
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2844] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00150030
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2844] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0015006C
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2844] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003701D4
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2844] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003700E4
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2844] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00370120
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2844] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 0037015C
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2844] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00370198
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2844] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00370030
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2844] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0037006C
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2844] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003700A8
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2844] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003800E4
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2844] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380120
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2844] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003800A8
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2844] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00380030
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2844] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 0038006C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2940] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00080030
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2940] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0008006C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2940] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C01D4
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2940] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C00E4
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2940] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0120
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2940] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C015C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2940] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0198
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2940] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C0030
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2940] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C006C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2940] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C00A8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2940] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D00E4
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2940] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0120
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2940] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D00A8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2940] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D0030
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2940] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D006C
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2944] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00090030
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2944] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2944] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B01D4
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2944] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B00E4
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2944] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0120
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2944] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B015C
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2944] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0198
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2944] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B0030
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2944] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B006C
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2944] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B00A8
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2944] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C00E4
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2944] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0120
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2944] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C00A8
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2944] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C0030
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2944] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C006C
.text C:\WINDOWS\system32\svchost.exe[2984] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00090030
.text C:\WINDOWS\system32\svchost.exe[2984] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\svchost.exe[2984] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B01D4
.text C:\WINDOWS\system32\svchost.exe[2984] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B00E4
.text C:\WINDOWS\system32\svchost.exe[2984] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0120
.text C:\WINDOWS\system32\svchost.exe[2984] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B015C
.text C:\WINDOWS\system32\svchost.exe[2984] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0198
.text C:\WINDOWS\system32\svchost.exe[2984] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B0030
.text C:\WINDOWS\system32\svchost.exe[2984] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B006C
.text C:\WINDOWS\system32\svchost.exe[2984] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B00A8
.text C:\WINDOWS\system32\svchost.exe[2984] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C00E4
.text C:\WINDOWS\system32\svchost.exe[2984] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0120
.text C:\WINDOWS\system32\svchost.exe[2984] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C00A8
.text C:\WINDOWS\system32\svchost.exe[2984] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C0030
.text C:\WINDOWS\system32\svchost.exe[2984] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C006C
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[3056] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00150030
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[3056] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0015006C
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[3056] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003901D4
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[3056] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003900E4
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[3056] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390120
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[3056] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 0039015C
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[3056] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390198
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[3056] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00390030
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[3056] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0039006C
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[3056] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003900A8
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[3056] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A00E4
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[3056] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0120
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[3056] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A00A8
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[3056] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A0030
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[3056] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A006C
.text C:\WINDOWS\System32\svchost.exe[3248] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00090030
.text C:\WINDOWS\System32\svchost.exe[3248] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0009006C
.text C:\WINDOWS\System32\svchost.exe[3248] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B01D4
.text C:\WINDOWS\System32\svchost.exe[3248] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B00E4
.text C:\WINDOWS\System32\svchost.exe[3248] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0120
.text C:\WINDOWS\System32\svchost.exe[3248] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B015C
.text C:\WINDOWS\System32\svchost.exe[3248] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0198
.text C:\WINDOWS\System32\svchost.exe[3248] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B0030
.text C:\WINDOWS\System32\svchost.exe[3248] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B006C
.text C:\WINDOWS\System32\svchost.exe[3248] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B00A8
.text C:\WINDOWS\System32\svchost.exe[3248] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C00E4
.text C:\WINDOWS\System32\svchost.exe[3248] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0120
.text C:\WINDOWS\System32\svchost.exe[3248] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C00A8
.text C:\WINDOWS\System32\svchost.exe[3248] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C0030
.text C:\WINDOWS\System32\svchost.exe[3248] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C006C
.text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[3292] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00150030
.text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[3292] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0015006C
.text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[3292] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003900E4
.text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[3292] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390120
.text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[3292] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003900A8
.text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[3292] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00390030
.text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[3292] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 0039006C
.text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[3292] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A01D4
.text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[3292] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A00E4
.text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[3292] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0120
.text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[3292] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A015C
.text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[3292] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0198
.text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[3292] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A0030
.text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[3292] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A006C
.text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[3292] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A00A8
.text C:\Program Files\Java\jre6\bin\jqs.exe[3312] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00150030
.text C:\Program Files\Java\jre6\bin\jqs.exe[3312] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0015006C
.text C:\Program Files\Java\jre6\bin\jqs.exe[3312] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003901D4
.text C:\Program Files\Java\jre6\bin\jqs.exe[3312] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003900E4
.text C:\Program Files\Java\jre6\bin\jqs.exe[3312] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390120
.text C:\Program Files\Java\jre6\bin\jqs.exe[3312] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 0039015C
.text C:\Program Files\Java\jre6\bin\jqs.exe[3312] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390198
.text C:\Program Files\Java\jre6\bin\jqs.exe[3312] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00390030
.text C:\Program Files\Java\jre6\bin\jqs.exe[3312] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0039006C
.text C:\Program Files\Java\jre6\bin\jqs.exe[3312] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003900A8
.text C:\Program Files\Java\jre6\bin\jqs.exe[3312] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A00E4
.text C:\Program Files\Java\jre6\bin\jqs.exe[3312] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0120
.text C:\Program Files\Java\jre6\bin\jqs.exe[3312] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A00A8
.text C:\Program Files\Java\jre6\bin\jqs.exe[3312] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A0030
.text C:\Program Files\Java\jre6\bin\jqs.exe[3312] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A006C
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3356] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00090030
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3356] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0009006C
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3356] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002D01D4
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3356] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002D00E4
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3356] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002D0120
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3356] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002D015C
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3356] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002D0198
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3356] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002D0030
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3356] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002D006C
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3356] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002D00A8
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3356] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002E00E4
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3356] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002E0120
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3356] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002E00A8
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3356] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002E0030
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3356] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002E006C
.text C:\WINDOWS\system32\wscntfy.exe[3396] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00090030
.text C:\WINDOWS\system32\wscntfy.exe[3396] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\wscntfy.exe[3396] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D00E4
.text C:\WINDOWS\system32\wscntfy.exe[3396] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0120
.text C:\WINDOWS\system32\wscntfy.exe[3396] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D00A8
.text C:\WINDOWS\system32\wscntfy.exe[3396] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D0030
.text C:\WINDOWS\system32\wscntfy.exe[3396] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D006C
.text C:\WINDOWS\system32\wscntfy.exe[3396] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002E01D4
.text C:\WINDOWS\system32\wscntfy.exe[3396] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002E00E4
.text C:\WINDOWS\system32\wscntfy.exe[3396] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002E0120
.text C:\WINDOWS\system32\wscntfy.exe[3396] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002E015C
.text C:\WINDOWS\system32\wscntfy.exe[3396] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002E0198
.text C:\WINDOWS\system32\wscntfy.exe[3396] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002E0030
.text C:\WINDOWS\system32\wscntfy.exe[3396] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002E006C
.text C:\WINDOWS\system32\wscntfy.exe[3396] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002E00A8
.text C:\WINDOWS\system32\svchost.exe[3964] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00090030
.text C:\WINDOWS\system32\svchost.exe[3964] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\svchost.exe[3964] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B01D4
.text C:\WINDOWS\system32\svchost.exe[3964] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B00E4
.text C:\WINDOWS\system32\svchost.exe[3964] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0120
.text C:\WINDOWS\system32\svchost.exe[3964] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B015C
.text C:\WINDOWS\system32\svchost.exe[3964] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0198
.text C:\WINDOWS\system32\svchost.exe[3964] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B0030
.text C:\WINDOWS\system32\svchost.exe[3964] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B006C
.text C:\WINDOWS\system32\svchost.exe[3964] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B00A8
.text C:\WINDOWS\system32\svchost.exe[3964] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C00E4
.text C:\WINDOWS\system32\svchost.exe[3964] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0120
.text C:\WINDOWS\system32\svchost.exe[3964] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C00A8
.text C:\WINDOWS\system32\svchost.exe[3964] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C0030
.text C:\WINDOWS\system32\svchost.exe[3964] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C006C
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[4072] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00150030
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[4072] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0015006C
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[4072] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003901D4
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[4072] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003900E4
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[4072] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390120
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[4072] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 0039015C
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[4072] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390198
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[4072] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00390030
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[4072] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0039006C
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[4072] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003900A8
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[4072] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A00E4
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[4072] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0120
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[4072] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A00A8
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[4072] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A0030
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[4072] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A006C

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[1172] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 005E0002
IAT C:\WINDOWS\system32\services.exe[1172] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 005E0000

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Ntfs \Ntfs tdrpm228.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 tdrpm228.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 tdrpm228.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 tdrpm228.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

---- EOF - GMER 1.0.15 ----

sdculp · 2011/11/06

Here is the ASWMBR Log:

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-11-01 10:27:08
-----------------------------
10:27:08.031 OS Version: Windows 5.1.2600 Service Pack 3
10:27:08.031 Number of processors: 4 586 0x403
10:27:08.031 ComputerName: STUART-JDPTINBU UserName: Stuart
10:27:08.328 Initialize success
10:27:08.390 AVAST engine defs: 11110102
10:27:18.718 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
10:27:18.718 Disk 0 Vendor: WDC_WD5000AAKS-00V1A0 05.01D05 Size: 476940MB BusType: 3
10:27:20.750 Disk 0 MBR read successfully
10:27:20.750 Disk 0 MBR scan
10:27:20.750 Disk 0 Windows XP default MBR code
10:27:20.765 Disk 0 scanning sectors +976768065
10:27:20.890 Disk 0 scanning C:\WINDOWS\system32\drivers
10:27:42.828 Service scanning
10:27:43.687 Service MSICDSetup E:\CDriver.sys **LOCKED** 21
10:27:44.234 Modules scanning
10:28:00.781 Disk 0 trace - called modules:
10:28:00.812 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys amdide.sys PCIIDEX.SYS
10:28:00.812 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ab2fab8]
10:28:00.812 3 CLASSPNP.SYS[ba0f8fd7] -> nt!IofCallDriver -> \Device\0000007a[0x8ab149e8]
10:28:00.812 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8aaae940]
10:28:01.046 AVAST engine scan C:\WINDOWS
10:28:32.031 AVAST engine scan C:\WINDOWS\system32
10:31:13.468 AVAST engine scan C:\WINDOWS\system32\drivers
10:31:37.750 AVAST engine scan C:\Documents and Settings\Stuart
10:44:57.375 AVAST engine scan C:\Documents and Settings\All Users
10:48:52.984 Scan finished successfully
10:50:21.093 Disk 0 MBR has been saved successfully to "G:\aswMBR Folder\MBR.dat "
10:50:21.109 The log file has been saved successfully to "G:\aswMBR Folder\aswMBR.txt "

sdculp · 2011/11/06

Here is DDS file #1:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 4/22/2010 2:42:11 PM
System Uptime: 11/1/2011 9:15:04 AM (1 hours ago)
.
Motherboard: MSI | | 790X-G45 (MS-7622)
Processor: AMD Phenom(tm) II X4 955 Processor | CPU 1 | 3200/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 42 GiB total, 9.91 GiB free.
D: is FIXED (NTFS) - 34 GiB total, 21.864 GiB free.
E: is CDROM ()
F: is FIXED (NTFS) - 389 GiB total, 357.935 GiB free.
G: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP471: 10/8/2011 9:30:37 AM - System Checkpoint
RP472: 10/9/2011 1:01:10 PM - System Checkpoint
RP473: 10/10/2011 6:38:07 PM - System Checkpoint
RP474: 10/12/2011 7:23:52 AM - System Checkpoint
RP475: 10/13/2011 8:02:38 AM - System Checkpoint
RP476: 10/14/2011 9:01:19 AM - System Checkpoint
RP477: 10/15/2011 9:05:30 AM - System Checkpoint
RP478: 10/16/2011 9:24:40 AM - System Checkpoint
RP479: 10/17/2011 9:41:07 AM - System Checkpoint
RP480: 10/18/2011 10:13:14 AM - System Checkpoint
RP481: 10/19/2011 10:44:55 AM - System Checkpoint
RP482: 10/20/2011 12:12:45 PM - System Checkpoint
RP483: 10/21/2011 12:48:10 PM - System Checkpoint
RP484: 10/22/2011 12:54:22 PM - System Checkpoint
RP485: 10/23/2011 1:57:11 PM - System Checkpoint
RP486: 10/24/2011 3:49:26 PM - System Checkpoint
RP487: 10/25/2011 4:38:21 PM - System Checkpoint
RP488: 10/26/2011 4:50:09 PM - System Checkpoint
RP489: 10/28/2011 5:40:56 AM - System Checkpoint
RP490: 10/29/2011 6:30:31 AM - System Checkpoint
RP491: 10/30/2011 7:23:30 AM - System Checkpoint
RP492: 10/31/2011 9:11:39 AM - System Checkpoint
.
==== Installed Programs ======================
.
1912: Titanic Mystery
3 Days: Zoo Mystery
7 Wonders
A Gypsy's Tale: The Tower of Secrets
Acrobat.com
Acronis*Disk Director Suite
Acronis*True*Image*Home
Ad-Aware
Adobe Acrobat 4.0
Adobe AIR
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.4
Adobe Shockwave Player
Adventures of Robinson Crusoe
After Dark Games
Amazing Adventures: The Caribbean Secret
Amazing Adventures: The Forgotten Dynasty
Amazing Adventures: The Lost Tomb (remove only)
AMD USB Filter Driver
Aqua Bubble
Ask Toolbar
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
ATI - Software Uninstall Utility
ATI AVIVO Codecs
ATI Catalyst Control Center
ATI Display Driver
ATI Problem Report Wizard
avast! Free Antivirus
Awakening: Moonfell Wood
Awakening: The Dreamless Castle
Awakening: The Goblin Kingdom
Bejeweled 2 Deluxe
Big Fish Games Toolbar 2.0
Big Fish Games: Game Manager
Canon Camera Access Library
Canon Camera Support Core Library
Canon DIGITAL CAMERA Solution Disk Software Guide
Canon G.726 WMP-Decoder
CANON iMAGE GATEWAY MyCamera Download Plugin
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon MOV Decoder
Canon MOV Encoder
Canon MovieEdit Task for ZoomBrowser EX
Canon PowerShot ELPH 300 HS_IXUS 220 HS Camera User Guide
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC 8
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities CameraWindow Launcher
Canon Utilities EOS Utility
Canon Utilities Movie Uploader for YouTube
Canon Utilities MyCamera
Canon Utilities MyCamera DC
Canon Utilities PhotoStitch
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center HydraVision Full
Catalyst Control Center Localization All
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Chicken Invaders 3
Competitions at Rosemond Hill
Conduit Engine
Coupon Printer for Windows
Cradle of Rome
Crawler Toolbar
Creative EAX Console
Creative Speaker Settings
CrossGuesser
Device Control
Discovery! A Seek and Find Adventure
Dream Day Honeymoon
Dream Day Travel Pack - 3 in 1
EASEUS Partition Master 5.8.1 Home Edition
Eudora
Free Ride Games Player
Free Ride Games Toolbar
GameBar Toolbar for IE
GamesBar 2.0.1.103
Google Toolbar for Internet Explorer
Graphic Workshop Professional 3
Hidden Expedition: Amazon ™
Hidden Expedition: Titanic™
Hidden in Time: Looking-glass Lane
HijackThis 2.0.2
Horse & Pony - Lets Ride!
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
hp deskjet 960c series (Remove only)
Indeo® software
InstaCodecs
InstallIQ Updater
InterVideo WinDVD 8
It's all about masks
Itibiti RTC
Jacquie Lawson Advent Calendar
Java 2 Runtime Environment Standard Edition v1.3.1_06
Java 2 Runtime Environment, SE v1.4.1_02
Java Auto Updater
Java Web Start
Java(TM) 6 Update 22
Jewel Quest
Jewel Quest Mysteries: Curse of the Emerald Tear
Jigsaw Puzzles - Parks of the World
Kate Arrow: Deserted Wood
Let's Ride 3 Day Eventing - Championship Season
LiveReg (Symantec Corporation)
LiveUpdate 1.80 (Symantec Corporation)
Logitech Desktop Messenger
Logitech MouseWare 9.79
Logitech Resource Center
Lost Lagoon: The Trail of Destiny
Lost Souls: Enchanted Paintings
Love Story: The Beach Cottage
Magic Encyclopedia
Magic Vines
Magical Forest
Malwarebytes' Anti-Malware version 1.51.2.1300
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Default Manager
Microsoft Office PowerPoint Viewer 2003
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Word 97
Mozilla Firefox 7.0.1 (x86 en-US)
MSN Gaming Zone
MSN Toolbar
MSN Toolbar Platform
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mystery Legends: Beauty and the Beast
Mystery of Unicorn Castle
Mystery PI
Mystery Solitaire: Secret Island (remove only)
Nancy Drew: The Curse of Blackmoor Manor
Nero 7 Essentials
PartitionMagic
Platform
Playalot Games
PowerDVD
PowerQuest PartitionMagic 8.0
Pretty In Pink
Princess Isabella: A Witch's Curse
Princess Isabella: Return of the Curse Collector's Edition
QuickTime
Radio@Netscape Plus
Rainbow Web
RealPlayer
RebateInformer
Revo Uninstaller 1.60
Sarah Maribu and the Lost World
Secret Mission: The Forgotten Island
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2183461)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360131)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2416400)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2482017)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2497640)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
ShopAtHome.com Toolbar
Shutter Island
Sierra Utilities
Simppull Toolbar (Remove Toolbar Only)
Spelling Dictionaries Support For Adobe Reader 9
Spybot - Search & Destroy 1.4
Startup Delayer v2.5 (build 138)
Super Collapse!
Super Jigsaw™ Puppies
System Requirements Lab
The Legacy of Rosemond Hill
The Rise of Atlantis
The Rise of Atlantis (remove only)
The Secrets of Arcelia Island
The Serpent of Isis ™
The Treasures of Montezuma
The White House
Time to Ride
Tropix (remove only)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB980182)
Vacation Quest - The Hawaiian Islands
Vacation Quest™ - The Hawaiian Islands
VIA Platform Device Manager
Viewpoint Media Player
Virtual Villagers 2: The Lost Children
WebFldrs XP
Winamp (remove only)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Live ID Sign-in Assistant
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Player 11
WinTidy 1.0.11
Wonderland Secret Worlds
Yard Sale Hidden Treasures: Sunnyville
.
==== Event Viewer Messages From Past Week ========
.
11/1/2011 9:16:21 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: PCIIde viaagp ViaIde
11/1/2011 9:15:38 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
11/1/2011 10:33:33 AM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
10/26/2011 9:12:52 AM, error: Dhcp [1002] - The IP address lease 192.168.1.101 for the Network Card with network address 4061864E84F7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
10/26/2011 8:45:34 AM, error: Dhcp [1002] - The IP address lease 192.168.1.100 for the Network Card with network address 4061864E84F7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
10/25/2011 5:52:09 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: viaagp
10/25/2011 5:52:09 AM, error: Service Control Manager [7003] - The McAfee Validation Trust Protection Service service depends on the following nonexistent service: mfehidk
10/25/2011 5:52:09 AM, error: Service Control Manager [7001] - The McAfee Personal Firewall service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
10/25/2011 5:52:09 AM, error: Service Control Manager [7001] - The McAfee Firewall Core Service service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service does not exist or has been marked for deletion.
10/25/2011 5:52:09 AM, error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
10/25/2011 5:52:09 AM, error: Service Control Manager [7000] - The McAfee VirusScan Announcer service failed to start due to the following error: The system cannot find the path specified.
10/25/2011 5:52:09 AM, error: Service Control Manager [7000] - The McAfee SiteAdvisor Service service failed to start due to the following error: The system cannot find the path specified.
.
==== End Of File ===========================

sdculp · 2011/11/06

Here is DDS File #2:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_22
Run by Stuart at 10:52:02 on 2011-11-01
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1106 [GMT -4:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: McAfee VirusScan *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Jacquie Lawson Advent Calendar\Jacquie Lawson Advent Calendar\Jacquie Lawson Advent Calendar.exe
C:\Program Files\WinTidy\WinTidy.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://start.oberon-media.iplay.com/?o=shp
uSearch Page = hxxp://search.live.com
uDefault_Page_URL = hxxp://www.usadatanet.net
uSearch Bar = hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language
mDefault_Page_URL = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
mSearch Bar =
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
mSearchAssistant = hxxp://www.crawler.com/search/ie.aspx?tb_id=60535
mCustomizeSearch = hxxp://dnl.crawler.com/support/sa_customize.aspx?TbId=60535
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: : {1cb20bf0-bbae-40a7-93f4-6435ff3d0411} - c:\progra~1\crawler\toolbar\ctbr.dll
BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
BHO: Simppull Toolbar: {627af46b-2076-42ae-a2fd-8428734d3e74} - c:\program files\simppulltoolbar\simppulldx.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
BHO: Updater For Simppull Toolbar: {c4b8bab4-1667-11df-a242-ba9455d89593} - c:\program files\simppulltoolbar\auxi\simppulltoolbAu.dll
BHO: {C7C9FC25-88B0-4682-9C9F-2608E9117647} - No File
BHO: GamesBarBHO Class: {cb0d163c-e9f4-4236-9496-0597e24b23a5} - c:\program files\gamesbar\2.0.1.103\oberontb.dll
BHO: : {ccb69577-088b-4004-9ed8-ff5bcc83a039} - c:\progra~1\rebate~1\RebateI.dll
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0417.0\npwinext.dll
BHO: Support.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {E4E6BF2A-1667-11DF-A01F-1F9655D89593} - No File
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: A Free Ride Games Bar Toolbar: {f92a9fe4-2850-4198-b9d5-279880e49b16} - c:\program files\free_ride_games\prxtbFre0.dll
TB: MSN: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\msn apps\msn toolbar\msn toolbar\01.02.5000.1021\en-us\msntb.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: A Free Ride Games Bar Toolbar: {f92a9fe4-2850-4198-b9d5-279880e49b16} - c:\program files\free_ride_games\prxtbFre0.dll
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0417.0\npwinext.dll
TB: ShopAtHome.com Toolbar: {98279c38-de4b-4bcf-93c9-8ec26069d6f4} - c:\program files\selectrebates\toolbar\ShopAtHomeToolbar.dll
TB: &Crawler Toolbar: {4b3803ea-5230-4dc3-a7fc-33638f3d3542} - c:\progra~1\crawler\toolbar\ctbr.dll
TB: Simppull Toolbar: {627af46b-2076-42ae-a2fd-8428734d3e74} - c:\program files\simppulltoolbar\simppulldx.dll
TB: GamesBar: {6f282b65-56bf-4bd1-a8b2-a4449a05863d} - c:\program files\gamesbar\2.0.1.103\oberontb.dll
TB: Support.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
TB: {4E7BD74F-2B8D-469E-C0FF-FD69B994BD7D} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [MsnMsgr] "c:\program files\msn messenger\MsnMsgr.Exe" /background
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [InstallIQUpdater] "c:\program files\w3i\installiqupdater\InstallIQUpdater.exe" /silent /autorun
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe
mRun: [Logitech Utility] Logi_MwX.Exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe "
mRun: [HDAudDeck] c:\program files\via\viaudioi\hdadeck\HDeck.exe 1
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [OSSelectorReinstall] c:\program files\common files\acronis\acronis disk director\oss_reinstall.exe
mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe
mRun: [AcronisTimounterMonitor] c:\program files\acronis\trueimagehome\TimounterMonitor.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe "
mRun: [MSN Toolbar] "c:\program files\msn toolbar\platform\4.0.0417.0\mswinext.exe "
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe "
mRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
mRun: [<NO NAME>]
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe "
dRun: [Exetender] "c:\program files\free ride games\GPlayer.exe" /runonstartup
StartupFolder: c:\docume~1\stuart\startm~1\programs\startup\jacqui~1.lnk - c:\program files\jacquie lawson advent calendar\jacquie lawson advent calendar\Jacquie Lawson Advent Calendar.exe
StartupFolder: c:\docume~1\stuart\startm~1\programs\startup\wintidy.lnk - c:\program files\wintidy\WinTidy.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\eudora.lnk - c:\program files\qualcomm\eudora\Eudora.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LDMConf.exe
IE: &Search
IE: Crawler Search - tbr:iemenu
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {1A93C934-025B-4c3a-B38E-9654A7003239} - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - c:\program files\gamesbar\2.0.1.103\oberontb.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715}
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file://c:\program files\vacation quest - the hawaiian islands\images\stg_drm.ocx
DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1148483012406
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} - hxxp://www.systemrequirementslab.com/sysreqlab.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file://c:\program files\vacation quest - the hawaiian islands\images\armhelper.ocx
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/su/ocx/15021/CTPID.cab
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{47051475-1ABE-4F02-AFD6-D0DF6669835D} : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{6CA88B52-E3A2-473C-AFF5-54EC387B3FCF} : DhcpNameServer = 209.18.47.61 209.18.47.62
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} -
Handler: rebinfo - {AF808758-C780-404C-A4EE-4526323FD9B6} - c:\progra~1\rebate~1\RebateI.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\crawler\toolbar\ctbr.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Eudora's Shell Extension: {edb0e980-90bd-11d4-8599-0008c7d3b6f8} - c:\progra~1\qualcomm\eudora\EuShlExt.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\stuart\application data\mozilla\firefox\profiles\t4pvvkz3.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2856449&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=sf&tbid=80115&language=en&qkw=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 61495
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\canon\mycamera download plugin\NPCIG.dll
FF - plugin: c:\program files\common files\oberon media\ncadapter\1.0.0.2\npapicomadapter.dll
FF - plugin: c:\program files\free ride games\npExentCtl.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\msn toolbar\platform\4.0.0417.0\npwinext.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-5-17 64512]
R0 tdrpman228;Acronis Try&Decide and Restore Points filter (build 228);c:\windows\system32\drivers\tdrpm228.sys [2010-4-27 902592]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-3-4 371544]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-4-22 301528]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-2-16 82952]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-4-22 19544]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-4-22 42184]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-4-5 24652]
R2 X4HSEx;X4HSEx;c:\program files\free ride games\X4HSEx.sys [2010-10-29 56352]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2010-3-17 44032]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-2-16 88480]
R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2010-3-17 22328]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-3-17 1418368]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-4-29 2152152]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; "c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe" /mccoresvc --> c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [?]
S2 McMPFSvc;McAfee Personal Firewall; "c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe" /mccoresvc --> c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [?]
S2 McNaiAnn;McAfee VirusScan Announcer; "c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe" /mccoresvc --> c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [?]
S2 mfefire;McAfee Firewall Core Service; "c:\program files\common files\mcafee\systemcore\\mfefire.exe" --> c:\program files\common files\mcafee\systemcore\\mfefire.exe [?]
S2 mfevtp;McAfee Validation Trust Protection Service; "c:\program files\common files\mcafee\systemcore\mfevtps.exe" --> c:\program files\common files\mcafee\systemcore\mfevtps.exe [?]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-2-16 55456]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-5-6 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-5-6 8456]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-2-16 312584]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-2-16 88480]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-2-16 83496]
S3 MSICDSetup;MSICDSetup;\??\e:\cdriver.sys --> e:\CDriver.sys [?]
S3 p17filt;p17filt;c:\windows\system32\drivers\p17filt.sys --> c:\windows\system32\drivers\p17filt.sys [?]
S3 trid3d;trid3d;c:\windows\system32\drivers\trid3dm.sys [2002-11-5 149244]
.
=============== File Associations ===============
.
scrfile= "%1" %*
.
=============== Created Last 30 ================
.
2011-10-31 15:14:17 -------- d-----w- c:\program files\Mystery Legends - Beauty and the Beast
2011-10-31 14:48:59 -------- d-----w- c:\documents and settings\stuart\application data\PlayPond
2011-10-31 12:12:44 -------- d-----w- c:\documents and settings\stuart\application data\Az-Art
2011-10-31 11:45:00 -------- d-----w- c:\documents and settings\stuart\application data\MA2
2011-10-30 19:47:06 -------- d-----w- c:\documents and settings\stuart\application data\MediaArt
2011-10-30 19:47:06 -------- d-----w- c:\documents and settings\all users\application data\MediaArt
2011-10-30 19:46:30 -------- d-----w- c:\program files\Love Story - The Beach Cottage
2011-10-30 19:13:36 -------- d-----w- c:\documents and settings\stuart\application data\ERS Game Studios
2011-10-30 19:12:36 -------- d-----w- c:\program files\Spirits of Mystery - Amber Maiden
2011-10-30 18:50:30 -------- d-----w- c:\documents and settings\stuart\application data\Floodlight Games
2011-10-30 18:50:30 -------- d-----w- c:\documents and settings\all users\application data\Floodlight Games
2011-10-30 18:48:46 -------- d-----w- c:\program files\Hidden Expedition - The Uncharted Islands
2011-10-30 18:00:51 -------- d-----w- c:\program files\Hanging Gardens of Babylon
2011-10-30 10:48:24 -------- d-----w- c:\documents and settings\stuart\application data\Freeze Tag
2011-10-29 20:11:50 -------- d-----w- c:\program files\Awakening - The Goblin Kingdom
2011-10-28 18:30:10 -------- d-----w- c:\program files\Awakening - The Dreamless Castle
2011-10-28 15:05:14 -------- d-----w- c:\documents and settings\stuart\application data\Elephant Games
2011-10-28 15:05:14 -------- d-----w- c:\documents and settings\all users\application data\Elephant Games
2011-10-21 21:24:30 -------- d-----w- c:\program files\Awakening - Moonfell Wood
2011-10-20 17:23:34 -------- d-----w- C:\GameHouse Games
2011-10-14 10:28:09 -------- d-----w- c:\program files\Lost Souls - Enchanted Paintings
2011-10-13 16:31:26 -------- d-----w- c:\documents and settings\stuart\application data\Fenomen Games
2011-10-05 15:25:45 -------- d-----w- c:\documents and settings\all users\application data\ZoomBrowser
.
==================== Find3M ====================
.
2011-09-09 17:49:57 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-31 21:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 10:53:47.67 ===============

sdculp · 2011/11/06

I will redo the mbam log and resubmit it as soon as I get some computer time.

broni · 2011/11/06

No problem.

Also....

Uninstall Ask Toolbar, typical foistware.

You're running two AV programs, Lavasoft Ad-Watch Live! Anti-Virus and Avast.
One of them has to go.
I suggest Lavasoft goes.

sdculp · 2011/11/09

I removed Lavasoft. Uninstalled Ask Toolbar. Reran Malwarebytes. Malwarebytes updated when opened. The log file is attached. Note that the two previous infections which were present the first time are no longer there. Don't understand it.

The original Windows update problems still there.

What should I do now?

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8113

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

11/8/2011 10:04:57 AM
mbam-log-2011-11-08 (10-04-57).txt

Scan type: Full scan (C:\|D:\|F:\|)
Objects scanned: 323421
Time elapsed: 38 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

broni · 2011/11/09

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

[color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

[color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion ", restart computer to fix the issue.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode (How to...)

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

Double-click on the Rkill desktop icon to run the tool.

If using Vista or Windows 7 right-click on it and choose Run As Administrator.

A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

If not, delete the file, then download and use the one provided in Link 2.

If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.

Do not reboot until instructed.

If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

sdculp · 2011/11/12

Thank you for your help.

Since trying out Combofix on two of my computers, a problem has arisen on one and I am reluctant to proceed further with my wife’s computer until I am satisfied as to the solution.

One of the computers would boot to the desktop, but the boot was not complete and it was locked. Task Manager would not start. I tried to get into Safe Mode by rapidly pressing F8 during the bootup, but all it would do is to take me to a menu which asked which device I wanted to use for boot. I selected HDD1 and it booted completely, satisfactorily. Why this should make a difference in the Desktop completion, I don’t know, but Safe Mode was not selectable. This remained the only procedure I could use to get to a successful boot to desktop.

I then noticed that the Avast! icon was not showing on the taskbar. Task Manager showed that it was running. I then started Avast! from the Start-Programs screen and the icon appeared. If I went to Avast! Settings, the "show tray icon" was checked , but it doesn’t seem to work and rebooting with the "special" procedure still didn’t show the Avast! icon.

On one of the successful bootups I got a message "NoTest Failure to start tray iconâ€. I Googled the message, and found that it seemed to relate to a bug in EaseUS backup. I deleted EaseUS backup and the message hasn’t shown again, but the bootup problem remained. I guess this was a coincidental problem.

I then opened the BIOS to look at the boot device sequence. It was set to first boot from a CD and then from HDD1. This has always worked OK. If a CD wasn’t present it would then boot from the HDD. I changed the sequence to HDD1 first and the boot then went successfully. I can only conclude from this that the boot sequence was somehow not compatible with the Microsoft Windows Recovery Console installation. After making the BIOS change, pressing F8 would take me to the menu which allowed a Safe Mode choice.

At this point, the computer would boot successfully without help on a regular basis, but the Avast! icon was still not present. I removed and then reinstalled Avast! and it seemed to work OK. Apparently Combofix corrupted Avast!. Before running Combofix, I had shut down Avast! until the next reboot. Although this worked ok on one computer, apparently Combofix is still working after it’s reboot and it proceeded to affect Avast! So apparently you have to completely shut Avast! down and then start it up after Combofix is completed.

Iâ€™m not sure I like to have the repair console installed as a regular thing. It looks as though it has some undesirable effects with respect to boot sequence and the Safe Mode menu. Also, I don’t care for the extra screen during bootup, regardless of how short it appears. Just one more thing in the installation to think about. Can the MWRC be removed?

Thinking that I had things under control enough to proceed, I started Combofix in my wife’s computer. I immediately got the message that McAfee virus scan was running and had to be shut down or Combofix couldn’t be responsible for the results. I immediately stopped Combofix and went looking for evidence of McAfee. Neither Revo Uninstaller or Contol Panel-Add/Remove Programs could find anything. I searched the C: drive for "McAfee" and found lots of references, but Iâ€™m reluctant to go about deleting anything.

I have no idea how McAfee got into her machine.

I would appreciated your comments on the above.

How should I proceed?

broni · 2011/11/12

Combofix has to be run as it's one of the basic tools in my arsenal.

If something happens after running it (it does in some cases) we have other means to straight things up.

If Combofix complains about McAfee being present run it from Safe Mode.
There you can disregard any warnings.

sdculp · 2011/11/12

Since McAfee isn't malware, and apparently some of it is present and maybe even the cause of a problem, shouldn't it be removed? I wouldn't think that Combofix would remove it.

broni · 2011/11/12

You can try McAfee Removal Tool: http://majorgeeks.com/McAfee_Consumer_Product_Removal_Tool_d5420.html
If anything else is left we can remove it manually.

sdculp · 2011/11/15

Disaster!

As I stated before, the spare computer behaves unusually after running Combofix. This morning, I noticed that it would boot partially through the Desktop and then lock up. I was able to get it to boot properly only if I pressed the "enter" button quickly during the initial Windows repair console screen. I finally resorted to a System Restore, and this is when the disaster occurred. The blue screen of death appeared with the following message: "STOP: c000021a {Fatal System Error} The Windows Logon Process system process terminated unexpectedy with a status of 0xc0000135 (0x00000000 0x00000000). The system has been shut down.â€

The Windows repair option during bootup results in the same blue screen. The Windows repair option prevents me from getting into Safe Mode by pressing F8 during the attempted bootup. Changing the bootup devices in the BIOS is no help. There seems to be nothing I can do to avoid the blue screen.

The system is basically dead!

What do I now?

Log in or Sign up

Inactive Windows Update Problem

sdculp Inactive Thread Starter

sdculp Inactive Thread Starter

broni Moderator Malware Analyst

Admin. Administrator Administrator Staff

sdculp Inactive Thread Starter

sdculp Inactive Thread Starter

sdculp Inactive Thread Starter

sdculp Inactive Thread Starter

sdculp Inactive Thread Starter

sdculp Inactive Thread Starter

sdculp Inactive Thread Starter

sdculp Inactive Thread Starter

broni Moderator Malware Analyst

sdculp Inactive Thread Starter

broni Moderator Malware Analyst

sdculp Inactive Thread Starter

broni Moderator Malware Analyst

sdculp Inactive Thread Starter

broni Moderator Malware Analyst

sdculp Inactive Thread Starter

Share This Page

Log in or Sign up

Inactive Windows Update Problem

sdculp Inactive Thread Starter

sdculp Inactive Thread Starter

broni Moderator Malware Analyst

Admin. Administrator Administrator Staff

sdculp Inactive Thread Starter

sdculp Inactive Thread Starter

sdculp Inactive Thread Starter

sdculp Inactive Thread Starter

sdculp Inactive Thread Starter

sdculp Inactive Thread Starter

sdculp Inactive Thread Starter

sdculp Inactive Thread Starter

broni Moderator Malware Analyst

sdculp Inactive Thread Starter

broni Moderator Malware Analyst

sdculp Inactive Thread Starter

broni Moderator Malware Analyst

sdculp Inactive Thread Starter

broni Moderator Malware Analyst

sdculp Inactive Thread Starter

Share This Page

Useful Searches