Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Solved: Not enough system resources error


(!)

roosterlips's Avatar
roosterlips roosterlips is offline
Computer Specs
Member with 17 posts.
THREAD STARTER
 
Join Date: May 2006
Experience: Advanced
09-Dec-2012, 07:51 PM #1
Not enough system resources error
PROBLEM: My PC locks up after it sets idle for and extended period of time. Receiving not enough system resource errors.



Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows XP Professional, Service Pack 3, 32 bit
Processor: Intel(R) Pentium(R) 4 CPU 2.40GHz, x86 Family 15 Model 2 Stepping 4
Processor Count: 1
RAM: 1278 Mb
Graphics Card: NVIDIA GeForce4 MX 420, 64 Mb
Hard Drives: C: Total - 55882 MB, Free - 31814 MB; D: Total - 58580 MB, Free - 54505 MB; G: Total - 152625 MB, Free - 65673 MB;
Motherboard: Dell Computer Corp.,
Antivirus: PC Cleaner Pro, Updated: Yes, On-Demand Scanner: Disabled



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:25:30 PM, on 12/9/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Roxio\GoBack\GBPoll.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton AntiVirus\Engine\20.2.0.19\ccSvcHst.exe
C:\Program Files\Norton Identity Safe\Engine\2013.2.0.18\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Norton AntiVirus\Engine\20.2.0.19\ccSvcHst.exe
C:\Program Files\Common Files\Motive\pcCMService.exe
C:\Program Files\Common Files\Motive\pcServiceHost.exe
C:\Program Files\Norton Identity Safe\Engine\2013.2.0.18\ccSvcHst.exe
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\PC Cleaners\PCCleaners.exe
C:\Program Files\ATT-SST\pcTrayApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Roxio\GoBack\GBTray.exe
C:\Program Files\HP\HP Photosmart 6510 series\Bin\HPNetworkCommunicator.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\FastStone Capture\FastStone Capture 5.3\FSCapture.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\20.2.0.19\IPS\IPSBHO.DLL
O2 - BHO: WindowShopper - {74F475FA-6C75-43BD-AAB9-ECDA6184F600} - C:\Program Files\Superfish\Window Shopper\SuperfishIEAddon.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Norton Identity Protection - {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files\Norton Identity Safe\Engine\2013.2.0.18\coIEPlg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files\Norton Identity Safe\Engine\2013.2.0.18\coIEPlg.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [PC Cleaners] "C:\Program Files\PC Cleaners\PCCleaners.exe" /minimize
O4 - HKLM\..\Run: [ATT-SST_McciTrayApp] "C:\Program Files\ATT-SST\pcTrayApp.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [StrgSync.exe] C:\Program Files\StorageSync\StrgSync.exe -w
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [HP Photosmart 6510 series (NET)] "C:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN1BJ4103N05QB:NW" -scfn "HP Photosmart 6510 series (NET)" -AutoStart 1
O4 - HKCU\..\Run: [93BDFB8E35BFC01D73B090163BC1144A8EF10A34._service_run] "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=service
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: GoBack.lnk = C:\Program Files\Roxio\GoBack\GBTray.exe
O4 - Global Startup: Refresh.lnk = C:\Program Files\Iomega\Tools_NT\refresh.exe
O4 - Global Startup: Splash.lnk = C:\Program Files\Iomega\Tools_NT\splash.exe
O9 - Extra button: Window Shopper - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - C:\Program Files\Superfish\Window Shopper\SuperfishIEAddon.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: GBPoll - Roxio, Inc. - C:\Program Files\Roxio\GoBack\GBPoll.exe
O23 - Service: IomegaAccess - Iomega Corporation - C:\Program Files\Iomega\Tools_NT\iomegaaccess.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Norton AntiVirus (NAV) - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\20.2.0.19\ccSvcHst.exe
O23 - Service: Norton Identity Safe (NCO) - Symantec Corporation - C:\Program Files\Norton Identity Safe\Engine\2013.2.0.18\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: pcCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\pcCMService.exe
O23 - Service: pcServiceHost - Alcatel-Lucent - C:\Program Files\Common Files\Motive\pcServiceHost.exe
O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
O23 - Service: ZipToA - Unknown owner - C:\WINDOWS\system32\ZipToA.exe

--
End of file - 9019 bytes




DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by John at 14:26:29 on 2012-12-09
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1279.365 [GMT -5:00]
.
AV: PC Cleaner Pro *Disabled/Updated* {737A8864-C2D9-4337-B49A-B5E35815B9BB}
AV: Norton AntiVirus *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Roxio\GoBack\GBPoll.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton AntiVirus\Engine\20.2.0.19\ccSvcHst.exe
C:\Program Files\Norton Identity Safe\Engine\2013.2.0.18\ccSvcHst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Norton AntiVirus\Engine\20.2.0.19\ccSvcHst.exe
C:\Program Files\Common Files\Motive\pcCMService.exe
C:\Program Files\Common Files\Motive\pcServiceHost.exe
C:\Program Files\Norton Identity Safe\Engine\2013.2.0.18\ccSvcHst.exe
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\PC Cleaners\PCCleaners.exe
C:\Program Files\ATT-SST\pcTrayApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\Roxio\GoBack\GBTray.exe
C:\Program Files\HP\HP Photosmart 6510 series\Bin\HPNetworkCommunicator.exe
C:\Program Files\FastStone Capture\FastStone Capture 5.3\FSCapture.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.att.net/
uWindow Title = Windows Internet Explorer provided by Yahoo!
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: <No Name>: {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - c:\program files\microsoft money\system\mnyside.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton antivirus\engine\20.2.0.19\ips\ipsbho.dll
BHO: Window Shopper: {74F475FA-6C75-43BD-AAB9-ECDA6184F600} - c:\program files\superfish\window shopper\SuperfishIEAddon.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Norton Identity Protection: {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - c:\program files\norton identity safe\engine\2013.2.0.18\coieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Norton Identity Safe Toolbar: {A13C2648-91D4-4BF3-BC6D-0079707C4389} - c:\program files\norton identity safe\engine\2013.2.0.18\coieplg.dll
TB: Norton Identity Safe Toolbar: {A13C2648-91D4-4bf3-BC6D-0079707C4389} - c:\program files\norton identity safe\engine\2013.2.0.18\coieplg.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [StrgSync.exe] c:\program files\storagesync\StrgSync.exe -w
uRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NVMCTRAY.DLL,NvTaskbarInit
uRun: [HP Photosmart 6510 series (NET)] "c:\program files\hp\hp photosmart 6510 series\bin\ScanToPCActivationApp.exe" -deviceID "CN1BJ4103N05QB:NW" -scfn "HP Photosmart 6510 series (NET)" -AutoStart 1
uRun: [93BDFB8E35BFC01D73B090163BC1144A8EF10A34._service_run] "c:\program files\google\chrome\application\chrome.exe" --type=service
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [nwiz] nwiz.exe /install
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [PC Cleaners] "c:\program files\pc cleaners\PCCleaners.exe" /minimize
mRun: [ATT-SST_McciTrayApp] "c:\program files\att-sst\pcTrayApp.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
StartupFolder: c:\documents and settings\john\start menu\programs\startup\PowerReg Scheduler.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\goback.lnk - c:\program files\roxio\goback\GBTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\refresh.lnk - c:\program files\iomega\tools_nt\refresh.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\splash.lnk - c:\program files\iomega\tools_nt\splash.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - c:\program files\superfish\window shopper\SuperfishIEAddon.dll
IE: {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - {DD6687B5-CB43-4211-BFC9-2942CCBDCB3E} - c:\program files\microsoft money\system\mnyside.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: $talisma_url$
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{4F75E547-432B-4673-9978-FCF0993CD342} : DHCPNameServer = 192.168.1.254
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {6809e580-a3a7-11d1-9a00-00a0c945b006} - <orphaned>
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
============= SERVICES / DRIVERS ===============
.
R0 SMR311;Symantec SMR Utility Service 3.1.1;c:\windows\system32\drivers\SMR311.SYS [2012-12-9 97440]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nav\1402000.013\symds.sys [2012-10-28 368288]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1402000.013\symefa.sys [2012-10-28 927904]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_20.1.1.5\definitions\bashdefs\20121130.005\BHDrvx86.sys [2012-12-3 995488]
R1 ccSet_NAV;Norton AntiVirus Settings Manager;c:\windows\system32\drivers\nav\1402000.013\ccsetx86.sys [2012-10-28 134304]
R1 ccSet_NST;Norton Identity Safe Settings Manager;c:\windows\system32\drivers\nst\7dd02000.012\ccsetx86.sys [2012-10-29 134304]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nav\1402000.013\ironx86.sys [2012-10-28 175264]
R2 NAV;Norton AntiVirus;c:\program files\norton antivirus\engine\20.2.0.19\ccsvchst.exe [2012-10-28 143928]
R2 NCO;Norton Identity Safe;c:\program files\norton identity safe\engine\2013.2.0.18\ccsvchst.exe [2012-10-29 143928]
R2 pcCMService;pcCMService;c:\program files\common files\motive\pcCMService.exe [2012-9-19 361472]
R2 pcServiceHost;pcServiceHost;c:\program files\common files\motive\pcServiceHost.exe [2012-9-19 342016]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2012-12-2 794272]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-11-14 106656]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_20.1.1.5\definitions\ipsdefs\20121205.001\IDSXpx86.sys [2012-12-6 373728]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_20.1.1.5\definitions\virusdefs\20121208.007\NAVENG.SYS [2012-12-8 92704]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_20.1.1.5\definitions\virusdefs\20121208.007\NAVEX15.SYS [2012-12-8 1601184]
S2 SAVRTPEL;SAVRTPEL;\??\c:\windows\system32\drivers\savrtpel.sys --> c:\windows\system32\drivers\SAVRTPEL.SYS [?]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2011-6-13 267568]
S3 MTK;Media Technology Kernel Driver;c:\windows\system32\drivers\mtk.sys --> c:\windows\system32\drivers\mtk.sys [?]
S3 SAVRT;SAVRT;\??\c:\windows\system32\drivers\savrt.sys --> c:\windows\system32\drivers\SAVRT.SYS [?]
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2012-12-02 13:03:53 73656 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-02 13:03:53 697272 -c--a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-25 08:12:26 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-10-25 08:12:26 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-10-22 08:37:31 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-10-17 13:04:46 142496 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-10-09 01:00:02 586400 ----a-w- c:\windows\system32\drivers\nav\1402000.013\srtsp.sys
2012-10-04 01:40:35 927904 ----a-w- c:\windows\system32\drivers\nav\1402000.013\symefa.sys
2012-10-04 01:40:20 368288 ----a-w- c:\windows\system32\drivers\nav\1402000.013\symds.sys
2012-10-04 01:19:14 134304 ----a-w- c:\windows\system32\drivers\nst\7dd02000.012\ccsetx86.sys
2012-10-04 01:19:14 134304 ----a-w- c:\windows\system32\drivers\nav\1402000.013\ccsetx86.sys
2012-10-02 18:04:21 58368 -c--a-w- c:\windows\system32\synceng.dll
2012-09-24 19:32:24 477168 -c--a-w- c:\windows\system32\npdeployJava1.dll
2012-09-24 19:32:20 473072 -c--a-w- c:\windows\system32\deployJava1.dll
2012-09-24 17:51:47 73728 ----a-w- c:\windows\system32\javacpl.cpl
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntoskrnl.exe GoBack2K.sys CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys PCIIDEX.SYS
c:\windows\system32\drivers\GoBack2K.sys Roxio, Inc. GoBack
1 nt!IofCallDriver[0x804E37D5] -> \Device\Harddisk0\DR0[0x8A47EAB8]
3 CLASSPNP[0xF7637FD7] -> nt!IofCallDriver[0x804E37D5] -> \Device\Ide\IdeDeviceP0T0L0-3[0x8A507D98]
kernel: MBR read successfully
_asm { CALL 0x56; }
user != kernel MBR !!!
.
============= FINISH: 14:27:22.56 ===============





UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 3/19/2011 10:39:27 PM
System Uptime: 12/9/2012 12:05:29 PM (2 hours ago)
.
Motherboard: Dell Computer Corp. | |
Processor: Intel(R) Pentium(R) 4 CPU 2.40GHz | Microprocessor | 2386/533mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 55 GiB total, 31.089 GiB free.
D: is FIXED (NTFS) - 57 GiB total, 53.228 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is FIXED (NTFS) - 149 GiB total, 64.135 GiB free.
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1: 12/9/2012 1:08:08 PM - System Checkpoint
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.4)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AT&T Troubleshoot & Resolve Tool
AT&T U-verse Media Share Wizard
Audacity 1.3.14 (Unicode)
Bing Rewards Client Installer
Bonjour
Coupon Printer for Windows
Dell Driver Download Manager
Dell ResourceCD
Easy CD Creator 5 Basic
EZ Vinyl/Tape Converter 7.7 by MixMeister
FastStone Image Viewer 4.5
FinalTorrent 2011
Free M4a to MP3 Converter 7.0
GoBack Personal Edition
Hewlett-Packard ACLM.NET v1.1.0.0
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
HP Photo Creations
HP Photosmart 6510 series Basic Device Software
HP Photosmart 6510 series Help
HP Photosmart 6510 series Product Improvement Study
HP Product Detection
HP Update
iLivid
Intel(R) PRO Ethernet Adapter and Software
Internet Explorer (Enable DEP)
IomegaWare for Windows NT
iTunes
Java Auto Updater
Java(TM) 6 Update 37
K-Lite Mega Codec Pack 8.1.0
LiveReg (Symantec Corporation)
LiveUpdate 1.80 (Symantec Corporation)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Automated Troubleshooting Services Shim
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Encarta Encyclopedia Standard 2003
Microsoft Fix it Center
Microsoft Money 2003
Microsoft Money 2003 System Pack
Microsoft Office 2000 Premium
Microsoft Picture It! Photo 7.0
Microsoft Silverlight
Microsoft Streets and Trips 2002
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Word 2002
Microsoft Works 2003 Setup Launcher
Microsoft Works 7.0
Microsoft Works Suite Add-in for Microsoft Word
MSXML 4.0 SP2 (KB973688)
Norton AntiVirus
Norton Identity Safe
NVIDIA Display Driver
NVIDIA Drivers
Orb
Orb Runtime libraries
PC Cleaners
PC Tools Registry Mechanic 11.1
QuickTime
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Shockwave
Sound Effects
StorageSync Backup Software
System Requirements Lab
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
Window Shopper
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell(TM) 1.0
Windows XP Service Pack 3
Works Suite OS Pack
Yahoo! Software Update
.
==== Event Viewer Messages From Past Week ========
.
12/3/2012 9:34:00 AM, error: Schedule [7901] - The At3.job command failed to start due to the following error: General access denied error
12/3/2012 7:43:58 AM, error: Service Control Manager [7000] - The SAVRTPEL service failed to start due to the following error: The system cannot find the file specified.
12/3/2012 7:30:41 AM, error: Srv [2019] - The server was unable to allocate from the system nonpaged pool because the pool was empty.
12/3/2012 10:10:00 AM, error: Schedule [7901] - The At1.job command failed to start due to the following error: General access denied error
12/2/2012 8:40:00 PM, error: Schedule [7901] - The At2.job command failed to start due to the following error: General access denied error
12/2/2012 2:00:00 PM, error: Schedule [7901] - The At4.job command failed to start due to the following error: General access denied error
.
==== End Of File ===========================




GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-12-09 17:31:08
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 rev.
Running: oyh1kxb2.exe; Driver: C:\DOCUME~1\John\LOCALS~1\Temp\fxdcypog.sys


---- System - GMER 1.0.15 ----

SSDT 89CDAB68 ZwAlertResumeThread
SSDT 89CDAC48 ZwAlertThread
SSDT 89CA2C68 ZwAllocateVirtualMemory
SSDT 89CCB5F8 ZwAssignProcessToJobObject
SSDT GoBack2K.sys (GoBack Engine Driver/Roxio, Inc.) ZwClose [0xF74241A0]
SSDT 89D30A90 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xB43A7ED0]
SSDT 89CDA8B8 ZwCreateMutant
SSDT 89CCB418 ZwCreateSymbolicLinkObject
SSDT 89C52870 ZwCreateThread
SSDT 89CCB6D8 ZwDebugActiveProcess
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xB43A8150]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xB43A8810]
SSDT 89CA2DE0 ZwDuplicateObject
SSDT 89CA2A20 ZwFreeVirtualMemory
SSDT GoBack2K.sys (GoBack Engine Driver/Roxio, Inc.) ZwFsControlFile [0xF7424230]
SSDT 89CDA9A8 ZwImpersonateAnonymousToken
SSDT 89CDAA88 ZwImpersonateThread
SSDT 89CFF4C0 ZwLoadDriver
SSDT 89CA2920 ZwMapViewOfSection
SSDT 89CDA7D8 ZwOpenEvent
SSDT 89CA2F80 ZwOpenProcess
SSDT 89CB16B0 ZwOpenProcessToken
SSDT 89CCB900 ZwOpenSection
SSDT 89CA2EB0 ZwOpenThread
SSDT 89CCB508 ZwProtectVirtualMemory
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwRenameKey [0xB43A8D80]
SSDT 89CDAD28 ZwResumeThread
SSDT 89CA26B0 ZwSetContextThread
SSDT 89CA2750 ZwSetInformationProcess
SSDT 89CCB7B8 ZwSetSystemInformation
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xB43A8AA0]
SSDT 89CDA6F8 ZwSuspendProcess
SSDT 89CDAE08 ZwSuspendThread
SSDT 89CB9670 ZwTerminateProcess
SSDT 89CDAEE8 ZwTerminateThread
SSDT 89CA2840 ZwUnmapViewOfSection
SSDT 89CA2B10 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

? SYMDS.SYS The system cannot find the file specified. !
? SYMEFA.SYS The system cannot find the file specified. !
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB90E7340, 0x121A5F, 0xF8000020]
.text C:\WINDOWS\System32\nv4_disp.dll section is writeable [0xBF012380, 0x25BA81, 0xF8000020]
? C:\DOCUME~1\John\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !
? C:\DOCUME~1\John\LOCALS~1\Temp\fxdcypob.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Java\jre6\bin\jqs.exe[276] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 00390048
.text C:\Program Files\Java\jre6\bin\jqs.exe[276] ntdll.dll!NtTerminateThread 7C90DE7E 5 Bytes JMP 0037004C
.text C:\Program Files\Java\jre6\bin\jqs.exe[276] ADVAPI32.dll!OpenSCManagerW + A3 77DE6FF8 7 Bytes JMP 0039020E
.text C:\Program Files\Java\jre6\bin\jqs.exe[276] ADVAPI32.dll!LogonUserExW + 461 77DF4A04 7 Bytes JMP 0039012A
.text C:\Program Files\Java\jre6\bin\jqs.exe[276] ADVAPI32.dll!SystemFunction025 + 8D 77DF4C61 7 Bytes JMP 00390682
.text C:\Program Files\Java\jre6\bin\jqs.exe[276] ADVAPI32.dll!SetServiceObjectSecurity + E3 77E36E64 7 Bytes JMP 0039059E
.text C:\Program Files\Java\jre6\bin\jqs.exe[276] ADVAPI32.dll!ChangeServiceConfigA + 193 77E36FFC 7 Bytes JMP 003903D6
.text C:\Program Files\Java\jre6\bin\jqs.exe[276] ADVAPI32.dll!ChangeServiceConfig2W + 83 77E3720C 2 Bytes JMP 003902F2
.text C:\Program Files\Java\jre6\bin\jqs.exe[276] ADVAPI32.dll!ChangeServiceConfig2W + 86 77E3720F 4 Bytes [55, 88, EB, F9] {PUSH EBP; MOV BL, CH; STC }
.text C:\Program Files\Java\jre6\bin\jqs.exe[276] ADVAPI32.dll!CreateServiceA + 193 77E373A4 7 Bytes JMP 003904BA
.text C:\Program Files\Java\jre6\bin\jqs.exe[276] ADVAPI32.dll!CreateServiceW + 103 77E374AC 7 Bytes JMP 00390766
.text C:\Program Files\Java\jre6\bin\jqs.exe[276] USER32.dll!DeviceEventWorker + 178 7E45A270 7 Bytes JMP 0039084A
.text C:\Program Files\Common Files\Motive\pcCMService.exe[1232] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 00390048
.text C:\Program Files\Common Files\Motive\pcCMService.exe[1232] ntdll.dll!NtTerminateThread 7C90DE7E 5 Bytes JMP 0037004C
.text C:\Program Files\Common Files\Motive\pcCMService.exe[1232] USER32.dll!DeviceEventWorker + 178 7E45A270 7 Bytes JMP 0039084A
.text C:\Program Files\Common Files\Motive\pcCMService.exe[1232] ADVAPI32.dll!OpenSCManagerW + A3 77DE6FF8 7 Bytes JMP 0039020E
.text C:\Program Files\Common Files\Motive\pcCMService.exe[1232] ADVAPI32.dll!LogonUserExW + 461 77DF4A04 7 Bytes JMP 0039012A
.text C:\Program Files\Common Files\Motive\pcCMService.exe[1232] ADVAPI32.dll!SystemFunction025 + 8D 77DF4C61 7 Bytes JMP 00390682
.text C:\Program Files\Common Files\Motive\pcCMService.exe[1232] ADVAPI32.dll!SetServiceObjectSecurity + E3 77E36E64 7 Bytes JMP 0039059E
.text C:\Program Files\Common Files\Motive\pcCMService.exe[1232] ADVAPI32.dll!ChangeServiceConfigA + 193 77E36FFC 7 Bytes JMP 003903D6
.text C:\Program Files\Common Files\Motive\pcCMService.exe[1232] ADVAPI32.dll!ChangeServiceConfig2W + 83 77E3720C 2 Bytes JMP 003902F2
.text C:\Program Files\Common Files\Motive\pcCMService.exe[1232] ADVAPI32.dll!ChangeServiceConfig2W + 86 77E3720F 4 Bytes [55, 88, EB, F9] {PUSH EBP; MOV BL, CH; STC }
.text C:\Program Files\Common Files\Motive\pcCMService.exe[1232] ADVAPI32.dll!CreateServiceA + 193 77E373A4 7 Bytes JMP 003904BA
.text C:\Program Files\Common Files\Motive\pcCMService.exe[1232] ADVAPI32.dll!CreateServiceW + 103 77E374AC 7 Bytes JMP 00390766
.text C:\Program Files\Common Files\Motive\pcServiceHost.exe[1700] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 00390048
.text C:\Program Files\Common Files\Motive\pcServiceHost.exe[1700] ntdll.dll!NtTerminateThread 7C90DE7E 5 Bytes JMP 0037004C
.text C:\Program Files\Common Files\Motive\pcServiceHost.exe[1700] USER32.dll!DeviceEventWorker + 178 7E45A270 7 Bytes JMP 0039084A
.text C:\Program Files\Common Files\Motive\pcServiceHost.exe[1700] ADVAPI32.dll!OpenSCManagerW + A3 77DE6FF8 7 Bytes JMP 0039020E
.text C:\Program Files\Common Files\Motive\pcServiceHost.exe[1700] ADVAPI32.dll!LogonUserExW + 461 77DF4A04 7 Bytes JMP 0039012A
.text C:\Program Files\Common Files\Motive\pcServiceHost.exe[1700] ADVAPI32.dll!SystemFunction025 + 8D 77DF4C61 7 Bytes JMP 00390682
.text C:\Program Files\Common Files\Motive\pcServiceHost.exe[1700] ADVAPI32.dll!SetServiceObjectSecurity + E3 77E36E64 7 Bytes JMP 0039059E
.text C:\Program Files\Common Files\Motive\pcServiceHost.exe[1700] ADVAPI32.dll!ChangeServiceConfigA + 193 77E36FFC 7 Bytes JMP 003903D6
.text C:\Program Files\Common Files\Motive\pcServiceHost.exe[1700] ADVAPI32.dll!ChangeServiceConfig2W + 83 77E3720C 2 Bytes JMP 003902F2
.text C:\Program Files\Common Files\Motive\pcServiceHost.exe[1700] ADVAPI32.dll!ChangeServiceConfig2W + 86 77E3720F 4 Bytes [55, 88, EB, F9] {PUSH EBP; MOV BL, CH; STC }
.text C:\Program Files\Common Files\Motive\pcServiceHost.exe[1700] ADVAPI32.dll!CreateServiceA + 193 77E373A4 7 Bytes JMP 003904BA
.text C:\Program Files\Common Files\Motive\pcServiceHost.exe[1700] ADVAPI32.dll!CreateServiceW + 103 77E374AC 7 Bytes JMP 00390766
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1928] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 00390048
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1928] ntdll.dll!NtTerminateThread 7C90DE7E 5 Bytes JMP 0037004C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1928] ADVAPI32.dll!OpenSCManagerW + A3 77DE6FF8 7 Bytes JMP 0039020E
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1928] ADVAPI32.dll!LogonUserExW + 461 77DF4A04 7 Bytes JMP 0039012A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1928] ADVAPI32.dll!SystemFunction025 + 8D 77DF4C61 7 Bytes JMP 00390682
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1928] ADVAPI32.dll!SetServiceObjectSecurity + E3 77E36E64 7 Bytes JMP 0039059E
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1928] ADVAPI32.dll!ChangeServiceConfigA + 193 77E36FFC 7 Bytes JMP 003903D6
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1928] ADVAPI32.dll!ChangeServiceConfig2W + 83 77E3720C 2 Bytes JMP 003902F2
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1928] ADVAPI32.dll!ChangeServiceConfig2W + 86 77E3720F 4 Bytes [55, 88, EB, F9] {PUSH EBP; MOV BL, CH; STC }
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1928] ADVAPI32.dll!CreateServiceA + 193 77E373A4 7 Bytes JMP 003904BA
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1928] ADVAPI32.dll!CreateServiceW + 103 77E374AC 7 Bytes JMP 00390766
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1928] USER32.dll!DeviceEventWorker + 178 7E45A270 7 Bytes JMP 0039084A
.text C:\Program Files\Bonjour\mDNSResponder.exe[1948] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 00390048
.text C:\Program Files\Bonjour\mDNSResponder.exe[1948] ntdll.dll!NtTerminateThread 7C90DE7E 5 Bytes JMP 0037004C
.text C:\Program Files\Bonjour\mDNSResponder.exe[1948] ADVAPI32.dll!OpenSCManagerW + A3 77DE6FF8 7 Bytes JMP 0039020E
.text C:\Program Files\Bonjour\mDNSResponder.exe[1948] ADVAPI32.dll!LogonUserExW + 461 77DF4A04 7 Bytes JMP 0039012A
.text C:\Program Files\Bonjour\mDNSResponder.exe[1948] ADVAPI32.dll!SystemFunction025 + 8D 77DF4C61 7 Bytes JMP 00390682
.text C:\Program Files\Bonjour\mDNSResponder.exe[1948] ADVAPI32.dll!SetServiceObjectSecurity + E3 77E36E64 7 Bytes JMP 0039059E
.text C:\Program Files\Bonjour\mDNSResponder.exe[1948] ADVAPI32.dll!ChangeServiceConfigA + 193 77E36FFC 7 Bytes JMP 003903D6
.text C:\Program Files\Bonjour\mDNSResponder.exe[1948] ADVAPI32.dll!ChangeServiceConfig2W + 83 77E3720C 2 Bytes JMP 003902F2
.text C:\Program Files\Bonjour\mDNSResponder.exe[1948] ADVAPI32.dll!ChangeServiceConfig2W + 86 77E3720F 4 Bytes [55, 88, EB, F9] {PUSH EBP; MOV BL, CH; STC }
.text C:\Program Files\Bonjour\mDNSResponder.exe[1948] ADVAPI32.dll!CreateServiceA + 193 77E373A4 7 Bytes JMP 003904BA
.text C:\Program Files\Bonjour\mDNSResponder.exe[1948] ADVAPI32.dll!CreateServiceW + 103 77E374AC 7 Bytes JMP 00390766
.text C:\Program Files\Bonjour\mDNSResponder.exe[1948] USER32.dll!DeviceEventWorker + 178 7E45A270 7 Bytes JMP 0039084A
.text C:\Program Files\Roxio\GoBack\GBPoll.exe[2016] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 00380048
.text C:\Program Files\Roxio\GoBack\GBPoll.exe[2016] ntdll.dll!NtTerminateThread 7C90DE7E 5 Bytes JMP 0036004C
.text C:\Program Files\Roxio\GoBack\GBPoll.exe[2016] USER32.dll!DeviceEventWorker + 178 7E45A270 7 Bytes JMP 0038084A
.text C:\Program Files\Roxio\GoBack\GBPoll.exe[2016] ADVAPI32.dll!OpenSCManagerW + A3 77DE6FF8 7 Bytes JMP 0038020E
.text C:\Program Files\Roxio\GoBack\GBPoll.exe[2016] ADVAPI32.dll!LogonUserExW + 461 77DF4A04 7 Bytes JMP 0038012A
.text C:\Program Files\Roxio\GoBack\GBPoll.exe[2016] ADVAPI32.dll!SystemFunction025 + 8D 77DF4C61 7 Bytes JMP 00380682
.text C:\Program Files\Roxio\GoBack\GBPoll.exe[2016] ADVAPI32.dll!SetServiceObjectSecurity + E3 77E36E64 7 Bytes JMP 0038059E
.text C:\Program Files\Roxio\GoBack\GBPoll.exe[2016] ADVAPI32.dll!ChangeServiceConfigA + 193 77E36FFC 7 Bytes JMP 003803D6
.text C:\Program Files\Roxio\GoBack\GBPoll.exe[2016] ADVAPI32.dll!ChangeServiceConfig2W + 83 77E3720C 2 Bytes JMP 003802F2
.text C:\Program Files\Roxio\GoBack\GBPoll.exe[2016] ADVAPI32.dll!ChangeServiceConfig2W + 86 77E3720F 4 Bytes [54, 88, EB, F9] {PUSH ESP; MOV BL, CH; STC }
.text C:\Program Files\Roxio\GoBack\GBPoll.exe[2016] ADVAPI32.dll!CreateServiceA + 193 77E373A4 7 Bytes JMP 003804BA
.text C:\Program Files\Roxio\GoBack\GBPoll.exe[2016] ADVAPI32.dll!CreateServiceW + 103 77E374AC 7 Bytes JMP 00380766
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2268] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 00390048
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2268] ntdll.dll!NtTerminateThread 7C90DE7E 5 Bytes JMP 0037004C
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2268] ADVAPI32.dll!OpenSCManagerW + A3 77DE6FF8 7 Bytes JMP 0039020E
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2268] ADVAPI32.dll!LogonUserExW + 461 77DF4A04 7 Bytes JMP 0039012A
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2268] ADVAPI32.dll!SystemFunction025 + 8D 77DF4C61 7 Bytes JMP 00390682
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2268] ADVAPI32.dll!SetServiceObjectSecurity + E3 77E36E64 7 Bytes JMP 0039059E
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2268] ADVAPI32.dll!ChangeServiceConfigA + 193 77E36FFC 7 Bytes JMP 003903D6
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2268] ADVAPI32.dll!ChangeServiceConfig2W + 83 77E3720C 2 Bytes JMP 003902F2
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2268] ADVAPI32.dll!ChangeServiceConfig2W + 86 77E3720F 4 Bytes [55, 88, EB, F9] {PUSH EBP; MOV BL, CH; STC }
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2268] ADVAPI32.dll!CreateServiceA + 193 77E373A4 7 Bytes JMP 003904BA
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2268] ADVAPI32.dll!CreateServiceW + 103 77E374AC 7 Bytes JMP 00390766
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2268] USER32.dll!DeviceEventWorker + 178 7E45A270 7 Bytes JMP 0039084A
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3012] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 00390048
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3012] ntdll.dll!NtTerminateThread 7C90DE7E 5 Bytes JMP 0037004C
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3012] USER32.dll!DeviceEventWorker + 178 7E45A270 7 Bytes JMP 0039084A
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3012] ADVAPI32.dll!OpenSCManagerW + A3 77DE6FF8 7 Bytes JMP 0039020E
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3012] ADVAPI32.dll!LogonUserExW + 461 77DF4A04 7 Bytes JMP 0039012A
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3012] ADVAPI32.dll!SystemFunction025 + 8D 77DF4C61 7 Bytes JMP 00390682
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3012] ADVAPI32.dll!SetServiceObjectSecurity + E3 77E36E64 7 Bytes JMP 0039059E
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3012] ADVAPI32.dll!ChangeServiceConfigA + 193 77E36FFC 7 Bytes JMP 003903D6
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3012] ADVAPI32.dll!ChangeServiceConfig2W + 83 77E3720C 2 Bytes JMP 003902F2
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3012] ADVAPI32.dll!ChangeServiceConfig2W + 86 77E3720F 4 Bytes [55, 88, EB, F9] {PUSH EBP; MOV BL, CH; STC }
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3012] ADVAPI32.dll!CreateServiceA + 193 77E373A4 7 Bytes JMP 003904BA
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3012] ADVAPI32.dll!CreateServiceW + 103 77E374AC 7 Bytes JMP 00390766
.text C:\Program Files\PC Cleaners\PCCleaners.exe[3476] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 003A0048
.text C:\Program Files\PC Cleaners\PCCleaners.exe[3476] ntdll.dll!NtTerminateThread 7C90DE7E 5 Bytes JMP 0038004C
.text C:\Program Files\PC Cleaners\PCCleaners.exe[3476] ADVAPI32.dll!OpenSCManagerW + A3 77DE6FF8 7 Bytes JMP 003A020E
.text C:\Program Files\PC Cleaners\PCCleaners.exe[3476] ADVAPI32.dll!LogonUserExW + 461 77DF4A04 7 Bytes JMP 003A012A
.text C:\Program Files\PC Cleaners\PCCleaners.exe[3476] ADVAPI32.dll!SystemFunction025 + 8D 77DF4C61 7 Bytes JMP 003A0682
.text C:\Program Files\PC Cleaners\PCCleaners.exe[3476] ADVAPI32.dll!SetServiceObjectSecurity + E3 77E36E64 7 Bytes JMP 003A059E
.text C:\Program Files\PC Cleaners\PCCleaners.exe[3476] ADVAPI32.dll!ChangeServiceConfigA + 193 77E36FFC 7 Bytes JMP 003A03D6
.text C:\Program Files\PC Cleaners\PCCleaners.exe[3476] ADVAPI32.dll!ChangeServiceConfig2W + 83 77E3720C 2 Bytes JMP 003A02F2
.text C:\Program Files\PC Cleaners\PCCleaners.exe[3476] ADVAPI32.dll!ChangeServiceConfig2W + 86 77E3720F 4 Bytes [56, 88, EB, F9] {PUSH ESI; MOV BL, CH; STC }
.text C:\Program Files\PC Cleaners\PCCleaners.exe[3476] ADVAPI32.dll!CreateServiceA + 193 77E373A4 7 Bytes JMP 003A04BA
.text C:\Program Files\PC Cleaners\PCCleaners.exe[3476] ADVAPI32.dll!CreateServiceW + 103 77E374AC 7 Bytes JMP 003A0766
.text C:\Program Files\PC Cleaners\PCCleaners.exe[3476] USER32.dll!DeviceEventWorker + 178 7E45A270 7 Bytes JMP 003A0A0E
.text C:\Program Files\ATT-SST\pcTrayApp.exe[3500] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 00390048
.text C:\Program Files\ATT-SST\pcTrayApp.exe[3500] ntdll.dll!NtTerminateThread 7C90DE7E 5 Bytes JMP 0037004C
.text C:\Program Files\ATT-SST\pcTrayApp.exe[3500] USER32.dll!DeviceEventWorker + 178 7E45A270 7 Bytes JMP 00390A0E
.text C:\Program Files\ATT-SST\pcTrayApp.exe[3500] ADVAPI32.dll!OpenSCManagerW + A3 77DE6FF8 7 Bytes JMP 0039020E
.text C:\Program Files\ATT-SST\pcTrayApp.exe[3500] ADVAPI32.dll!LogonUserExW + 461 77DF4A04 7 Bytes JMP 0039012A
.text C:\Program Files\ATT-SST\pcTrayApp.exe[3500] ADVAPI32.dll!SystemFunction025 + 8D 77DF4C61 7 Bytes JMP 00390682
.text C:\Program Files\ATT-SST\pcTrayApp.exe[3500] ADVAPI32.dll!SetServiceObjectSecurity + E3 77E36E64 7 Bytes JMP 0039059E
.text C:\Program Files\ATT-SST\pcTrayApp.exe[3500] ADVAPI32.dll!ChangeServiceConfigA + 193 77E36FFC 7 Bytes JMP 003903D6
.text C:\Program Files\ATT-SST\pcTrayApp.exe[3500] ADVAPI32.dll!ChangeServiceConfig2W + 83 77E3720C 2 Bytes JMP 003902F2
.text C:\Program Files\ATT-SST\pcTrayApp.exe[3500] ADVAPI32.dll!ChangeServiceConfig2W + 86 77E3720F 4 Bytes [55, 88, EB, F9] {PUSH EBP; MOV BL, CH; STC }
.text C:\Program Files\ATT-SST\pcTrayApp.exe[3500] ADVAPI32.dll!CreateServiceA + 193 77E373A4 7 Bytes JMP 003904BA
.text C:\Program Files\ATT-SST\pcTrayApp.exe[3500] ADVAPI32.dll!CreateServiceW + 103 77E374AC 7 Bytes JMP 00390766
.text C:\Program Files\iTunes\iTunesHelper.exe[3580] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 00390048
.text C:\Program Files\iTunes\iTunesHelper.exe[3580] ntdll.dll!NtTerminateThread 7C90DE7E 5 Bytes JMP 0037004C
.text C:\Program Files\iTunes\iTunesHelper.exe[3580] ADVAPI32.dll!OpenSCManagerW + A3 77DE6FF8 7 Bytes JMP 0039020E
.text C:\Program Files\iTunes\iTunesHelper.exe[3580] ADVAPI32.dll!LogonUserExW + 461 77DF4A04 7 Bytes JMP 0039012A
.text C:\Program Files\iTunes\iTunesHelper.exe[3580] ADVAPI32.dll!SystemFunction025 + 8D 77DF4C61 7 Bytes JMP 00390682
.text C:\Program Files\iTunes\iTunesHelper.exe[3580] ADVAPI32.dll!SetServiceObjectSecurity + E3 77E36E64 7 Bytes JMP 0039059E
.text C:\Program Files\iTunes\iTunesHelper.exe[3580] ADVAPI32.dll!ChangeServiceConfigA + 193 77E36FFC 7 Bytes JMP 003903D6
.text C:\Program Files\iTunes\iTunesHelper.exe[3580] ADVAPI32.dll!ChangeServiceConfig2W + 83 77E3720C 2 Bytes JMP 003902F2
.text C:\Program Files\iTunes\iTunesHelper.exe[3580] ADVAPI32.dll!ChangeServiceConfig2W + 86 77E3720F 4 Bytes [55, 88, EB, F9] {PUSH EBP; MOV BL, CH; STC }
.text C:\Program Files\iTunes\iTunesHelper.exe[3580] ADVAPI32.dll!CreateServiceA + 193 77E373A4 7 Bytes JMP 003904BA
.text C:\Program Files\iTunes\iTunesHelper.exe[3580] ADVAPI32.dll!CreateServiceW + 103 77E374AC 7 Bytes JMP 00390766
.text C:\Program Files\iTunes\iTunesHelper.exe[3580] USER32.dll!DeviceEventWorker + 178 7E45A270 7 Bytes JMP 0039084A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3588] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 003A0048
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3588] ntdll.dll!NtTerminateThread 7C90DE7E 5 Bytes JMP 0038004C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3588] ADVAPI32.dll!OpenSCManagerW + A3 77DE6FF8 7 Bytes JMP 003A020E
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3588] ADVAPI32.dll!LogonUserExW + 461 77DF4A04 7 Bytes JMP 003A012A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3588] ADVAPI32.dll!SystemFunction025 + 8D 77DF4C61 7 Bytes JMP 003A0682
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3588] ADVAPI32.dll!SetServiceObjectSecurity + E3 77E36E64 7 Bytes JMP 003A059E
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3588] ADVAPI32.dll!ChangeServiceConfigA + 193 77E36FFC 7 Bytes JMP 003A03D6
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3588] ADVAPI32.dll!ChangeServiceConfig2W + 83 77E3720C 2 Bytes JMP 003A02F2
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3588] ADVAPI32.dll!ChangeServiceConfig2W + 86 77E3720F 4 Bytes [56, 88, EB, F9] {PUSH ESI; MOV BL, CH; STC }
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3588] ADVAPI32.dll!CreateServiceA + 193 77E373A4 7 Bytes JMP 003A04BA
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3588] ADVAPI32.dll!CreateServiceW + 103 77E374AC 7 Bytes JMP 003A0766
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3588] USER32.dll!DeviceEventWorker + 178 7E45A270 7 Bytes JMP 003A0A0E
.text C:\Program Files\iPod\bin\iPodService.exe[4044] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 00390048
.text C:\Program Files\iPod\bin\iPodService.exe[4044] ntdll.dll!NtTerminateThread 7C90DE7E 5 Bytes JMP 0037004C
.text C:\Program Files\iPod\bin\iPodService.exe[4044] ADVAPI32.dll!OpenSCManagerW + A3 77DE6FF8 7 Bytes JMP 0039020E
.text C:\Program Files\iPod\bin\iPodService.exe[4044] ADVAPI32.dll!LogonUserExW + 461 77DF4A04 7 Bytes JMP 0039012A
.text C:\Program Files\iPod\bin\iPodService.exe[4044] ADVAPI32.dll!SystemFunction025 + 8D 77DF4C61 7 Bytes JMP 00390682
.text C:\Program Files\iPod\bin\iPodService.exe[4044] ADVAPI32.dll!SetServiceObjectSecurity + E3 77E36E64 7 Bytes JMP 0039059E
.text C:\Program Files\iPod\bin\iPodService.exe[4044] ADVAPI32.dll!ChangeServiceConfigA + 193 77E36FFC 7 Bytes JMP 003903D6
.text C:\Program Files\iPod\bin\iPodService.exe[4044] ADVAPI32.dll!ChangeServiceConfig2W + 83 77E3720C 2 Bytes JMP 003902F2
.text C:\Program Files\iPod\bin\iPodService.exe[4044] ADVAPI32.dll!ChangeServiceConfig2W + 86 77E3720F 4 Bytes [55, 88, EB, F9] {PUSH EBP; MOV BL, CH; STC }
.text C:\Program Files\iPod\bin\iPodService.exe[4044] ADVAPI32.dll!CreateServiceA + 193 77E373A4 7 Bytes JMP 003904BA
.text C:\Program Files\iPod\bin\iPodService.exe[4044] ADVAPI32.dll!CreateServiceW + 103 77E374AC 7 Bytes JMP 00390766
.text C:\Program Files\iPod\bin\iPodService.exe[4044] USER32.dll!DeviceEventWorker + 178 7E45A270 7 Bytes JMP 0039084A
.text C:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe[4180] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 003A0048
.text C:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe[4180] ntdll.dll!NtTerminateThread 7C90DE7E 5 Bytes JMP 0038004C
.text C:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe[4180] USER32.dll!DeviceEventWorker + 178 7E45A270 7 Bytes JMP 003A0A0E
.text C:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe[4180] ADVAPI32.dll!OpenSCManagerW + A3 77DE6FF8 7 Bytes JMP 003A020E
.text C:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe[4180] ADVAPI32.dll!LogonUserExW + 461 77DF4A04 7 Bytes JMP 003A012A
.text C:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe[4180] ADVAPI32.dll!SystemFunction025 + 8D 77DF4C61 7 Bytes JMP 003A0682
.text C:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe[4180] ADVAPI32.dll!SetServiceObjectSecurity + E3 77E36E64 7 Bytes JMP 003A059E
.text C:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe[4180] ADVAPI32.dll!ChangeServiceConfigA + 193 77E36FFC 7 Bytes JMP 003A03D6
.text C:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe[4180] ADVAPI32.dll!ChangeServiceConfig2W + 83 77E3720C 2 Bytes JMP 003A02F2
.text C:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe[4180] ADVAPI32.dll!ChangeServiceConfig2W + 86 77E3720F 4 Bytes [56, 88, EB, F9] {PUSH ESI; MOV BL, CH; STC }
.text C:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe[4180] ADVAPI32.dll!CreateServiceA + 193 77E373A4 7 Bytes JMP 003A04BA
.text C:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe[4180] ADVAPI32.dll!CreateServiceW + 103 77E374AC 7 Bytes JMP 003A0766
.text C:\Program Files\Roxio\GoBack\GBTray.exe[4460] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 00380048
.text C:\Program Files\Roxio\GoBack\GBTray.exe[4460] ntdll.dll!NtTerminateThread 7C90DE7E 5 Bytes JMP 0036004C
.text C:\Program Files\Roxio\GoBack\GBTray.exe[4460] USER32.dll!DeviceEventWorker + 178 7E45A270 7 Bytes JMP 0038084A
.text C:\Program Files\Roxio\GoBack\GBTray.exe[4460] ADVAPI32.dll!OpenSCManagerW + A3 77DE6FF8 7 Bytes JMP 0038020E
.text C:\Program Files\Roxio\GoBack\GBTray.exe[4460] ADVAPI32.dll!LogonUserExW + 461 77DF4A04 7 Bytes JMP 0038012A
.text C:\Program Files\Roxio\GoBack\GBTray.exe[4460] ADVAPI32.dll!SystemFunction025 + 8D 77DF4C61 7 Bytes JMP 00380682
.text C:\Program Files\Roxio\GoBack\GBTray.exe[4460] ADVAPI32.dll!SetServiceObjectSecurity + E3 77E36E64 7 Bytes JMP 0038059E
.text C:\Program Files\Roxio\GoBack\GBTray.exe[4460] ADVAPI32.dll!ChangeServiceConfigA + 193 77E36FFC 7 Bytes JMP 003803D6
.text C:\Program Files\Roxio\GoBack\GBTray.exe[4460] ADVAPI32.dll!ChangeServiceConfig2W + 83 77E3720C 2 Bytes JMP 003802F2
.text C:\Program Files\Roxio\GoBack\GBTray.exe[4460] ADVAPI32.dll!ChangeServiceConfig2W + 86 77E3720F 4 Bytes [54, 88, EB, F9] {PUSH ESP; MOV BL, CH; STC }
.text C:\Program Files\Roxio\GoBack\GBTray.exe[4460] ADVAPI32.dll!CreateServiceA + 193 77E373A4 7 Bytes JMP 003804BA
.text C:\Program Files\Roxio\GoBack\GBTray.exe[4460] ADVAPI32.dll!CreateServiceW + 103 77E374AC 7 Bytes JMP 00380766
.text C:\Program Files\HP\HP Photosmart 6510 series\Bin\HPNetworkCommunicator.exe[5124] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 003A0048
.text C:\Program Files\HP\HP Photosmart 6510 series\Bin\HPNetworkCommunicator.exe[5124] ntdll.dll!NtTerminateThread 7C90DE7E 5 Bytes JMP 0038004C
.text C:\Program Files\HP\HP Photosmart 6510 series\Bin\HPNetworkCommunicator.exe[5124] ADVAPI32.dll!OpenSCManagerW + A3 77DE6FF8 7 Bytes JMP 003A020E
.text C:\Program Files\HP\HP Photosmart 6510 series\Bin\HPNetworkCommunicator.exe[5124] ADVAPI32.dll!LogonUserExW + 461 77DF4A04 7 Bytes JMP 003A012A
.text C:\Program Files\HP\HP Photosmart 6510 series\Bin\HPNetworkCommunicator.exe[5124] ADVAPI32.dll!SystemFunction025 + 8D 77DF4C61 7 Bytes JMP 003A0682
.text C:\Program Files\HP\HP Photosmart 6510 series\Bin\HPNetworkCommunicator.exe[5124] ADVAPI32.dll!SetServiceObjectSecurity + E3 77E36E64 7 Bytes JMP 003A059E
.text C:\Program Files\HP\HP Photosmart 6510 series\Bin\HPNetworkCommunicator.exe[5124] ADVAPI32.dll!ChangeServiceConfigA + 193 77E36FFC 7 Bytes JMP 003A03D6
.text C:\Program Files\HP\HP Photosmart 6510 series\Bin\HPNetworkCommunicator.exe[5124] ADVAPI32.dll!ChangeServiceConfig2W + 83 77E3720C 2 Bytes JMP 003A02F2
.text C:\Program Files\HP\HP Photosmart 6510 series\Bin\HPNetworkCommunicator.exe[5124] ADVAPI32.dll!ChangeServiceConfig2W + 86 77E3720F 4 Bytes [56, 88, EB, F9] {PUSH ESI; MOV BL, CH; STC }
.text C:\Program Files\HP\HP Photosmart 6510 series\Bin\HPNetworkCommunicator.exe[5124] ADVAPI32.dll!CreateServiceA + 193 77E373A4 7 Bytes JMP 003A04BA
.text C:\Program Files\HP\HP Photosmart 6510 series\Bin\HPNetworkCommunicator.exe[5124] ADVAPI32.dll!CreateServiceW + 103 77E374AC 7 Bytes JMP 003A0766
.text C:\Program Files\HP\HP Photosmart 6510 series\Bin\HPNetworkCommunicator.exe[5124] USER32.dll!DeviceEventWorker + 178 7E45A270 7 Bytes JMP 003A0A0E
.text C:\Program Files\FastStone Capture\FastStone Capture 5.3\FSCapture.exe[124444] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 00390048
.text C:\Program Files\FastStone Capture\FastStone Capture 5.3\FSCapture.exe[124444] ntdll.dll!NtTerminateThread 7C90DE7E 5 Bytes JMP 0037004C
.text C:\Program Files\FastStone Capture\FastStone Capture 5.3\FSCapture.exe[124444] advapi32.dll!OpenSCManagerW + A3 77DE6FF8 7 Bytes JMP 0039020E
.text C:\Program Files\FastStone Capture\FastStone Capture 5.3\FSCapture.exe[124444] advapi32.dll!LogonUserExW + 461 77DF4A04 7 Bytes JMP 0039012A
.text C:\Program Files\FastStone Capture\FastStone Capture 5.3\FSCapture.exe[124444] advapi32.dll!SystemFunction025 + 8D 77DF4C61 7 Bytes JMP 00390682
.text C:\Program Files\FastStone Capture\FastStone Capture 5.3\FSCapture.exe[124444] advapi32.dll!SetServiceObjectSecurity + E3 77E36E64 7 Bytes JMP 0039059E
.text C:\Program Files\FastStone Capture\FastStone Capture 5.3\FSCapture.exe[124444] advapi32.dll!ChangeServiceConfigA + 193 77E36FFC 7 Bytes JMP 003903D6
.text C:\Program Files\FastStone Capture\FastStone Capture 5.3\FSCapture.exe[124444] advapi32.dll!ChangeServiceConfig2W + 83 77E3720C 2 Bytes JMP 003902F2
.text C:\Program Files\FastStone Capture\FastStone Capture 5.3\FSCapture.exe[124444] advapi32.dll!ChangeServiceConfig2W + 86 77E3720F 4 Bytes [55, 88, EB, F9] {PUSH EBP; MOV BL, CH; STC }
.text C:\Program Files\FastStone Capture\FastStone Capture 5.3\FSCapture.exe[124444] advapi32.dll!CreateServiceA + 193 77E373A4 7 Bytes JMP 003904BA
.text C:\Program Files\FastStone Capture\FastStone Capture 5.3\FSCapture.exe[124444] advapi32.dll!CreateServiceW + 103 77E374AC 7 Bytes JMP 00390766
.text C:\Program Files\FastStone Capture\FastStone Capture 5.3\FSCapture.exe[124444] USER32.dll!DeviceEventWorker + 178 7E45A270 7 Bytes JMP 0039084A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[179620] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[179620] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[179620] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E725F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[179620] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E7191 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[179620] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E71FC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[179620] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E7062 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[179620] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E70C4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[179620] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E72C2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[179620] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E7126 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[179756] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 02B50048
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[179756] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 02B5012A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[179756] kernel32.dll!VirtualProtectEx + 6E 7C801ACF 7 Bytes JMP 02B50594
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[179756] kernel32.dll!ReadProcessMemory + 3E 7C80220E 7 Bytes JMP 02B502EE
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[179756] kernel32.dll!lstrlenW + 43 7C809AEC 7 Bytes JMP 02B504B2
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[179756] kernel32.dll!CreateRemoteThread + 206 7C8106D2 7 Bytes JMP 02B5020C
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[179756] kernel32.dll!GetVersionExA + D3 7C812C51 7 Bytes JMP 02B50676
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[179756] kernel32.dll!GetProcessHandleCount + 35 7C86229F 7 Bytes JMP 02B503D0
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[179756] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[179756] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AB5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[179756] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD12D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[179756] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[179756] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25466C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[179756] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E725F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[179756] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E7191 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[179756] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E71FC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[179756] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E7062 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[179756] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E70C4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[179756] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E72C2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[179756] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E7126 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[179756] ole32.dll!CreateBindCtx + B5F 774FF15F 7 Bytes JMP 02B5083A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[179756] ole32.dll!CoCreateInstance 774FF1BC 5 Bytes JMP 3E2EDB80 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[179756] ole32.dll!CoImpersonateClient + 51 77515200 7 Bytes JMP 02B50758
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[179756] ole32.dll!OleLoadFromStream 7752983B 5 Bytes JMP 3E3E75C7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Documents and Settings\John\Desktop\oyh1kxb2.exe[331692] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 00390048
.text C:\Documents and Settings\John\Desktop\oyh1kxb2.exe[331692] ntdll.dll!NtTerminateThread 7C90DE7E 5 Bytes JMP 0037004C
.text C:\Documents and Settings\John\Desktop\oyh1kxb2.exe[331692] ADVAPI32.dll!OpenSCManagerW + A3 77DE6FF8 7 Bytes JMP 0039020E
.text C:\Documents and Settings\John\Desktop\oyh1kxb2.exe[331692] ADVAPI32.dll!LogonUserExW + 461 77DF4A04 7 Bytes JMP 0039012A
.text C:\Documents and Settings\John\Desktop\oyh1kxb2.exe[331692] ADVAPI32.dll!SystemFunction025 + 8D 77DF4C61 7 Bytes JMP 00390682
.text C:\Documents and Settings\John\Desktop\oyh1kxb2.exe[331692] ADVAPI32.dll!SetServiceObjectSecurity + E3 77E36E64 7 Bytes JMP 0039059E
.text C:\Documents and Settings\John\Desktop\oyh1kxb2.exe[331692] ADVAPI32.dll!ChangeServiceConfigA + 193 77E36FFC 7 Bytes JMP 003903D6
.text C:\Documents and Settings\John\Desktop\oyh1kxb2.exe[331692] ADVAPI32.dll!ChangeServiceConfig2W + 83 77E3720C 2 Bytes JMP 003902F2
.text C:\Documents and Settings\John\Desktop\oyh1kxb2.exe[331692] ADVAPI32.dll!ChangeServiceConfig2W + 86 77E3720F 4 Bytes [55, 88, EB, F9] {PUSH EBP; MOV BL, CH; STC }
.text C:\Documents and Settings\John\Desktop\oyh1kxb2.exe[331692] ADVAPI32.dll!CreateServiceA + 193 77E373A4 7 Bytes JMP 003904BA
.text C:\Documents and Settings\John\Desktop\oyh1kxb2.exe[331692] ADVAPI32.dll!CreateServiceW + 103 77E374AC 7 Bytes JMP 00390766
.text C:\Documents and Settings\John\Desktop\oyh1kxb2.exe[331692] USER32.dll!DeviceEventWorker + 178 7E45A270 7 Bytes JMP 0039084A

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs GBFSHook.SYS (GoBack File System Hook Driver/Roxio, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\Disk \Device\Harddisk0\DR0 GoBack2K.sys (GoBack Engine Driver/Roxio, Inc.)

AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\Disk \Device\Harddisk1\DR2 GoBack2K.sys (GoBack Engine Driver/Roxio, Inc.)
Device \Driver\Disk \Device\Harddisk1\DP(1)0-0+4 GoBack2K.sys (GoBack Engine Driver/Roxio, Inc.)
Device \Driver\Disk \Device\Harddisk2\DR3 GoBack2K.sys (GoBack Engine Driver/Roxio, Inc.)
Device \Driver\Disk \Device\Harddisk2\DP(1)0-0+5 GoBack2K.sys (GoBack Engine Driver/Roxio, Inc.)
Device \Driver\Disk \Device\Harddisk3\DR6 GoBack2K.sys (GoBack Engine Driver/Roxio, Inc.)
Device \Driver\Disk \Device\Harddisk4\DR18 GoBack2K.sys (GoBack Engine Driver/Roxio, Inc.)
Device \Driver\Disk \Device\Harddisk4\DP(1)0-0+13 GoBack2K.sys (GoBack Engine Driver/Roxio, Inc.)

AttachedDevice \FileSystem\Fastfat \Fat FLTMGR.SYS (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Processes - GMER 1.0.15 ----

Process hidden process (*** hidden *** ) 4012
Process hidden process (*** hidden *** ) 12920
Process hidden process (*** hidden *** ) 43932
Process hidden process (*** hidden *** ) 48548
Process hidden process (*** hidden *** ) 48684
Process hidden process (*** hidden *** ) 58908

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-854245398-1614895754-725345543-1003\Extension-List\{00000000-0000-0000-0000-000000000000}@StartTimeLo 216132214
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-854245398-1614895754-725345543-1003\Extension-List\{00000000-0000-0000-0000-000000000000}@StartTimeHi 30266941
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-854245398-1614895754-725345543-1003\Extension-List\{00000000-0000-0000-0000-000000000000}@EndTimeLo 216444714
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-854245398-1614895754-725345543-1003\Extension-List\{00000000-0000-0000-0000-000000000000}@EndTimeHi 30266941

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D\wuredir.cab.bak 16780 bytes

---- EOF - GMER 1.0
flavallee's Avatar
flavallee   (Frank) flavallee is offline flavallee is a Trusted Advisor with special permissions. flavallee has a Profile Picture
Computer Specs
Trusted Advisor with 57,804 posts.
 
Join Date: May 2002
Location: Hillsborough county, Florida
Experience: Advanced
09-Dec-2012, 11:29 PM #2
Go to Control Panel - Add Or Remove Programs, then uninstall/remove

PC Cleaners

PC Tools Registry Mechanic 11.1


-------------------------------------------------------

Download and save and then install the free version of

Malwarebytes Anti-Malware 1.65.1.1000

SUPERAntiSpyware 5.6.0.1014

Make sure to update their definition files during the install process.

Make sure to uncheck and decline to install any extras, such as toolbars and homepages, they may offer.

Make sure to uncheck and decline to use the "Pro" or "Trial" version, if it's offered.

After they're installed and updated, restart the computer.

Run a QUICK scan with each of them.

When each scan is finished, select and remove EVERYTHING they found.

Restart the computer, if prompted to, so the removal process can finish.

Note: DON'T use the computer while each scan is in progress.

-------------------------------------------------------
flavallee's Avatar
flavallee   (Frank) flavallee is offline flavallee is a Trusted Advisor with special permissions. flavallee has a Profile Picture
Computer Specs
Trusted Advisor with 57,804 posts.
 
Join Date: May 2002
Location: Hillsborough county, Florida
Experience: Advanced
09-Dec-2012, 11:30 PM #3
What's the model name and model number of that Dell?

What's the 7-character "service tag" number on the sticker?

-----------------------------------------------------------------
roosterlips's Avatar
roosterlips roosterlips is offline
Computer Specs
Member with 17 posts.
THREAD STARTER
 
Join Date: May 2006
Experience: Advanced
10-Dec-2012, 09:03 AM #4
Model and Service Tag
Model Name: Dell Dimension 8250

Service Tag: CHXX521

Note: Had to replace the hard drive a few years back.
Note: Added memory a few years back.
roosterlips's Avatar
roosterlips roosterlips is offline
Computer Specs
Member with 17 posts.
THREAD STARTER
 
Join Date: May 2006
Experience: Advanced
10-Dec-2012, 10:39 AM #5
Have Performed Corrective Action Requested
1. Removed PC Cleaners & PC Tools Registry Mechanic Software.
2. Installed the free versions of Malwarebytes & SUPERAntiSpyware and ran the quick scans.
3. Have added three attachments that indicate the scan results etc.
4. I have not used this site often...so hopefully I have added the attachments and I'm replying correctly/effectively.

Note: I replaced the battery(CR2032 LITHIUM) on the main board inside my computer yesterday due to the low battery warnings that I would receive at boot up every now and then.

Anyway...At this point I guess I just wait to see if the problem goes away.

Thanks For Your Help!
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
flavallee's Avatar
flavallee   (Frank) flavallee is offline flavallee is a Trusted Advisor with special permissions. flavallee has a Profile Picture
Computer Specs
Trusted Advisor with 57,804 posts.
 
Join Date: May 2002
Location: Hillsborough county, Florida
Experience: Advanced
10-Dec-2012, 11:03 AM #6
Quote:
Originally Posted by roosterlips View Post
Model Name: Dell Dimension 8250

Service Tag: CHXX521

Note: Had to replace the hard drive a few years back.
Note: Added memory a few years back.
Here is the support and software site that's specific only to your Dell Dimension 8250 desktop which was purchased in December 2002.

You might want to add and save this site in your browser favorites/bookmarks list so you can readily refer to it when needed.

It came with 2 - 128 MB modules, so I'm guessing you added 2 - 512 MB modules to it to get 1280 MB(1.25 GB) of RAM.

It's unfortunate that RDRAM modules are so expensive and hard to find, or else I'd suggest replacing the 128 MB modules with 512 MB modules.

----------------------------------------------------------
flavallee's Avatar
flavallee   (Frank) flavallee is offline flavallee is a Trusted Advisor with special permissions. flavallee has a Profile Picture
Computer Specs
Trusted Advisor with 57,804 posts.
 
Join Date: May 2002
Location: Hillsborough county, Florida
Experience: Advanced
10-Dec-2012, 11:08 AM #7
Let's see what the scan logs look like.

I'm going to assume that you selected and removed EVERYTHING that was found.

-----------------------------------------------------------

Start Malwarebytes Anti-Malware.

Click "Logs"(tab).

Highlight the scan log entry, then click "Open".

When the scan log appears in Notepad, copy-and-paste it here.

-----------------------------------------------------------

Start SUPERAntiSpyware.

Click "View Scan Logs".

Highlight the scan log entry, then click "View Selected Log".

When the scan log appears in Notepad, copy-and-paste it here.

-----------------------------------------------------------
flavallee's Avatar
flavallee   (Frank) flavallee is offline flavallee is a Trusted Advisor with special permissions. flavallee has a Profile Picture
Computer Specs
Trusted Advisor with 57,804 posts.
 
Join Date: May 2002
Location: Hillsborough county, Florida
Experience: Advanced
10-Dec-2012, 11:13 AM #8
If that computer has a rootkit infection, that's beyond my expertise to help you with.

It'll need to be dealt with by a qualified and trained gold shield removal specialist in the Virus & Other Malware Removal section.

In many cases a rootkit infection does a lot of damage, so doing a clean reinstall of Windows XP SP3 and getting a fresh start is the best option.

-----------------------------------------------------------
roosterlips's Avatar
roosterlips roosterlips is offline
Computer Specs
Member with 17 posts.
THREAD STARTER
 
Join Date: May 2006
Experience: Advanced
11-Dec-2012, 06:25 AM #9
Sorry for the delay...Log files pasted.
Quote:
Originally Posted by flavallee View Post
Let's see what the scan logs look like.

I'm going to assume that you selected and removed EVERYTHING that was found.

-----------------------------------------------------------

Start Malwarebytes Anti-Malware.

Click "Logs"(tab).

Highlight the scan log entry, then click "Open".

When the scan log appears in Notepad, copy-and-paste it here.

-----------------------------------------------------------

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/10/2012 at 09:04 AM

Application Version : 5.6.1014

Core Rules Database Version : 9713
Trace Rules Database Version: 7525

Scan type : Quick Scan
Total Scan Time : 00:05:21

Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned : 527
Memory threats detected : 0
Registry items scanned : 32826
Registry threats detected : 1
File items scanned : 6615
File threats detected : 54

Adware.Tracking Cookie
C:\Documents and Settings\John\Cookies\TKJKK93K.txt [ /yieldmanager.net ]
C:\Documents and Settings\John\Cookies\C1CSAPRD.txt [ /liveperson.net ]
C:\Documents and Settings\John\Cookies\VXFK20AW.txt [ /revsci.net ]
C:\Documents and Settings\John\Cookies\HB68GNGG.txt [ /mediaplex.com ]
C:\Documents and Settings\John\Cookies\AX4Y49BW.txt [ /atwola.com ]
C:\Documents and Settings\John\Cookies\CG1Y29J6.txt [ /xiti.com ]
C:\Documents and Settings\John\Cookies\9KPEMFEP.txt [ /specificclick.net ]
C:\Documents and Settings\John\Cookies\1JYCHN49.txt [ /statse.webtrendslive.com ]
C:\Documents and Settings\John\Cookies\UKJ3VK06.txt [ /doubleclick.net ]
C:\Documents and Settings\John\Cookies\1MHB6E96.txt [ /gostats.com ]
C:\Documents and Settings\John\Cookies\3N082H5G.txt [ /dmtracker.com ]
C:\Documents and Settings\John\Cookies\8KE5MEQN.txt [ /advertising.com ]
C:\Documents and Settings\John\Cookies\8UBXRM3O.txt [ /pointroll.com ]
C:\Documents and Settings\John\Cookies\1CMRT5FO.txt [ /steelhousemedia.com ]
C:\Documents and Settings\John\Cookies\EM3I28AF.txt [ /a1.interclick.com ]
C:\Documents and Settings\John\Cookies\4DARUMI0.txt [ /tacoda.net ]
C:\Documents and Settings\John\Cookies\0ZPZ9BSW.txt [ /tribalfusion.com ]
C:\Documents and Settings\John\Cookies\USJ0KOYC.txt [ /www.googleadservices.com ]
C:\Documents and Settings\John\Cookies\8ABRAB7H.txt [ /gntbcstglobal.112.2o7.net ]
C:\Documents and Settings\John\Cookies\C1JMTXBU.txt [ /zedo.com ]
C:\Documents and Settings\John\Cookies\WOFND0ZH.txt [ /2o7.net ]
C:\Documents and Settings\John\Cookies\TVYI9BCU.txt [ /ads.pointroll.com ]
C:\Documents and Settings\John\Cookies\WLWF9AOG.txt [ /burstnet.com ]
C:\Documents and Settings\John\Cookies\Z0P83SLI.txt [ /tacoda.at.atwola.com ]
C:\Documents and Settings\John\Cookies\YGPPR2V6.txt [ /collective-media.net ]
C:\Documents and Settings\John\Cookies\NTZEWO8D.txt [ /casalemedia.com ]
C:\Documents and Settings\John\Cookies\CLE4BRQU.txt [ /imrworldwide.com ]
C:\Documents and Settings\John\Cookies\B5VGJJGC.txt [ /ru4.com ]
C:\Documents and Settings\John\Cookies\B13J166J.txt [ /www.googleadservices.com ]
C:\Documents and Settings\John\Cookies\SC83SBTN.txt [ /at.atwola.com ]
C:\Documents and Settings\John\Cookies\31RSLE9C.txt [ /atdmt.com ]
C:\Documents and Settings\John\Cookies\UF79JU15.txt [ /c.atdmt.com ]
C:\Documents and Settings\John\Cookies\NPIV0594.txt [ /insightexpressai.com ]
C:\Documents and Settings\John\Cookies\BY2M8Z4N.txt [ /serving-sys.com ]
C:\Documents and Settings\John\Cookies\03WLZREM.txt [ /fep.careenhance.com ]
C:\Documents and Settings\John\Cookies\NFHBO1A0.txt [ /adbrite.com ]
C:\Documents and Settings\John\Cookies\PYNFEFOP.txt [ /ads.fdma-media.com ]
C:\Documents and Settings\John\Cookies\POFFO38R.txt [ /apmebf.com ]
C:\Documents and Settings\John\Cookies\JVOUVUCL.txt [ /interclick.com ]
C:\Documents and Settings\John\Cookies\H0C5WXS3.txt [ /questionmarket.com ]
C:\Documents and Settings\John\Cookies\GJ056JP4.txt [ /liveperson.net ]
C:\Documents and Settings\John\Cookies\PHEFHQSV.txt [ /t.pointroll.com ]
C:\Documents and Settings\John\Cookies\YT6VDZW4.txt [ /lasikplus.122.2o7.net ]
C:\Documents and Settings\John\Cookies\S8QKAJHW.txt [ /mm.chitika.net ]
C:\Documents and Settings\John\Cookies\MCNNAXGB.txt [ /media6degrees.com ]
C:\Documents and Settings\John\Cookies\J23M6C1J.txt [ /kontera.com ]
C:\Documents and Settings\John\Cookies\PE0T5FML.txt [ /ar.atwola.com ]
C:\Documents and Settings\John\Cookies\123Y1PW5.txt [ /ad.yieldmanager.com ]
C:\Documents and Settings\John\Cookies\HM3OLWAN.txt [ /webstats.aetna.com ]
C:\Documents and Settings\John\Cookies\0G25Y20W.txt [ /c1.atdmt.com ]
C:\Documents and Settings\John\Cookies\GSGMR1CC.txt [ /invitemedia.com ]
C:\Documents and Settings\John\Cookies\37LWTSLG.txt [ /microsoftsto.112.2o7.net ]
C:\Documents and Settings\John\Cookies\M5GTV2IC.txt [ /ad.360yield.com ]
C:\Documents and Settings\John\Cookies\7I7CBTN1.txt [ /px.steelhousemedia.com ]

Adware.EpicPlay
HKU\S-1-5-21-854245398-1614895754-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{56E4076B-A42B-4745-BA35-34DA8AC4C2F2}


Start SUPERAntiSpyware.

Click "View Scan Logs".

Highlight the scan log entry, then click "View Selected Log".

When the scan log appears in Notepad, copy-and-paste it here.

-----------------------------------------------------------
Malwarebytes Anti-Malware (Trial) 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.23.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
John :: JOHNHOME [administrator]

Protection: Enabled

1/24/2012 3:26:36 AM
mbam-log-2012-01-24 (03-26-36).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 209855
Time elapsed: 1 hour(s), 7 minute(s), 31 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\System Volume Information\_restore{432F6415-6C7F-4CB9-AAC9-659F50D951B7}\RP359\A0086183.EXE (PUP.BundleOffers.IIQ) -> Quarantined and deleted successfully.

(end)

------------------------------------------------------

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.12.10.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
John :: JOHNHOME [administrator]

12/10/2012 8:46:42 AM
mbam-log-2012-12-10 (08-46-42).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 197216
Time elapsed: 7 minute(s), 51 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

--------------------------------------------------------

2012/01/24 08:24:14 -0500 JOHNHOME MESSAGE Starting protection
2012/01/24 08:24:23 -0500 JOHNHOME MESSAGE Protection started successfully
2012/01/24 08:24:27 -0500 JOHNHOME MESSAGE Starting IP protection
2012/01/24 08:24:41 -0500 JOHNHOME John MESSAGE IP Protection started successfully
2012/01/24 09:25:55 -0500 JOHNHOME John MESSAGE Executing scheduled update: Daily
2012/01/24 09:26:07 -0500 JOHNHOME John MESSAGE Scheduled update executed successfully: database updated from version v2012.01.23.03 to version v2012.01.24.04
2012/01/24 09:26:07 -0500 JOHNHOME John MESSAGE Starting database refresh
2012/01/24 09:26:07 -0500 JOHNHOME John MESSAGE Stopping IP protection
2012/01/24 09:26:07 -0500 JOHNHOME John MESSAGE IP Protection stopped
2012/01/24 09:26:17 -0500 JOHNHOME John MESSAGE Database refreshed successfully
2012/01/24 09:26:17 -0500 JOHNHOME John MESSAGE Starting IP protection
2012/01/24 09:26:28 -0500 JOHNHOME John MESSAGE IP Protection started successfully
2012/01/24 09:39:33 -0500 JOHNHOME John MESSAGE Stopping IP protection
2012/01/24 09:39:33 -0500 JOHNHOME John MESSAGE IP Protection stopped
2012/01/24 09:44:22 -0500 JOHNHOME John MESSAGE Starting IP protection
2012/01/24 09:44:29 -0500 JOHNHOME John MESSAGE IP Protection started successfully
2012/01/24 12:34:04 -0500 JOHNHOME John IP-BLOCK 193.169.40.44 (Type: outgoing)
2012/01/24 12:34:07 -0500 JOHNHOME John IP-BLOCK 193.169.40.44 (Type: outgoing)
2012/01/24 12:34:13 -0500 JOHNHOME John IP-BLOCK 193.169.40.44 (Type: outgoing)
2012/01/24 12:34:20 -0500 JOHNHOME John IP-BLOCK 193.169.40.44 (Type: outgoing)
2012/01/24 12:34:23 -0500 JOHNHOME John IP-BLOCK 193.169.40.44 (Type: outgoing)
2012/01/24 12:37:49 -0500 JOHNHOME John IP-BLOCK 91.205.96.48 (Type: outgoing)
2012/01/24 12:37:49 -0500 JOHNHOME John IP-BLOCK 94.102.48.2 (Type: outgoing)
2012/01/24 12:37:50 -0500 JOHNHOME John IP-BLOCK 91.205.96.48 (Type: outgoing)
2012/01/24 12:37:50 -0500 JOHNHOME John IP-BLOCK 98.142.240.58 (Type: outgoing)
2012/01/24 12:37:50 -0500 JOHNHOME John IP-BLOCK 88.85.65.233 (Type: outgoing)
2012/01/24 12:37:50 -0500 JOHNHOME John IP-BLOCK 94.102.48.2 (Type: outgoing)
2012/01/24 12:37:51 -0500 JOHNHOME John IP-BLOCK 91.205.96.48 (Type: outgoing)
2012/01/24 12:37:59 -0500 JOHNHOME John IP-BLOCK 193.169.40.34 (Type: outgoing)
2012/01/24 12:38:01 -0500 JOHNHOME John IP-BLOCK 193.169.40.34 (Type: outgoing)
2012/01/24 12:38:07 -0500 JOHNHOME John IP-BLOCK 193.169.40.34 (Type: outgoing)
2012/01/24 12:40:48 -0500 JOHNHOME John IP-BLOCK 91.205.96.48 (Type: outgoing)
2012/01/24 12:40:48 -0500 JOHNHOME John IP-BLOCK 88.85.70.137 (Type: outgoing)
2012/01/24 12:40:49 -0500 JOHNHOME John IP-BLOCK 94.102.48.2 (Type: outgoing)
2012/01/24 12:40:49 -0500 JOHNHOME John IP-BLOCK 94.102.48.2 (Type: outgoing)
2012/01/24 12:40:50 -0500 JOHNHOME John IP-BLOCK 94.102.48.2 (Type: outgoing)

----------------------------------------------------------------------------------

2012/01/25 01:25:30 -0500 JOHNHOME MESSAGE Starting protection
2012/01/25 01:25:39 -0500 JOHNHOME MESSAGE Protection started successfully
2012/01/25 01:25:43 -0500 JOHNHOME MESSAGE Starting IP protection
2012/01/25 01:25:58 -0500 JOHNHOME John MESSAGE IP Protection started successfully
2012/01/25 02:04:15 -0500 JOHNHOME John IP-BLOCK 109.236.83.66 (Type: outgoing)
2012/01/25 02:04:18 -0500 JOHNHOME John IP-BLOCK 109.236.83.66 (Type: outgoing)
2012/01/25 02:04:24 -0500 JOHNHOME John IP-BLOCK 109.236.83.66 (Type: outgoing)
2012/01/25 08:48:36 -0500 JOHNHOME John MESSAGE Stopping IP protection
2012/01/25 08:48:36 -0500 JOHNHOME John MESSAGE IP Protection stopped
roosterlips's Avatar
roosterlips roosterlips is offline
Computer Specs
Member with 17 posts.
THREAD STARTER
 
Join Date: May 2006
Experience: Advanced
11-Dec-2012, 06:40 AM #10
Quote:
Originally Posted by flavallee View Post
If that computer has a rootkit infection, that's beyond my expertise to help you with.

It'll need to be dealt with by a qualified and trained gold shield removal specialist in the Virus & Other Malware Removal section.

In many cases a rootkit infection does a lot of damage, so doing a clean reinstall of Windows XP SP3 and getting a fresh start is the best option.

-----------------------------------------------------------
How do I copy this post to the virus & other malware removal section Or how can I direct them to it?
flavallee's Avatar
flavallee   (Frank) flavallee is offline flavallee is a Trusted Advisor with special permissions. flavallee has a Profile Picture
Computer Specs
Trusted Advisor with 57,804 posts.
 
Join Date: May 2002
Location: Hillsborough county, Florida
Experience: Advanced
11-Dec-2012, 10:20 AM #11
Read the instructions here, then submit the required logs and information.

I've requested your thread to be moved to the "Virus & Other Malware Removal" section.

That section is very busy, so it may take awhile before a gold shield removal specialist replies.

I'm not qualified and trained to help you in that section, so you won't be hearing from me again.

--------------------------------------------------------------
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑