1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Not enough system resources error

Discussion in 'Virus & Other Malware Removal' started by roosterlips, Dec 9, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. roosterlips

    roosterlips Thread Starter

    Joined:
    May 7, 2006
    Messages:
    17
    PROBLEM: My PC locks up after it sets idle for and extended period of time. Receiving not enough system resource errors.



    Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft Windows XP Professional, Service Pack 3, 32 bit
    Processor: Intel(R) Pentium(R) 4 CPU 2.40GHz, x86 Family 15 Model 2 Stepping 4
    Processor Count: 1
    RAM: 1278 Mb
    Graphics Card: NVIDIA GeForce4 MX 420, 64 Mb
    Hard Drives: C: Total - 55882 MB, Free - 31814 MB; D: Total - 58580 MB, Free - 54505 MB; G: Total - 152625 MB, Free - 65673 MB;
    Motherboard: Dell Computer Corp.,
    Antivirus: PC Cleaner Pro, Updated: Yes, On-Demand Scanner: Disabled



    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 2:25:30 PM, on 12/9/2012
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Roxio\GoBack\GBPoll.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Norton AntiVirus\Engine\20.2.0.19\ccSvcHst.exe
    C:\Program Files\Norton Identity Safe\Engine\2013.2.0.18\ccSvcHst.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Norton AntiVirus\Engine\20.2.0.19\ccSvcHst.exe
    C:\Program Files\Common Files\Motive\pcCMService.exe
    C:\Program Files\Common Files\Motive\pcServiceHost.exe
    C:\Program Files\Norton Identity Safe\Engine\2013.2.0.18\ccSvcHst.exe
    C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    C:\Program Files\PC Cleaners\PCCleaners.exe
    C:\Program Files\ATT-SST\pcTrayApp.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Roxio\GoBack\GBTray.exe
    C:\Program Files\HP\HP Photosmart 6510 series\Bin\HPNetworkCommunicator.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\FastStone Capture\FastStone Capture 5.3\FSCapture.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
    O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\20.2.0.19\IPS\IPSBHO.DLL
    O2 - BHO: WindowShopper - {74F475FA-6C75-43BD-AAB9-ECDA6184F600} - C:\Program Files\Superfish\Window Shopper\SuperfishIEAddon.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Norton Identity Protection - {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files\Norton Identity Safe\Engine\2013.2.0.18\coIEPlg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files\Norton Identity Safe\Engine\2013.2.0.18\coIEPlg.dll
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [PC Cleaners] "C:\Program Files\PC Cleaners\PCCleaners.exe" /minimize
    O4 - HKLM\..\Run: [ATT-SST_McciTrayApp] "C:\Program Files\ATT-SST\pcTrayApp.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [StrgSync.exe] C:\Program Files\StorageSync\StrgSync.exe -w
    O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
    O4 - HKCU\..\Run: [HP Photosmart 6510 series (NET)] "C:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN1BJ4103N05QB:NW" -scfn "HP Photosmart 6510 series (NET)" -AutoStart 1
    O4 - HKCU\..\Run: [93BDFB8E35BFC01D73B090163BC1144A8EF10A34._service_run] "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=service
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - Startup: PowerReg Scheduler.exe
    O4 - Global Startup: GoBack.lnk = C:\Program Files\Roxio\GoBack\GBTray.exe
    O4 - Global Startup: Refresh.lnk = C:\Program Files\Iomega\Tools_NT\refresh.exe
    O4 - Global Startup: Splash.lnk = C:\Program Files\Iomega\Tools_NT\splash.exe
    O9 - Extra button: Window Shopper - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - C:\Program Files\Superfish\Window Shopper\SuperfishIEAddon.dll
    O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: GBPoll - Roxio, Inc. - C:\Program Files\Roxio\GoBack\GBPoll.exe
    O23 - Service: IomegaAccess - Iomega Corporation - C:\Program Files\Iomega\Tools_NT\iomegaaccess.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Norton AntiVirus (NAV) - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\20.2.0.19\ccSvcHst.exe
    O23 - Service: Norton Identity Safe (NCO) - Symantec Corporation - C:\Program Files\Norton Identity Safe\Engine\2013.2.0.18\ccSvcHst.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: pcCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\pcCMService.exe
    O23 - Service: pcServiceHost - Alcatel-Lucent - C:\Program Files\Common Files\Motive\pcServiceHost.exe
    O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
    O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    O23 - Service: ZipToA - Unknown owner - C:\WINDOWS\system32\ZipToA.exe

    --
    End of file - 9019 bytes




    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 8.0.6001.18702
    Run by John at 14:26:29 on 2012-12-09
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1279.365 [GMT -5:00]
    .
    AV: PC Cleaner Pro *Disabled/Updated* {737A8864-C2D9-4337-B49A-B5E35815B9BB}
    AV: Norton AntiVirus *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
    .
    ============== Running Processes ================
    .
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Roxio\GoBack\GBPoll.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Norton AntiVirus\Engine\20.2.0.19\ccSvcHst.exe
    C:\Program Files\Norton Identity Safe\Engine\2013.2.0.18\ccSvcHst.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Norton AntiVirus\Engine\20.2.0.19\ccSvcHst.exe
    C:\Program Files\Common Files\Motive\pcCMService.exe
    C:\Program Files\Common Files\Motive\pcServiceHost.exe
    C:\Program Files\Norton Identity Safe\Engine\2013.2.0.18\ccSvcHst.exe
    C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    C:\Program Files\PC Cleaners\PCCleaners.exe
    C:\Program Files\ATT-SST\pcTrayApp.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\Windows Media Player\WMPNetwk.exe
    C:\Program Files\Roxio\GoBack\GBTray.exe
    C:\Program Files\HP\HP Photosmart 6510 series\Bin\HPNetworkCommunicator.exe
    C:\Program Files\FastStone Capture\FastStone Capture 5.3\FSCapture.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k NetworkService
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.att.net/
    uWindow Title = Windows Internet Explorer provided by Yahoo!
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: <No Name>: {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - c:\program files\microsoft money\system\mnyside.dll
    BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton antivirus\engine\20.2.0.19\ips\ipsbho.dll
    BHO: Window Shopper: {74F475FA-6C75-43BD-AAB9-ECDA6184F600} - c:\program files\superfish\window shopper\SuperfishIEAddon.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: Norton Identity Protection: {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - c:\program files\norton identity safe\engine\2013.2.0.18\coieplg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: Norton Identity Safe Toolbar: {A13C2648-91D4-4BF3-BC6D-0079707C4389} - c:\program files\norton identity safe\engine\2013.2.0.18\coieplg.dll
    TB: Norton Identity Safe Toolbar: {A13C2648-91D4-4bf3-BC6D-0079707C4389} - c:\program files\norton identity safe\engine\2013.2.0.18\coieplg.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [StrgSync.exe] c:\program files\storagesync\StrgSync.exe -w
    uRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NVMCTRAY.DLL,NvTaskbarInit
    uRun: [HP Photosmart 6510 series (NET)] "c:\program files\hp\hp photosmart 6510 series\bin\ScanToPCActivationApp.exe" -deviceID "CN1BJ4103N05QB:NW" -scfn "HP Photosmart 6510 series (NET)" -AutoStart 1
    uRun: [93BDFB8E35BFC01D73B090163BC1144A8EF10A34._service_run] "c:\program files\google\chrome\application\chrome.exe" --type=service
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    mRun: [nwiz] nwiz.exe /install
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [PC Cleaners] "c:\program files\pc cleaners\PCCleaners.exe" /minimize
    mRun: [ATT-SST_McciTrayApp] "c:\program files\att-sst\pcTrayApp.exe"
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    StartupFolder: c:\documents and settings\john\start menu\programs\startup\PowerReg Scheduler.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\goback.lnk - c:\program files\roxio\goback\GBTray.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\refresh.lnk - c:\program files\iomega\tools_nt\refresh.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\splash.lnk - c:\program files\iomega\tools_nt\splash.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    IE: {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - c:\program files\superfish\window shopper\SuperfishIEAddon.dll
    IE: {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - {DD6687B5-CB43-4211-BFC9-2942CCBDCB3E} - c:\program files\microsoft money\system\mnyside.dll
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    Trusted Zone: $talisma_url$
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
    TCP: NameServer = 192.168.1.254
    TCP: Interfaces\{4F75E547-432B-4673-9978-FCF0993CD342} : DHCPNameServer = 192.168.1.254
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: {6809e580-a3a7-11d1-9a00-00a0c945b006} - <orphaned>
    mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 SMR311;Symantec SMR Utility Service 3.1.1;c:\windows\system32\drivers\SMR311.SYS [2012-12-9 97440]
    R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nav\1402000.013\symds.sys [2012-10-28 368288]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1402000.013\symefa.sys [2012-10-28 927904]
    R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_20.1.1.5\definitions\bashdefs\20121130.005\BHDrvx86.sys [2012-12-3 995488]
    R1 ccSet_NAV;Norton AntiVirus Settings Manager;c:\windows\system32\drivers\nav\1402000.013\ccsetx86.sys [2012-10-28 134304]
    R1 ccSet_NST;Norton Identity Safe Settings Manager;c:\windows\system32\drivers\nst\7dd02000.012\ccsetx86.sys [2012-10-29 134304]
    R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nav\1402000.013\ironx86.sys [2012-10-28 175264]
    R2 NAV;Norton AntiVirus;c:\program files\norton antivirus\engine\20.2.0.19\ccsvchst.exe [2012-10-28 143928]
    R2 NCO;Norton Identity Safe;c:\program files\norton identity safe\engine\2013.2.0.18\ccsvchst.exe [2012-10-29 143928]
    R2 pcCMService;pcCMService;c:\program files\common files\motive\pcCMService.exe [2012-9-19 361472]
    R2 pcServiceHost;pcServiceHost;c:\program files\common files\motive\pcServiceHost.exe [2012-9-19 342016]
    R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2012-12-2 794272]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-11-14 106656]
    R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_20.1.1.5\definitions\ipsdefs\20121205.001\IDSXpx86.sys [2012-12-6 373728]
    R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_20.1.1.5\definitions\virusdefs\20121208.007\NAVENG.SYS [2012-12-8 92704]
    R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_20.1.1.5\definitions\virusdefs\20121208.007\NAVEX15.SYS [2012-12-8 1601184]
    S2 SAVRTPEL;SAVRTPEL;\??\c:\windows\system32\drivers\savrtpel.sys --> c:\windows\system32\drivers\SAVRTPEL.SYS [?]
    S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2011-6-13 267568]
    S3 MTK;Media Technology Kernel Driver;c:\windows\system32\drivers\mtk.sys --> c:\windows\system32\drivers\mtk.sys [?]
    S3 SAVRT;SAVRT;\??\c:\windows\system32\drivers\savrt.sys --> c:\windows\system32\drivers\SAVRT.SYS [?]
    .
    =============== Created Last 30 ================
    .
    .
    ==================== Find3M ====================
    .
    2012-12-02 13:03:53 73656 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-12-02 13:03:53 697272 -c--a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-10-25 08:12:26 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2012-10-25 08:12:26 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2012-10-22 08:37:31 1866368 ----a-w- c:\windows\system32\win32k.sys
    2012-10-17 13:04:46 142496 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
    2012-10-09 01:00:02 586400 ----a-w- c:\windows\system32\drivers\nav\1402000.013\srtsp.sys
    2012-10-04 01:40:35 927904 ----a-w- c:\windows\system32\drivers\nav\1402000.013\symefa.sys
    2012-10-04 01:40:20 368288 ----a-w- c:\windows\system32\drivers\nav\1402000.013\symds.sys
    2012-10-04 01:19:14 134304 ----a-w- c:\windows\system32\drivers\nst\7dd02000.012\ccsetx86.sys
    2012-10-04 01:19:14 134304 ----a-w- c:\windows\system32\drivers\nav\1402000.013\ccsetx86.sys
    2012-10-02 18:04:21 58368 -c--a-w- c:\windows\system32\synceng.dll
    2012-09-24 19:32:24 477168 -c--a-w- c:\windows\system32\npdeployJava1.dll
    2012-09-24 19:32:20 473072 -c--a-w- c:\windows\system32\deployJava1.dll
    2012-09-24 17:51:47 73728 ----a-w- c:\windows\system32\javacpl.cpl
    .
    =================== ROOTKIT ====================
    .
    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 5.1.2600
    .
    device: opened successfully
    user: MBR read successfully
    .
    Disk trace:
    called modules: ntoskrnl.exe GoBack2K.sys CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys PCIIDEX.SYS
    c:\windows\system32\drivers\GoBack2K.sys Roxio, Inc. GoBack
    1 nt!IofCallDriver[0x804E37D5] -> \Device\Harddisk0\DR0[0x8A47EAB8]
    3 CLASSPNP[0xF7637FD7] -> nt!IofCallDriver[0x804E37D5] -> \Device\Ide\IdeDeviceP0T0L0-3[0x8A507D98]
    kernel: MBR read successfully
    _asm { CALL 0x56; }
    user != kernel MBR !!!
    .
    ============= FINISH: 14:27:22.56 ===============





    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 3/19/2011 10:39:27 PM
    System Uptime: 12/9/2012 12:05:29 PM (2 hours ago)
    .
    Motherboard: Dell Computer Corp. | |
    Processor: Intel(R) Pentium(R) 4 CPU 2.40GHz | Microprocessor | 2386/533mhz
    .
    ==== Disk Partitions =========================
    .
    A: is Removable
    C: is FIXED (NTFS) - 55 GiB total, 31.089 GiB free.
    D: is FIXED (NTFS) - 57 GiB total, 53.228 GiB free.
    E: is CDROM ()
    F: is CDROM ()
    G: is FIXED (NTFS) - 149 GiB total, 64.135 GiB free.
    H: is Removable
    I: is Removable
    J: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP1: 12/9/2012 1:08:08 PM - System Checkpoint
    .
    ==== Installed Programs ======================
    .
    32 Bit HP CIO Components Installer
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Reader X (10.1.4)
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    AT&T Troubleshoot & Resolve Tool
    AT&T U-verse Media Share Wizard
    Audacity 1.3.14 (Unicode)
    Bing Rewards Client Installer
    Bonjour
    Coupon Printer for Windows
    Dell Driver Download Manager
    Dell ResourceCD
    Easy CD Creator 5 Basic
    EZ Vinyl/Tape Converter 7.7 by MixMeister
    FastStone Image Viewer 4.5
    FinalTorrent 2011
    Free M4a to MP3 Converter 7.0
    GoBack Personal Edition
    Hewlett-Packard ACLM.NET v1.1.0.0
    HiJackThis
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB2570791)
    Hotfix for Windows XP (KB2633952)
    Hotfix for Windows XP (KB2756822)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB981793)
    HP Photo Creations
    HP Photosmart 6510 series Basic Device Software
    HP Photosmart 6510 series Help
    HP Photosmart 6510 series Product Improvement Study
    HP Product Detection
    HP Update
    iLivid
    Intel(R) PRO Ethernet Adapter and Software
    Internet Explorer (Enable DEP)
    IomegaWare for Windows NT
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 37
    K-Lite Mega Codec Pack 8.1.0
    LiveReg (Symantec Corporation)
    LiveUpdate 1.80 (Symantec Corporation)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Automated Troubleshooting Services Shim
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Encarta Encyclopedia Standard 2003
    Microsoft Fix it Center
    Microsoft Money 2003
    Microsoft Money 2003 System Pack
    Microsoft Office 2000 Premium
    Microsoft Picture It! Photo 7.0
    Microsoft Silverlight
    Microsoft Streets and Trips 2002
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Word 2002
    Microsoft Works 2003 Setup Launcher
    Microsoft Works 7.0
    Microsoft Works Suite Add-in for Microsoft Word
    MSXML 4.0 SP2 (KB973688)
    Norton AntiVirus
    Norton Identity Safe
    NVIDIA Display Driver
    NVIDIA Drivers
    Orb
    Orb Runtime libraries
    PC Cleaners
    PC Tools Registry Mechanic 11.1
    QuickTime
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Windows Internet Explorer 8 (KB2482017)
    Security Update for Windows Internet Explorer 8 (KB2497640)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2530548)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2559049)
    Security Update for Windows Internet Explorer 8 (KB2586448)
    Security Update for Windows Internet Explorer 8 (KB2618444)
    Security Update for Windows Internet Explorer 8 (KB2647516)
    Security Update for Windows Internet Explorer 8 (KB2675157)
    Security Update for Windows Internet Explorer 8 (KB2699988)
    Security Update for Windows Internet Explorer 8 (KB2722913)
    Security Update for Windows Internet Explorer 8 (KB2744842)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player (KB979402)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2536276)
    Security Update for Windows XP (KB2544893-v2)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2555917)
    Security Update for Windows XP (KB2562937)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567053)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2584146)
    Security Update for Windows XP (KB2585542)
    Security Update for Windows XP (KB2592799)
    Security Update for Windows XP (KB2598479)
    Security Update for Windows XP (KB2603381)
    Security Update for Windows XP (KB2618451)
    Security Update for Windows XP (KB2619339)
    Security Update for Windows XP (KB2620712)
    Security Update for Windows XP (KB2621440)
    Security Update for Windows XP (KB2624667)
    Security Update for Windows XP (KB2631813)
    Security Update for Windows XP (KB2633171)
    Security Update for Windows XP (KB2639417)
    Security Update for Windows XP (KB2641653)
    Security Update for Windows XP (KB2646524)
    Security Update for Windows XP (KB2647518)
    Security Update for Windows XP (KB2653956)
    Security Update for Windows XP (KB2655992)
    Security Update for Windows XP (KB2659262)
    Security Update for Windows XP (KB2660465)
    Security Update for Windows XP (KB2661637)
    Security Update for Windows XP (KB2676562)
    Security Update for Windows XP (KB2685939)
    Security Update for Windows XP (KB2686509)
    Security Update for Windows XP (KB2691442)
    Security Update for Windows XP (KB2695962)
    Security Update for Windows XP (KB2698365)
    Security Update for Windows XP (KB2705219)
    Security Update for Windows XP (KB2707511)
    Security Update for Windows XP (KB2709162)
    Security Update for Windows XP (KB2712808)
    Security Update for Windows XP (KB2718523)
    Security Update for Windows XP (KB2719985)
    Security Update for Windows XP (KB2723135)
    Security Update for Windows XP (KB2724197)
    Security Update for Windows XP (KB2727528)
    Security Update for Windows XP (KB2731847)
    Security Update for Windows XP (KB2761226)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Shockwave
    Sound Effects
    StorageSync Backup Software
    System Requirements Lab
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB2607712)
    Update for Windows XP (KB2616676)
    Update for Windows XP (KB2641690)
    Update for Windows XP (KB2661254-v2)
    Update for Windows XP (KB2718704)
    Update for Windows XP (KB2736233)
    Update for Windows XP (KB2749655)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    WebFldrs XP
    Window Shopper
    Windows Genuine Advantage Notifications (KB905474)
    Windows Internet Explorer 8
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows PowerShell(TM) 1.0
    Windows XP Service Pack 3
    Works Suite OS Pack
    Yahoo! Software Update
    .
    ==== Event Viewer Messages From Past Week ========
    .
    12/3/2012 9:34:00 AM, error: Schedule [7901] - The At3.job command failed to start due to the following error: General access denied error
    12/3/2012 7:43:58 AM, error: Service Control Manager [7000] - The SAVRTPEL service failed to start due to the following error: The system cannot find the file specified.
    12/3/2012 7:30:41 AM, error: Srv [2019] - The server was unable to allocate from the system nonpaged pool because the pool was empty.
    12/3/2012 10:10:00 AM, error: Schedule [7901] - The At1.job command failed to start due to the following error: General access denied error
    12/2/2012 8:40:00 PM, error: Schedule [7901] - The At2.job command failed to start due to the following error: General access denied error
    12/2/2012 2:00:00 PM, error: Schedule [7901] - The At4.job command failed to start due to the following error: General access denied error
    .
    ==== End Of File ===========================




    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-12-09 17:31:08
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 rev.
    Running: oyh1kxb2.exe; Driver: C:\DOCUME~1\John\LOCALS~1\Temp\fxdcypog.sys


    ---- System - GMER 1.0.15 ----

    SSDT 89CDAB68 ZwAlertResumeThread
    SSDT 89CDAC48 ZwAlertThread
    SSDT 89CA2C68 ZwAllocateVirtualMemory
    SSDT 89CCB5F8 ZwAssignProcessToJobObject
    SSDT GoBack2K.sys (GoBack Engine Driver/Roxio, Inc.) ZwClose [0xF74241A0]
    SSDT 89D30A90 ZwConnectPort
    SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xB43A7ED0]
    SSDT 89CDA8B8 ZwCreateMutant
    SSDT 89CCB418 ZwCreateSymbolicLinkObject
    SSDT 89C52870 ZwCreateThread
    SSDT 89CCB6D8 ZwDebugActiveProcess
    SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xB43A8150]
    SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xB43A8810]
    SSDT 89CA2DE0 ZwDuplicateObject
    SSDT 89CA2A20 ZwFreeVirtualMemory
    SSDT GoBack2K.sys (GoBack Engine Driver/Roxio, Inc.) ZwFsControlFile [0xF7424230]
    SSDT 89CDA9A8 ZwImpersonateAnonymousToken
    SSDT 89CDAA88 ZwImpersonateThread
    SSDT 89CFF4C0 ZwLoadDriver
    SSDT 89CA2920 ZwMapViewOfSection
    SSDT 89CDA7D8 ZwOpenEvent
    SSDT 89CA2F80 ZwOpenProcess
    SSDT 89CB16B0 ZwOpenProcessToken
    SSDT 89CCB900 ZwOpenSection
    SSDT 89CA2EB0 ZwOpenThread
    SSDT 89CCB508 ZwProtectVirtualMemory
    SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwRenameKey [0xB43A8D80]
    SSDT 89CDAD28 ZwResumeThread
    SSDT 89CA26B0 ZwSetContextThread
    SSDT 89CA2750 ZwSetInformationProcess
    SSDT 89CCB7B8 ZwSetSystemInformation
    SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xB43A8AA0]
    SSDT 89CDA6F8 ZwSuspendProcess
    SSDT 89CDAE08 ZwSuspendThread
    SSDT 89CB9670 ZwTerminateProcess
    SSDT 89CDAEE8 ZwTerminateThread
    SSDT 89CA2840 ZwUnmapViewOfSection
    SSDT 89CA2B10 ZwWriteVirtualMemory

    ---- Kernel code sections - GMER 1.0.15 ----

    ? SYMDS.SYS The system cannot find the file specified. !
    ? SYMEFA.SYS The system cannot find the file specified. !
    .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB90E7340, 0x121A5F, 0xF8000020]
    .text C:\WINDOWS\System32\nv4_disp.dll section is writeable [0xBF012380, 0x25BA81, 0xF8000020]
    ? C:\DOCUME~1\John\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !
    ? C:\DOCUME~1\John\LOCALS~1\Temp\fxdcypob.sys The system cannot find the file specified. !

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Program Files\Java\jre6\bin\jqs.exe[276] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 00390048
    .text C:\Program Files\Java\jre6\bin\jqs.exe[276] ntdll.dll!NtTerminateThread 7C90DE7E 5 Bytes JMP 0037004C
    .text C:\Program Files\Java\jre6\bin\jqs.exe[276] ADVAPI32.dll!OpenSCManagerW + A3 77DE6FF8 7 Bytes JMP 0039020E
    .text C:\Program Files\Java\jre6\bin\jqs.exe[276] ADVAPI32.dll!LogonUserExW + 461 77DF4A04 7 Bytes JMP 0039012A
    .text C:\Program Files\Java\jre6\bin\jqs.exe[276] ADVAPI32.dll!SystemFunction025 + 8D 77DF4C61 7 Bytes JMP 00390682
    .text C:\Program Files\Java\jre6\bin\jqs.exe[276] ADVAPI32.dll!SetServiceObjectSecurity + E3 77E36E64 7 Bytes JMP 0039059E
    .text C:\Program Files\Java\jre6\bin\jqs.exe[276] ADVAPI32.dll!ChangeServiceConfigA + 193 77E36FFC 7 Bytes JMP 003903D6
    .text C:\Program Files\Java\jre6\bin\jqs.exe[276] ADVAPI32.dll!ChangeServiceConfig2W + 83 77E3720C 2 Bytes JMP 003902F2
    .text C:\Program Files\Java\jre6\bin\jqs.exe[276] ADVAPI32.dll!ChangeServiceConfig2W + 86 77E3720F 4 Bytes [55, 88, EB, F9] {PUSH EBP; MOV BL, CH; STC }
    .text C:\Program Files\Java\jre6\bin\jqs.exe[276] ADVAPI32.dll!CreateServiceA + 193 77E373A4 7 Bytes JMP 003904BA
    .text C:\Program Files\Java\jre6\bin\jqs.exe[276] ADVAPI32.dll!CreateServiceW + 103 77E374AC 7 Bytes JMP 00390766
    .text C:\Program Files\Java\jre6\bin\jqs.exe[276] USER32.dll!DeviceEventWorker + 178 7E45A270 7 Bytes JMP 0039084A
    .text C:\Program Files\Common Files\Motive\pcCMService.exe[1232] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 00390048
    .text C:\Program Files\Common Files\Motive\pcCMService.exe[1232] ntdll.dll!NtTerminateThread 7C90DE7E 5 Bytes JMP 0037004C
    .text C:\Program Files\Common Files\Motive\pcCMService.exe[1232] USER32.dll!DeviceEventWorker + 178 7E45A270 7 Bytes JMP 0039084A
    .text C:\Program Files\Common Files\Motive\pcCMService.exe[1232] ADVAPI32.dll!OpenSCManagerW + A3 77DE6FF8 7 Bytes JMP 0039020E
    .text C:\Program Files\Common Files\Motive\pcCMService.exe[1232] ADVAPI32.dll!LogonUserExW + 461 77DF4A04 7 Bytes JMP 0039012A
    .text C:\Program Files\Common Files\Motive\pcCMService.exe[1232] ADVAPI32.dll!SystemFunction025 + 8D 77DF4C61 7 Bytes JMP 00390682
    .text C:\Program Files\Common Files\Motive\pcCMService.exe[1232] ADVAPI32.dll!SetServiceObjectSecurity + E3 77E36E64 7 Bytes JMP 0039059E
    .text C:\Program Files\Common Files\Motive\pcCMService.exe[1232] ADVAPI32.dll!ChangeServiceConfigA + 193 77E36FFC 7 Bytes JMP 003903D6
    .text C:\Program Files\Common Files\Motive\pcCMService.exe[1232] ADVAPI32.dll!ChangeServiceConfig2W + 83 77E3720C 2 Bytes JMP 003902F2
    .text C:\Program Files\Common Files\Motive\pcCMService.exe[1232] ADVAPI32.dll!ChangeServiceConfig2W + 86 77E3720F 4 Bytes [55, 88, EB, F9] {PUSH EBP; MOV BL, CH; STC }
    .text C:\Program Files\Common Files\Motive\pcCMService.exe[1232] ADVAPI32.dll!CreateServiceA + 193 77E373A4 7 Bytes JMP 003904BA
    .text C:\Program Files\Common Files\Motive\pcCMService.exe[1232] ADVAPI32.dll!CreateServiceW + 103 77E374AC 7 Bytes JMP 00390766
    .text C:\Program Files\Common Files\Motive\pcServiceHost.exe[1700] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 00390048
    .text C:\Program Files\Common Files\Motive\pcServiceHost.exe[1700] ntdll.dll!NtTerminateThread 7C90DE7E 5 Bytes JMP 0037004C
    .text C:\Program Files\Common Files\Motive\pcServiceHost.exe[1700] USER32.dll!DeviceEventWorker + 178 7E45A270 7 Bytes JMP 0039084A
    .text C:\Program Files\Common Files\Motive\pcServiceHost.exe[1700] ADVAPI32.dll!OpenSCManagerW + A3 77DE6FF8 7 Bytes JMP 0039020E
    .text C:\Program Files\Common Files\Motive\pcServiceHost.exe[1700] ADVAPI32.dll!LogonUserExW + 461 77DF4A04 7 Bytes JMP 0039012A
    .text C:\Program Files\Common Files\Motive\pcServiceHost.exe[1700] ADVAPI32.dll!SystemFunction025 + 8D 77DF4C61 7 Bytes JMP 00390682
    .text C:\Program Files\Common Files\Motive\pcServiceHost.exe[1700] ADVAPI32.dll!SetServiceObjectSecurity + E3 77E36E64 7 Bytes JMP 0039059E
    .text C:\Program Files\Common Files\Motive\pcServiceHost.exe[1700] ADVAPI32.dll!ChangeServiceConfigA + 193 77E36FFC 7 Bytes JMP 003903D6
    .text C:\Program Files\Common Files\Motive\pcServiceHost.exe[1700] ADVAPI32.dll!ChangeServiceConfig2W + 83 77E3720C 2 Bytes JMP 003902F2
    .text C:\Program Files\Common Files\Motive\pcServiceHost.exe[1700] ADVAPI32.dll!ChangeServiceConfig2W + 86 77E3720F 4 Bytes [55, 88, EB, F9] {PUSH EBP; MOV BL, CH; STC }
    .text C:\Program Files\Common Files\Motive\pcServiceHost.exe[1700] ADVAPI32.dll!CreateServiceA + 193 77E373A4 7 Bytes JMP 003904BA
    .text C:\Program Files\Common Files\Motive\pcServiceHost.exe[1700] ADVAPI32.dll!CreateServiceW + 103 77E374AC 7 Bytes JMP 00390766
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1928] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 00390048
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1928] ntdll.dll!NtTerminateThread 7C90DE7E 5 Bytes JMP 0037004C
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1928] ADVAPI32.dll!OpenSCManagerW + A3 77DE6FF8 7 Bytes JMP 0039020E
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1928] ADVAPI32.dll!LogonUserExW + 461 77DF4A04 7 Bytes JMP 0039012A
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1928] ADVAPI32.dll!SystemFunction025 + 8D 77DF4C61 7 Bytes JMP 00390682
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1928] ADVAPI32.dll!SetServiceObjectSecurity + E3 77E36E64 7 Bytes JMP 0039059E
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1928] ADVAPI32.dll!ChangeServiceConfigA + 193 77E36FFC 7 Bytes JMP 003903D6
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1928] ADVAPI32.dll!ChangeServiceConfig2W + 83 77E3720C 2 Bytes JMP 003902F2
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1928] ADVAPI32.dll!ChangeServiceConfig2W + 86 77E3720F 4 Bytes [55, 88, EB, F9] {PUSH EBP; MOV BL, CH; STC }
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1928] ADVAPI32.dll!CreateServiceA + 193 77E373A4 7 Bytes JMP 003904BA
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1928] ADVAPI32.dll!CreateServiceW + 103 77E374AC 7 Bytes JMP 00390766
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1928] USER32.dll!DeviceEventWorker + 178 7E45A270 7 Bytes JMP 0039084A
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1948] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 00390048
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1948] ntdll.dll!NtTerminateThread 7C90DE7E 5 Bytes JMP 0037004C
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1948] ADVAPI32.dll!OpenSCManagerW + A3 77DE6FF8 7 Bytes JMP 0039020E
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1948] ADVAPI32.dll!LogonUserExW + 461 77DF4A04 7 Bytes JMP 0039012A
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1948] ADVAPI32.dll!SystemFunction025 + 8D 77DF4C61 7 Bytes JMP 00390682
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1948] ADVAPI32.dll!SetServiceObjectSecurity + E3 77E36E64 7 Bytes JMP 0039059E
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1948] ADVAPI32.dll!ChangeServiceConfigA + 193 77E36FFC 7 Bytes JMP 003903D6
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1948] ADVAPI32.dll!ChangeServiceConfig2W + 83 77E3720C 2 Bytes JMP 003902F2
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1948] ADVAPI32.dll!ChangeServiceConfig2W + 86 77E3720F 4 Bytes [55, 88, EB, F9] {PUSH EBP; MOV BL, CH; STC }
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1948] ADVAPI32.dll!CreateServiceA + 193 77E373A4 7 Bytes JMP 003904BA
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1948] ADVAPI32.dll!CreateServiceW + 103 77E374AC 7 Bytes JMP 00390766
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1948] USER32.dll!DeviceEventWorker + 178 7E45A270 7 Bytes JMP 0039084A
    .text C:\Program Files\Roxio\GoBack\GBPoll.exe[2016] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 00380048
    .text C:\Program Files\Roxio\GoBack\GBPoll.exe[2016] ntdll.dll!NtTerminateThread 7C90DE7E 5 Bytes JMP 0036004C
    .text C:\Program Files\Roxio\GoBack\GBPoll.exe[2016] USER32.dll!DeviceEventWorker + 178 7E45A270 7 Bytes JMP 0038084A
    .text C:\Program Files\Roxio\GoBack\GBPoll.exe[2016] ADVAPI32.dll!OpenSCManagerW + A3 77DE6FF8 7 Bytes JMP 0038020E
    .text C:\Program Files\Roxio\GoBack\GBPoll.exe[2016] ADVAPI32.dll!LogonUserExW + 461 77DF4A04 7 Bytes JMP 0038012A
    .text C:\Program Files\Roxio\GoBack\GBPoll.exe[2016] ADVAPI32.dll!SystemFunction025 + 8D 77DF4C61 7 Bytes JMP 00380682
    .text C:\Program Files\Roxio\GoBack\GBPoll.exe[2016] ADVAPI32.dll!SetServiceObjectSecurity + E3 77E36E64 7 Bytes JMP 0038059E
    .text C:\Program Files\Roxio\GoBack\GBPoll.exe[2016] ADVAPI32.dll!ChangeServiceConfigA + 193 77E36FFC 7 Bytes JMP 003803D6
    .text C:\Program Files\Roxio\GoBack\GBPoll.exe[2016] ADVAPI32.dll!ChangeServiceConfig2W + 83 77E3720C 2 Bytes JMP 003802F2
    .text C:\Program Files\Roxio\GoBack\GBPoll.exe[2016] ADVAPI32.dll!ChangeServiceConfig2W + 86 77E3720F 4 Bytes [54, 88, EB, F9] {PUSH ESP; MOV BL, CH; STC }
    .text C:\Program Files\Roxio\GoBack\GBPoll.exe[2016] ADVAPI32.dll!CreateServiceA + 193 77E373A4 7 Bytes JMP 003804BA
    .text C:\Program Files\Roxio\GoBack\GBPoll.exe[2016] ADVAPI32.dll!CreateServiceW + 103 77E374AC 7 Bytes JMP 00380766
    .text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2268] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 00390048
    .text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2268] ntdll.dll!NtTerminateThread 7C90DE7E 5 Bytes JMP 0037004C
    .text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2268] ADVAPI32.dll!OpenSCManagerW + A3 77DE6FF8 7 Bytes JMP 0039020E
    .text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2268] ADVAPI32.dll!LogonUserExW + 461 77DF4A04 7 Bytes JMP 0039012A
    .text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2268] ADVAPI32.dll!SystemFunction025 + 8D 77DF4C61 7 Bytes JMP 00390682
    .text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2268] ADVAPI32.dll!SetServiceObjectSecurity + E3 77E36E64 7 Bytes JMP 0039059E
    .text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2268] ADVAPI32.dll!ChangeServiceConfigA + 193 77E36FFC 7 Bytes JMP 003903D6
    .text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2268] ADVAPI32.dll!ChangeServiceConfig2W + 83 77E3720C 2 Bytes JMP 003902F2
    .text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2268] ADVAPI32.dll!ChangeServiceConfig2W + 86 77E3720F 4 Bytes [55, 88, EB, F9] {PUSH EBP; MOV BL, CH; STC }
    .text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2268] ADVAPI32.dll!CreateServiceA + 193 77E373A4 7 Bytes JMP 003904BA
    .text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2268] ADVAPI32.dll!CreateServiceW + 103 77E374AC 7 Bytes JMP 00390766
    .text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2268] USER32.dll!DeviceEventWorker + 178 7E45A270 7 Bytes JMP 0039084A
    .text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3012] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 00390048
    .text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3012] ntdll.dll!NtTerminateThread 7C90DE7E 5 Bytes JMP 0037004C
    .text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3012] USER32.dll!DeviceEventWorker + 178 7E45A270 7 Bytes JMP 0039084A
    .text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3012] ADVAPI32.dll!OpenSCManagerW + A3 77DE6FF8 7 Bytes JMP 0039020E
    .text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3012] ADVAPI32.dll!LogonUserExW + 461 77DF4A04 7 Bytes JMP 0039012A
    .text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3012] ADVAPI32.dll!SystemFunction025 + 8D 77DF4C61 7 Bytes JMP 00390682
    .text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3012] ADVAPI32.dll!SetServiceObjectSecurity + E3 77E36E64 7 Bytes JMP 0039059E
    .text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3012] ADVAPI32.dll!ChangeServiceConfigA + 193 77E36FFC 7 Bytes JMP 003903D6
    .text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3012] ADVAPI32.dll!ChangeServiceConfig2W + 83 77E3720C 2 Bytes JMP 003902F2
    .text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3012] ADVAPI32.dll!ChangeServiceConfig2W + 86 77E3720F 4 Bytes [55, 88, EB, F9] {PUSH EBP; MOV BL, CH; STC }
    .text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3012] ADVAPI32.dll!CreateServiceA + 193 77E373A4 7 Bytes JMP 003904BA
    .text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3012] ADVAPI32.dll!CreateServiceW + 103 77E374AC 7 Bytes JMP 00390766
    .text C:\Program Files\PC Cleaners\PCCleaners.exe[3476] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 003A0048
    .text C:\Program Files\PC Cleaners\PCCleaners.exe[3476] ntdll.dll!NtTerminateThread 7C90DE7E 5 Bytes JMP 0038004C
    .text C:\Program Files\PC Cleaners\PCCleaners.exe[3476] ADVAPI32.dll!OpenSCManagerW + A3 77DE6FF8 7 Bytes JMP 003A020E
    .text C:\Program Files\PC Cleaners\PCCleaners.exe[3476] ADVAPI32.dll!LogonUserExW + 461 77DF4A04 7 Bytes JMP 003A012A
    .text C:\Program Files\PC Cleaners\PCCleaners.exe[3476] ADVAPI32.dll!SystemFunction025 + 8D 77DF4C61 7 Bytes JMP 003A0682
    .text C:\Program Files\PC Cleaners\PCCleaners.exe[3476] ADVAPI32.dll!SetServiceObjectSecurity + E3 77E36E64 7 Bytes JMP 003A059E
    .text C:\Program Files\PC Cleaners\PCCleaners.exe[3476] ADVAPI32.dll!ChangeServiceConfigA + 193 77E36FFC 7 Bytes JMP 003A03D6
    .text C:\Program Files\PC Cleaners\PCCleaners.exe[3476] ADVAPI32.dll!ChangeServiceConfig2W + 83 77E3720C 2 Bytes JMP 003A02F2
    .text C:\Program Files\PC Cleaners\PCCleaners.exe[3476] ADVAPI32.dll!ChangeServiceConfig2W + 86 77E3720F 4 Bytes [56, 88, EB, F9] {PUSH ESI; MOV BL, CH; STC }
    .text C:\Program Files\PC Cleaners\PCCleaners.exe[3476] ADVAPI32.dll!CreateServiceA + 193 77E373A4 7 Bytes JMP 003A04BA
    .text C:\Program Files\PC Cleaners\PCCleaners.exe[3476] ADVAPI32.dll!CreateServiceW + 103 77E374AC 7 Bytes JMP 003A0766
    .text C:\Program Files\PC Cleaners\PCCleaners.exe[3476] USER32.dll!DeviceEventWorker + 178 7E45A270 7 Bytes JMP 003A0A0E
    .text C:\Program Files\ATT-SST\pcTrayApp.exe[3500] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 00390048
    .text C:\Program Files\ATT-SST\pcTrayApp.exe[3500] ntdll.dll!NtTerminateThread 7C90DE7E 5 Bytes JMP 0037004C
    .text C:\Program Files\ATT-SST\pcTrayApp.exe[3500] USER32.dll!DeviceEventWorker + 178 7E45A270 7 Bytes JMP 00390A0E
    .text C:\Program Files\ATT-SST\pcTrayApp.exe[3500] ADVAPI32.dll!OpenSCManagerW + A3 77DE6FF8 7 Bytes JMP 0039020E
    .text C:\Program Files\ATT-SST\pcTrayApp.exe[3500] ADVAPI32.dll!LogonUserExW + 461 77DF4A04 7 Bytes JMP 0039012A
    .text C:\Program Files\ATT-SST\pcTrayApp.exe[3500] ADVAPI32.dll!SystemFunction025 + 8D 77DF4C61 7 Bytes JMP 00390682
    .text C:\Program Files\ATT-SST\pcTrayApp.exe[3500] ADVAPI32.dll!SetServiceObjectSecurity + E3 77E36E64 7 Bytes JMP 0039059E
    .text C:\Program Files\ATT-SST\pcTrayApp.exe[3500] ADVAPI32.dll!ChangeServiceConfigA + 193 77E36FFC 7 Bytes JMP 003903D6
    .text C:\Program Files\ATT-SST\pcTrayApp.exe[3500] ADVAPI32.dll!ChangeServiceConfig2W + 83 77E3720C 2 Bytes JMP 003902F2
    .text C:\Program Files\ATT-SST\pcTrayApp.exe[3500] ADVAPI32.dll!ChangeServiceConfig2W + 86 77E3720F 4 Bytes [55, 88, EB, F9] {PUSH EBP; MOV BL, CH; STC }
    .text C:\Program Files\ATT-SST\pcTrayApp.exe[3500] ADVAPI32.dll!CreateServiceA + 193 77E373A4 7 Bytes JMP 003904BA
    .text C:\Program Files\ATT-SST\pcTrayApp.exe[3500] ADVAPI32.dll!CreateServiceW + 103 77E374AC 7 Bytes JMP 00390766
    .text C:\Program Files\iTunes\iTunesHelper.exe[3580] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 00390048
    .text C:\Program Files\iTunes\iTunesHelper.exe[3580] ntdll.dll!NtTerminateThread 7C90DE7E 5 Bytes JMP 0037004C
    .text C:\Program Files\iTunes\iTunesHelper.exe[3580] ADVAPI32.dll!OpenSCManagerW + A3 77DE6FF8 7 Bytes JMP 0039020E
    .text C:\Program Files\iTunes\iTunesHelper.exe[3580] ADVAPI32.dll!LogonUserExW + 461 77DF4A04 7 Bytes JMP 0039012A
    .text C:\Program Files\iTunes\iTunesHelper.exe[3580] ADVAPI32.dll!SystemFunction025 + 8D 77DF4C61 7 Bytes JMP 00390682
    .text C:\Program Files\iTunes\iTunesHelper.exe[3580] ADVAPI32.dll!SetServiceObjectSecurity + E3 77E36E64 7 Bytes JMP 0039059E
    .text C:\Program Files\iTunes\iTunesHelper.exe[3580] ADVAPI32.dll!ChangeServiceConfigA + 193 77E36FFC 7 Bytes JMP 003903D6
    .text C:\Program Files\iTunes\iTunesHelper.exe[3580] ADVAPI32.dll!ChangeServiceConfig2W + 83 77E3720C 2 Bytes JMP 003902F2
    .text C:\Program Files\iTunes\iTunesHelper.exe[3580] ADVAPI32.dll!ChangeServiceConfig2W + 86 77E3720F 4 Bytes [55, 88, EB, F9] {PUSH EBP; MOV BL, CH; STC }
    .text C:\Program Files\iTunes\iTunesHelper.exe[3580] ADVAPI32.dll!CreateServiceA + 193 77E373A4 7 Bytes JMP 003904BA
    .text C:\Program Files\iTunes\iTunesHelper.exe[3580] ADVAPI32.dll!CreateServiceW + 103 77E374AC 7 Bytes JMP 00390766
    .text C:\Program Files\iTunes\iTunesHelper.exe[3580] USER32.dll!DeviceEventWorker + 178 7E45A270 7 Bytes JMP 0039084A
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3588] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 003A0048
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3588] ntdll.dll!NtTerminateThread 7C90DE7E 5 Bytes JMP 0038004C
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3588] ADVAPI32.dll!OpenSCManagerW + A3 77DE6FF8 7 Bytes JMP 003A020E
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3588] ADVAPI32.dll!LogonUserExW + 461 77DF4A04 7 Bytes JMP 003A012A
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3588] ADVAPI32.dll!SystemFunction025 + 8D 77DF4C61 7 Bytes JMP 003A0682
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3588] ADVAPI32.dll!SetServiceObjectSecurity + E3 77E36E64 7 Bytes JMP 003A059E
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3588] ADVAPI32.dll!ChangeServiceConfigA + 193 77E36FFC 7 Bytes JMP 003A03D6
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3588] ADVAPI32.dll!ChangeServiceConfig2W + 83 77E3720C 2 Bytes JMP 003A02F2
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3588] ADVAPI32.dll!ChangeServiceConfig2W + 86 77E3720F 4 Bytes [56, 88, EB, F9] {PUSH ESI; MOV BL, CH; STC }
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3588] ADVAPI32.dll!CreateServiceA + 193 77E373A4 7 Bytes JMP 003A04BA
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3588] ADVAPI32.dll!CreateServiceW + 103 77E374AC 7 Bytes JMP 003A0766
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3588] USER32.dll!DeviceEventWorker + 178 7E45A270 7 Bytes JMP 003A0A0E
    .text C:\Program Files\iPod\bin\iPodService.exe[4044] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 00390048
    .text C:\Program Files\iPod\bin\iPodService.exe[4044] ntdll.dll!NtTerminateThread 7C90DE7E 5 Bytes JMP 0037004C
    .text C:\Program Files\iPod\bin\iPodService.exe[4044] ADVAPI32.dll!OpenSCManagerW + A3 77DE6FF8 7 Bytes JMP 0039020E
    .text C:\Program Files\iPod\bin\iPodService.exe[4044] ADVAPI32.dll!LogonUserExW + 461 77DF4A04 7 Bytes JMP 0039012A
    .text C:\Program Files\iPod\bin\iPodService.exe[4044] ADVAPI32.dll!SystemFunction025 + 8D 77DF4C61 7 Bytes JMP 00390682
    .text C:\Program Files\iPod\bin\iPodService.exe[4044] ADVAPI32.dll!SetServiceObjectSecurity + E3 77E36E64 7 Bytes JMP 0039059E
    .text C:\Program Files\iPod\bin\iPodService.exe[4044] ADVAPI32.dll!ChangeServiceConfigA + 193 77E36FFC 7 Bytes JMP 003903D6
    .text C:\Program Files\iPod\bin\iPodService.exe[4044] ADVAPI32.dll!ChangeServiceConfig2W + 83 77E3720C 2 Bytes JMP 003902F2
    .text C:\Program Files\iPod\bin\iPodService.exe[4044] ADVAPI32.dll!ChangeServiceConfig2W + 86 77E3720F 4 Bytes [55, 88, EB, F9] {PUSH EBP; MOV BL, CH; STC }
    .text C:\Program Files\iPod\bin\iPodService.exe[4044] ADVAPI32.dll!CreateServiceA + 193 77E373A4 7 Bytes JMP 003904BA
    .text C:\Program Files\iPod\bin\iPodService.exe[4044] ADVAPI32.dll!CreateServiceW + 103 77E374AC 7 Bytes JMP 00390766
    .text C:\Program Files\iPod\bin\iPodService.exe[4044] USER32.dll!DeviceEventWorker + 178 7E45A270 7 Bytes JMP 0039084A
    .text C:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe[4180] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 003A0048
    .text C:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe[4180] ntdll.dll!NtTerminateThread 7C90DE7E 5 Bytes JMP 0038004C
    .text C:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe[4180] USER32.dll!DeviceEventWorker + 178 7E45A270 7 Bytes JMP 003A0A0E
    .text C:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe[4180] ADVAPI32.dll!OpenSCManagerW + A3 77DE6FF8 7 Bytes JMP 003A020E
    .text C:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe[4180] ADVAPI32.dll!LogonUserExW + 461 77DF4A04 7 Bytes JMP 003A012A
    .text C:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe[4180] ADVAPI32.dll!SystemFunction025 + 8D 77DF4C61 7 Bytes JMP 003A0682
    .text C:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe[4180] ADVAPI32.dll!SetServiceObjectSecurity + E3 77E36E64 7 Bytes JMP 003A059E
    .text C:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe[4180] ADVAPI32.dll!ChangeServiceConfigA + 193 77E36FFC 7 Bytes JMP 003A03D6
    .text C:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe[4180] ADVAPI32.dll!ChangeServiceConfig2W + 83 77E3720C 2 Bytes JMP 003A02F2
    .text C:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe[4180] ADVAPI32.dll!ChangeServiceConfig2W + 86 77E3720F 4 Bytes [56, 88, EB, F9] {PUSH ESI; MOV BL, CH; STC }
    .text C:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe[4180] ADVAPI32.dll!CreateServiceA + 193 77E373A4 7 Bytes JMP 003A04BA
    .text C:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe[4180] ADVAPI32.dll!CreateServiceW + 103 77E374AC 7 Bytes JMP 003A0766
    .text C:\Program Files\Roxio\GoBack\GBTray.exe[4460] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 00380048
    .text C:\Program Files\Roxio\GoBack\GBTray.exe[4460] ntdll.dll!NtTerminateThread 7C90DE7E 5 Bytes JMP 0036004C
    .text C:\Program Files\Roxio\GoBack\GBTray.exe[4460] USER32.dll!DeviceEventWorker + 178 7E45A270 7 Bytes JMP 0038084A
    .text C:\Program Files\Roxio\GoBack\GBTray.exe[4460] ADVAPI32.dll!OpenSCManagerW + A3 77DE6FF8 7 Bytes JMP 0038020E
    .text C:\Program Files\Roxio\GoBack\GBTray.exe[4460] ADVAPI32.dll!LogonUserExW + 461 77DF4A04 7 Bytes JMP 0038012A
    .text C:\Program Files\Roxio\GoBack\GBTray.exe[4460] ADVAPI32.dll!SystemFunction025 + 8D 77DF4C61 7 Bytes JMP 00380682
    .text C:\Program Files\Roxio\GoBack\GBTray.exe[4460] ADVAPI32.dll!SetServiceObjectSecurity + E3 77E36E64 7 Bytes JMP 0038059E
    .text C:\Program Files\Roxio\GoBack\GBTray.exe[4460] ADVAPI32.dll!ChangeServiceConfigA + 193 77E36FFC 7 Bytes JMP 003803D6
    .text C:\Program Files\Roxio\GoBack\GBTray.exe[4460] ADVAPI32.dll!ChangeServiceConfig2W + 83 77E3720C 2 Bytes JMP 003802F2
    .text C:\Program Files\Roxio\GoBack\GBTray.exe[4460] ADVAPI32.dll!ChangeServiceConfig2W + 86 77E3720F 4 Bytes [54, 88, EB, F9] {PUSH ESP; MOV BL, CH; STC }
    .text C:\Program Files\Roxio\GoBack\GBTray.exe[4460] ADVAPI32.dll!CreateServiceA + 193 77E373A4 7 Bytes JMP 003804BA
    .text C:\Program Files\Roxio\GoBack\GBTray.exe[4460] ADVAPI32.dll!CreateServiceW + 103 77E374AC 7 Bytes JMP 00380766
    .text C:\Program Files\HP\HP Photosmart 6510 series\Bin\HPNetworkCommunicator.exe[5124] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 003A0048
    .text C:\Program Files\HP\HP Photosmart 6510 series\Bin\HPNetworkCommunicator.exe[5124] ntdll.dll!NtTerminateThread 7C90DE7E 5 Bytes JMP 0038004C
    .text C:\Program Files\HP\HP Photosmart 6510 series\Bin\HPNetworkCommunicator.exe[5124] ADVAPI32.dll!OpenSCManagerW + A3 77DE6FF8 7 Bytes JMP 003A020E
    .text C:\Program Files\HP\HP Photosmart 6510 series\Bin\HPNetworkCommunicator.exe[5124] ADVAPI32.dll!LogonUserExW + 461 77DF4A04 7 Bytes JMP 003A012A
    .text C:\Program Files\HP\HP Photosmart 6510 series\Bin\HPNetworkCommunicator.exe[5124] ADVAPI32.dll!SystemFunction025 + 8D 77DF4C61 7 Bytes JMP 003A0682
    .text C:\Program Files\HP\HP Photosmart 6510 series\Bin\HPNetworkCommunicator.exe[5124] ADVAPI32.dll!SetServiceObjectSecurity + E3 77E36E64 7 Bytes JMP 003A059E
    .text C:\Program Files\HP\HP Photosmart 6510 series\Bin\HPNetworkCommunicator.exe[5124] ADVAPI32.dll!ChangeServiceConfigA + 193 77E36FFC 7 Bytes JMP 003A03D6
    .text C:\Program Files\HP\HP Photosmart 6510 series\Bin\HPNetworkCommunicator.exe[5124] ADVAPI32.dll!ChangeServiceConfig2W + 83 77E3720C 2 Bytes JMP 003A02F2
    .text C:\Program Files\HP\HP Photosmart 6510 series\Bin\HPNetworkCommunicator.exe[5124] ADVAPI32.dll!ChangeServiceConfig2W + 86 77E3720F 4 Bytes [56, 88, EB, F9] {PUSH ESI; MOV BL, CH; STC }
    .text C:\Program Files\HP\HP Photosmart 6510 series\Bin\HPNetworkCommunicator.exe[5124] ADVAPI32.dll!CreateServiceA + 193 77E373A4 7 Bytes JMP 003A04BA
    .text C:\Program Files\HP\HP Photosmart 6510 series\Bin\HPNetworkCommunicator.exe[5124] ADVAPI32.dll!CreateServiceW + 103 77E374AC 7 Bytes JMP 003A0766
    .text C:\Program Files\HP\HP Photosmart 6510 series\Bin\HPNetworkCommunicator.exe[5124] USER32.dll!DeviceEventWorker + 178 7E45A270 7 Bytes JMP 003A0A0E
    .text C:\Program Files\FastStone Capture\FastStone Capture 5.3\FSCapture.exe[124444] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 00390048
    .text C:\Program Files\FastStone Capture\FastStone Capture 5.3\FSCapture.exe[124444] ntdll.dll!NtTerminateThread 7C90DE7E 5 Bytes JMP 0037004C
    .text C:\Program Files\FastStone Capture\FastStone Capture 5.3\FSCapture.exe[124444] advapi32.dll!OpenSCManagerW + A3 77DE6FF8 7 Bytes JMP 0039020E
    .text C:\Program Files\FastStone Capture\FastStone Capture 5.3\FSCapture.exe[124444] advapi32.dll!LogonUserExW + 461 77DF4A04 7 Bytes JMP 0039012A
    .text C:\Program Files\FastStone Capture\FastStone Capture 5.3\FSCapture.exe[124444] advapi32.dll!SystemFunction025 + 8D 77DF4C61 7 Bytes JMP 00390682
    .text C:\Program Files\FastStone Capture\FastStone Capture 5.3\FSCapture.exe[124444] advapi32.dll!SetServiceObjectSecurity + E3 77E36E64 7 Bytes JMP 0039059E
    .text C:\Program Files\FastStone Capture\FastStone Capture 5.3\FSCapture.exe[124444] advapi32.dll!ChangeServiceConfigA + 193 77E36FFC 7 Bytes JMP 003903D6
    .text C:\Program Files\FastStone Capture\FastStone Capture 5.3\FSCapture.exe[124444] advapi32.dll!ChangeServiceConfig2W + 83 77E3720C 2 Bytes JMP 003902F2
    .text C:\Program Files\FastStone Capture\FastStone Capture 5.3\FSCapture.exe[124444] advapi32.dll!ChangeServiceConfig2W + 86 77E3720F 4 Bytes [55, 88, EB, F9] {PUSH EBP; MOV BL, CH; STC }
    .text C:\Program Files\FastStone Capture\FastStone Capture 5.3\FSCapture.exe[124444] advapi32.dll!CreateServiceA + 193 77E373A4 7 Bytes JMP 003904BA
    .text C:\Program Files\FastStone Capture\FastStone Capture 5.3\FSCapture.exe[124444] advapi32.dll!CreateServiceW + 103 77E374AC 7 Bytes JMP 00390766
    .text C:\Program Files\FastStone Capture\FastStone Capture 5.3\FSCapture.exe[124444] USER32.dll!DeviceEventWorker + 178 7E45A270 7 Bytes JMP 0039084A
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[179620] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[179620] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[179620] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E725F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[179620] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E7191 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[179620] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E71FC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[179620] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E7062 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[179620] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E70C4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[179620] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E72C2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[179620] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E7126 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[179756] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 02B50048
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[179756] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 02B5012A
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[179756] kernel32.dll!VirtualProtectEx + 6E 7C801ACF 7 Bytes JMP 02B50594
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[179756] kernel32.dll!ReadProcessMemory + 3E 7C80220E 7 Bytes JMP 02B502EE
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[179756] kernel32.dll!lstrlenW + 43 7C809AEC 7 Bytes JMP 02B504B2
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[179756] kernel32.dll!CreateRemoteThread + 206 7C8106D2 7 Bytes JMP 02B5020C
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[179756] kernel32.dll!GetVersionExA + D3 7C812C51 7 Bytes JMP 02B50676
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[179756] kernel32.dll!GetProcessHandleCount + 35 7C86229F 7 Bytes JMP 02B503D0
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[179756] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[179756] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AB5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[179756] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD12D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[179756] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[179756] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25466C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[179756] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E725F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[179756] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E7191 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[179756] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E71FC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[179756] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E7062 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[179756] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E70C4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[179756] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E72C2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[179756] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E7126 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[179756] ole32.dll!CreateBindCtx + B5F 774FF15F 7 Bytes JMP 02B5083A
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[179756] ole32.dll!CoCreateInstance 774FF1BC 5 Bytes JMP 3E2EDB80 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[179756] ole32.dll!CoImpersonateClient + 51 77515200 7 Bytes JMP 02B50758
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[179756] ole32.dll!OleLoadFromStream 7752983B 5 Bytes JMP 3E3E75C7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Documents and Settings\John\Desktop\oyh1kxb2.exe[331692] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 00390048
    .text C:\Documents and Settings\John\Desktop\oyh1kxb2.exe[331692] ntdll.dll!NtTerminateThread 7C90DE7E 5 Bytes JMP 0037004C
    .text C:\Documents and Settings\John\Desktop\oyh1kxb2.exe[331692] ADVAPI32.dll!OpenSCManagerW + A3 77DE6FF8 7 Bytes JMP 0039020E
    .text C:\Documents and Settings\John\Desktop\oyh1kxb2.exe[331692] ADVAPI32.dll!LogonUserExW + 461 77DF4A04 7 Bytes JMP 0039012A
    .text C:\Documents and Settings\John\Desktop\oyh1kxb2.exe[331692] ADVAPI32.dll!SystemFunction025 + 8D 77DF4C61 7 Bytes JMP 00390682
    .text C:\Documents and Settings\John\Desktop\oyh1kxb2.exe[331692] ADVAPI32.dll!SetServiceObjectSecurity + E3 77E36E64 7 Bytes JMP 0039059E
    .text C:\Documents and Settings\John\Desktop\oyh1kxb2.exe[331692] ADVAPI32.dll!ChangeServiceConfigA + 193 77E36FFC 7 Bytes JMP 003903D6
    .text C:\Documents and Settings\John\Desktop\oyh1kxb2.exe[331692] ADVAPI32.dll!ChangeServiceConfig2W + 83 77E3720C 2 Bytes JMP 003902F2
    .text C:\Documents and Settings\John\Desktop\oyh1kxb2.exe[331692] ADVAPI32.dll!ChangeServiceConfig2W + 86 77E3720F 4 Bytes [55, 88, EB, F9] {PUSH EBP; MOV BL, CH; STC }
    .text C:\Documents and Settings\John\Desktop\oyh1kxb2.exe[331692] ADVAPI32.dll!CreateServiceA + 193 77E373A4 7 Bytes JMP 003904BA
    .text C:\Documents and Settings\John\Desktop\oyh1kxb2.exe[331692] ADVAPI32.dll!CreateServiceW + 103 77E374AC 7 Bytes JMP 00390766
    .text C:\Documents and Settings\John\Desktop\oyh1kxb2.exe[331692] USER32.dll!DeviceEventWorker + 178 7E45A270 7 Bytes JMP 0039084A

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs GBFSHook.SYS (GoBack File System Hook Driver/Roxio, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

    Device \Driver\Disk \Device\Harddisk0\DR0 GoBack2K.sys (GoBack Engine Driver/Roxio, Inc.)

    AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

    Device \Driver\Disk \Device\Harddisk1\DR2 GoBack2K.sys (GoBack Engine Driver/Roxio, Inc.)
    Device \Driver\Disk \Device\Harddisk1\DP(1)0-0+4 GoBack2K.sys (GoBack Engine Driver/Roxio, Inc.)
    Device \Driver\Disk \Device\Harddisk2\DR3 GoBack2K.sys (GoBack Engine Driver/Roxio, Inc.)
    Device \Driver\Disk \Device\Harddisk2\DP(1)0-0+5 GoBack2K.sys (GoBack Engine Driver/Roxio, Inc.)
    Device \Driver\Disk \Device\Harddisk3\DR6 GoBack2K.sys (GoBack Engine Driver/Roxio, Inc.)
    Device \Driver\Disk \Device\Harddisk4\DR18 GoBack2K.sys (GoBack Engine Driver/Roxio, Inc.)
    Device \Driver\Disk \Device\Harddisk4\DP(1)0-0+13 GoBack2K.sys (GoBack Engine Driver/Roxio, Inc.)

    AttachedDevice \FileSystem\Fastfat \Fat FLTMGR.SYS (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    ---- Processes - GMER 1.0.15 ----

    Process hidden process (*** hidden *** ) 4012
    Process hidden process (*** hidden *** ) 12920
    Process hidden process (*** hidden *** ) 43932
    Process hidden process (*** hidden *** ) 48548
    Process hidden process (*** hidden *** ) 48684
    Process hidden process (*** hidden *** ) 58908

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-854245398-1614895754-725345543-1003\Extension-List\{00000000-0000-0000-0000-000000000000}@StartTimeLo 216132214
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-854245398-1614895754-725345543-1003\Extension-List\{00000000-0000-0000-0000-000000000000}@StartTimeHi 30266941
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-854245398-1614895754-725345543-1003\Extension-List\{00000000-0000-0000-0000-000000000000}@EndTimeLo 216444714
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-854245398-1614895754-725345543-1003\Extension-List\{00000000-0000-0000-0000-000000000000}@EndTimeHi 30266941

    ---- Disk sectors - GMER 1.0.15 ----

    Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

    ---- Files - GMER 1.0.15 ----

    File C:\WINDOWS\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D\wuredir.cab.bak 16780 bytes

    ---- EOF - GMER 1.0
     
  2. flavallee

    flavallee Frank Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    63,629
    Go to Control Panel - Add Or Remove Programs, then uninstall/remove

    PC Cleaners

    PC Tools Registry Mechanic 11.1


    -------------------------------------------------------

    Download and save and then install the free version of

    Malwarebytes Anti-Malware 1.65.1.1000

    SUPERAntiSpyware 5.6.0.1014

    Make sure to update their definition files during the install process.

    Make sure to uncheck and decline to install any extras, such as toolbars and homepages, they may offer.

    Make sure to uncheck and decline to use the "Pro" or "Trial" version, if it's offered.

    After they're installed and updated, restart the computer.

    Run a QUICK scan with each of them.

    When each scan is finished, select and remove EVERYTHING they found.

    Restart the computer, if prompted to, so the removal process can finish.

    Note: DON'T use the computer while each scan is in progress.

    -------------------------------------------------------
     
  3. flavallee

    flavallee Frank Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    63,629
    What's the model name and model number of that Dell?

    What's the 7-character "service tag" number on the sticker?

    -----------------------------------------------------------------
     
  4. roosterlips

    roosterlips Thread Starter

    Joined:
    May 7, 2006
    Messages:
    17
    Model Name: Dell Dimension 8250

    Service Tag: CHXX521

    Note: Had to replace the hard drive a few years back.
    Note: Added memory a few years back.
     
  5. roosterlips

    roosterlips Thread Starter

    Joined:
    May 7, 2006
    Messages:
    17
    1. Removed PC Cleaners & PC Tools Registry Mechanic Software.
    2. Installed the free versions of Malwarebytes & SUPERAntiSpyware and ran the quick scans.
    3. Have added three attachments that indicate the scan results etc.
    4. I have not used this site often...so hopefully I have added the attachments and I'm replying correctly/effectively.

    Note: I replaced the battery(CR2032 LITHIUM) on the main board inside my computer yesterday due to the low battery warnings that I would receive at boot up every now and then.

    Anyway...At this point I guess I just wait to see if the problem goes away.

    Thanks For Your Help!
     

    Attached Files:

  6. flavallee

    flavallee Frank Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    63,629
    Here is the support and software site that's specific only to your Dell Dimension 8250 desktop which was purchased in December 2002.

    You might want to add and save this site in your browser favorites/bookmarks list so you can readily refer to it when needed.

    It came with 2 - 128 MB modules, so I'm guessing you added 2 - 512 MB modules to it to get 1280 MB(1.25 GB) of RAM.

    It's unfortunate that RDRAM modules are so expensive and hard to find, or else I'd suggest replacing the 128 MB modules with 512 MB modules.

    ----------------------------------------------------------
     
  7. flavallee

    flavallee Frank Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    63,629
    Let's see what the scan logs look like.

    I'm going to assume that you selected and removed EVERYTHING that was found.

    -----------------------------------------------------------

    Start Malwarebytes Anti-Malware.

    Click "Logs"(tab).

    Highlight the scan log entry, then click "Open".

    When the scan log appears in Notepad, copy-and-paste it here.

    -----------------------------------------------------------

    Start SUPERAntiSpyware.

    Click "View Scan Logs".

    Highlight the scan log entry, then click "View Selected Log".

    When the scan log appears in Notepad, copy-and-paste it here.

    -----------------------------------------------------------
     
  8. flavallee

    flavallee Frank Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    63,629
    If that computer has a rootkit infection, that's beyond my expertise to help you with.

    It'll need to be dealt with by a qualified and trained gold shield removal specialist in the Virus & Other Malware Removal section.

    In many cases a rootkit infection does a lot of damage, so doing a clean reinstall of Windows XP SP3 and getting a fresh start is the best option.

    -----------------------------------------------------------
     
  9. roosterlips

    roosterlips Thread Starter

    Joined:
    May 7, 2006
    Messages:
    17
    Malwarebytes Anti-Malware (Trial) 1.60.0.1800
    www.malwarebytes.org

    Database version: v2012.01.23.03

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    John :: JOHNHOME [administrator]

    Protection: Enabled

    1/24/2012 3:26:36 AM
    mbam-log-2012-01-24 (03-26-36).txt

    Scan type: Full scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 209855
    Time elapsed: 1 hour(s), 7 minute(s), 31 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\System Volume Information\_restore{432F6415-6C7F-4CB9-AAC9-659F50D951B7}\RP359\A0086183.EXE (PUP.BundleOffers.IIQ) -> Quarantined and deleted successfully.

    (end)

    ------------------------------------------------------

    Malwarebytes Anti-Malware 1.65.1.1000
    www.malwarebytes.org

    Database version: v2012.12.10.04

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    John :: JOHNHOME [administrator]

    12/10/2012 8:46:42 AM
    mbam-log-2012-12-10 (08-46-42).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 197216
    Time elapsed: 7 minute(s), 51 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)

    --------------------------------------------------------

    2012/01/24 08:24:14 -0500 JOHNHOME MESSAGE Starting protection
    2012/01/24 08:24:23 -0500 JOHNHOME MESSAGE Protection started successfully
    2012/01/24 08:24:27 -0500 JOHNHOME MESSAGE Starting IP protection
    2012/01/24 08:24:41 -0500 JOHNHOME John MESSAGE IP Protection started successfully
    2012/01/24 09:25:55 -0500 JOHNHOME John MESSAGE Executing scheduled update: Daily
    2012/01/24 09:26:07 -0500 JOHNHOME John MESSAGE Scheduled update executed successfully: database updated from version v2012.01.23.03 to version v2012.01.24.04
    2012/01/24 09:26:07 -0500 JOHNHOME John MESSAGE Starting database refresh
    2012/01/24 09:26:07 -0500 JOHNHOME John MESSAGE Stopping IP protection
    2012/01/24 09:26:07 -0500 JOHNHOME John MESSAGE IP Protection stopped
    2012/01/24 09:26:17 -0500 JOHNHOME John MESSAGE Database refreshed successfully
    2012/01/24 09:26:17 -0500 JOHNHOME John MESSAGE Starting IP protection
    2012/01/24 09:26:28 -0500 JOHNHOME John MESSAGE IP Protection started successfully
    2012/01/24 09:39:33 -0500 JOHNHOME John MESSAGE Stopping IP protection
    2012/01/24 09:39:33 -0500 JOHNHOME John MESSAGE IP Protection stopped
    2012/01/24 09:44:22 -0500 JOHNHOME John MESSAGE Starting IP protection
    2012/01/24 09:44:29 -0500 JOHNHOME John MESSAGE IP Protection started successfully
    2012/01/24 12:34:04 -0500 JOHNHOME John IP-BLOCK 193.169.40.44 (Type: outgoing)
    2012/01/24 12:34:07 -0500 JOHNHOME John IP-BLOCK 193.169.40.44 (Type: outgoing)
    2012/01/24 12:34:13 -0500 JOHNHOME John IP-BLOCK 193.169.40.44 (Type: outgoing)
    2012/01/24 12:34:20 -0500 JOHNHOME John IP-BLOCK 193.169.40.44 (Type: outgoing)
    2012/01/24 12:34:23 -0500 JOHNHOME John IP-BLOCK 193.169.40.44 (Type: outgoing)
    2012/01/24 12:37:49 -0500 JOHNHOME John IP-BLOCK 91.205.96.48 (Type: outgoing)
    2012/01/24 12:37:49 -0500 JOHNHOME John IP-BLOCK 94.102.48.2 (Type: outgoing)
    2012/01/24 12:37:50 -0500 JOHNHOME John IP-BLOCK 91.205.96.48 (Type: outgoing)
    2012/01/24 12:37:50 -0500 JOHNHOME John IP-BLOCK 98.142.240.58 (Type: outgoing)
    2012/01/24 12:37:50 -0500 JOHNHOME John IP-BLOCK 88.85.65.233 (Type: outgoing)
    2012/01/24 12:37:50 -0500 JOHNHOME John IP-BLOCK 94.102.48.2 (Type: outgoing)
    2012/01/24 12:37:51 -0500 JOHNHOME John IP-BLOCK 91.205.96.48 (Type: outgoing)
    2012/01/24 12:37:59 -0500 JOHNHOME John IP-BLOCK 193.169.40.34 (Type: outgoing)
    2012/01/24 12:38:01 -0500 JOHNHOME John IP-BLOCK 193.169.40.34 (Type: outgoing)
    2012/01/24 12:38:07 -0500 JOHNHOME John IP-BLOCK 193.169.40.34 (Type: outgoing)
    2012/01/24 12:40:48 -0500 JOHNHOME John IP-BLOCK 91.205.96.48 (Type: outgoing)
    2012/01/24 12:40:48 -0500 JOHNHOME John IP-BLOCK 88.85.70.137 (Type: outgoing)
    2012/01/24 12:40:49 -0500 JOHNHOME John IP-BLOCK 94.102.48.2 (Type: outgoing)
    2012/01/24 12:40:49 -0500 JOHNHOME John IP-BLOCK 94.102.48.2 (Type: outgoing)
    2012/01/24 12:40:50 -0500 JOHNHOME John IP-BLOCK 94.102.48.2 (Type: outgoing)

    ----------------------------------------------------------------------------------

    2012/01/25 01:25:30 -0500 JOHNHOME MESSAGE Starting protection
    2012/01/25 01:25:39 -0500 JOHNHOME MESSAGE Protection started successfully
    2012/01/25 01:25:43 -0500 JOHNHOME MESSAGE Starting IP protection
    2012/01/25 01:25:58 -0500 JOHNHOME John MESSAGE IP Protection started successfully
    2012/01/25 02:04:15 -0500 JOHNHOME John IP-BLOCK 109.236.83.66 (Type: outgoing)
    2012/01/25 02:04:18 -0500 JOHNHOME John IP-BLOCK 109.236.83.66 (Type: outgoing)
    2012/01/25 02:04:24 -0500 JOHNHOME John IP-BLOCK 109.236.83.66 (Type: outgoing)
    2012/01/25 08:48:36 -0500 JOHNHOME John MESSAGE Stopping IP protection
    2012/01/25 08:48:36 -0500 JOHNHOME John MESSAGE IP Protection stopped
     
  10. roosterlips

    roosterlips Thread Starter

    Joined:
    May 7, 2006
    Messages:
    17
    How do I copy this post to the virus & other malware removal section Or how can I direct them to it?
     
  11. flavallee

    flavallee Frank Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    63,629
    Read the instructions here, then submit the required logs and information.

    I've requested your thread to be moved to the "Virus & Other Malware Removal" section.

    That section is very busy, so it may take awhile before a gold shield removal specialist replies.

    I'm not qualified and trained to help you in that section, so you won't be hearing from me again.

    --------------------------------------------------------------
     
  12. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1080240