I think I am infected with an awful virus

Inactive
By Elvira1
Oct 11, 2012
  1. My laptop has been extremely slow. I have a Dell Latitude D630 with Windows xp and had a virus a few months back. I thought I got rid of it, but now I don't think that is the case. I'm in desperate need of help and would greatly appreciate any assistance you can be.

    I have Advanced System Care Pro on my system and when I scan with it, It shows on the bottom of the screen that it's actively scanning things like the following (on my computer), although these findings are never displayed in the final scan results.:
    • Vundo
    • Trojan.Win32
    • Backdoor.defrauder
    • Generic Keylogger
    • Trojan Dropper
    I also have Malware Bytes Pro on my system as of the last week or so, which includes realtime scanning. It has blocked a few out-going problems when I was on a Google search page. Could this mean that I have been intruded with spyware as well?

    Here are some entries that I found suspicious:
    • Suspicious Files, location: C:\WINDOWS
    • hookdllX.dll
    • hookdll
    • i4k2f4c5y4aqh4 - (hidden file, listed twice)
    • invcol.tmp
    • setup.iss
    • f1npf1cdtru5e1 (hidden file)
    • eSellerateControl350.dll
    • eSellerateEngine.dll
    Suspicious Registry Entries:

    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\ScsiPort\SpecialTargetList\WormYAMAHA__CDR100__________

    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\ScsiPort\SpecialTargetList\WormYAMAHA__CDR102__________

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\Sapilayr

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\MSIMTF

    HKEY_LOCAL_MACHINE\SOFTWARE\Bunndle

    HKEY_LOCAL_MACHINE\SOFTWARE\BcmSetup

    HKEY_LOCAL_MACHINE\SOFTWARE\BlackBox

    HKEY_LOCAL_MACHINE\SOFTWARE\ComputerAssociates

    HKEY_LOCAL_MACHINE\SOFTWARE\ComputerAssociates\eTrust Suite Personal

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations

    http://shell.windows.com/fileassoc/x/xml/redir.asp?Ext=%s

    http://shell.windows.com/fileassoc/fileassoc.asp?LangID=x&Ext=%s

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden

    %SystemRoot%\system32\SHELL32.dll,4

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\HideFileExt

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\CancelAutoplay\Files

    updmoney.exe

    Ayarla.exe

    evanims

    Felrak.exe

    hs\media\y\11399\11399_cd_fp.jpg

    hs\media\y\9951\9951_cd_fp.jpg

    hs\media\y\9953\9953_cd_fp.jpg

    hs\media\y\9964\9964_cd_fp.jpg

    hs\media\y\9968\9968_cd_fp.jpg

    Imposta.exe

    KUR.exe

    sfc2.ico

    Y?kle*

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\ContentTypeSniffers

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\ContentTypeSniffers\MusicFilesContentSniffer

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\ContentTypeSniffers\PicturesContentSniffer

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\ContentTypeSniffers\VideoFilesContentSniffer

    HKEY_LOCAL_MACHINE\SOFTWARE\Swearware

    C:\Program Files\Complitly\chrome\ComplitlyChrome.crx

    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node

    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\gencdrom

    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\HAL\CStateHacks

    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Lsa

    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\zclientm.exe

    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Session Manager\AppPatches\WISE0001

    \Device\MailSlot

    Thank you so much for your help with this.
    Thank you,

    Elvira1
  2. Elvira1

    Elvira1 Newcomer, in training Topic Starter Posts: 34

    Here's my Malwarebytes log. I took my computer username off of the log.

    Thanks for any help you can offer.

    Malwarebytes Anti-Malware (PRO) 1.65.0.1400
    www.malwarebytes.org

    Database version: v2012.10.11.04

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    DELLD630 [administrator]

    Protection: Disabled

    10/11/2012 1:11:41 AM
    mbam-log-2012-10-11 (01-11-41).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
    Scan options disabled:
    Objects scanned: 217053
    Time elapsed: 20 minute(s), 50 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
  3. Elvira1

    Elvira1 Newcomer, in training Topic Starter Posts: 34

    Here's the first half of my Gmer log.Thanks again for your help.


    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-10-11 00:50:09
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort1 ST9120817AS rev.3.ADB
    Running: zxtgu78c.exe; Driver: C:\DOCUME~1\LEAHJE~1\LOCALS~1\Temp\kwwdruod.sys


    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xB54B8708]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xB55637C8]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0xB54B911C]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xB54FA401]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xB54C3F28]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xB54C3F74]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xB54C40F6]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xB54F9DB5]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xB54C3E96]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xB54C3FB8]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xB54C3EDE]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0xB54B9310]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xB54C40B0]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0xB54B9A9C]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xB54B8756]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xB54FAAC7]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xB54FAD7D]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xB54BD0E4]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xB54FA932]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xB54FA79D]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xB55638AC]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xB54B83BE]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xB54B87A4]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xB54BD456]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xB54BA464]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xB54C3F52]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xB54C3F96]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xB54C411A]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xB54FA111]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xB54C3EBC]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xB54BCC5A]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xB54C403A]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xB54C3F06]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xB54BCE8C]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xB54C40D4]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xB5563A2C]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xB54FA618]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xB54BA330]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xB54FA46A]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThread [0xB54B9EDA]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xB556F30E]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xB54F9428]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xB54B87F2]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xB54B8840]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0xB54B991C]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xB54B8448]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xB54B85F8]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xB54FABCE]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xB54B859E]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0xB54B9BFE]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0xB54B9D5A]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xB54B8668]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateProcess [0xB54B9632]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0xB54B9794]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xB54B888E]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwWriteVirtualMemory [0xB54B9160]

    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xB557B966]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!ZwCallbackReturn + 2F28 80504820 12 Bytes [F2, 87, 4B, B5, 40, 88, 4B, ...]
    .text ntkrnlpa.exe!ZwCallbackReturn + 2FD0 805048C8 12 Bytes [FE, 9B, 4B, B5, 5A, 9D, 4B, ...]
    PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 805A64B0 4 Bytes CALL B54BAAF1 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC55E 5 Bytes JMP B5578806 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntkrnlpa.exe!ObInsertObject 805C2FE2 5 Bytes JMP B557A320 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D119A 7 Bytes JMP B557B96A \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB6FD93C0, 0x9B04FA, 0xE8000020]
    .text win32k.sys!EngFreeUserMem + 674 BF80991D 5 Bytes JMP B54BEA6E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngFreeUserMem + 35D0 BF80C879 5 Bytes JMP B54BE95E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngDeleteSurface + 45 BF813911 5 Bytes JMP B54BE918 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!BRUSHOBJ_pvAllocRbrush + 11D3 BF81C57B 5 Bytes JMP B54BDFCA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngSetLastError + 79A8 BF8240EB 5 Bytes JMP B54BD6E6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCreateBitmap + F9C BF828A55 5 Bytes JMP B54BEBD8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngUnmapFontFileFD + 2C50 BF8314A0 5 Bytes JMP B54BEDE0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngUnmapFontFileFD + B687 BF839ED7 5 Bytes JMP B54BE81E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!FONTOBJ_pxoGetXform + 84ED BF851765 5 Bytes JMP B54BD5AA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!XLATEOBJ_iXlate + F17 BF85BC8A 5 Bytes JMP B54BE08C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!XLATEOBJ_iXlate + 3581 BF85E2F4 5 Bytes JMP B54BDB40 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!XLATEOBJ_iXlate + 360C BF85E37F 5 Bytes JMP B54BDE06 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCreatePalette + 88 BF85F5F0 5 Bytes JMP B54BD592 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCreatePalette + 5457 BF8649BF 5 Bytes JMP B54BE9A8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngGetCurrentCodePage + 35FB BF8731B9 5 Bytes JMP B54BDC00 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngGetCurrentCodePage + 4138 BF873CF6 5 Bytes JMP B54BDDC0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngGetLastError + 1606 BF890DF1 5 Bytes JMP B54BE0A4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngGradientFill + 26EE BF89439B 5 Bytes JMP B54BEB20 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngStretchBltROP + 583 BF894E73 5 Bytes JMP B54BED3E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCopyBits + 3862 BF89C226 5 Bytes JMP B54BDFB2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCopyBits + 4DF7 BF89D7BB 5 Bytes JMP B54BD756 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngEraseSurface + A9E8 BF8C1D00 5 Bytes JMP B54BD866 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngFillPath + 1517 BF8CA191 5 Bytes JMP B54BD93E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngFillPath + 1797 BF8CA411 5 Bytes JMP B54BDA6A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngDeleteSemaphore + 3B33 BF8EBDCC 5 Bytes JMP B54BD48C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngDeleteSemaphore + CB47 BF8F4DE0 5 Bytes JMP B54BDFE2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCreateClip + 1A2F BF9142F4 5 Bytes JMP B54BD682 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCreateClip + 2603 BF914EC8 5 Bytes JMP B54BD812 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCreateClip + 4F7C BF917841 5 Bytes JMP B54BDF20 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngPlgBlt + 1947 BF947973 5 Bytes JMP B54BEC96 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]

    ---- User code sections - GMER 1.0.15 ----

    .text C:\WINDOWS\system32\spoolsv.exe[344] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\spoolsv.exe[344] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\System32\SCardSvr.exe[432] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\System32\SCardSvr.exe[432] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\PROGRAM FILES\DIVX\DIVX UPDATE\DIVXUPDATE.EXE[484] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
    .text C:\PROGRAM FILES\DIVX\DIVX UPDATE\DIVXUPDATE.EXE[484] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\PROGRAM FILES\DIVX\DIVX UPDATE\DIVXUPDATE.EXE[484] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
    .text C:\PROGRAM FILES\DIVX\DIVX UPDATE\DIVXUPDATE.EXE[484] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\PROGRAM FILES\DIVX\DIVX UPDATE\DIVXUPDATE.EXE[484] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
    .text C:\PROGRAM FILES\DIVX\DIVX UPDATE\DIVXUPDATE.EXE[484] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
    .text C:\PROGRAM FILES\DIVX\DIVX UPDATE\DIVXUPDATE.EXE[484] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
    .text C:\PROGRAM FILES\DIVX\DIVX UPDATE\DIVXUPDATE.EXE[484] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
    .text C:\PROGRAM FILES\DIVX\DIVX UPDATE\DIVXUPDATE.EXE[484] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
    .text C:\PROGRAM FILES\DIVX\DIVX UPDATE\DIVXUPDATE.EXE[484] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
    .text C:\PROGRAM FILES\DIVX\DIVX UPDATE\DIVXUPDATE.EXE[484] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
    .text C:\PROGRAM FILES\DIVX\DIVX UPDATE\DIVXUPDATE.EXE[484] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
    .text C:\PROGRAM FILES\DIVX\DIVX UPDATE\DIVXUPDATE.EXE[484] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003B0804
    .text C:\PROGRAM FILES\DIVX\DIVX UPDATE\DIVXUPDATE.EXE[484] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003B0A08
    .text C:\PROGRAM FILES\DIVX\DIVX UPDATE\DIVXUPDATE.EXE[484] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003B0600
    .text C:\PROGRAM FILES\DIVX\DIVX UPDATE\DIVXUPDATE.EXE[484] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003B01F8
    .text C:\PROGRAM FILES\DIVX\DIVX UPDATE\DIVXUPDATE.EXE[484] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003B03FC
    .text C:\Program Files\AVAST Software\Avast\avastUI.exe[596] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\AVAST Software\Avast\avastUI.exe[596] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\System32\smss.exe[600] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\Explorer.EXE[696] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
    .text C:\WINDOWS\Explorer.EXE[696] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\Explorer.EXE[696] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
    .text C:\WINDOWS\Explorer.EXE[696] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\Explorer.EXE[696] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
    .text C:\WINDOWS\Explorer.EXE[696] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
    .text C:\WINDOWS\Explorer.EXE[696] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\Explorer.EXE[696] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
    .text C:\WINDOWS\Explorer.EXE[696] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
    .text C:\WINDOWS\Explorer.EXE[696] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\Explorer.EXE[696] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\Explorer.EXE[696] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
    .text C:\WINDOWS\Explorer.EXE[696] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
    .text C:\WINDOWS\Explorer.EXE[696] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
    .text C:\WINDOWS\Explorer.EXE[696] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
    .text C:\WINDOWS\Explorer.EXE[696] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
    .text C:\WINDOWS\Explorer.EXE[696] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[712] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000501F8
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[712] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[712] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000503FC
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[712] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[712] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[712] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[712] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[712] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[712] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[712] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[712] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[712] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[712] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[712] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[712] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[712] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[712] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
    .text C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe[1028] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
    .text C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe[1028] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe[1028] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
    .text C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe[1028] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe[1028] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
    .text C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe[1028] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
    .text C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe[1028] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
    .text C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe[1028] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
    .text C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe[1028] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
    .text C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe[1028] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
    .text C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe[1028] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
    .text C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe[1028] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
    .text C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe[1028] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
    .text C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe[1028] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
    .text C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe[1028] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
    .text C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe[1028] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
    .text C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe[1028] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
    .text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[1088] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
    .text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[1088] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[1088] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
    .text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[1088] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[1088] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
    .text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[1088] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
    .text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[1088] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
    .text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[1088] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
    .text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[1088] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
    .text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[1088] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
    .text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[1088] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
    .text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[1088] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
    .text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[1088] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
    .text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[1088] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
    .text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[1088] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
    .text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[1088] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
    .text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[1088] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
    .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[1124] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
    .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[1124] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[1124] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
    .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[1124] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[1124] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
    .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[1124] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
    .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[1124] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
    .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[1124] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
    .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[1124] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
    .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[1124] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
    .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[1124] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
    .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[1124] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
    .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[1124] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
    .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[1124] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
    .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[1124] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
    .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[1124] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
    .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[1124] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
    .text C:\WINDOWS\system32\csrss.exe[1132] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\csrss.exe[1132] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\winlogon.exe[1160] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\winlogon.exe[1160] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\services.exe[1208] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\services.exe[1208] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\lsass.exe[1220] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\lsass.exe[1220] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
  4. Elvira1

    Elvira1 Newcomer, in training Topic Starter Posts: 34

    Here's the last part of my Gmer log. Thanks for your help with this.


    .text c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[1224] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[1224] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1272] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
    .text C:\WINDOWS\system32\svchost.exe[1272] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1272] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
    .text C:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1272] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
    .text C:\WINDOWS\system32\svchost.exe[1272] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\svchost.exe[1272] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\svchost.exe[1272] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\system32\svchost.exe[1272] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\system32\svchost.exe[1272] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\svchost.exe[1272] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\system32\svchost.exe[1272] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\svchost.exe[1272] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
    .text C:\WINDOWS\system32\svchost.exe[1272] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\system32\svchost.exe[1272] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
    .text C:\WINDOWS\system32\svchost.exe[1272] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\svchost.exe[1272] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
    .text C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe[1336] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
    .text C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe[1336] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe[1336] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
    .text C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe[1336] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe[1336] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 005D1014
    .text C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe[1336] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 005D0804
    .text C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe[1336] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 005D0A08
    .text C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe[1336] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 005D0C0C
    .text C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe[1336] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 005D0E10
    .text C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe[1336] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 005D01F8
    .text C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe[1336] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 005D03FC
    .text C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe[1336] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 005D0600
    .text C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe[1336] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 005E0804
    .text C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe[1336] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 005E0A08
    .text C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe[1336] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 005E0600
    .text C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe[1336] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 005E01F8
    .text C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe[1336] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 005E03FC
    .text C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe[1388] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe[1388] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1472] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1536] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1536] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\System32\svchost.exe[1584] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\System32\svchost.exe[1584] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe[1616] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
    .text C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe[1616] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe[1616] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
    .text C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe[1616] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe[1616] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00381014
    .text C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe[1616] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00380804
    .text C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe[1616] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00380A08
    .text C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe[1616] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00380C0C
    .text C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe[1616] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00380E10
    .text C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe[1616] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003801F8
    .text C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe[1616] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003803FC
    .text C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe[1616] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00380600
    .text C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe[1616] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
    .text C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe[1616] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
    .text C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe[1616] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
    .text C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe[1616] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
    .text C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe[1616] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
    .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[1696] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
    .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[1696] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[1696] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
    .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[1696] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[1696] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
    .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[1696] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
    .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[1696] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
    .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[1696] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
    .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[1696] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
    .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[1696] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
    .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[1696] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
    .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[1696] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
    .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[1696] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
    .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[1696] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
    .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[1696] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
    .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[1696] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
    .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[1696] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
    .text C:\WINDOWS\system32\svchost.exe[1700] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1700] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1984] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1984] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
    .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1984] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\System32\svchost.exe[2028] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\System32\svchost.exe[2028] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\IObit\Advanced SystemCare 5\PMonitor.exe[2128] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
    .text C:\Program Files\IObit\Advanced SystemCare 5\PMonitor.exe[2128] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\IObit\Advanced SystemCare 5\PMonitor.exe[2128] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
    .text C:\Program Files\IObit\Advanced SystemCare 5\PMonitor.exe[2128] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\IObit\Advanced SystemCare 5\PMonitor.exe[2128] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
    .text C:\Program Files\IObit\Advanced SystemCare 5\PMonitor.exe[2128] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
    .text C:\Program Files\IObit\Advanced SystemCare 5\PMonitor.exe[2128] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
    .text C:\Program Files\IObit\Advanced SystemCare 5\PMonitor.exe[2128] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
    .text C:\Program Files\IObit\Advanced SystemCare 5\PMonitor.exe[2128] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
    .text C:\Program Files\IObit\Advanced SystemCare 5\PMonitor.exe[2128] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
    .text C:\Program Files\IObit\Advanced SystemCare 5\PMonitor.exe[2128] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
    .text C:\Program Files\IObit\Advanced SystemCare 5\PMonitor.exe[2128] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
    .text C:\Program Files\IObit\Advanced SystemCare 5\PMonitor.exe[2128] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
    .text C:\Program Files\IObit\Advanced SystemCare 5\PMonitor.exe[2128] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
    .text C:\Program Files\IObit\Advanced SystemCare 5\PMonitor.exe[2128] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
    .text C:\Program Files\IObit\Advanced SystemCare 5\PMonitor.exe[2128] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
    .text C:\Program Files\IObit\Advanced SystemCare 5\PMonitor.exe[2128] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
    .text C:\WINDOWS\System32\alg.exe[2640] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
    .text C:\WINDOWS\System32\alg.exe[2640] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\System32\alg.exe[2640] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
    .text C:\WINDOWS\System32\alg.exe[2640] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\System32\alg.exe[2640] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002B0804
    .text C:\WINDOWS\System32\alg.exe[2640] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\System32\alg.exe[2640] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002B0600
    .text C:\WINDOWS\System32\alg.exe[2640] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\System32\alg.exe[2640] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\System32\alg.exe[2640] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
    .text C:\WINDOWS\System32\alg.exe[2640] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
    .text C:\WINDOWS\System32\alg.exe[2640] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\System32\alg.exe[2640] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
    .text C:\WINDOWS\System32\alg.exe[2640] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
    .text C:\WINDOWS\System32\alg.exe[2640] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\System32\alg.exe[2640] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\System32\alg.exe[2640] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
    .text C:\WINDOWS\system32\RUNDLL32.EXE[2808] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
    .text C:\WINDOWS\system32\RUNDLL32.EXE[2808] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\RUNDLL32.EXE[2808] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
    .text C:\WINDOWS\system32\RUNDLL32.EXE[2808] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\RUNDLL32.EXE[2808] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\RUNDLL32.EXE[2808] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\RUNDLL32.EXE[2808] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\RUNDLL32.EXE[2808] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\RUNDLL32.EXE[2808] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\system32\RUNDLL32.EXE[2808] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
    .text C:\WINDOWS\system32\RUNDLL32.EXE[2808] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
    .text C:\WINDOWS\system32\RUNDLL32.EXE[2808] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\system32\RUNDLL32.EXE[2808] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
    .text C:\WINDOWS\system32\RUNDLL32.EXE[2808] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
    .text C:\WINDOWS\system32\RUNDLL32.EXE[2808] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\RUNDLL32.EXE[2808] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\system32\RUNDLL32.EXE[2808] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
    .text C:\Documents and Settings\leahjewel\Desktop\zxtgu78c.exe[2860] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Documents and Settings\leahjewel\Desktop\zxtgu78c.exe[2860] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[3368] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
    .text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[3368] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[3368] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
    .text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[3368] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[3368] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00381014
    .text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[3368] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00380804
    .text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[3368] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00380A08
    .text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[3368] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00380C0C
    .text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[3368] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00380E10
    .text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[3368] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003801F8
    .text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[3368] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003803FC
    .text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[3368] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00380600
    .text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[3368] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
    .text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[3368] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
    .text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[3368] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
    .text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[3368] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
    .text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[3368] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
    .text C:\Program Files\IObit\Advanced SystemCare 5\Suo10_SmartRAM.exe[4076] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
    .text C:\Program Files\IObit\Advanced SystemCare 5\Suo10_SmartRAM.exe[4076] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\IObit\Advanced SystemCare 5\Suo10_SmartRAM.exe[4076] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
    .text C:\Program Files\IObit\Advanced SystemCare 5\Suo10_SmartRAM.exe[4076] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\IObit\Advanced SystemCare 5\Suo10_SmartRAM.exe[4076] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00751014
    .text C:\Program Files\IObit\Advanced SystemCare 5\Suo10_SmartRAM.exe[4076] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00750804
    .text C:\Program Files\IObit\Advanced SystemCare 5\Suo10_SmartRAM.exe[4076] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00750A08
    .text C:\Program Files\IObit\Advanced SystemCare 5\Suo10_SmartRAM.exe[4076] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00750C0C
    .text C:\Program Files\IObit\Advanced SystemCare 5\Suo10_SmartRAM.exe[4076] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00750E10
    .text C:\Program Files\IObit\Advanced SystemCare 5\Suo10_SmartRAM.exe[4076] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 007501F8
    .text C:\Program Files\IObit\Advanced SystemCare 5\Suo10_SmartRAM.exe[4076] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 007503FC
    .text C:\Program Files\IObit\Advanced SystemCare 5\Suo10_SmartRAM.exe[4076] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00750600
    .text C:\Program Files\IObit\Advanced SystemCare 5\Suo10_SmartRAM.exe[4076] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00760804
    .text C:\Program Files\IObit\Advanced SystemCare 5\Suo10_SmartRAM.exe[4076] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00760A08
    .text C:\Program Files\IObit\Advanced SystemCare 5\Suo10_SmartRAM.exe[4076] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00760600
    .text C:\Program Files\IObit\Advanced SystemCare 5\Suo10_SmartRAM.exe[4076] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 007601F8
    .text C:\Program Files\IObit\Advanced SystemCare 5\Suo10_SmartRAM.exe[4076] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 007603FC

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\Program Files\AVAST Software\Avast\avastUI.exe[596] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C8F6D0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software)
    IAT C:\WINDOWS\system32\services.exe[1208] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00380002
    IAT C:\WINDOWS\system32\services.exe[1208] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00380000
    IAT C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1984] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C8F6D0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software)

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

    AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

    Device \FileSystem\Fastfat \FatCdrom aswSP.SYS (avast! self protection module/AVAST Software)

    AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

    Device \FileSystem\Fastfat \Fat aswSP.SYS (avast! self protection module/AVAST Software)

    AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

    ---- EOF - GMER 1.0.15 ----
  5. Elvira1

    Elvira1 Newcomer, in training Topic Starter Posts: 34

    Here's the attach.txt log from dds.com. Thanks for your help.

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 5/19/2012 2:37:56 PM
    System Uptime: 10/10/2012 10:56:55 PM (3 hours ago)
    .
    Motherboard: Dell Inc. | | 0WM416
    Processor: Intel(R) Core(TM)2 Duo CPU T7250 @ 2.00GHz | Microprocessor | 1575/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 112 GiB total, 69.729 GiB free.
    D: is CDROM ()
    E: is Removable
    F: is Removable
    G: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    ABBYY FineReader 6.0 Sprint
    Acoolsoft PPT to Video Pro 3.2.8
    Adobe Acrobat 7.0 Standard - English, Français, Deutsch
    Adobe Acrobat 7.1.0 Standard - English, Français, Deutsch
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader X (10.1.4)
    Advanced SystemCare 5
    ALPass
    ALTools Update
    Apple Application Support
    Apple Software Update
    Art Effects for PDR10
    Auto Updater 1.2.0.1
    avast! Free Antivirus
    BluffTitler
    Boris Graffiti for Corel
    Broadcom ASF Management Applications
    Broadcom Gigabit Integrated Controller
    C3D
    C3DHelp
    CCleaner
    Conexant HDA D330 MDC V.92 Modem
    Contents
    ConvertHelper 2.2
    Corel MotionStudio 3D 1.0
    Corel Painter 12
    Corel Painter 12 - IPM
    Corel VideoStudio Pro Title Pack
    Corel VideoStudio Pro X5
    CyberLink PowerDirector 10
    CyberLink WaveEditor
    Dell Resource CD
    DivX Setup
    DW WLAN Card Utility
    Google Talk Plugin
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2633952)
    Hotfix for Windows XP (KB2756822)
    Hotfix for Windows XP (KB942288-v3)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    ICA
    IconHandler 32 bit
    IntelliSonic Speech Enhancement
    IPM_C3D
    IPM_VS_Pro
    ISCOM
    Java 7 Update 7
    Java Auto Updater
    JavaFX 2.1.1
    K-Lite Mega Codec Pack 8.8.0
    Lexmark 9500 Series
    Malwarebytes Anti-Malware version 1.65.0.1400
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2656353)
    Microsoft .NET Framework 1.1 Security Update (KB2656370)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Base Smart Card Cryptographic Service Provider Package
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Professional Plus 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Primary Interoperability Assemblies 2005
    Microsoft Silverlight
    Microsoft Software Update for Web Folders (English) 12
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft WinUsb 1.0
    Mozilla Firefox 15.0.1 (x86 en-US)
    Mozilla Maintenance Service
    MSVCRT Redists
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MyFreeCodec
    NewBlue Titler EX for Corel VSX5
    Noise Reduction Plug-in 2.0i
    NVIDIA Control Panel 296.88
    NVIDIA Graphics Driver 296.88
    NVIDIA Install Application
    NVIDIA nView 136.28
    OneStop Video Converter 1.9
    Oz776 SCR Driver V1.1.4.2
    Painter 12 - Content
    Painter 12 - Core
    Painter 12 - EN
    Painter 12 - Painter
    Painter 12 - Setup Files
    PhotoFiltre Studio X
    PowerDVD DX
    Presto! Forms 3.60.10
    Presto! PageManager 7.12.20
    proDAD Heroglyph 2.5
    proDAD Mercalli 2.0
    proDAD Route 4.0
    proDAD Vitascene 2.0
    QuickTime
    RarZilla Free Unrar
    SAMSUNG USB Driver for Mobile Phones
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2618444)
    Security Update for Windows Internet Explorer 8 (KB2647516)
    Security Update for Windows Internet Explorer 8 (KB2675157)
    Security Update for Windows Internet Explorer 8 (KB2699988)
    Security Update for Windows Internet Explorer 8 (KB2722913)
    Security Update for Windows Internet Explorer 8 (KB2744842)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Encoder (KB2447961)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2510581)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2544521)
    Security Update for Windows XP (KB2544893-v2)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2584146)
    Security Update for Windows XP (KB2585542)
    Security Update for Windows XP (KB2592799)
    Security Update for Windows XP (KB2598479)
    Security Update for Windows XP (KB2603381)
    Security Update for Windows XP (KB2618451)
    Security Update for Windows XP (KB2619339)
    Security Update for Windows XP (KB2620712)
    Security Update for Windows XP (KB2621440)
    Security Update for Windows XP (KB2624667)
    Security Update for Windows XP (KB2631813)
    Security Update for Windows XP (KB2646524)
    Security Update for Windows XP (KB2653956)
    Security Update for Windows XP (KB2655992)
    Security Update for Windows XP (KB2659262)
    Security Update for Windows XP (KB2661637)
    Security Update for Windows XP (KB2675157)
    Security Update for Windows XP (KB2676562)
    Security Update for Windows XP (KB2685939)
    Security Update for Windows XP (KB2686509)
    Security Update for Windows XP (KB2691442)
    Security Update for Windows XP (KB2695962)
    Security Update for Windows XP (KB2698365)
    Security Update for Windows XP (KB2705219)
    Security Update for Windows XP (KB2707511)
    Security Update for Windows XP (KB2709162)
    Security Update for Windows XP (KB2712808)
    Security Update for Windows XP (KB2718523)
    Security Update for Windows XP (KB2719985)
    Security Update for Windows XP (KB2723135)
    Security Update for Windows XP (KB2724197)
    Security Update for Windows XP (KB2731847)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982665)
    Setup
    Share
    SigmaTel Audio
    Smart Defrag 2
    SmartSound Common Data
    SmartSound Quicktracks 5
    Sound Forge Pro 10.0
    TouchChip USB Driver 2.6
    Turn Off the Lights IE Extension version 1.0.1
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit Edition
    Update for Windows Internet Explorer 8 (KB2598845)
    Update for Windows Internet Explorer 8 (KB2632503)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB2492386)
    Update for Windows XP (KB2641690)
    Update for Windows XP (KB2661254-v2)
    Update for Windows XP (KB2718704)
    Update for Windows XP (KB2736233)
    Update for Windows XP (KB2749655)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    VC80CRTRedist - 8.0.50727.6195
    VSClassic
    VSHelp
    VSPro
    WavePad Sound Editor
    WebFldrs XP
    Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 8
    Windows Management Framework Core
    Windows Media Encoder 9 Series
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Media Player Firefox Plugin
    .
    ==== Event Viewer Messages From Past Week ========
    .
    10/9/2012 2:46:21 PM, error: Service Control Manager [7022] - The Windows Image Acquisition (WIA) service hung on starting.
    10/8/2012 9:26:58 PM, error: Service Control Manager [7001] - The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    10/8/2012 9:26:58 PM, error: Service Control Manager [7001] - The Remote Access Auto Connection Manager service depends on the Telephony service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    10/8/2012 9:26:21 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service SENS with arguments "" in order to run the server: {D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}
    10/8/2012 10:33:20 AM, error: NETLOGON [3095] - This computer is configured as a member of a workgroup, not as a member of a domain. The Netlogon service does not need to run in this configuration.
    10/7/2012 2:01:03 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
    10/7/2012 12:06:34 AM, error: Service Control Manager [7001] - The Windows Media Player Network Sharing Service service depends on the Universal Plug and Play Device Host service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    10/6/2012 11:40:49 PM, error: Removable Storage Service [111] - RSM could not load media in drive Drive 0 of library JetFlash Transcend 2GB USB Device.
    10/5/2012 10:14:47 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the lxdoCATSCustConnectService service to connect.
    10/5/2012 10:14:47 PM, error: Service Control Manager [7000] - The lxdoCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    10/10/2012 6:11:23 PM, error: NetDDE [206] - Listen failed: 15:
    .
    ==== End Of File ===========================
  6. Elvira1

    Elvira1 Newcomer, in training Topic Starter Posts: 34

    And last, but not least, here's my dds.txt file. I uploaded and zipped it since the system informed me that it was just too large. Thanks for helping me with this. I have no idea about these things.

    Attached Files:

    • dds.zip
      File size:
      210.3 KB
      Views:
      0
  7. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hello, and welcome to TechSpot.


    [​IMG] Please see here for the board rules and other FAQ.

    Please feel free to introduce yourself, after you follow the steps below to get started.

    Information
    • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
    • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
    • If you have already asked for help somewhere, please post the link to the topic you were helped.
    • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
    • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

    ComboFix scan

    Please download ComboFix[​IMG] by sUBs
    From BleepingComputer.com

    Please save the file to your Desktop.

    Important information about ComboFix


    After the download:
    • Close any open browsers.
    • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
    • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
    Running ComboFix:
    • Double click on ComboFix.exe & follow the prompts.
    • When ComboFix finishes, it will produce a report for you.
    • Please post the report, which will launch or be found at "C:\Combo-Fix.txt" in your next reply.
    Troubleshooting ComboFix

    Safe Mode:

    If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

    (To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
    logo appears. A list of options will appear, select "Safe Mode.")

    Re-downloading:

    If this doesn't work either, try the same method (above method), but try to download it again, except name
    ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

    Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

    NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
  8. Elvira1

    Elvira1 Newcomer, in training Topic Starter Posts: 34

    I'm sorry I took so long. I had trouble downloading combofix. I finally got it to work. My computer is also extremely slow to boot up and to load Firefox and Internet Explorer now. It seems that this started after running the scans yesterday. It seems to be even slower than before.

    I've uploaded my combofix log and I removed my personally identifyable details.

    Thanks for all your help. I think my computer is dying.

    Attached Files:

  9. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    I don't know why the ComboFix involved so much information, as it doesn't normally do that.

    TDSSKiller Scan

    Please download and run TDSSKiller to your desktop as outlined below:

    Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    For Windows XP, double-click to start.
    For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

    [​IMG]

    -------------------------

    Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    [​IMG]

    ------------------------

    Click the Start Scan button.

    [​IMG]

    -----------------------

    If a suspicious object is detected, the default action will be Skip, click on Continue
    If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue


    [​IMG]

    ----------------------

    If malicious objects are found, they will show in the Scan results and offer three (3) options.

    Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


    [​IMG]


    --------------------

    A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
    Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

    -------------------

    Here's a summary of what to do if you would like to print it out:

    If a suspicious object is detected, the default action will be Skip, click on Continue
    If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue

    If malicious objects are found, they will show in the Scan results and offer three (3) options.

    Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.



    AdwCleaner

    Please download AdwCleaner by Xplode onto your Desktop.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Delete.
    • A logfile will automatically open after the scan has finished.
    • Please post the content of that logfile in your reply.
    • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.
  10. Elvira1

    Elvira1 Newcomer, in training Topic Starter Posts: 34

    Here is my TDSSKiller log. Unfortunately, I was not given the option to click "Cure" so I Skipped, Continued, and Rebooted. I've zipped and uploaded the results. Now, I shall run the AdwCleaner tool.

    Thanks again for ALL of your help. I would be at a TOTAL loss without it.

    Attached Files:

  11. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    You're welcome. Good work!

    ESET Online Scan

    Please run a free online scan with the ESET Online Scanner
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
    • Click Start or wait for the scanner to load.
    • Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
    • Click Scan (This scan can take several hours, so please be patient)
    • Once the scan is completed, there are a couple of things to keep in mind:
    • 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
    • 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
    • Open the logfile from wherever you saved it
    • Copy and paste the contents in your next reply.

    Any more issues?

    We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

    Many of the things to note for us would be:

    • Slow computer
    • Error messages
    • Fake antivirus alerts or the icon in the system tray
    • svchost.exe running at 100%
    • System crashes or blue screen of death
     
  12. Elvira1

    Elvira1 Newcomer, in training Topic Starter Posts: 34

    I tried to download AdwCleaner, but the download said it was unsafe.

    My computer is constantly monitored by MalwareBytes and it found Hijack.comsysapp and cleaned it two days in a row, so it must be coming back, but I still have System Restore disabled on my machine.

    My machine boots up extremely slowly and takes a very long time for the Internet to load, whether it's IE or Firefox.

    I'm running ESET now.
  13. Elvira1

    Elvira1 Newcomer, in training Topic Starter Posts: 34

    Also, yesterday before I started running these scans when I tried to boot up my computer, it showed weird shape and colors, gibberish on the screen. I forced it closed and later restarted.
  14. Elvira1

    Elvira1 Newcomer, in training Topic Starter Posts: 34

    The ESET scanner took 7 whole hours, but showed that I had no problems.
  15. Elvira1

    Elvira1 Newcomer, in training Topic Starter Posts: 34

    Avast Antivirus detected a trojan on my system, located here: C:\DOCUME~1\LEAHJE~1\LOCALS~1\temp\nsa32.tmp\ns33.tmp

    It asked if I wanted to deny it. I clicked "Deny."
  16. Elvira1

    Elvira1 Newcomer, in training Topic Starter Posts: 34

    I was able to download and run ADWCleaner and it didn't find anything. This was before Avast found the Backdoor trojan, ns33.tmp on my system. After I told Avast to deny it, about a half hour later, I went to my C drive to upload the results of ADWCleaner here, I noticed that they were not there. They were there earlier because I checked. The program was also gone from my desktop and I did not uninstall it. Weird! The next think I knew, I was getting the message from Avast that I had the trojan.
  17. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Let's search deeper then...

    Please download OTL to your Desktop. (If you already have it downloaded, then just follow the instructions below).
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Copy the code below in the quotebox, and then under the Custom Scans/Fixes box paste it in:

    • Click the Run Scanbutton. The scan will not take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
      • Please copy (Edit->Select All, Edit->Copy) and paste (Edit->Paste) the contents of these files, one at a time.
    Note: in the event that OTL fails to run, please use alternate download links to try again:

    http://oldtimer.geekstogo.com/OTL.com
    http://oldtimer.geekstogo.com/OTL.scr
  18. Elvira1

    Elvira1 Newcomer, in training Topic Starter Posts: 34

    Thanks so much for sticking with me on this. I appreciate your help so much. I will run OTL now. By the way, should I uninstall Combofix, TDSSKiller, and Gmer via Add/Remdove Programs, or is there a special way to do it? I did uninstall ESET via the ESET uninstaller, as per your instructions after scanning with it.
  19. Elvira1

    Elvira1 Newcomer, in training Topic Starter Posts: 34

    Also, I do notice very high CPU, from 83-100 percent at different times, with just the browser running.
  20. Elvira1

    Elvira1 Newcomer, in training Topic Starter Posts: 34

    I'M attempting to run OTL but it is just frozen. It does say that it is running but it has been a long time.
  21. Elvira1

    Elvira1 Newcomer, in training Topic Starter Posts: 34

    My OTL.Txt log had too many characters, so I'll have to upload it, unfortunately.

    Attached Files:

    • OTL.Txt
      File size:
      211.8 KB
      Views:
      3
  22. Elvira1

    Elvira1 Newcomer, in training Topic Starter Posts: 34

    Here's my Extras.Txt log (I uploaded it also, since it displayed weird smiley faces):

    OTL Extras logfile created on: 10/16/2012 11:05:50 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\leahjewel\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.43 Gb Available Physical Memory | 71.46% Memory free
    3.85 Gb Paging File | 3.44 Gb Available in Paging File | 89.39% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 111.79 Gb Total Space | 66.54 Gb Free Space | 59.52% Space Free | Partition Type: NTFS
    Drive E: | 3.76 Gb Total Space | 1.92 Gb Free Space | 51.18% Space Free | Partition Type: FAT32

    Computer Name: XANDER-DELLD630 | User Name: leahjewel | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "UpdatesDisableNotify" = 0
    "AntiSpywareOverride" = 0
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
    "DisableMonitoring" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000 -- (Microsoft Corporation)
    "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019 -- (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
    "C:\Documents and Settings\leahjewel\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\leahjewel\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
    "C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
    "C:\Program Files\PhotoFiltre Studio X\pfstudiox.exe" = C:\Program Files\PhotoFiltre Studio X\pfstudiox.exe:*:Disabled:photoFiltre Studio X -- (PhotoFiltre)
    "C:\Program Files\Sony\Sound Forge Pro 10.0\Forge100.exe" = C:\Program Files\Sony\Sound Forge Pro 10.0\Forge100.exe:*:Disabled:Sound Forge Pro 10.0 -- (Sony Creative Software Inc.)
    "C:\Program Files\NewBlue\Titler EX for Corel VSX5\ManageActivation.exe" = C:\Program Files\NewBlue\Titler EX for Corel VSX5\ManageActivation.exe:*:Enabled:Manage Activation -- ()
    "C:\Program Files\TitlerEx.exe" = C:\Program Files\TitlerEx.exe:*:Disabled:TitlerEx -- ()
    "C:\WINDOWS\system32\dxdiag.exe" = C:\WINDOWS\system32\dxdiag.exe:*:Enabled:Microsoft DirectX Diagnostic Tool -- (Microsoft Corporation)
    "C:\Program Files\K-Lite Codec Pack\Tools\StatsReader.exe" = C:\Program Files\K-Lite Codec Pack\Tools\StatsReader.exe:*:Enabled:Xvid StatsReader -- ()
    "C:\Program Files\NCH Swift Sound\WavePad\wavepad.exe" = C:\Program Files\NCH Swift Sound\WavePad\wavepad.exe:*:Disabled:WavePad Sound Editor -- (NCH Software)
    "C:\WINDOWS\system32\lxdocoms.exe" = C:\WINDOWS\system32\lxdocoms.exe:*:Enabled:9500 Series Server -- ( )
    "C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdopswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdopswx.exe:*:Enabled:printer Status Window Interface -- ()
    "C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdojswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdojswx.exe:*:Enabled:Job Status Window Interface -- ()
    "C:\Program Files\Lexmark 9500 Series\lxdomon.exe" = C:\Program Files\Lexmark 9500 Series\lxdomon.exe:*:Enabled:printer Device Monitor -- ()
    "C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdotime.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdotime.exe:*:Enabled:Lexmark Connect Time Executable -- (Lexmark International, Inc.)
    "C:\Program Files\Lexmark 9500 Series\lxdoFax.exe" = C:\Program Files\Lexmark 9500 Series\lxdoFax.exe:*:Enabled:Fax Solutions Software -- ()
    "C:\Program Files\Lexmark 9500 Series\frun.exe" = C:\Program Files\Lexmark 9500 Series\frun.exe:*:Enabled:printing Application -- ()
    "C:\Program Files\Corel\Corel MotionStudio 3D 1.0\MStudio.exe" = C:\Program Files\Corel\Corel MotionStudio 3D 1.0\MStudio.exe:*:Enabled:Corel MotionStudio 3D -- (Corel Corporation.)
    "C:\Program Files\Corel\Painter12\Painter 12.exe" = C:\Program Files\Corel\Painter12\Painter 12.exe:*:Enabled:Corel Painter 12 -- (Corel Corporation)
    "C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox -- (Mozilla Corporation)
    "C:\WINDOWS\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe:*:Disabled:mad:xpsp2res.dll,-22019 -- (Microsoft Corporation)
    "C:\WINDOWS\system32\dpnsvr.exe" = C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server -- (Microsoft Corporation)
    "C:\WINDOWS\Network Diagnostic\xpnetdiag.exe" = C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000 -- (Microsoft Corporation)
    "C:\Program Files\Java\jre7\bin\javaw.exe" = C:\Program Files\Java\jre7\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Oracle Corporation)
    "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" = C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:Malwarebytes Anti-Malware -- (Malwarebytes Corporation)
    "C:\WINDOWS\system32\lxdocfg.exe" = C:\WINDOWS\system32\lxdocfg.exe:*:Enabled:printer Communication System -- ( )
    "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
    "C:\Program Files\Lexmark 9500 Series\Wireless\lxdowpss.exe" = C:\Program Files\Lexmark 9500 Series\Wireless\lxdowpss.exe:*:Enabled: -- (Lexmark International, Inc.)
    "C:\Program Files\Apple Software Update\SoftwareUpdate.exe" = C:\Program Files\Apple Software Update\SoftwareUpdate.exe:*:Enabled:SoftwareUpdate.exe -- (Apple Inc.)
    "C:\Program Files\QuickTime\QuickTimePlayer.exe" = C:\Program Files\QuickTime\QuickTimePlayer.exe:*:Enabled:QuickTimePlayer.exe -- (Apple Inc.)
    "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" = C:\Program Files\DivX\DivX Update\DivXUpdate.exe:*:Enabled:DivXUpdate.exe -- ()
    "C:\Program Files\CyberLink\PowerDirector10\PDR10.exe" = C:\Program Files\CyberLink\PowerDirector10\PDR10.exe:*:Disabled:CyberLink PowerDirector 10 -- (CyberLink Corp.)
    "C:\Program Files\CyberLink\WaveEditor\WaveEditor.exe" = C:\Program Files\CyberLink\WaveEditor\WaveEditor.exe:*:Disabled:WaveEditor -- (Cyberlink)
    "C:\Documents and Settings\leahjewel\Desktop\ComboFix.exe" = C:\Documents and Settings\leahjewel\Desktop\ComboFix.exe:*:Enabled:ComboFix.exe -- (Swearware)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "_{1A1BD41E-9854-4957-8959-F9559A8862A7}" = Corel VideoStudio Pro X5
    "_{1E964D62-3397-45B7-A9D2-F27C22D9D4BA}" = Corel Painter 12
    "_{CC9512A6-8BF7-4FD5-BCCF-05F6FCD19961}" = Corel MotionStudio 3D 1.0
    "{02E12A07-1BB9-44D6-A480-4EA42DB9E122}" = Boris Graffiti for Corel
    "{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
    "{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE 10.3
    "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
    "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
    "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
    "{1A1BD41E-9854-4957-8959-F9559A8862A7}" = ICA
    "{1AED4ABF-0852-4B3F-9F87-00CF88F25CE0}" = IconHandler 32 bit
    "{1E76EB6E-E390-11DF-95DB-005056C00008}" = MSVCRT Redists
    "{1E964D62-3397-45B7-A9D2-F27C22D9D4BA}" = Painter 12 - Setup Files
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
    "{1F57FEF3-3E49-4252-B977-B98D3A7C89D0}" = Corel VideoStudio Pro Title Pack
    "{2333E82C-E577-4982-B60F-80C74BA69A07}" = Corel Painter 12 - IPM
    "{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
    "{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
    "{27E25625-DB51-42E6-BEB7-0C8DC878770C}" = Broadcom ASF Management Applications
    "{2DD67752-A84F-493D-884B-A857CEE14A88}" = Corel VideoStudio Pro Title Pack
    "{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
    "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
    "{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}" = CyberLink WaveEditor
    "{34560654-E7ED-4D0C-B75B-C2DD243A3860}" = Corel VideoStudio Pro Title Pack
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
    "{44FDF3F0-9DEF-46A6-A552-404BBF55451B}" = Painter 12 - Core
    "{466B8FC6-8D80-4DA1-BA2D-EC7094BD3C31}" = Corel VideoStudio Pro Title Pack
    "{48A00644-2D97-43B5-A614-603DECF3E5F6}" = Boris Graffiti for Corel
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    "{5BB655D4-07D7-45E3-B852-FF869EA628A1}" = VSPro
    "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
    "{66C70B5F-730F-4C5D-9FC5-8E56D0FE7D53}" = IPM_VS_Pro
    "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6A6F7B28-E178-47AC-8654-A654ADA6C777}" = VSHelp
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{72CD4C5F-AB0B-4814-8780-9A4F26A2086B}" = Presto! PageManager 7.12.20
    "{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
    "{777705B9-E6F6-44B4-BAA1-48E70ACE1740}" = C3D
    "{7777A2E0-3F99-4F4A-8BF1-507C04C45CD6}" = IPM_C3D
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8AA4F966-EF4B-44D8-99AA-C4EA93B46863}" = VSClassic
    "{8E7D7400-4F4F-409D-8F8A-43BF1DAC575A}" = TouchChip USB Driver 2.6
    "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
    "{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
    "{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
    "{954BB3CF-85A5-11E1-B657-005056C00008}" = MSVCRT Redists
    "{9660B18F-EC12-11DF-B006-0013D3D69929}" = Sound Forge Pro 10.0
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
    "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
    "{A5CB0BC7-9553-420D-A3CD-D3C59FB99872}" = Painter 12 - EN
    "{A8887C7B-0BCC-4FBF-BCEB-9BB4D4B14999}" = Setup
    "{AC76BA86-1033-F400-BA7E-100000000002}" = Adobe Acrobat 7.0 Standard - English, Français, Deutsch
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
    "{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
    "{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}" = CyberLink PowerDirector 10
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 296.88
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 296.88
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 136.28
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
    "{B79920F8-AB6E-45B2-B257-900BBA969FF7}" = Presto! Forms 3.60.10
    "{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
    "{BBEB33B4-4F84-460E-9441-A18104F01C68}" = C3DHelp
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C336A3DB-FA32-42BE-97D0-FFD42D807FD6}" = Oz776 SCR Driver V1.1.4.2
    "{C500336C-6EEA-49BF-8614-CCFF12E5628F}" = Setup
    "{CA486743-5F44-40D5-A38B-77911FB27579}" = Contents
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CC9512A6-8BF7-4FD5-BCCF-05F6FCD19961}" = ICA
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
    "{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
    "{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom Gigabit Integrated Controller
    "{D9FCA292-1186-421F-8D93-9A5D272AD5D0}" = IntelliSonic Speech Enhancement
    "{DC35AABA-EA0A-41C1-8462-F60A201DFF9B}" = Noise Reduction Plug-in 2.0i
    "{DCDC6934-7428-489E-8651-90B53191488B}" = ISCOM
    "{DFD30824-6BD0-34E1-ABE8-308AD3CBB9A0}" = Google Talk Plugin
    "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
    "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
    "{ECE53F21-5528-4DC5-AA9D-A0D1BFB5EB31}_is1" = Turn Off the Lights IE Extension version 1.0.1
    "{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE 10.3
    "{EEBEF66A-70FD-4DF6-B173-82D07E61853E}" = Share
    "{F2776738-1A97-45F2-BE5A-DBBC66ACB9D4}" = Painter 12 - Painter
    "{FBAAC4C8-D5ED-4308-9FC6-84E44E392395}" = Painter 12 - Content
    "7-Zip" = 7-Zip 9.20
    "Acoolsoft PPT to Video Pro_is1" = Acoolsoft PPT to Video Pro 3.2.8
    "Adobe Acrobat 7.0 Standard - EFG - V" = Adobe Acrobat 7.1.0 Standard - English, Français, Deutsch
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Advanced SystemCare 5_is1" = Advanced SystemCare 5
    "ALPass_is1" = ALPass
    "ALUpdate_is1" = ALTools Update
    "AutoUpdater_is1" = Auto Updater 1.2.0.1
    "avast" = avast! Free Antivirus
    "BluffTitler" = BluffTitler
    "CCleaner" = CCleaner
    "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
    "DivX Setup" = DivX Setup
    "DW WLAN Card Utility" = DW WLAN Card Utility
    "ie8" = Windows Internet Explorer 8
    "InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
    "InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}" = CyberLink WaveEditor
    "InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}" = CyberLink PowerDirector 10
    "InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
    "InstallShield_{C336A3DB-FA32-42BE-97D0-FFD42D807FD6}" = Oz776 SCR Driver V1.1.4.2
    "KLiteCodecPack_is1" = K-Lite Mega Codec Pack 8.8.0
    "Lexmark 9500 Series" = Lexmark 9500 Series
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Mozilla Firefox 16.0.1 (x86 en-US)" = Mozilla Firefox 16.0.1 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "NewBlue Art Effects for PDR10" = Art Effects for PDR10
    "NewBlue Titler EX for Corel VSX5" = NewBlue Titler EX for Corel VSX5
    "OneStop Video Converter PRO_is1" = OneStop Video Converter 1.9
    "proDAD-Heroglyph-2.5" = proDAD Heroglyph 2.5
    "proDAD-HeroglyphRoute-4.0" = proDAD Route 4.0
    "proDAD-Mercalli-2.0" = proDAD Mercalli 2.0
    "proDAD-Vitascene-2.0" = proDAD Vitascene 2.0
    "PROPLUS" = Microsoft Office Professional Plus 2007
    "RarZilla Free Unrar" = RarZilla Free Unrar
    "Smart Defrag 2_is1" = Smart Defrag 2
    "WavePad" = WavePad Sound Editor
    "Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
    "Windows Media Encoder 9" = Windows Media Encoder 9 Series
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "winusb0100" = Microsoft WinUsb 1.0
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "MyFreeCodec" = MyFreeCodec
    "PhotoFiltre Studio X" = PhotoFiltre Studio X

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 10/9/2012 10:59:51 PM | Computer Name = XANDER-DELLD630 | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: This operation returned because the timeout period expired.

    Error - 10/10/2012 1:24:47 PM | Computer Name = XANDER-DELLD630 | Source = .NET Runtime Optimization Service | ID = 1103
    Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
    - Tried to start a service that wasn't the latest version of CLR Optimization service.
    Will shutdown

    Error - 10/10/2012 7:16:30 PM | Computer Name = XANDER-DELLD630 | Source = Application Error | ID = 1000
    Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
    module msxml3.dll, version 8.100.1053.0, fault address 0x000a1465.

    Error - 10/11/2012 8:44:15 PM | Computer Name = XANDER-DELLD630 | Source = Broadcom ASF IP and SMBIOS Mailbox Monitor | ID = 0
    Description =

    Error - 10/12/2012 12:05:10 AM | Computer Name = XANDER-DELLD630 | Source = Broadcom ASF IP and SMBIOS Mailbox Monitor | ID = 0
    Description =

    Error - 10/12/2012 11:29:35 AM | Computer Name = XANDER-DELLD630 | Source = Broadcom ASF IP and SMBIOS Mailbox Monitor | ID = 0
    Description =

    Error - 10/14/2012 9:10:25 AM | Computer Name = XANDER-DELLD630 | Source = Broadcom ASF IP and SMBIOS Mailbox Monitor | ID = 0
    Description =

    Error - 10/15/2012 12:27:18 AM | Computer Name = XANDER-DELLD630 | Source = Broadcom ASF IP and SMBIOS Mailbox Monitor | ID = 0
    Description =

    Error - 10/15/2012 3:27:21 AM | Computer Name = XANDER-DELLD630 | Source = .NET Runtime Optimization Service | ID = 1103
    Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
    - Tried to start a service that wasn't the latest version of CLR Optimization service.
    Will shutdown

    Error - 10/15/2012 11:55:03 PM | Computer Name = XANDER-DELLD630 | Source = Broadcom ASF IP and SMBIOS Mailbox Monitor | ID = 0
    Description =

    [ Application Events ]
    Error - 10/9/2012 10:59:51 PM | Computer Name = XANDER-DELLD630 | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: This operation returned because the timeout period expired.

    Error - 10/10/2012 1:24:47 PM | Computer Name = XANDER-DELLD630 | Source = .NET Runtime Optimization Service | ID = 1103
    Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
    - Tried to start a service that wasn't the latest version of CLR Optimization service.
    Will shutdown

    Error - 10/10/2012 7:16:30 PM | Computer Name = XANDER-DELLD630 | Source = Application Error | ID = 1000
    Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
    module msxml3.dll, version 8.100.1053.0, fault address 0x000a1465.

    Error - 10/11/2012 8:44:15 PM | Computer Name = XANDER-DELLD630 | Source = Broadcom ASF IP and SMBIOS Mailbox Monitor | ID = 0
    Description =

    Error - 10/12/2012 12:05:10 AM | Computer Name = XANDER-DELLD630 | Source = Broadcom ASF IP and SMBIOS Mailbox Monitor | ID = 0
    Description =

    Error - 10/12/2012 11:29:35 AM | Computer Name = XANDER-DELLD630 | Source = Broadcom ASF IP and SMBIOS Mailbox Monitor | ID = 0
    Description =

    Error - 10/14/2012 9:10:25 AM | Computer Name = XANDER-DELLD630 | Source = Broadcom ASF IP and SMBIOS Mailbox Monitor | ID = 0
    Description =

    Error - 10/15/2012 12:27:18 AM | Computer Name = XANDER-DELLD630 | Source = Broadcom ASF IP and SMBIOS Mailbox Monitor | ID = 0
    Description =

    Error - 10/15/2012 3:27:21 AM | Computer Name = XANDER-DELLD630 | Source = .NET Runtime Optimization Service | ID = 1103
    Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
    - Tried to start a service that wasn't the latest version of CLR Optimization service.
    Will shutdown

    Error - 10/15/2012 11:55:03 PM | Computer Name = XANDER-DELLD630 | Source = Broadcom ASF IP and SMBIOS Mailbox Monitor | ID = 0
    Description =

    [ Application Events ]
    Error - 10/9/2012 10:59:51 PM | Computer Name = XANDER-DELLD630 | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: This operation returned because the timeout period expired.

    Error - 10/10/2012 1:24:47 PM | Computer Name = XANDER-DELLD630 | Source = .NET Runtime Optimization Service | ID = 1103
    Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
    - Tried to start a service that wasn't the latest version of CLR Optimization service.
    Will shutdown

    Error - 10/10/2012 7:16:30 PM | Computer Name = XANDER-DELLD630 | Source = Application Error | ID = 1000
    Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
    module msxml3.dll, version 8.100.1053.0, fault address 0x000a1465.

    Error - 10/11/2012 8:44:15 PM | Computer Name = XANDER-DELLD630 | Source = Broadcom ASF IP and SMBIOS Mailbox Monitor | ID = 0
    Description =

    Error - 10/12/2012 12:05:10 AM | Computer Name = XANDER-DELLD630 | Source = Broadcom ASF IP and SMBIOS Mailbox Monitor | ID = 0
    Description =

    Error - 10/12/2012 11:29:35 AM | Computer Name = XANDER-DELLD630 | Source = Broadcom ASF IP and SMBIOS Mailbox Monitor | ID = 0
    Description =

    Error - 10/14/2012 9:10:25 AM | Computer Name = XANDER-DELLD630 | Source = Broadcom ASF IP and SMBIOS Mailbox Monitor | ID = 0
    Description =

    Error - 10/15/2012 12:27:18 AM | Computer Name = XANDER-DELLD630 | Source = Broadcom ASF IP and SMBIOS Mailbox Monitor | ID = 0
    Description =

    Error - 10/15/2012 3:27:21 AM | Computer Name = XANDER-DELLD630 | Source = .NET Runtime Optimization Service | ID = 1103
    Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
    - Tried to start a service that wasn't the latest version of CLR Optimization service.
    Will shutdown

    Error - 10/15/2012 11:55:03 PM | Computer Name = XANDER-DELLD630 | Source = Broadcom ASF IP and SMBIOS Mailbox Monitor | ID = 0
    Description =

    [ System Events ]
    Error - 10/16/2012 9:32:36 PM | Computer Name = XANDER-DELLD630 | Source = DCOM | ID = 10005
    Description = DCOM got error "%1058" attempting to start the service SENS with arguments
    "" in order to run the server: {D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}

    Error - 10/16/2012 9:32:36 PM | Computer Name = XANDER-DELLD630 | Source = DCOM | ID = 10005
    Description = DCOM got error "%1058" attempting to start the service SENS with arguments
    "" in order to run the server: {D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}

    Error - 10/16/2012 9:32:36 PM | Computer Name = XANDER-DELLD630 | Source = DCOM | ID = 10005
    Description = DCOM got error "%1058" attempting to start the service SENS with arguments
    "" in order to run the server: {D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}

    Error - 10/16/2012 9:32:36 PM | Computer Name = XANDER-DELLD630 | Source = DCOM | ID = 10005
    Description = DCOM got error "%1058" attempting to start the service SENS with arguments
    "" in order to run the server: {D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}

    Error - 10/16/2012 9:32:36 PM | Computer Name = XANDER-DELLD630 | Source = DCOM | ID = 10005
    Description = DCOM got error "%1058" attempting to start the service SENS with arguments
    "" in order to run the server: {D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}

    Error - 10/16/2012 9:32:36 PM | Computer Name = XANDER-DELLD630 | Source = DCOM | ID = 10005
    Description = DCOM got error "%1058" attempting to start the service SENS with arguments
    "" in order to run the server: {D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}

    Error - 10/16/2012 9:32:36 PM | Computer Name = XANDER-DELLD630 | Source = DCOM | ID = 10005
    Description = DCOM got error "%1058" attempting to start the service SENS with arguments
    "" in order to run the server: {D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}

    Error - 10/16/2012 9:32:36 PM | Computer Name = XANDER-DELLD630 | Source = DCOM | ID = 10005
    Description = DCOM got error "%1058" attempting to start the service SENS with arguments
    "" in order to run the server: {D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}

    Error - 10/16/2012 9:33:15 PM | Computer Name = XANDER-DELLD630 | Source = Service Control Manager | ID = 7009
    Description = Timeout (30000 milliseconds) waiting for the Application Layer Gateway
    Service service to connect.

    Error - 10/16/2012 9:33:15 PM | Computer Name = XANDER-DELLD630 | Source = Service Control Manager | ID = 7000
    Description = The Application Layer Gateway Service service failed to start due
    to the following error: %%1053

    [ System Events ]
    Error - 10/16/2012 9:32:36 PM | Computer Name = XANDER-DELLD630 | Source = DCOM | ID = 10005
    Description = DCOM got error "%1058" attempting to start the service SENS with arguments
    "" in order to run the server: {D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}

    Error - 10/16/2012 9:32:36 PM | Computer Name = XANDER-DELLD630 | Source = DCOM | ID = 10005
    Description = DCOM got error "%1058" attempting to start the service SENS with arguments
    "" in order to run the server: {D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}

    Error - 10/16/2012 9:32:36 PM | Computer Name = XANDER-DELLD630 | Source = DCOM | ID = 10005
    Description = DCOM got error "%1058" attempting to start the service SENS with arguments
    "" in order to run the server: {D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}

    Error - 10/16/2012 9:32:36 PM | Computer Name = XANDER-DELLD630 | Source = DCOM | ID = 10005
    Description = DCOM got error "%1058" attempting to start the service SENS with arguments
    "" in order to run the server: {D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}

    Error - 10/16/2012 9:32:36 PM | Computer Name = XANDER-DELLD630 | Source = DCOM | ID = 10005
    Description = DCOM got error "%1058" attempting to start the service SENS with arguments
    "" in order to run the server: {D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}

    Error - 10/16/2012 9:32:36 PM | Computer Name = XANDER-DELLD630 | Source = DCOM | ID = 10005
    Description = DCOM got error "%1058" attempting to start the service SENS with arguments
    "" in order to run the server: {D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}

    Error - 10/16/2012 9:32:36 PM | Computer Name = XANDER-DELLD630 | Source = DCOM | ID = 10005
    Description = DCOM got error "%1058" attempting to start the service SENS with arguments
    "" in order to run the server: {D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}

    Error - 10/16/2012 9:32:36 PM | Computer Name = XANDER-DELLD630 | Source = DCOM | ID = 10005
    Description = DCOM got error "%1058" attempting to start the service SENS with arguments
    "" in order to run the server: {D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}

    Error - 10/16/2012 9:33:15 PM | Computer Name = XANDER-DELLD630 | Source = Service Control Manager | ID = 7009
    Description = Timeout (30000 milliseconds) waiting for the Application Layer Gateway
    Service service to connect.

    Error - 10/16/2012 9:33:15 PM | Computer Name = XANDER-DELLD630 | Source = Service Control Manager | ID = 7000
    Description = The Application Layer Gateway Service service failed to start due
    to the following error: %%1053


    < End of report >

    Attached Files:

  23. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hang on before clearing anything...

    Please run OTL
    • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

    • Then click the Run Fix button at the top.
    • Note: The fix for OTL automatically hides your Desktop and Start menu so the fix can be completed. Do not be alerted, as this is normal.
    • Please do not exit the program. It might take a while to fix, but allow it to run. If it asks to reboot the computer, allow it to reboot. If the program freezes, and the computer fails to reboot - let me know.
      Lastly, post the contents of the log. (Located at C:\_OTL\Moved Files)

    Kaspersky Virus Removal Tool

    The Kaspersky Virus Removal Tool is a scan-and-remove solution from Kaspersky that searches out the most common malware and attempts to remove it from your computer.

    Please download the Kaspersky Virus Removal Tool from Kaspersky's Official Link and save it to your Desktop.

    • Double-click the Setup file to install it on your computer.
    • Once it has installed, review and accept the agreement and press the Start button.
    • You will presented with the main interface, but don't scan yet, click the options tab (gear icon):
      [​IMG]
    • On the Scan Scope tab, make sure to checkmark all the options, except for the CD/DVD drive:
      [​IMG]
    • On the Security Level tab, make sure to move the slider up denoting "Current Security Level: High":
      [​IMG]
    • Now, go back to the Automatic Scan tab, and choose "Start Scanning". It may take several hours to complete. Please allow it to do so.
    • Once done scanning, choose the Report tab (page icon), select Detected Threats tab on left, and choose Disinfect All:
      [​IMG]
    • Then, choose Save. Also, in the Automatic Report tab, select Save:
      [​IMG]
    • Please post the reports in your next reply.
    • Once you exit, the tool should uninstall automatically.
  24. Elvira1

    Elvira1 Newcomer, in training Topic Starter Posts: 34

    I tried OTL fix, but it didn't work. I let it run for a couple of hours. It never shut down the computer and just froze up. I forced my computer to close, rebooted and tried again. The second time, it continued to show the desktop, unlike the first time, but after a long time, froze again. I forced my computer to close again and got the blue screen of death. Now, I'll run Kapersky Virus Removal Tool.
  25. Elvira1

    Elvira1 Newcomer, in training Topic Starter Posts: 34

    Here's the log from Kapersky Virus Removal Tool. The scan actually took all night long. I was not able to click "Disinfect."

    Status: Vulnerability (events: 2)
    10/18/2012 5:26:06 AM Vulnerability vulnerability http://www.securelist.com/en/advisories/50949 File C:\Program Files\Java\jre7\bin\ java.exe Low
    10/18/2012 7:08:20 AM Vulnerability vulnerability http://www.securelist.com/en/advisories/0 File C:\WINDOWS\system32\ msxml4.dll Low


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.