|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
Thread Tools |
02-05-2007, 08:45 PM
|
#1 (permalink) |
|
Human Individual
Join Date: May 2006
Location: Manhattan
Posts: 2,837
OS: WXP Home, WXP Pro
|
Is This OK?
Hi,
Re this thread: Rootkit Freeware?? a fellow member suggested I post current HJT log. And so, I am, and thank U for perusing it. ___________________________________ Logfile of HijackThis v1.99.1 Scan saved at 10:43:16 PM, on 2/5/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run O4 - HKCU\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run O4 - HKCU\..\Run: [AOL Fast Start] "C:\PROGRA~1\AMERIC~1.0\AOL.EXE" -b O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing) O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Snoop Free Service (SnoopFreeSvc) - Unknown owner - C:\WINDOWS\System32\SnoopFreeSvc.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe _________________________________ Jill
__________________
The real voyage of discovery consists not in seeking new landscapes, but in having new eyes. Marcel Proust It ain't where you go, it's where you're coming from. Jill Last edited by Ariesjill : 02-05-2007 at 08:46 PM. |
|
     |
|
02-07-2007, 11:20 PM
|
#2 (permalink) |
|
Mentor, Analyst - Security Team
Join Date: May 2006
Location: Oregon
Posts: 2,503
OS: MacOS X, Debian, OpenBSD, Windows
|
Hello, and welcome to the HijackThis Help Forum.
Apologies for any delay in replying, but we have been rather busy lately. Since it has been a few days since you first posted, please download ComboScan and save it to your Desktop. Double-click on comboscan.exe and follow the prompts. When it has finished, it will open Notepad with a log file -- please copy and paste this logfile as your reply. Additionally, a folder will open be open with two text files. Please attach the Supplementary.txt file with your reply. You may wish to Subscribe to this thread so that you are notified when you receive a reply. To do this click Thread Tools (above the first post), then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe. Thank you.
__________________
The chance to begin again in a golden land of opportunity and adventure. Need HijackThis help? Please read MicroBell's Five Step Process before posting.
Please donate and help keep this site free to all.  UNITE/ASAP: Proud member since 2006 |
|
|
|
|
02-07-2007, 11:24 PM
|
#3 (permalink) |
|
Human Individual
Join Date: May 2006
Location: Manhattan
Posts: 2,837
OS: WXP Home, WXP Pro
|
Deckard:
Not one apology necessary; I C wut you guys do. will follow up right now...and thanks so much. Jill ************************************* I am back: ComboScan v20070205.9 run by Administrator on 2007-02-08 at 01:29:23 Computer is in Normal Mode. -------------------------------------------------------------------------------- Successfully created restore point. Performed disk cleanup. -- HijackThis log (run as Administrator.com) ------------------------------------ Logfile of HijackThis v1.99.1 Scan saved at 1:29:37 AM, on 2/8/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run O4 - HKCU\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run O4 - HKCU\..\Run: [AOL Fast Start] "C:\PROGRA~1\AMERIC~1.0\AOL.EXE" -b O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing) O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NZYPMWA - Unknown owner - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\NZYPMWA.exe (file missing) O23 - Service: Snoop Free Service (SnoopFreeSvc) - Unknown owner - C:\WINDOWS\System32\SnoopFreeSvc.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe O23 - Service: WHZIBLFVDIG - Unknown owner - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\WHZIBLFVDIG.exe (file missing) -- File Associations ------------------------------------------------------------ .bat - batfile - "%1" %* .chm - chm.file - "C:\WINDOWS\hh.exe" %1 .com - comfile - "%1" %* .exe - exefile - "%1" %* .hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1 .inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1 .ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1 .js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %* .lnk - lnkfile - {00021401-0000-0000-C000-000000000046} .pif - piffile - "%1" %* .reg - regfile - regedit.exe "%1" .scr - scrfile - "%1" /S .txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1 .vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %* -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------- 3 aeaudio - system32\drivers\aeaudio.sys 2 ASTRA32 (ASTRA32 Kernel Driver 5.2.1.0) - \??\C:\Program Files\ASTRA32\ASTRA32.sys 3 ATWPKT2 - \??\C:\WINDOWS\system32\drivers\ATWPKT2.SYS 1 Avg7Core (AVG7 Kernel) - \SystemRoot\System32\Drivers\avg7core.sys 1 Avg7RsW (AVG7 Wrap Driver) - \SystemRoot\System32\Drivers\avg7rsw.sys 1 Avg7RsXP (AVG7 Resident Driver XP) - \SystemRoot\System32\Drivers\avg7rsxp.sys 1 AvgClean (AVG7 Clean Driver) - \SystemRoot\System32\Drivers\avgclean.sys 2 AvgTdi (AVG Network Redirector) - \SystemRoot\System32\Drivers\avgtdi.sys 3 E1000 (Intel(R) PRO/1000 Adapter Driver) - system32\DRIVERS\e1000325.sys 3 HCF_MSFT - system32\DRIVERS\HCF_MSFT.sys 3 HidUsb (Microsoft HID Class Driver) - system32\DRIVERS\hidusb.sys 3 ialm - system32\DRIVERS\ialmnt5.sys 1 InCDPass - System32\DRIVERS\InCDPass.sys 1 intelppm (Intel Processor Driver) - system32\DRIVERS\intelppm.sys 3 Intels51 (Intel(R) 536EP Modem) - system32\DRIVERS\Intels51.sys 1 kbdhid (Keyboard HID Driver) - system32\DRIVERS\kbdhid.sys 3 L8042Kbd (Logitech SetPoint Keyboard Driver) - system32\DRIVERS\L8042Kbd.sys 3 L8042mou (Logitech SetPoint PS/2 Mouse Filter Driver) - System32\Drivers\L8042mou.sys 3 LMouKE (Logitech SetPoint Mouse Filter Driver) - System32\Drivers\LMouKE.sys 3 MEMSWEEP2 - \??\C:\WINDOWS\system32\1A.tmp 3 MODEMCSA (Unimodem Streaming Filter Device) - system32\drivers\MODEMCSA.sys 3 mouhid (Mouse HID Driver) - system32\DRIVERS\mouhid.sys 3 nm (Network Monitor Driver) - system32\DRIVERS\NMnt.sys 3 NPF (NetGroup Packet Filter Driver) - system32\drivers\npf.sys 0 PCIIde - system32\DRIVERS\pciide.sys 3 ROOTMODEM (Microsoft Legacy Modem Driver) - System32\Drivers\RootMdm.sys 3 smserial - system32\DRIVERS\smserial.sys 3 smwdm - system32\drivers\smwdm.sys 0 SnoopFree (SnoopFree Driver) - System32\Drivers\SnopFree.sys 0 srescan - system32\ZoneLabs\srescan.sys 0 szkg - system32\DRIVERS\szkg.sys 2 tmcomm - \??\C:\WINDOWS\system32\drivers\tmcomm.sys 3 TVICHW32 - \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS ? UnlockerDriver5 - \??\C:\Program Files\Unlocker\UnlockerDriver5.sys 3 usbccgp (Microsoft USB Generic Parent Driver) - system32\DRIVERS\usbccgp.sys 3 usbehci (Microsoft USB 2.0 Enhanced Host Controller Miniport Driver) - system32\DRIVERS\usbehci.sys 3 usbprint (Microsoft USB PRINTER Class) - system32\DRIVERS\usbprint.sys 3 usbscan (USB Scanner Driver) - system32\DRIVERS\usbscan.sys 1 vsdatant - System32\vsdatant.sys 3 wanatw (WAN Miniport (ATW)) - system32\DRIVERS\wanatw4.sys 3 WINIO - \??\D:\winio.sys -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- 2 AOL ACS (AOL Connectivity Service) - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe 2 AOL TopSpeedMonitor (AOL TopSpeed Monitor) - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe 2 AOLService (AOL Spyware Protection Service) - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe 3 aspnet_state (ASP.NET State Service) - %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe 2 Avg7Alrt (AVG7 Alert Manager Server) - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe 2 Avg7UpdSvc (AVG7 Update Service) - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe 2 AVGEMS (AVG E-mail Scanner) - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe 3 clr_optimization_v2.0.50727_32 (.NET Runtime Optimization Service v2.0.50727_X86) - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 4 EpsonBidirectionalService - C:\Program Files\EPSON\ESM2\eEBSVC.exe 3 FontCache3.0.0.0 (Windows Presentation Foundation Font Cache 3.0.0.0) - C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 3 IDriverT (InstallDriver Table Manager) - "C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe" 3 idsvc (Windows CardSpace) - "C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" 2 InCDsrv (InCD Helper) - C:\Program Files\Ahead\InCD\InCDsrv.exe 2 InCDsrvR (InCD Helper (read only)) - C:\Program Files\Ahead\InCD\InCDsrv.exe -r 2 LightScribeService (LightScribeService Direct Disc Labeling Service) - "C:\Program Files\Common Files\LightScribe\LSSrvc.exe" 4 NetTcpPortSharing (Net.Tcp Port Sharing Service) - "C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" 4 NMSAccess - C:\Program Files\CDBurnerXP Pro 3\Tools\NMSAccess.exe 3 NZYPMWA - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\NZYPMWA.exe 4 rpcapd (Remote Packet Capture Protocol v.0 (experimental)) - "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" 2 SnoopFreeSvc (Snoop Free Service) - System32\SnoopFreeSvc.exe 2 UMWdf (Windows User Mode Driver Framework) - C:\WINDOWS\system32\wdfmgr.exe 2 vsmon (TrueVector Internet Monitor) - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service 2 WANMiniportService (WAN Miniport (ATW) Service) - "C:\WINDOWS\wanmpsvc.exe" 3 WHZIBLFVDIG - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\WHZIBLFVDIG.exe 3 WMConnectCDS (Windows Media Connect Service) - C:\Program Files\Windows Media Connect 2\wmccds.exe -- Scheduled Tasks -------------------------------------------------------------- 2007-02-07 20:00:01 426 --a------ C:\WINDOWS\Tasks\AwcProUpdate.job [AWCPRO~1.JOB] 2007-02-04 19:24:00 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job [APPLES~1.JOB] -- Files created between 2007-01-08 and 2007-02-08 ------------------------------ 2007-02-03 19:09:28 0 d-------- C:\SOPHTEMP 2007-02-02 19:32:18 0 d-------- C:\Program Files\Iconoid 2007-01-30 17:17:39 0 d-------- C:\Program Files\MSBuild 2007-01-30 17:13:41 0 d-------- C:\WINDOWS\system32\XPSViewer [XPSVIE~1] 2007-01-30 17:13:06 0 d-------- C:\Program Files\Reference Assemblies [REFERE~1] 2007-01-28 22:56:54 76560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys [Signed: Trend Micro Inc.] 2007-01-28 18:18:48 0 d-------- C:\Documents and Settings\Administrator\.housecall6.6 [HOUSEC~1.6] 2007-01-26 18:24:01 0 d-------- C:\AOL Instant Messenger [AOLINS~1] 2007-01-26 18:23:56 0 d-------- C:\MAV 2007-01-26 18:22:18 0 d-------- C:\Program Files\America Online 9.0 [AMERIC~1.0] 2007-01-25 02:26:31 0 d-------- C:\Program Files\AOL 2007-01-25 02:25:48 0 d-------- C:\Program Files\Common Files\aolback 2007-01-25 02:23:50 0 d-------- C:\Program Files\Common Files\AolCoach 2007-01-25 02:23:32 0 d-------- C:\Program Files\Common Files\aolshare 2007-01-25 01:56:03 0 d-------- C:\Documents and Settings\Administrator\Application Data\AOL 2007-01-25 01:24:59 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL 2007-01-23 04:07:54 0 d-------- C:\WINDOWS\Prefetch 2007-01-23 01:22:52 0 d-------- C:\Documents and Settings\Administrator\Application Data\Aim 2007-01-23 00:25:32 0 d-------- C:\Program Files\Pure Networks [PURENE~1] 2007-01-23 00:01:01 7421952 --a------ C:\Documents and Settings\Administrator\ntuser.dat 2007-01-12 18:28:55 0 d-------- C:\Documents and Settings\Administrator\Application Data\Apple Computer [APPLEC~1] 2007-01-12 18:28:03 0 d-------- C:\Program Files\QuickTime [QUICKT~1] 2007-01-12 18:27:41 0 d-------- C:\Program Files\Apple Software Update [APPLES~1] 2007-01-12 18:27:08 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer [APPLEC~1] 2007-01-12 17:52:21 0 d-------- C:\Documents and Settings\Administrator\Application Data\Logitech 2007-01-12 17:36:44 69504 --a------ C:\WINDOWS\system32\drivers\LMOUKE.sys [Signed: Logitech, Inc.] 2007-01-12 17:36:44 53632 --a------ C:\WINDOWS\system32\drivers\L8042MOU.SYS [Signed: Logitech, Inc.] 2007-01-12 17:36:36 1047552 --a------ C:\WINDOWS\system32\MFC71u.dll [Unsigned: Microsoft Corporation] 2007-01-12 17:36:35 0 d-------- C:\Program Files\Common Files\Logitech 2007-01-12 17:36:23 13056 --a------ C:\WINDOWS\system32\drivers\L8042Kbd.sys [Signed: Logitech, Inc.] 2007-01-12 17:36:23 0 d-------- C:\Program Files\Logitech 2007-01-10 21:08:03 0 d-------- C:\WINDOWS\ie7updates [IE7UPD~1] -- Find3M Report ---------------------------------------------------------------- 2007-02-07 16:35:32 0 d-------- C:\Program Files\SpywareBlaster [SPYWAR~1] 2007-02-07 15:16:42 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia [MACROM~1] 2007-02-03 20:55:19 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft [MICROS~1] 2007-02-03 20:19:03 0 d-------- C:\Documents and Settings\Administrator\Application Data\DivX 2007-02-03 17:37:06 0 d-------- C:\Documents and Settings\Administrator\Application Data\AVG7 2007-02-02 03:10:15 0 d-------- C:\Program Files\CCleaner 2007-01-31 22:58:50 0 d-------- C:\Program Files\SureThing [SURETH~1] 2007-01-27 01:29:58 0 d-------- C:\Program Files\Common Files\AOL 2007-01-27 00:51:32 0 d-------- C:\Program Files\Common Files\Scansoft Shared [SCANSO~1] 2007-01-22 03:15:21 0 d--h----- C:\Program Files\InstallShield Installation Information [INSTAL~1] 2007-01-22 01:21:52 0 d-------- C:\Program Files\Java 2007-01-13 01:08:58 0 d-------- C:\Documents and Settings\Administrator\Application Data\AdobeUM 2007-01-09 17:56:22 235 --a------ C:\Documents and Settings\Administrator\Application Data\SAS7_000.DAT 2007-01-05 03:14:08 0 d-------- C:\Documents and Settings\Administrator\Application Data\ArcSoft 2007-01-04 01:02:26 0 d-------- C:\Program Files\Google 2006-12-25 01:59:35 9472 -----n--- C:\WINDOWS\system32\drivers\SnopFree.sys [Unsigned: n/a] 2006-12-23 18:46:05 0 d-------- C:\Program Files\EPSON 2006-12-21 23:40:56 0 d-------- C:\Documents and Settings\Administrator\Application Data\Uniblue 2006-12-21 23:40:50 0 d-------- C:\Program Files\Uniblue 2006-12-21 23:34:33 0 d-------- C:\Program Files\NetFast 2006-12-21 09:37:05 0 d-------- C:\Program Files\DivX 2006-12-21 00:05:09 0 d-------- C:\Program Files\Common Files\SureThing Shared [SURETH~1] 2006-12-19 03:05:38 0 d-------- C:\Program Files\Lightscribe Extended Label Contrast Utility [LIGHTS~2] 2006-12-19 03:04:35 0 d-------- C:\Program Files\LightScribe [LIGHTS~1] 2006-12-19 03:00:56 0 d-------- C:\Program Files\Common Files\LightScribe [LIGHTS~1] 2006-12-19 02:33:54 0 d-------- C:\Documents and Settings\Administrator\Application Data\Ahead 2006-12-19 02:30:34 0 d-------- C:\Program Files\Ahead 2006-12-19 02:26:03 0 d-------- C:\Program Files\Common Files\Nero 2006-12-17 19:39:22 0 d-------- C:\Program Files\IObit 2006-12-17 03:51:24 0 d-------- C:\Program Files\Registrar Lite [REGIST~1] 2006-12-17 01:30:39 0 d-------- C:\Program Files\Astro Gemini Software [ASTROG~1] 2006-12-12 11:30:29 520192 --a------ C:\WINDOWS\system32\DivXsm.exe [Unsigned: n/a] 2006-12-12 11:30:26 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll [Unsigned: n/a] 2006-12-12 11:30:18 200704 --a------ C:\WINDOWS\system32\ssldivx.dll [Unsigned: The OpenSSL Project, http://www.openssl.org/] 2006-12-12 11:30:18 1044480 --a------ C:\WINDOWS\system32\libdivx.dll [Unsigned: The OpenSSL Project, http://www.openssl.org/] 2006-12-12 11:25:25 196608 --a------ C:\WINDOWS\system32\dtu100.dll [Unsigned: DivX, Inc.] 2006-12-12 11:25:25 73728 --a------ C:\WINDOWS\system32\dpl100.dll [Unsigned: DivX, Inc.] 2006-12-12 11:25:24 53248 --a------ C:\WINDOWS\system32\dpuGUI10.dll [Unsigned: DivXNetworks] 2006-12-12 11:25:22 57344 --a------ C:\WINDOWS\system32\dpv11.dll [Unsigned: DivXNetworks] 2006-12-12 11:25:22 344064 --a------ C:\WINDOWS\system32\dpus11.dll [Unsigned: DivXNetworks] 2006-12-12 11:25:22 593920 --a------ C:\WINDOWS\system32\dpuGUI11.dll [Unsigned: DivXNetworks] 2006-12-12 11:25:22 294912 --a------ C:\WINDOWS\system32\dpu11.dll [Unsigned: DivXNetworks] 2006-12-12 11:25:22 294912 --a------ C:\WINDOWS\system32\dpu10.dll [Unsigned: DivXNetworks] 2006-12-12 11:25:20 806912 --a------ C:\WINDOWS\system32\divx_xx0c.dll [DIVX_X~1.DLL] [Unsigned: DivX, Inc.] 2006-12-12 11:25:20 806912 --a------ C:\WINDOWS\system32\divx_xx07.dll [DIVX_X~2.DLL] [Unsigned: DivX, Inc.] 2006-12-12 11:25:19 790528 --a------ C:\WINDOWS\system32\divx_xx11.dll [DIVX_X~3.DLL] [Unsigned: DivX, Inc.] 2006-12-12 11:25:19 635486 --a------ C:\WINDOWS\system32\DivX.dll [Unsigned: DivX, Inc.] 2006-12-12 11:24:42 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll [DIVXWM~1.DLL] [Unsigned: n/a] 2006-12-12 11:24:42 118784 --a------ C:\WINDOWS\system32\DivXCodecUpdateChecker.exe [DIVXCO~1.EXE] [Unsigned: DivX, Inc.] 2006-12-11 02:34:44 0 d-------- C:\Program Files\ASTRA32 2006-12-08 11:33:53 0 d-------- C:\Program Files\Windows NT [WINDOW~3] 2006-12-08 11:33:50 0 d-------- C:\Program Files\msn gaming zone [MSNGAM~1] 2006-12-08 11:33:50 0 d-------- C:\Program Files\microsoft frontpage [MICROS~1] 2006-11-29 01:59:09 90112 --a------ C:\WINDOWS\system32\SnoopFreeSvc.exe [SNOOPF~1.EXE] [Unsigned: n/a] 2006-11-29 01:59:09 221184 --a------ C:\WINDOWS\SnoopFreeUI.exe [SNOOPF~1.EXE] [Unsigned: SnoopFree Software] 2006-11-29 01:59:09 45056 --a------ C:\WINDOWS\SnoopFreeDll.dll [SNOOPF~1.DLL] [Unsigned: n/a] 2006-11-16 11:44:29 103984 --a------ C:\WINDOWS\system32\AOLDial.dll [Signed: AOL LLC] 2006-11-15 16:01:32 115960 -----n--- C:\WINDOWS\system32\pxcpyi64.exe [Signed: Sonic Solutions] 2006-11-15 16:01:31 116984 -----n--- C:\WINDOWS\system32\pxinsi64.exe [Signed: Sonic Solutions] -- Registry Dump ---------------------------------------------------------------- [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" "Iconoid"="\"C:\\Program Files\\Iconoid\\iconoid.exe\"" "Pure Networks Port Magic"="\"C:\\PROGRA~1\\PURENE~1\\PORTMA~1\\PortAOL.exe\" -Run" "AOL Fast Start"="\"C:\\PROGRA~1\\AMERIC~1.0\\AOL.EXE\" -b" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP" "UnlockerAssistant"="\"C:\\Program Files\\Unlocker\\UnlockerAssistant.exe\"" "Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\"" "SnoopFreeUI"="SnoopFreeUI.exe" "InCD"="C:\\Program Files\\Ahead\\InCD\\InCD.exe" "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe" "EPSON Stylus Photo 820 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_S0EIC1.EXE /P29 \"EPSON Stylus Photo 820 Series\" /O6 \"USB001\" /M \"Stylus Photo 820\"" "Advanced WindowsCare V2 Pro"="\"C:\\Program Files\\IObit\\Advanced WindowsCare V2 Pro\\Awc.exe\" /startup" "HostManager"="C:\\Program Files\\Common Files\\AOL\\1130120933\\ee\\AOLSoftware.exe" "Pure Networks Port Magic"="\"C:\\PROGRA~1\\PURENE~1\\PORTMA~1\\PortAOL.exe\" -Run" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Camio Viewer 3.2.lnk] "path"="C:\\Documents and Settings\\Administrator\\Start Menu\\Programs\\Startup\\Camio Viewer 3.2.lnk" "backup"="C:\\WINDOWS\\pss\\Camio Viewer 3.2.lnkStartup" "location"="Startup" "command"="C:\\PROGRA~1\\SIERRA~1\\IMAGEE~1\\IXApplet.exe " "item"="Camio Viewer 3.2" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Find Fast.lnk] "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Microsoft Find Fast.lnk" "backup"="C:\\WINDOWS\\pss\\Microsoft Find Fast.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\MICROS~2\\Office\\FINDFAST.EXE " "item"="Microsoft Find Fast" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Office Startup.lnk] "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Office Startup.lnk" "backup"="C:\\WINDOWS\\pss\\Office Startup.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\MICROS~2\\Office\\OSA.EXE -b" "item"="Office Startup" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPHSend] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="IPHSend" "hkey"="HKLM" "command"="C:\\Program Files\\Common Files\\AOL\\IPHSend\\IPHSend.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="RealPlay" "hkey"="HKLM" "command"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "helpsvc"=dword:00000003 "Eventlog"=dword:00000002 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{03A80B1D-5C6A-42c2-9DFB-81B6005D8023}"="Trend Micro Anti-Spyware Shell Extension" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE" [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "LinkResolveIgnoreLinkInfo"=dword:00000000 "NoResolveSearch"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "ClearRecentDocsOnExit"=dword:00000001 "NoInstrumentation"=dword:00000000 "LinkResolveIgnoreLinkInfo"=dword:00000000 "NoRecentDocsMenu"=dword:00000001 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 -- End of ComboScan: finished at 2007-02-08 at 01:31:07 ------------------------- Thanks so much, Jill
__________________
The real voyage of discovery consists not in seeking new landscapes, but in having new eyes. Marcel Proust It ain't where you go, it's where you're coming from. Jill Last edited by Deckard : 02-08-2007 at 08:46 PM. Reason: removed duplicate logs |
|
|
|
|
02-07-2007, 11:47 PM
|
#4 (permalink) |
|
Human Individual
Join Date: May 2006
Location: Manhattan
Posts: 2,837
OS: WXP Home, WXP Pro
|
Sorry again re the above redundancies! I am afraid if I try to delete I will delete the wrong thingies. Can someone there delete? Sorry again....OMG.
J.
__________________
The real voyage of discovery consists not in seeking new landscapes, but in having new eyes. Marcel Proust It ain't where you go, it's where you're coming from. Jill Last edited by Ariesjill : 02-07-2007 at 11:52 PM. |
|
|
|
|
02-08-2007, 09:01 PM
|
#5 (permalink) |
|
Mentor, Analyst - Security Team
Join Date: May 2006
Location: Oregon
Posts: 2,503
OS: MacOS X, Debian, OpenBSD, Windows
|
I pared it down for you. However, you're still missing a lot of entries in your HijackThis log, which has me concerned. I need to dig a little deeper -- please download GMER from one of the following links and extract it to your desktop:Double-click gmer.exe to run it and select the Rootkit tab. Press scan. When it has finished, press copy and paste the log back here.
Next, please download System Repair Engineer and save it to your Desktop. Extract the contents of the archive into it's own folder.
Hopefully between these two logs I can get a better idea of what's going on.
__________________
The chance to begin again in a golden land of opportunity and adventure. Need HijackThis help? Please read MicroBell's Five Step Process before posting.
Please donate and help keep this site free to all. UNITE/ASAP: Proud member since 2006 |
|
|
|
|
02-09-2007, 12:41 AM
|
#6 (permalink) |
|
Human Individual
Join Date: May 2006
Location: Manhattan
Posts: 2,837
OS: WXP Home, WXP Pro
|
Deckard:
1) Thanks so much for the paring....I was hysterical and kept pasting. 2) I did not know we don't get email notification for posts in this forum so I just caught this. 3) I just realized U do't know....that I got HJY like year back, assumed I would use it as I do any anti software....and so did that from jump. Meanng, when, rarely I find evil entry, like BHO, I kill it, also ut the thigs I deem OK in ognore. As I once posted in earlier issue heah....I was trained by gremlins. but they had badges, OK? So I believe wut U R missing....is iognore list. This is fairly recent install of HJT.....couple of mos. Let me go C if I can get the ignore list and post in case this shuld save U time. Thanks so much, Jill Update: OK can't access the ignore list, when I choose that same list I posted appears...given I havew put all of those on ignore list....but since this installatin I "fixed" perhaps 5 entries including one BHO. I will now proceed with your current instructions. J.
__________________
The real voyage of discovery consists not in seeking new landscapes, but in having new eyes. Marcel Proust It ain't where you go, it's where you're coming from. Jill Last edited by Ariesjill : 02-09-2007 at 12:46 AM. |
|
|
|
|
02-09-2007, 01:07 AM
|
#7 (permalink) |
|
Human Individual
Join Date: May 2006
Location: Manhattan
Posts: 2,837
OS: WXP Home, WXP Pro
|
Hi, Deckard: Am pasting the gmer log; will be back when I can add SRE log. Former scanned both drives, C & E. __________________________________________________________ GMER 1.0.12.12027 - http://www.gmer.net Rootkit scan 2007-02-09 03  23Windows 5.1.2600 Service Pack 2 ---- System - GMER 1.0.12 ---- SSDT \SystemRoot\System32\vsdatant.sys ZwConnectPort SSDT \SystemRoot\System32\vsdatant.sys ZwCreateFile SSDT \SystemRoot\System32\vsdatant.sys ZwCreateKey SSDT \SystemRoot\System32\vsdatant.sys ZwCreatePort SSDT \SystemRoot\System32\vsdatant.sys ZwCreateProcess SSDT \SystemRoot\System32\vsdatant.sys ZwCreateProcessEx SSDT \SystemRoot\System32\vsdatant.sys ZwCreateSection SSDT \SystemRoot\System32\vsdatant.sys ZwCreateWaitablePort SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteFile SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteKey SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteValueKey SSDT \SystemRoot\System32\vsdatant.sys ZwDuplicateObject SSDT \SystemRoot\System32\vsdatant.sys ZwLoadKey SSDT \SystemRoot\System32\vsdatant.sys ZwOpenFile SSDT \SystemRoot\System32\vsdatant.sys ZwOpenProcess SSDT \SystemRoot\System32\vsdatant.sys ZwOpenThread SSDT \SystemRoot\System32\vsdatant.sys ZwReplaceKey SSDT \SystemRoot\System32\vsdatant.sys ZwRequestWaitReplyPort SSDT \SystemRoot\System32\vsdatant.sys ZwRestoreKey SSDT \SystemRoot\System32\vsdatant.sys ZwSecureConnectPort SSDT \SystemRoot\System32\vsdatant.sys ZwSetInformationFile SSDT \SystemRoot\System32\vsdatant.sys ZwSetValueKey SSDT \SystemRoot\System32\vsdatant.sys ZwTerminateProcess ---- Kernel code sections - GMER 1.0.12 ---- .text ntoskrnl.exe!_abnormal_termination + 104 804E2760 12 Bytes [ 60, DC, DC, EE, E0, 3E, DD, ... ] .text ntoskrnl.exe!_abnormal_termination + 104 804E2760 12 Bytes [ 60, DC, DC, EE, E0, 3E, DD, ... ] ---- User code sections - GMER 1.0.12 ---- .text C:\Program Files\Unlocker\UnlockerAssistant.exe[200] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Unlocker\UnlockerAssistant.exe[200] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ] .text C:\Program Files\Unlocker\UnlockerAssistant.exe[200] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ] .text C:\Program Files\Unlocker\UnlockerAssistant.exe[200] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ] .text C:\Program Files\Unlocker\UnlockerAssistant.exe[200] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ] .text C:\WINDOWS\system32\spool\drivers\W32X86\3\E_S0EIC1.EXE[228] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\spool\drivers\W32X86\3\E_S0EIC1.EXE[228] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ] .text C:\WINDOWS\system32\spool\drivers\W32X86\3\E_S0EIC1.EXE[228] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ] .text C:\WINDOWS\system32\spool\drivers\W32X86\3\E_S0EIC1.EXE[228] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ] .text C:\WINDOWS\system32\spool\drivers\W32X86\3\E_S0EIC1.EXE[228] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ] .text C:\WINDOWS\SnoopFreeUI.exe[232] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\SnoopFreeUI.exe[232] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ] .text C:\WINDOWS\SnoopFreeUI.exe[232] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ] .text C:\WINDOWS\SnoopFreeUI.exe[232] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ] .text C:\WINDOWS\SnoopFreeUI.exe[232] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ] .text C:\Program Files\Ahead\InCD\InCD.exe[240] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Ahead\InCD\InCD.exe[240] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ] .text C:\Program Files\Ahead\InCD\InCD.exe[240] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ] .text C:\Program Files\Ahead\InCD\InCD.exe[240] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ] .text C:\Program Files\Ahead\InCD\InCD.exe[240] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ] .text C:\Program Files\IObit\Advanced WindowsCare V2 Pro\Awc.exe[260] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\IObit\Advanced WindowsCare V2 Pro\Awc.exe[260] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ] .text C:\Program Files\IObit\Advanced WindowsCare V2 Pro\Awc.exe[260] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ] .text C:\Program Files\IObit\Advanced WindowsCare V2 Pro\Awc.exe[260] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ] .text C:\Program Files\IObit\Advanced WindowsCare V2 Pro\Awc.exe[260] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ] .text C:\Program Files\Common Files\AOL\1130120933\ee\aolsoftware.exe[280] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Common Files\AOL\1130120933\ee\aolsoftware.exe[280] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ] .text C:\Program Files\Common Files\AOL\1130120933\ee\aolsoftware.exe[280] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ] .text C:\Program Files\Common Files\AOL\1130120933\ee\aolsoftware.exe[280] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ] .text C:\Program Files\Common Files\AOL\1130120933\ee\aolsoftware.exe[280] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ] .text C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[304] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[304] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ] .text C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[304] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ] .text C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[304] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ] .text C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[304] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ] .text C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe[312] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe[312] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ] .text C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe[312] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ] .text C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe[312] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ] .text C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe[312] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ] .text C:\WINDOWS\system32\ctfmon.exe[336] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\ctfmon.exe[336] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ] .text C:\WINDOWS\system32\ctfmon.exe[336] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ] .text C:\WINDOWS\system32\ctfmon.exe[336] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ] .text C:\WINDOWS\system32\ctfmon.exe[336] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ] .text C:\WINDOWS\system32\SnoopFreeSvc.exe[504] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\SnoopFreeSvc.exe[504] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ] .text C:\WINDOWS\system32\SnoopFreeSvc.exe[504] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ] .text C:\WINDOWS\system32\SnoopFreeSvc.exe[504] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ] .text C:\WINDOWS\system32\SnoopFreeSvc.exe[504] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ] .text C:\WINDOWS\system32\SnoopFreeSvc.exe[504] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, 7F, E2 ] .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[536] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[536] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ] .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[536] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ] .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[536] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ] .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[536] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ] .text C:\Program Files\Trend Micro\Tmas\Tmas.exe[548] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Trend Micro\Tmas\Tmas.exe[548] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ] .text C:\Program Files\Trend Micro\Tmas\Tmas.exe[548] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ] .text C:\Program Files\Trend Micro\Tmas\Tmas.exe[548] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ] .text C:\Program Files\Trend Micro\Tmas\Tmas.exe[548] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ] .text C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe[612] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe[612] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ] .text C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe[612] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ] .text C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe[612] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ] .text C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe[612] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ] .text C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe[656] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe[656] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ] .text C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe[656] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ] .text C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe[656] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ] .text C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe[656] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ] .text C:\WINDOWS\system32\csrss.exe[744] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\csrss.exe[744] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ] .text C:\WINDOWS\system32\csrss.exe[744] KERNEL32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ] .text C:\WINDOWS\system32\csrss.exe[744] KERNEL32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ] .text C:\WINDOWS\system32\csrss.exe[744] KERNEL32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ] .text C:\WINDOWS\system32\winlogon.exe[768] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\winlogon.exe[768] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ] .text C:\WINDOWS\system32\winlogon.exe[768] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ] .text C:\WINDOWS\system32\winlogon.exe[768] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ] .text C:\WINDOWS\system32\winlogon.exe[768] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ] .text C:\WINDOWS\system32\services.exe[820] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\services.exe[820] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ] .text C:\WINDOWS\system32\services.exe[820] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ] .text C:\WINDOWS\system32\services.exe[820] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ] .text C:\WINDOWS\system32\services.exe[820] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ] .text C:\WINDOWS\system32\lsass.exe[832] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\lsass.exe[832] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ] .text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ] .text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ] .text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ] .text C:\WINDOWS\wanmpsvc.exe[952] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\wanmpsvc.exe[952] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ] .text C:\WINDOWS\wanmpsvc.exe[952] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ] .text C:\WINDOWS\wanmpsvc.exe[952] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ] .text C:\WINDOWS\wanmpsvc.exe[952] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ] .text C:\WINDOWS\wanmpsvc.exe[952] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, 7F, E2 ] .text C:\WINDOWS\system32\svchost.exe[984] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[984] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ] .text C:\WINDOWS\system32\svchost.exe[984] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ] .text C:\WINDOWS\system32\svchost.exe[984] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ] .text C:\WINDOWS\system32\svchost.exe[984] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ] .text C:\WINDOWS\system32\svchost.exe[1032] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1032] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ] .text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ] .text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ] .text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ] .text C:\WINDOWS\system32\wdfmgr.exe[1120] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\wdfmgr.exe[1120] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ] .text C:\WINDOWS\system32\wdfmgr.exe[1120] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ] .text C:\WINDOWS\system32\wdfmgr.exe[1120] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ] .text C:\WINDOWS\system32\wdfmgr.exe[1120] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ] .text C:\WINDOWS\system32\wdfmgr.exe[1120] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, 7F, E2 ] .text C:\WINDOWS\system32\svchost.exe[1124] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1124] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ] .text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ] .text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ] .text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ] .text C:\Program Files\Ahead\InCD\incdsrv.exe[1148] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Ahead\InCD\incdsrv.exe[1148] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ] .text C:\Program Files\Ahead\InCD\incdsrv.exe[1148] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ] .text C:\Program Files\Ahead\InCD\incdsrv.exe[1148] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ] .text C:\Program Files\Ahead\InCD\incdsrv.exe[1148] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ] .text C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe[1188] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe[1188] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ] .text C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe[1188] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ] .text C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe[1188] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ] .text C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe[1188] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ] .text C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe[1432] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe[1432] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ] .text C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe[1432] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ] .text C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe[1432] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ] .text C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe[1432] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ] .text C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe[1560] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe[1560] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ] .text C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe[1560] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ] .text C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe[1560] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ] .text C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe[1560] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ] .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1648] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1648] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ] .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1648] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ] .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1648] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ] .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1648] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ] .text C:\WINDOWS\system32\spoolsv.exe[1724] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\spoolsv.exe[1724] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ] .text C:\WINDOWS\system32\spoolsv.exe[1724] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ] .text C:\WINDOWS\system32\spoolsv.exe[1724] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ] .text C:\WINDOWS\system32\spoolsv.exe[1724] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ] .text C:\WINDOWS\explorer.exe[1972] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\explorer.exe[1972] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ] .text C:\WINDOWS\explorer.exe[1972] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ] .text C:\WINDOWS\explorer.exe[1972] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ] .text C:\WINDOWS\explorer.exe[1972] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ] .text C:\WINDOWS\explorer.exe[1972] SHELL32.dll!SHFileOperationW |
