Jump to content

Multiple problems on the computer - more inside

Blake C

By Blake C
in Resolved Malware Removal Logs

 Share

Recommended Posts

Blake C

Blake C

Posted
Posted

Hello there. Ive got problems on the computer that may or may not be Malware related. I just want to check to make sure. They include the following:

1. Certain (or most) adware/Malware removal programs like Spybot & Destory, Ad-aware, and even Malwarebytes refuses to open up. I click the icons or from the Start menu and nothing happens.

2. My computer no longer recognizes my cd-rom drive. I checked the cables, reinstalled the drive, and it still doesnt work. It does show up a few times as working, but most of the time theres nothing there.

3. Every time I boot the computer up I get the message "The instruction at '0x001a16b0' referenced memory at '0x00000000'. The memory could not be 'written' " with svhost.exe being in the top part of the box.

4. In addition to the above I also get the message that the auto rotation feature needs to reinstalled. Again I updated and reinstalled the driver, and Im still getting the friggen message!

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 7:47:01 PM, on 1/12/2011

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Application Updater\ApplicationUpdater.exe

C:\Program Files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Cepstral\bin\CepstralLicSrv.exe

C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\java.exe

C:\Program Files\Nero\Update\NASvc.exe

C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe

C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe

C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe

C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe

C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\DivX\DivX Update\DivXUpdate.exe

C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Gateway\EzTune\DTHtml.exe

C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe

C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Program Files\Linksys\WUSB600N\WUSB600N.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Portrait Displays\Pivot Software\floater.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Program Files\Opera\opera.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\AVG\AVG10\avgwdsvc.exe

C:\Program Files\AVG\AVG10\avgrsx.exe

C:\Program Files\AVG\AVG10\avgcsrvx.exe

C:\Program Files\AVG\AVG10\avgchsvx.exe

C:\Program Files\AVG\AVG10\avgnsx.exe

C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

C:\Program Files\AVG\AVG10\avgtray.exe

C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

C:\Program Files\Essentials Codec Pack\WECPUpdate.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=Z007&form=ZGAPHP

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\4.1\youtubedownloaderToolbarIE.dll

R3 - URLSearchHook: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.1\dealioToolbarIE.dll

R3 - URLSearchHook: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)

O2 - BHO: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.1\dealioToolbarIE.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll

O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.9.0\ViewBarBHO.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)

O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll

O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\4.1\youtubedownloaderToolbarIE.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)

O3 - Toolbar: &Crawler li

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Hello Blake C! Welcome to Malwarebytes' Anti-Malware Forums!

My name is Borislav and I will be glad to help you solve your problems with malware. Before we begin, please note the following:

  • The process of cleaning your system may take some time, so please be patient.
  • Follow my instructions step by step if there is a problem somewhere, stop and tell me.
  • Stay with the thread until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • If you don't know or can't understand something please ask.
  • Do not install or uninstall any software or hardware, while work on.
  • Keep me informed about any changes.

There is something, let it clean and do some work and see what happens.

Step 1

I see you are running Teatimer.

I suggest you to disable it because it can interfere with the changes you'll make on your system.

When everything is done and your log is clean again, you can enable it again.

If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.

How to disable TeaTimer <== click me for instructions.A0-

After you disabled Teatimer, download ResetTeaTimer.exe to your desktop.

Then run ResetTeaTimer.exe.

This will only take a few seconds.

Step 2

Please, open HiJackThis and select AFs-ALQ-b]Do a system scan only.

Check the following entries:

O20 - Winlogon Notify: qommmmn - qommmmn.dll (file missing)

Then, close all open windows except that of HijackThis, and select Fix Checked.

Step 3

  • Launch Malwarebytes' Anti-Malware
  • Go to "Update" tab and select "Check for Updates". If an update is found, it will download and install the latest version.
  • Go to "Scanner" tab and select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Step 4

Also, I would like you to generate a "Add/Remove Software list" log using the HijackThis application. Here is how you can do this:

To get an Uninstall List from HijackThis:

  • Open HijackThis, click Config, click Misc Tools
  • Click "Open Uninstall Manager"
  • Click "Save List" (generates uninstall_list.txt)
  • Click Save, copy and paste the results in your next post.

In your next reply, please include these log(s):

  1. Malwarebytes' Anti-Malware log
  2. Add or Remove Programs list
  3. a new fresh HiJackThis log

Link to post
Share on other sites
Blake C

Blake C

Posted
  • Author
Posted
Hello Blake C! Welcome to Malwarebytes' Anti-Malware Forums!

My name is Borislav and I will be glad to help you solve your problems with malware. Before we begin, please note the following:

  • The process of cleaning your system may take some time, so please be patient.
  • Follow my instructions step by step if there is a problem somewhere, stop and tell me.
  • Stay with the thread until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • If you don't know or can't understand something please ask.
  • Do not install or uninstall any software or hardware, while work on.
  • Keep me informed about any changes.

There is something, let it clean and do some work and see what happens.

Step 1

I see you are running Teatimer.

I suggest you to disable it because it can interfere with the changes you'll make on your system.

When everything is done and your log is clean again, you can enable it again.

If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.

How to disable TeaTimer <== click me for instructions.A0-

After you disabled Teatimer, download ResetTeaTimer.exe to your desktop.

Then run ResetTeaTimer.exe.

This will only take a few seconds.

Step 2

Please, open HiJackThis and select AFs-ALQ-b]Do a system scan only.

Check the following entries:

O20 - Winlogon Notify: qommmmn - qommmmn.dll (file missing)

Then, close all open windows except that of HijackThis, and select Fix Checked.

Step 3

  • Launch Malwarebytes' Anti-Malware
  • Go to "Update" tab and select "Check for Updates". If an update is found, it will download and install the latest version.
  • Go to "Scanner" tab and select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Step 4

Also, I would like you to generate a "Add/Remove Software list" log using the HijackThis application. Here is how you can do this:

To get an Uninstall List from HijackThis:

  • Open HijackThis, click Config, click Misc Tools
  • Click "Open Uninstall Manager"
  • Click "Save List" (generates uninstall_list.txt)
  • Click Save, copy and paste the results in your next post.

In your next reply, please include these log(s):

  1. Malwarebytes' Anti-Malware log
  2. Add or Remove Programs list
  3. a new fresh HiJackThis log

Hello there Maniac. Thank you for your help. I am not able to provide a Malwarebytes' Anti-Malware log as, as I said before, whenever I try to start Malwarebytes nothing happens. I tired installing a newer version but it I get the same results. Heres my Add or Remove Programs list:

AbiWord 2.4.6 (remove only)

Adobe Anchor Service CS3

Adobe Asset Services CS3

Adobe Bridge CS3

Adobe Bridge Start Meeting

Adobe Camera Raw 4.0

Adobe CMaps

Adobe Color Common Settings

Adobe Color Common Settings

Adobe Default Language CS3

Adobe Device Central CS3

Adobe ExtendScript Toolkit 2

Adobe ExtendScript Toolkit 2

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Fonts All

Adobe Help Viewer CS3

Adobe Linguistics CS3

Adobe PDF Library Files

Adobe Premiere Pro CS3

Adobe Premiere Pro CS3

Adobe Premiere Pro CS3 Functional Content

Adobe Reader 8.2.5

Adobe Setup

Adobe Setup

Adobe Setup

Adobe Setup

Adobe Stock Photos CS3

Adobe Stock Photos CS3

Adobe Type Support

Adobe Update Manager CS3

Adobe Version Cue CS3 Client

Adobe XMP DVA Panels CS3

Adobe XMP Panels CS3

Advanced SystemCare 3

Age of Chivalry: Hegemony 1.66

Age of Empires III

Age of Empires III - The Asian Dynasties

Age of Empires III - The WarChiefs

Age of Mythology

Age of Mythology - The Titans Expansion

AIM 7

AIM Toolbar

AIMTunes

AMD Processor Driver

Any Video Converter 2.0.7

AOL Coach Version 2.0(Build:20041026.5 en)

AOL Connectivity Services

AOL Instant Messenger

AOL Spyware Protection

AOL Uninstaller (Choose which Products to Remove)

AOL You've Got Pictures Screensaver

Apple Mobile Device Support

Apple Software Update

ArcSoft Print Creations

ArcSoft Print Creations - Album Page

ArcSoft Print Creations - Funhouse

ArcSoft Print Creations - Greeting Card

ArcSoft Print Creations - Photo Book

ArcSoft Print Creations - Photo Calendar

ArcSoft Print Creations - Scrapbook

ArcSoft Print Creations - Slimline Card

Ashampoo WinOptimizer 7.23

Ask Toolbar

Aspell English Dictionary-0.50-2

Auslogics Disk Defrag

avast! Free Antivirus

Avidemux 2.5

AviSynth 2.5

AVS DVDMenu Editor 1.2.1.19

AVS Video Tools 5.6

Bonjour

Browser Address Error Redirector

Caesar 3 Demo

CCleaner

CCScore

Cepstral Duncan 5.1.0

Cepstral Lawrence 5.1.0

COWON Media Center - jetAudio Basic

Crawler Toolbar with Web Security Guard

CuteFTP 8 Home

DC++ 0.698

Dealio Toolbar v4.1

Diablo

Digital Media Reader

DivX Converter

DivX Plus DirectShow Filters

DivX Setup

Download Manager 2.3.10

Download Updater (AOL LLC)

DriverGuide DriverScan

DVD Solution

EasyRecorder 5.5

ESSBrwr

ESSCDBK

ESScore

ESSgui

ESSini

ESSPCD

ESSPDock

ESSTOOLS

essvatgt

EzTune

fflink

Form Fill (Windows Live Toolbar)

Free FLV Converter V 4.0

Free YouTube to Mp3 Converter version 3.1

FreezeSMS

FrostWire 4.18.5

Game Maker 7.0

Glary Utilities 2.30.0.1066

GNU Aspell 0.50-3

GoldWave v5.18

Google Earth

Google Toolbar for Internet Explorer

Google Update Helper

Graboid Video 1.3

Hamachi 1.0.2.5

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Internet Explorer 7 (KB947864)

Hotfix for Windows XP (KB2443685)

HxD Hex Editor version 1.7.7.0

IC Engine 1.2

IGZ Lobby System

InterActual Player

ips XP 1.11.2600

IrfanView (remove only)

iTunes

J2SE Runtime Environment 5.0 Update 2

Java 6 Update 22

Java 6 Update 3

Java 6 Update 7

Junk Mail filter update

kgcbaby

kgchday

kgchlwn

kgcinvt

kgckids

kgcmove

kgcvday

K-Lite Codec Pack 6.4.0 (Full)

Kodak EasyShare software

Lernout & Hauspie TruVoice American English TTS Engine

Linksys Dual-Band Wireless-N USB Network Adapter

Linksys EasyLink Advisor

Linksys EasyLink Advisor

Logitech Legacy USB Camera Driver Package

Logitech Updater

Logitech Vid HD

Logitech Webcam Software

Logitech Webcam Software Driver Package

Malwarebytes' Anti-Malware

Messenger Plus! Live

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2416447)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft .NET Framework 4 Extended

Microsoft Age of Empires II

Microsoft Age of Empires II: The Conquerors Expansion

Microsoft Base Smart Card Cryptographic Service Provider Package

Microsoft Choice Guard

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Digital Image Starter Edition 2006

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft Money 2006

Microsoft National Language Support Downlevel APIs

Microsoft Office Live Add-in 1.4

Microsoft Office Outlook Connector

Microsoft Office Professional Edition 2003

Microsoft Office Standard Edition 2003

Microsoft Search Enhancement Pack

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)

Microsoft Text-to-Speech Engine 4.0 (English)

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft VC9 runtime libraries

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Works

Mozilla ActiveX Control v1.7.12

Mozilla Firefox (3.6.13)

MS Access 97 SP2

MSVCRT

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 6 Service Pack 2 (KB954459)

MSXML4 Parser

MuckClient

MySQL Connector/ODBC 3.51

Napster Burn Engine

Nero BurnLite 10

Nero BurnLite 10

Nero Control Center 10

Nero ControlCenter 10 Help (CHM)

Nero Core Components 10

Nero Update

netbrdg

NVIDIA Drivers

NVIDIA ForceWare Network Access Manager

NVIDIA ForceWare Network Access Manager

NVIDIA Graphics Driver 260.99

NVIDIA nView 135.36

NVIDIA nView Desktop Manager

NVIDIA PhysX

NVIDIA PhysX System Software 9.10.0514

OfotoXMI

Opera 10.63

PCFriendly

Pharaoh

Pivot Software

Port Scanner

Power2Go 4.0

PowerDVD

Project64 1.6

Pure Networks Port Magic

QuickTime

Real Alternative 2.0.2

Realtek AC'97 Audio

Replay Converter 3

RollerCoaster Tycoon Deluxe

SDK

Security Update for CAPICOM (KB931906)

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Windows Internet Explorer 7 (KB928090)

Security Update for Windows Internet Explorer 7 (KB929969)

Security Update for Windows Internet Explorer 7 (KB931768)

Security Update for Windows Internet Explorer 7 (KB933566)

Security Update for Windows Internet Explorer 7 (KB937143)

Security Update for Windows Internet Explorer 7 (KB938127)

Security Update for Windows Internet Explorer 7 (KB939653)

Security Update for Windows Internet Explorer 7 (KB942615)

Security Update for Windows Internet Explorer 7 (KB944533)

Security Update for Windows Internet Explorer 7 (KB950759)

Security Update for Windows Internet Explorer 7 (KB953838)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB958215)

Security Update for Windows Internet Explorer 7 (KB960714)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Internet Explorer 7 (KB969897)

Security Update for Windows Internet Explorer 7 (KB972260)

Security Update for Windows Internet Explorer 8 (KB2183461)

Security Update for Windows Internet Explorer 8 (KB2360131)

Security Update for Windows Internet Explorer 8 (KB2416400)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB972260)

Security Update for Windows Internet Explorer 8 (KB974455)

Security Update for Windows Internet Explorer 8 (KB976325)

Security Update for Windows Internet Explorer 8 (KB978207)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Segoe UI

SFR

SHASTA

Sid Meier's Civilization 4 - Beyond the Sword

Sid Meier's Civilization 4 Complete

Sid Meier's Civilization IV Colonization

Sid Meier's Pirates!

Sierra Utilities

skin0001

SKINXSDK

Skype

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Step 1

Please, uninstall the following applications:

  1. Dealio Toolbar v4.1

You can read, how to do this here:

Step 2

I see the Ask Toolbar in your log.

I strongly recommend you remove Ask Toolbar from your computer because:

  • It promotes its toolbars on sites targeted at kids.
  • It promotes its toolbars through ads that appear to be part of other companies' sites.
  • It promotes its toolbars through other companies' spyware.
  • It is Installed without any disclosure whatsoever and without any consent from the user whatsoever.
  • It Solicits installations via "deceptive door openers" that do not accurately describe the offer; failing to affirmatively show a license agreement; linking to a EULA via an off-screen link.
  • It makes confusing changes to user's browsers -- increasing Ask's revenues while taking users to pages they didn't intend to visit.
    -

You can read more about Ask.com here

To remove it:

Click Start-->Control Panel-->Programs and Features

Click on the program name AskBarDis to highlight it

From the menu at the top, select Uninstall or Remove.

Please reboot the computer.

Step 3

I also see you have Viewpoint installed...

Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546

I suggest you remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.


  • Viewpoint
  • Viewpoint Manager
  • Viewpoint Media Player

Step 4

Please download Rootkit Unhooker and save it to your desktop.

  • Double-click RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth Code, Files, and Code Hooks
  • Uncheck the rest, then click OK
  • When prompted to Select Disks for Scan, make sure C:\ is checked and click OK
  • Wait till the scanner has finished then go File > Save Report
  • Save the report somewhere you can find it, typically your desktop. Click Close
  • Copy the entire contents of the report and paste it in your next reply.

Note - You may get this warning it is ok, just ignore it."Rootkit Unhooker has detected a parasite inside itself!

It is recommended to remove parasite, okay?"

Step 5

  • Download OTL to your desktop. Otherwise, try OTL.com or OTL.scr .
  • Double click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry[-/b] box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Once OTL has completed its first scan it will save notepad copies of the scans in the folder that OTL was started from. Unless set to produce an Extras log it will only produce OTL.txt in subsequent scans.

A copy of an OTL fix log is saved in a text file at

  • :\_OTL\Moved Files
    • in most cases this will be C:\_OTL\Moved Files

In your next reply, please include these log(s):

  1. Rootkit Unhooker log
  2. OTL log with Extras.txt

Link to post
Share on other sites
Blake C

Blake C

Posted
  • Author
Posted

Heres my Rootkit unkooker log (part 1 of 2):

RkU Version: 3.8.388.590, Type LE (SR2)

==============================================

OS Name: Windows XP

Version 5.1.2600 (Service Pack 3)

Number of processors #2

==============================================

>Drivers

==============================================

0xB5872000 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 9625600 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 260.99 )

0xBD012000 C:\WINDOWS\System32\nv4_disp.dll 6361088 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 260.99 )

0xB5428000 C:\WINDOWS\system32\drivers\ALCXWDM.SYS 4124672 bytes (Realtek Semiconductor Corp., Realtek AC'97 Audio Driver (WDM))

0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2150400 bytes (Microsoft Corporation, NT Kernel & System)

0x804D7000 PnpManager 2150400 bytes

0x804D7000 RAW 2150400 bytes

0x804D7000 WMIxWDM 2150400 bytes

0xBF800000 Win32k 1855488 bytes

0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)

0xB531A000 C:\WINDOWS\system32\DRIVERS\NVNRM.SYS 958464 bytes (NVIDIA Corporation, NVIDIA Network Resource Manager.)

0xB7DC5000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)

0xA565C000 C:\WINDOWS\system32\DRIVERS\rt2870.sys 552960 bytes (Ralink Technology, Corp., Ralink 802.11 USB Wireless Adapter Driver)

0xA574E000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)

0xA7A7E000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)

0xA587B000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)

0xA447B000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)

0xA5707000 C:\WINDOWS\System32\Drivers\aswSP.SYS 290816 bytes (AVAST Software, avast! self protection module)

0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)

0xA4616000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)

0xA7ADC000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)

0xB7F79000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)

0xB7D98000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)

0xB7EAE000 dac2w2k.sys 180224 bytes (Mylex Corporation, Mylex Disk Array Controller Driver)

0xA57BE000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)

0xA582D000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)

0xB7F23000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)

0xA5855000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)

0xB7E89000 nvgts.sys 151552 bytes (NVIDIA Corporation, NVIDIA

Link to post
Share on other sites
Blake C

Blake C

Posted
  • Author
Posted

(part 2 of 2 of the rootkit log)

[2304]jusched.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7E4318AC-->00000000 [snxhk.dll]

[2312]MDM.EXE-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x77E37101-->00000000 [snxhk.dll]

[2312]MDM.EXE-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x77E37189-->00000000 [snxhk.dll]

[2312]MDM.EXE-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x77E36E69-->00000000 [snxhk.dll]

[2312]MDM.EXE-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x77E37001-->00000000 [snxhk.dll]

[2312]MDM.EXE-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [snxhk.dll]

[2312]MDM.EXE-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [snxhk.dll]

[2312]MDM.EXE-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [snxhk.dll]

[2312]MDM.EXE-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x77E36D81-->00000000 [snxhk.dll]

[2312]MDM.EXE-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [snxhk.dll]

[2312]MDM.EXE-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [snxhk.dll]

[2312]MDM.EXE-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [snxhk.dll]

[2312]MDM.EXE-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [snxhk.dll]

[2312]MDM.EXE-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x7E4317F7-->00000000 [snxhk.dll]

[2312]MDM.EXE-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E42D5F3-->00000000 [snxhk.dll]

[2312]MDM.EXE-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7E4318AC-->00000000 [snxhk.dll]

[2436]svchost.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x77E37101-->00000000 [snxhk.dll]

[2436]svchost.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x77E37189-->00000000 [snxhk.dll]

[2436]svchost.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x77E36E69-->00000000 [snxhk.dll]

[2436]svchost.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x77E37001-->00000000 [snxhk.dll]

[2436]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [snxhk.dll]

[2436]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [snxhk.dll]

[2436]svchost.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [snxhk.dll]

[2436]svchost.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x77E36D81-->00000000 [snxhk.dll]

[2436]svchost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [snxhk.dll]

[2436]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [snxhk.dll]

[2436]svchost.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [snxhk.dll]

[2436]svchost.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [snxhk.dll]

[2436]svchost.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x7E4317F7-->00000000 [snxhk.dll]

[2436]svchost.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E42D5F3-->00000000 [snxhk.dll]

[2436]svchost.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7E4318AC-->00000000 [snxhk.dll]

[2448]DivXUpdate.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x77E37101-->00000000 [snxhk.dll]

[2448]DivXUpdate.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x77E37189-->00000000 [snxhk.dll]

[2448]DivXUpdate.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x77E36E69-->00000000 [snxhk.dll]

[2448]DivXUpdate.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x77E37001-->00000000 [snxhk.dll]

[2448]DivXUpdate.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [snxhk.dll]

[2448]DivXUpdate.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [snxhk.dll]

[2448]DivXUpdate.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [snxhk.dll]

[2448]DivXUpdate.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x77E36D81-->00000000 [snxhk.dll]

[2448]DivXUpdate.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [snxhk.dll]

[2448]DivXUpdate.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [snxhk.dll]

[2448]DivXUpdate.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [snxhk.dll]

[2448]DivXUpdate.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [snxhk.dll]

[2448]DivXUpdate.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x7E4317F7-->00000000 [snxhk.dll]

[2448]DivXUpdate.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E42D5F3-->00000000 [snxhk.dll]

[2448]DivXUpdate.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7E4318AC-->00000000 [snxhk.dll]

[2476]wpCtrl.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x77E37101-->00000000 [snxhk.dll]

[2476]wpCtrl.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x77E37189-->00000000 [snxhk.dll]

[2476]wpCtrl.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x77E36E69-->00000000 [snxhk.dll]

[2476]wpCtrl.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x77E37001-->00000000 [snxhk.dll]

[2476]wpCtrl.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [snxhk.dll]

[2476]wpCtrl.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [snxhk.dll]

[2476]wpCtrl.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [snxhk.dll]

[2476]wpCtrl.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x77E36D81-->00000000 [snxhk.dll]

[2476]wpCtrl.exe-->mswsock.dll-->WSPStartup, Type: Inline - RelativeJump 0x71A5C29B-->00000000 [unknown_code_page]

[2476]wpCtrl.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [snxhk.dll]

[2476]wpCtrl.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [snxhk.dll]

[2476]wpCtrl.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [snxhk.dll]

[2476]wpCtrl.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [snxhk.dll]

[2476]wpCtrl.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x7E4317F7-->00000000 [snxhk.dll]

[2476]wpCtrl.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E42D5F3-->00000000 [snxhk.dll]

[2476]wpCtrl.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7E4318AC-->00000000 [snxhk.dll]

[2524]soundman.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x77E37101-->00000000 [snxhk.dll]

[2524]soundman.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x77E37189-->00000000 [snxhk.dll]

[2524]soundman.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x77E36E69-->00000000 [snxhk.dll]

[2524]soundman.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x77E37001-->00000000 [snxhk.dll]

[2524]soundman.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [snxhk.dll]

[2524]soundman.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [snxhk.dll]

[2524]soundman.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [snxhk.dll]

[2524]soundman.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x77E36D81-->00000000 [snxhk.dll]

[2524]soundman.exe-->mswsock.dll-->WSPStartup, Type: Inline - RelativeJump 0x71A5C29B-->00000000 [unknown_code_page]

[2524]soundman.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [snxhk.dll]

[2524]soundman.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [snxhk.dll]

[2524]soundman.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [snxhk.dll]

[2524]soundman.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [snxhk.dll]

[2524]soundman.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x7E4317F7-->00000000 [snxhk.dll]

[2524]soundman.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E42D5F3-->00000000 [snxhk.dll]

[2524]soundman.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7E4318AC-->00000000 [snxhk.dll]

[252]dtsslsrv.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x77E37101-->00000000 [snxhk.dll]

[252]dtsslsrv.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x77E37189-->00000000 [snxhk.dll]

[252]dtsslsrv.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x77E36E69-->00000000 [snxhk.dll]

[252]dtsslsrv.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x77E37001-->00000000 [snxhk.dll]

[252]dtsslsrv.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [snxhk.dll]

[252]dtsslsrv.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [snxhk.dll]

[252]dtsslsrv.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [snxhk.dll]

[252]dtsslsrv.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x77E36D81-->00000000 [snxhk.dll]

[252]dtsslsrv.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [snxhk.dll]

[252]dtsslsrv.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [snxhk.dll]

[252]dtsslsrv.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [snxhk.dll]

[252]dtsslsrv.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [snxhk.dll]

[252]dtsslsrv.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x7E4317F7-->00000000 [snxhk.dll]

[252]dtsslsrv.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E42D5F3-->00000000 [snxhk.dll]

[252]dtsslsrv.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7E4318AC-->00000000 [snxhk.dll]

[2532]rundll32.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x77E37101-->00000000 [snxhk.dll]

[2532]rundll32.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x77E37189-->00000000 [snxhk.dll]

[2532]rundll32.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x77E36E69-->00000000 [snxhk.dll]

[2532]rundll32.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x77E37001-->00000000 [snxhk.dll]

[2532]rundll32.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [snxhk.dll]

[2532]rundll32.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [snxhk.dll]

[2532]rundll32.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [snxhk.dll]

[2532]rundll32.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x77E36D81-->00000000 [snxhk.dll]

[2532]rundll32.exe-->mswsock.dll-->WSPStartup, Type: Inline - RelativeJump 0x71A5C29B-->00000000 [unknown_code_page]

[2532]rundll32.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [snxhk.dll]

[2532]rundll32.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [snxhk.dll]

[2532]rundll32.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [snxhk.dll]

[2532]rundll32.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [snxhk.dll]

[2532]rundll32.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x7E4317F7-->00000000 [snxhk.dll]

[2532]rundll32.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E42D5F3-->00000000 [snxhk.dll]

[2532]rundll32.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7E4318AC-->00000000 [snxhk.dll]

[2580]AvastUI.exe-->mswsock.dll-->WSPStartup, Type: Inline - RelativeJump 0x71A5C29B-->00000000 [unknown_code_page]

[2608]msnmsgr.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x77E37101-->00000000 [snxhk.dll]

[2608]msnmsgr.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x77E37189-->00000000 [snxhk.dll]

[2608]msnmsgr.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x77E36E69-->00000000 [snxhk.dll]

[2608]msnmsgr.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x77E37001-->00000000 [snxhk.dll]

[2608]msnmsgr.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [snxhk.dll]

[2608]msnmsgr.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [snxhk.dll]

[2608]msnmsgr.exe-->advapi32.dll-->CryptDecrypt, Type: Inline - RelativeJump 0x77DEA129-->00000000 [MsgPlusLive.dll]

[2608]msnmsgr.exe-->advapi32.dll-->CryptDecrypt, Type: Inline - SEH 0x77DEA12E [unknown_code_page]

[2608]msnmsgr.exe-->advapi32.dll-->CryptDecrypt, Type: Inline - SEH 0x77DEA12F [unknown_code_page]

[2608]msnmsgr.exe-->advapi32.dll-->CryptDeriveKey, Type: Inline - RelativeJump 0x77DE9FFD-->00000000 [MsgPlusLive.dll]

[2608]msnmsgr.exe-->advapi32.dll-->CryptDeriveKey, Type: Inline - SEH 0x77DEA002 [unknown_code_page]

[2608]msnmsgr.exe-->advapi32.dll-->CryptDeriveKey, Type: Inline - SEH 0x77DEA003 [unknown_code_page]

[2608]msnmsgr.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [snxhk.dll]

[2608]msnmsgr.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x77E36D81-->00000000 [snxhk.dll]

[2608]msnmsgr.exe-->kernel32.dll-->CreateEventA, Type: Inline - RelativeJump 0x7C8308B5-->00000000 [MsgPlusLive.dll]

[2608]msnmsgr.exe-->kernel32.dll-->FindResourceA, Type: Inline - RelativeJump 0x7C80BF29-->00000000 [MsgPlusLive.dll]

[2608]msnmsgr.exe-->kernel32.dll-->FindResourceA, Type: Inline - SEH 0x7C80BF2E [unknown_code_page]

[2608]msnmsgr.exe-->kernel32.dll-->FindResourceA, Type: Inline - SEH 0x7C80BF2F [unknown_code_page]

[2608]msnmsgr.exe-->kernel32.dll-->FindResourceExA, Type: Inline - RelativeJump 0x7C835FA8-->00000000 [MsgPlusLive.dll]

[2608]msnmsgr.exe-->kernel32.dll-->FindResourceExA, Type: Inline - SEH 0x7C835FAD [unknown_code_page]

[2608]msnmsgr.exe-->kernel32.dll-->FindResourceExA, Type: Inline - SEH 0x7C835FAE [unknown_code_page]

[2608]msnmsgr.exe-->kernel32.dll-->FindResourceExW, Type: Inline - RelativeJump 0x7C80AD28-->00000000 [MsgPlusLive.dll]

[2608]msnmsgr.exe-->kernel32.dll-->FindResourceExW, Type: Inline - SEH 0x7C80AD2D [unknown_code_page]

[2608]msnmsgr.exe-->kernel32.dll-->FindResourceExW, Type: Inline - SEH 0x7C80AD2E [unknown_code_page]

[2608]msnmsgr.exe-->kernel32.dll-->FindResourceW, Type: Inline - RelativeJump 0x7C80BC6E-->00000000 [MsgPlusLive.dll]

[2608]msnmsgr.exe-->kernel32.dll-->FindResourceW, Type: Inline - SEH 0x7C80BC73 [unknown_code_page]

[2608]msnmsgr.exe-->kernel32.dll-->FindResourceW, Type: Inline - SEH 0x7C80BC74 [unknown_code_page]

[2608]msnmsgr.exe-->kernel32.dll-->LoadResource, Type: Inline - RelativeJump 0x7C80A055-->00000000 [MsgPlusLive.dll]

[2608]msnmsgr.exe-->kernel32.dll-->LoadResource, Type: Inline - SEH 0x7C80A05A [unknown_code_page]

[2608]msnmsgr.exe-->kernel32.dll-->LoadResource, Type: Inline - SEH 0x7C80A05B [unknown_code_page]

[2608]msnmsgr.exe-->kernel32.dll-->LockResource, Type: Inline - RelativeJump 0x7C80CD37-->00000000 [MsgPlusLive.dll]

[2608]msnmsgr.exe-->kernel32.dll-->ntdll.dll-->NtClose, Type: IAT modification 0x7C80103C-->00000000 [LVPrcInj01.dll]

[2608]msnmsgr.exe-->kernel32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x7C801008-->00000000 [LVPrcInj01.dll]

[2608]msnmsgr.exe-->kernel32.dll-->ntdll.dll-->NtDeviceIoControlFile, Type: IAT modification 0x7C801038-->00000000 [LVPrcInj01.dll]

[2608]msnmsgr.exe-->kernel32.dll-->ntdll.dll-->NtDuplicateObject, Type: IAT modification 0x7C8011CC-->00000000 [LVPrcInj01.dll]

[2608]msnmsgr.exe-->kernel32.dll-->SizeofResource, Type: Inline - RelativeJump 0x7C80BD09-->00000000 [MsgPlusLive.dll]

[2608]msnmsgr.exe-->kernel32.dll-->SizeofResource, Type: Inline - SEH 0x7C80BD0E [unknown_code_page]

[2608]msnmsgr.exe-->kernel32.dll-->SizeofResource, Type: Inline - SEH 0x7C80BD0F [unknown_code_page]

[2608]msnmsgr.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [snxhk.dll]

[2608]msnmsgr.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [snxhk.dll]

[2608]msnmsgr.exe-->shell32.dll-->Shell_NotifyIconW, Type: Inline - RelativeJump 0x7CA2A587-->00000000 [MsgPlusLive.dll]

[2608]msnmsgr.exe-->user32.dll-->CreateDialogParamW, Type: Inline - RelativeJump 0x7E41EA3B-->00000000 [MsgPlusLive.dll]

[2608]msnmsgr.exe-->user32.dll-->CreateWindowExW, Type: Inline - RelativeJump 0x7E42D0A3-->00000000 [MsgPlusLive.dll]

[2608]msnmsgr.exe-->user32.dll-->GetWindowLongW, Type: Inline - RelativeJump 0x7E4188A6-->00000000 [MsgPlusLive.dll]

[2608]msnmsgr.exe-->user32.dll-->GetWindowLongW, Type: Inline - SEH 0x7E4188AB [unknown_code_page]

[2608]msnmsgr.exe-->user32.dll-->GetWindowLongW, Type: Inline - SEH 0x7E4188AC [unknown_code_page]

[2608]msnmsgr.exe-->user32.dll-->LoadIconW, Type: Inline - RelativeJump 0x7E42E8BC-->00000000 [MsgPlusLive.dll]

[2608]msnmsgr.exe-->user32.dll-->LoadImageW, Type: Inline - RelativeJump 0x7E427B97-->00000000 [MsgPlusLive.dll]

[2608]msnmsgr.exe-->user32.dll-->MessageBoxIndirectW, Type: Inline - RelativeJump 0x7E4664D5-->00000000 [MsgPlusLive.dll]

[2608]msnmsgr.exe-->user32.dll-->PeekMessageW, Type: Inline - RelativeJump 0x7E41929B-->00000000 [MsgPlusLive.dll]

[2608]msnmsgr.exe-->user32.dll-->SetWindowPlacement, Type: Inline - RelativeJump 0x7E41DE46-->00000000 [MsgPlusLive.dll]

[2608]msnmsgr.exe-->user32.dll-->SetWindowRgn, Type: Inline - RelativeJump 0x7E42E528-->00000000 [MsgPlusLive.dll]

[2608]msnmsgr.exe-->user32.dll-->SetWindowRgn, Type: Inline - SEH 0x7E42E52D [unknown_code_page]

[2608]msnmsgr.exe-->user32.dll-->SetWindowRgn, Type: Inline - SEH 0x7E42E52E [unknown_code_page]

[2608]msnmsgr.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [snxhk.dll]

[2608]msnmsgr.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [snxhk.dll]

[2608]msnmsgr.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x7E4317F7-->00000000 [snxhk.dll]

[2608]msnmsgr.exe-->user32.dll-->TrackPopupMenuEx, Type: Inline - RelativeJump 0x7E46CF62-->00000000 [MsgPlusLive.dll]

[2608]msnmsgr.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E42D5F3-->00000000 [snxhk.dll]

[2608]msnmsgr.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7E4318AC-->00000000 [snxhk.dll]

[2608]msnmsgr.exe-->wininet.dll-->HttpOpenRequestA, Type: Inline - RelativeJump 0x3D94D508-->00000000 [MsgPlusLive.dll]

[2608]msnmsgr.exe-->wininet.dll-->HttpSendRequestA, Type: Inline - RelativeJump 0x3D95EE89-->00000000 [MsgPlusLive.dll]

[2608]msnmsgr.exe-->wininet.dll-->InternetCloseHandle, Type: Inline - RelativeJump 0x3D949088-->00000000 [MsgPlusLive.dll]

[2608]msnmsgr.exe-->wininet.dll-->InternetReadFile, Type: Inline - RelativeJump 0x3D94654B-->00000000 [MsgPlusLive.dll]

[2608]msnmsgr.exe-->ws2_32.dll-->closesocket, Type: Inline - RelativeJump 0x71AB3E2B-->00000000 [MsgPlusLive.dll]

[2608]msnmsgr.exe-->ws2_32.dll-->recv, Type: Inline - RelativeJump 0x71AB676F-->00000000 [MsgPlusLive.dll]

[2608]msnmsgr.exe-->ws2_32.dll-->send, Type: Inline - RelativeJump 0x71AB4C27-->00000000 [MsgPlusLive.dll]

[2608]msnmsgr.exe-->ws2_32.dll-->WSARecv, Type: Inline - RelativeJump 0x71AB4CB5-->00000000 [MsgPlusLive.dll]

[2608]msnmsgr.exe-->ws2_32.dll-->WSASend, Type: Inline - RelativeJump 0x71AB68FA-->00000000 [MsgPlusLive.dll]

[260]mDNSResponder.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x77E37101-->00000000 [snxhk.dll]

[260]mDNSResponder.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x77E37189-->00000000 [snxhk.dll]

[260]mDNSResponder.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x77E36E69-->00000000 [snxhk.dll]

[260]mDNSResponder.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x77E37001-->00000000 [snxhk.dll]

[260]mDNSResponder.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [snxhk.dll]

[260]mDNSResponder.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [snxhk.dll]

[260]mDNSResponder.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [snxhk.dll]

[260]mDNSResponder.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x77E36D81-->00000000 [snxhk.dll]

[260]mDNSResponder.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [snxhk.dll]

[260]mDNSResponder.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [snxhk.dll]

[260]mDNSResponder.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [snxhk.dll]

[260]mDNSResponder.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [snxhk.dll]

[260]mDNSResponder.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x7E4317F7-->00000000 [snxhk.dll]

[260]mDNSResponder.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E42D5F3-->00000000 [snxhk.dll]

[260]mDNSResponder.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7E4318AC-->00000000 [snxhk.dll]

[2616]ctfmon.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x77E37101-->00000000 [snxhk.dll]

[2616]ctfmon.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x77E37189-->00000000 [snxhk.dll]

[2616]ctfmon.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x77E36E69-->00000000 [snxhk.dll]

[2616]ctfmon.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x77E37001-->00000000 [snxhk.dll]

[2616]ctfmon.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [snxhk.dll]

[2616]ctfmon.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [snxhk.dll]

[2616]ctfmon.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [snxhk.dll]

[2616]ctfmon.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x77E36D81-->00000000 [snxhk.dll]

[2616]ctfmon.exe-->mswsock.dll-->WSPStartup, Type: Inline - RelativeJump 0x71A5C29B-->00000000 [unknown_code_page]

[2616]ctfmon.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [snxhk.dll]

[2616]ctfmon.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [snxhk.dll]

[2616]ctfmon.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [snxhk.dll]

[2616]ctfmon.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [snxhk.dll]

[2616]ctfmon.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x7E4317F7-->00000000 [snxhk.dll]

[2616]ctfmon.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E42D5F3-->00000000 [snxhk.dll]

[2616]ctfmon.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7E4318AC-->00000000 [snxhk.dll]

[2656]EasyShare.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x77E37101-->00000000 [snxhk.dll]

[2656]EasyShare.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x77E37189-->00000000 [snxhk.dll]

[2656]EasyShare.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x77E36E69-->00000000 [snxhk.dll]

[2656]EasyShare.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x77E37001-->00000000 [snxhk.dll]

[2656]EasyShare.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [snxhk.dll]

[2656]EasyShare.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [snxhk.dll]

[2656]EasyShare.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [snxhk.dll]

[2656]EasyShare.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x77E36D81-->00000000 [snxhk.dll]

[2656]EasyShare.exe-->mswsock.dll-->WSPStartup, Type: Inline - RelativeJump 0x71A5C29B-->00000000 [unknown_code_page]

[2656]EasyShare.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [snxhk.dll]

[2656]EasyShare.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [snxhk.dll]

[2656]EasyShare.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [snxhk.dll]

[2656]EasyShare.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [snxhk.dll]

[2656]EasyShare.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x7E4317F7-->00000000 [snxhk.dll]

[2656]EasyShare.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E42D5F3-->00000000 [snxhk.dll]

[2656]EasyShare.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7E4318AC-->00000000 [snxhk.dll]

[2664]WindowsSearch.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x77E37101-->00000000 [snxhk.dll]

[2664]WindowsSearch.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x77E37189-->00000000 [snxhk.dll]

[2664]WindowsSearch.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x77E36E69-->00000000 [snxhk.dll]

[2664]WindowsSearch.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x77E37001-->00000000 [snxhk.dll]

[2664]WindowsSearch.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [snxhk.dll]

[2664]WindowsSearch.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [snxhk.dll]

[2664]WindowsSearch.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [snxhk.dll]

[2664]WindowsSearch.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x77E36D81-->00000000 [snxhk.dll]

[2664]WindowsSearch.exe-->mswsock.dll-->WSPStartup, Type: Inline - RelativeJump 0x71A5C29B-->00000000 [unknown_code_page]

[2664]WindowsSearch.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [snxhk.dll]

[2664]WindowsSearch.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [snxhk.dll]

[2664]WindowsSearch.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [snxhk.dll]

[2664]WindowsSearch.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [snxhk.dll]

[2664]WindowsSearch.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x7E4317F7-->00000000 [snxhk.dll]

[2664]WindowsSearch.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E42D5F3-->00000000 [snxhk.dll]

[2664]WindowsSearch.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7E4318AC-->00000000 [snxhk.dll]

[2804]WUSB600N.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x77E37101-->00000000 [snxhk.dll]

[2804]WUSB600N.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x77E37189-->00000000 [snxhk.dll]

[2804]WUSB600N.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x77E36E69-->00000000 [snxhk.dll]

[2804]WUSB600N.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x77E37001-->00000000 [snxhk.dll]

[2804]WUSB600N.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [snxhk.dll]

[2804]WUSB600N.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [snxhk.dll]

[2804]WUSB600N.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [snxhk.dll]

[2804]WUSB600N.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x77E36D81-->00000000 [snxhk.dll]

[2804]WUSB600N.exe-->mswsock.dll-->WSPStartup, Type: Inline - RelativeJump 0x71A5C29B-->00000000 [unknown_code_page]

[2804]WUSB600N.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [snxhk.dll]

[2804]WUSB600N.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [snxhk.dll]

[2804]WUSB600N.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [snxhk.dll]

[2804]WUSB600N.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [snxhk.dll]

[2804]WUSB600N.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x7E4317F7-->00000000 [snxhk.dll]

[2804]WUSB600N.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E42D5F3-->00000000 [snxhk.dll]

[2804]WUSB600N.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7E4318AC-->00000000 [snxhk.dll]

[2872]COCIManager.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x77E37101-->00000000 [snxhk.dll]

[2872]COCIManager.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x77E37189-->00000000 [snxhk.dll]

[2872]COCIManager.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x77E36E69-->00000000 [snxhk.dll]

[2872]COCIManager.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x77E37001-->00000000 [snxhk.dll]

[2872]COCIManager.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [snxhk.dll]

[2872]COCIManager.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [snxhk.dll]

[2872]COCIManager.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [snxhk.dll]

[2872]COCIManager.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x77E36D81-->00000000 [snxhk.dll]

[2872]COCIManager.exe-->mswsock.dll-->WSPStartup, Type: Inline - RelativeJump 0x71A5C29B-->00000000 [unknown_code_page]

[2872]COCIManager.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [snxhk.dll]

[2872]COCIManager.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [snxhk.dll]

[2872]COCIManager.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [snxhk.dll]

[2872]COCIManager.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [snxhk.dll]

[2872]COCIManager.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x7E4317F7-->00000000 [snxhk.dll]

[2872]COCIManager.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E42D5F3-->00000000 [snxhk.dll]

[2872]COCIManager.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7E4318AC-->00000000 [snxhk.dll]

[2932]NASvc.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x77E37101-->00000000 [snxhk.dll]

[2932]NASvc.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x77E37189-->00000000 [snxhk.dll]

[2932]NASvc.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x77E36E69-->00000000 [snxhk.dll]

[2932]NASvc.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x77E37001-->00000000 [snxhk.dll]

[2932]NASvc.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [snxhk.dll]

[2932]NASvc.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [snxhk.dll]

[2932]NASvc.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [snxhk.dll]

[2932]NASvc.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x77E36D81-->00000000 [snxhk.dll]

[2932]NASvc.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [snxhk.dll]

[2932]NASvc.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [snxhk.dll]

[2932]NASvc.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [snxhk.dll]

[2932]NASvc.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [snxhk.dll]

[2932]NASvc.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x7E4317F7-->00000000 [snxhk.dll]

[2932]NASvc.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E42D5F3-->00000000 [snxhk.dll]

[2932]NASvc.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7E4318AC-->00000000 [snxhk.dll]

[2964]dthtml.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x77E37101-->00000000 [snxhk.dll]

[2964]dthtml.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x77E37189-->00000000 [snxhk.dll]

[2964]dthtml.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x77E36E69-->00000000 [snxhk.dll]

[2964]dthtml.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x77E37001-->00000000 [snxhk.dll]

[2964]dthtml.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [snxhk.dll]

[2964]dthtml.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [snxhk.dll]

[2964]dthtml.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [snxhk.dll]

[2964]dthtml.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x77E36D81-->00000000 [snxhk.dll]

[2964]dthtml.exe-->mswsock.dll-->WSPStartup, Type: Inline - RelativeJump 0x71A5C29B-->00000000 [unknown_code_page]

[2964]dthtml.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [snxhk.dll]

[2964]dthtml.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [snxhk.dll]

[2964]dthtml.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [snxhk.dll]

[2964]dthtml.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [snxhk.dll]

[2964]dthtml.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x7E4317F7-->00000000 [snxhk.dll]

[2964]dthtml.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E42D5F3-->00000000 [snxhk.dll]

[2964]dthtml.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7E4318AC-->00000000 [snxhk.dll]

[3048]Floater.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x77E37101-->00000000 [snxhk.dll]

[3048]Floater.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x77E37189-->00000000 [snxhk.dll]

[3048]Floater.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x77E36E69-->00000000 [snxhk.dll]

[3048]Floater.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x77E37001-->00000000 [snxhk.dll]

[3048]Floater.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [snxhk.dll]

[3048]Floater.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [snxhk.dll]

[3048]Floater.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [snxhk.dll]

[3048]Floater.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x77E36D81-->00000000 [snxhk.dll]

[3048]Floater.exe-->mswsock.dll-->WSPStartup, Type: Inline - RelativeJump 0x71A5C29B-->00000000 [unknown_code_page]

[3048]Floater.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [snxhk.dll]

[3048]Floater.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [snxhk.dll]

[3048]Floater.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [snxhk.dll]

[3048]Floater.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [snxhk.dll]

[3048]Floater.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x7E4317F7-->00000000 [snxhk.dll]

[3048]Floater.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E42D5F3-->00000000 [snxhk.dll]

[3048]Floater.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7E4318AC-->00000000 [snxhk.dll]

[304]svchost.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x77E37101-->00000000 [snxhk.dll]

[304]svchost.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x77E37189-->00000000 [snxhk.dll]

[304]svchost.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x77E36E69-->00000000 [snxhk.dll]

[304]svchost.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x77E37001-->00000000 [snxhk.dll]

[304]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [snxhk.dll]

[304]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [snxhk.dll]

[304]svchost.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [snxhk.dll]

[304]svchost.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x77E36D81-->00000000 [snxhk.dll]

[304]svchost.exe-->mswsock.dll-->WSPStartup, Type: Inline - RelativeJump 0x71A5C29B-->00000000 [unknown_code_page]

[304]svchost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [snxhk.dll]

[304]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [snxhk.dll]

[304]svchost.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [snxhk.dll]

[304]svchost.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [snxhk.dll]

[304]svchost.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x7E4317F7-->00000000 [snxhk.dll]

[304]svchost.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E42D5F3-->00000000 [snxhk.dll]

[304]svchost.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7E4318AC-->00000000 [snxhk.dll]

[3224]pdisrvc.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x77E37101-->00000000 [snxhk.dll]

[3224]pdisrvc.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x77E37189-->00000000 [snxhk.dll]

[3224]pdisrvc.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x77E36E69-->00000000 [snxhk.dll]

[3224]pdisrvc.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x77E37001-->00000000 [snxhk.dll]

[3224]pdisrvc.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [snxhk.dll]

[3224]pdisrvc.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [snxhk.dll]

[3224]pdisrvc.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [snxhk.dll]

[3224]pdisrvc.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x77E36D81-->00000000 [snxhk.dll]

[3224]pdisrvc.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [snxhk.dll]

[3224]pdisrvc.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [snxhk.dll]

[3224]pdisrvc.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [snxhk.dll]

[3224]pdisrvc.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [snxhk.dll]

[3224]pdisrvc.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x7E4317F7-->00000000 [snxhk.dll]

[3224]pdisrvc.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E42D5F3-->00000000 [snxhk.dll]

[3224]pdisrvc.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7E4318AC-->00000000 [snxhk.dll]

[332]CepstralLicSrv.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x77E37101-->00000000 [snxhk.dll]

[332]CepstralLicSrv.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x77E37189-->00000000 [snxhk.dll]

[332]CepstralLicSrv.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x77E36E69-->00000000 [snxhk.dll]

[332]CepstralLicSrv.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x77E37001-->00000000 [snxhk.dll]

[332]CepstralLicSrv.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [snxhk.dll]

[332]CepstralLicSrv.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [snxhk.dll]

[332]CepstralLicSrv.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [snxhk.dll]

[332]CepstralLicSrv.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x77E36D81-->00000000 [snxhk.dll]

[332]CepstralLicSrv.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [snxhk.dll]

[332]CepstralLicSrv.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [snxhk.dll]

[332]CepstralLicSrv.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [snxhk.dll]

[332]CepstralLicSrv.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [snxhk.dll]

[332]CepstralLicSrv.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x7E4317F7-->00000000 [snxhk.dll]

[332]CepstralLicSrv.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E42D5F3-->00000000 [snxhk.dll]

[332]CepstralLicSrv.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7E4318AC-->00000000 [snxhk.dll]

[3400]HookManager.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x77E37101-->00000000 [snxhk.dll]

[3400]HookManager.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x77E37189-->00000000 [snxhk.dll]

[3400]HookManager.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x77E36E69-->00000000 [snxhk.dll]

[3400]HookManager.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x77E37001-->00000000 [snxhk.dll]

[3400]HookManager.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [snxhk.dll]

[3400]HookManager.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [snxhk.dll]

[3400]HookManager.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [snxhk.dll]

[3400]HookManager.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x77E36D81-->00000000 [snxhk.dll]

[3400]HookManager.exe-->mswsock.dll-->WSPStartup, Type: Inline - RelativeJump 0x71A5C29B-->00000000 [unknown_code_page]

[3400]HookManager.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [snxhk.dll]

[3400]HookManager.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [snxhk.dll]

[3400]HookManager.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [snxhk.dll]

[3400]HookManager.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [snxhk.dll]

[3400]HookManager.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x7E4317F7-->00000000 [snxhk.dll]

[3400]HookManager.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E42D5F3-->00000000 [snxhk.dll]

[3400]HookManager.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7E4318AC-->00000000 [snxhk.dll]

[3520]PRISMXL.SYS-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x77E37101-->00000000 [snxhk.dll]

[3520]PRISMXL.SYS-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x77E37189-->00000000 [snxhk.dll]

[3520]PRISMXL.SYS-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x77E36E69-->00000000 [snxhk.dll]

[3520]PRISMXL.SYS-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x77E37001-->00000000 [snxhk.dll]

[3520]PRISMXL.SYS-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [snxhk.dll]

[3520]PRISMXL.SYS-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [snxhk.dll]

[3520]PRISMXL.SYS-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [snxhk.dll]

[3520]PRISMXL.SYS-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x77E36D81-->00000000 [snxhk.dll]

[3520]PRISMXL.SYS-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [snxhk.dll]

[3520]PRISMXL.SYS-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [snxhk.dll]

[3520]PRISMXL.SYS-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [snxhk.dll]

[3520]PRISMXL.SYS-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [snxhk.dll]

[3520]PRISMXL.SYS-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x7E4317F7-->00000000 [snxhk.dll]

[3520]PRISMXL.SYS-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E42D5F3-->00000000 [snxhk.dll]

[3520]PRISMXL.SYS-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7E4318AC-->00000000 [snxhk.dll]

[3532]nSvcIp.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x77E37101-->00000000 [snxhk.dll]

[3532]nSvcIp.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x77E37189-->00000000 [snxhk.dll]

[3532]nSvcIp.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x77E36E69-->00000000 [snxhk.dll]

[3532]nSvcIp.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x77E37001-->00000000 [snxhk.dll]

[3532]nSvcIp.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [snxhk.dll]

[3532]nSvcIp.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [snxhk.dll]

[3532]nSvcIp.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [snxhk.dll]

[3532]nSvcIp.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x77E36D81-->00000000 [snxhk.dll]

[3532]nSvcIp.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [snxhk.dll]

[3532]nSvcIp.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [snxhk.dll]

[3532]nSvcIp.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [snxhk.dll]

[3532]nSvcIp.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [snxhk.dll]

[3532]nSvcIp.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x7E4317F7-->00000000 [snxhk.dll]

[3532]nSvcIp.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E42D5F3-->00000000 [snxhk.dll]

[3532]nSvcIp.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7E4318AC-->00000000 [snxhk.dll]

[3608]SeaPort.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x77E37101-->00000000 [snxhk.dll]

[3608]SeaPort.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x77E37189-->00000000 [snxhk.dll]

[3608]SeaPort.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x77E36E69-->00000000 [snxhk.dll]

[3608]SeaPort.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x77E37001-->00000000 [snxhk.dll]

[3608]SeaPort.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [snxhk.dll]

[3608]SeaPort.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [snxhk.dll]

[3608]SeaPort.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [snxhk.dll]

[3608]SeaPort.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x77E36D81-->00000000 [snxhk.dll]

[3608]SeaPort.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [snxhk.dll]

[3608]SeaPort.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [snxhk.dll]

[3608]SeaPort.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [snxhk.dll]

[3608]SeaPort.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [snxhk.dll]

[3608]SeaPort.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x7E4317F7-->00000000 [snxhk.dll]

[3608]SeaPort.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E42D5F3-->00000000 [snxhk.dll]

[3608]SeaPort.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7E4318AC-->00000000 [snxhk.dll]

[3732]nmsrvc.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x77E37101-->00000000 [snxhk.dll]

[3732]nmsrvc.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x77E37189-->00000000 [snxhk.dll]

[3732]nmsrvc.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x77E36E69-->00000000 [snxhk.dll]

[3732]nmsrvc.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x77E37001-->00000000 [snxhk.dll]

[3732]nmsrvc.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [snxhk.dll]

[3732]nmsrvc.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [snxhk.dll]

[3732]nmsrvc.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [snxhk.dll]

[3732]nmsrvc.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x77E36D81-->00000000 [snxhk.dll]

[3732]nmsrvc.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [snxhk.dll]

[3732]nmsrvc.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [snxhk.dll]

[3732]nmsrvc.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [snxhk.dll]

[3732]nmsrvc.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [snxhk.dll]

[3732]nmsrvc.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x7E4317F7-->00000000 [snxhk.dll]

[3732]nmsrvc.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E42D5F3-->00000000 [snxhk.dll]

[3732]nmsrvc.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7E4318AC-->00000000 [snxhk.dll]

[3772]WLIDSVC.EXE-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x77E37101-->00000000 [snxhk.dll]

[3772]WLIDSVC.EXE-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x77E37189-->00000000 [snxhk.dll]

[3772]WLIDSVC.EXE-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x77E36E69-->00000000 [snxhk.dll]

[3772]WLIDSVC.EXE-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x77E37001-->00000000 [snxhk.dll]

[3772]WLIDSVC.EXE-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [snxhk.dll]

[3772]WLIDSVC.EXE-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [snxhk.dll]

[3772]WLIDSVC.EXE-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [snxhk.dll]

[3772]WLIDSVC.EXE-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x77E36D81-->00000000 [snxhk.dll]

[3772]WLIDSVC.EXE-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [snxhk.dll]

[3772]WLIDSVC.EXE-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [snxhk.dll]

[3772]WLIDSVC.EXE-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [snxhk.dll]

[3772]WLIDSVC.EXE-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [snxhk.dll]

[3772]WLIDSVC.EXE-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x7E4317F7-->00000000 [snxhk.dll]

[3772]WLIDSVC.EXE-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E42D5F3-->00000000 [snxhk.dll]

[3772]WLIDSVC.EXE-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7E4318AC-->00000000 [snxhk.dll]

[3944]wuauclt.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x77E37101-->00000000 [snxhk.dll]

[3944]wuauclt.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x77E37189-->00000000 [snxhk.dll]

[3944]wuauclt.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x77E36E69-->00000000 [snxhk.dll]

[3944]wuauclt.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x77E37001-->00000000 [snxhk.dll]

[3944]wuauclt.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [snxhk.dll]

[3944]wuauclt.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [snxhk.dll]

[3944]wuauclt.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [snxhk.dll]

[3944]wuauclt.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x77E36D81-->00000000 [snxhk.dll]

[3944]wuauclt.exe-->mswsock.dll-->WSPStartup, Type: Inline - RelativeJump 0x71A5C29B-->00000000 [unknown_code_page]

[3944]wuauclt.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [snxhk.dll]

[3944]wuauclt.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [snxhk.dll]

[3944]wuauclt.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [snxhk.dll]

[3944]wuauclt.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [snxhk.dll]

[3944]wuauclt.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x7E4317F7-->00000000 [snxhk.dll]

[3944]wuauclt.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E42D5F3-->00000000 [snxhk.dll]

[3944]wuauclt.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7E4318AC-->00000000 [snxhk.dll]

[444]jqs.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x77E37101-->00000000 [snxhk.dll]

[444]jqs.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x77E37189-->00000000 [snxhk.dll]

[444]jqs.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x77E36E69-->00000000 [snxhk.dll]

[444]jqs.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x77E37001-->00000000 [snxhk.dll]

[444]jqs.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [snxhk.dll]

[444]jqs.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [snxhk.dll]

[444]jqs.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [snxhk.dll]

[444]jqs.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x77E36D81-->00000000 [snxhk.dll]

[444]jqs.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [snxhk.dll]

[444]jqs.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [snxhk.dll]

[444]jqs.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [snxhk.dll]

[444]jqs.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [snxhk.dll]

[444]jqs.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x7E4317F7-->00000000 [snxhk.dll]

[444]jqs.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E42D5F3-->00000000 [snxhk.dll]

[444]jqs.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7E4318AC-->00000000 [snxhk.dll]

[480]searchindexer.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x77E37101-->00000000 [snxhk.dll]

[480]searchindexer.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x77E37189-->00000000 [snxhk.dll]

[480]searchindexer.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x77E36E69-->00000000 [snxhk.dll]

[480]searchindexer.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x77E37001-->00000000 [snxhk.dll]

[480]searchindexer.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [snxhk.dll]

[480]searchindexer.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [snxhk.dll]

[480]searchindexer.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [snxhk.dll]

[480]searchindexer.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x77E36D81-->00000000 [snxhk.dll]

[480]searchindexer.exe-->kernel32.dll-->WriteFile, Type: Inline - RelativeJump 0x7C810E27-->00000000 [mssrch.dll]

[480]searchindexer.exe-->kernel32.dll-->WriteFile, Type: Inline - SEH 0x7C810E2C [unknown_code_page]

[480]searchindexer.exe-->kernel32.dll-->WriteFile, Type: Inline - SEH 0x7C810E2D [unknown_code_page]

[480]searchindexer.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [snxhk.dll]

[480]searchindexer.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [snxhk.dll]

[480]searchindexer.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [snxhk.dll]

[480]searchindexer.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [snxhk.dll]

[480]searchindexer.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x7E4317F7-->00000000 [snxhk.dll]

[480]searchindexer.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E42D5F3-->00000000 [snxhk.dll]

[480]searchindexer.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7E4318AC-->00000000 [snxhk.dll]

[5056]alg.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x77E37101-->00000000 [snxhk.dll]

[5056]alg.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x77E37189-->00000000 [snxhk.dll]

[5056]alg.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x77E36E69-->00000000 [snxhk.dll]

[5056]alg.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x77E37001-->00000000 [snxhk.dll]

[5056]alg.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [snxhk.dll]

[5056]alg.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [snxhk.dll]

[5056]alg.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [snxhk.dll]

[5056]alg.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x77E36D81-->00000000 [snxhk.dll]

[5056]alg.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [snxhk.dll]

[5056]alg.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [snxhk.dll]

[5056]alg.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [snxhk.dll]

[5056]alg.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [snxhk.dll]

[5056]alg.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x7E4317F7-->00000000 [snxhk.dll]

[5056]alg.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E42D5F3-->00000000 [snxhk.dll]

[5056]alg.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7E4318AC-->00000000 [snxhk.dll]

[524]AvastSvc.exe-->kernel32.dll-->SetUnhandledExceptionFilter, Type: Inline - PushRet 0x7C84495D-->00000000 [unknown_code_page]

[868]LinksysUpdater.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x77E37101-->00000000 [snxhk.dll]

[868]LinksysUpdater.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x77E37189-->00000000 [snxhk.dll]

[868]LinksysUpdater.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x77E36E69-->00000000 [snxhk.dll]

[868]LinksysUpdater.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x77E37001-->00000000 [snxhk.dll]

[868]LinksysUpdater.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [snxhk.dll]

[868]LinksysUpdater.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [snxhk.dll]

[868]LinksysUpdater.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [snxhk.dll]

[868]LinksysUpdater.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x77E36D81-->00000000 [snxhk.dll]

[868]LinksysUpdater.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [snxhk.dll]

[868]LinksysUpdater.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [snxhk.dll]

[868]LinksysUpdater.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [snxhk.dll]

[868]LinksysUpdater.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [snxhk.dll]

[868]LinksysUpdater.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x7E4317F7-->00000000 [snxhk.dll]

[868]LinksysUpdater.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E42D5F3-->00000000 [snxhk.dll]

[868]LinksysUpdater.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7E4318AC-->00000000 [snxhk.dll]

[932]winlogon.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x77E37101-->00000000 [snxhk.dll]

[932]winlogon.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x77E37189-->00000000 [snxhk.dll]

[932]winlogon.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x77E36E69-->00000000 [snxhk.dll]

[932]winlogon.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x77E37001-->00000000 [snxhk.dll]

[932]winlogon.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [snxhk.dll]

[932]winlogon.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [snxhk.dll]

[932]winlogon.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [snxhk.dll]

[932]winlogon.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x77E36D81-->00000000 [snxhk.dll]

[932]winlogon.exe-->mswsock.dll-->WSPStartup, Type: Inline - RelativeJump 0x71A5C29B-->00000000 [unknown_code_page]

[932]winlogon.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [snxhk.dll]

[932]winlogon.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [snxhk.dll]

[932]winlogon.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [snxhk.dll]

[932]winlogon.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [snxhk.dll]

[932]winlogon.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x7E4317F7-->00000000 [snxhk.dll]

[932]winlogon.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E42D5F3-->00000000 [snxhk.dll]

[932]winlogon.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7E4318AC-->00000000 [snxhk.dll]

[976]services.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x77E37101-->00000000 [snxhk.dll]

[976]services.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x77E37189-->00000000 [snxhk.dll]

[976]services.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x77E36E69-->00000000 [snxhk.dll]

[976]services.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x77E37001-->00000000 [snxhk.dll]

[976]services.exe-->advapi32.dll-->CreateProcessAsUserW, Type: IAT modification 0x01001094-->00000000 [unknown_code_page]

[976]services.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [snxhk.dll]

[976]services.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [snxhk.dll]

[976]services.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [snxhk.dll]

[976]services.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x77E36D81-->00000000 [snxhk.dll]

[976]services.exe-->kernel32.dll-->CreateProcessW, Type: IAT modification 0x01001114-->00000000 [unknown_code_page]

[976]services.exe-->mswsock.dll-->WSPStartup, Type: Inline - RelativeJump 0x71A5C29B-->00000000 [unknown_code_page]

[976]services.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [snxhk.dll]

[976]services.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [snxhk.dll]

[976]services.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [snxhk.dll]

[976]services.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [snxhk.dll]

[976]services.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x7E4317F7-->00000000 [snxhk.dll]

[976]services.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E42D5F3-->00000000 [snxhk.dll]

[976]services.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7E4318AC-->00000000 [snxhk.dll]

[988]lsass.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x77E37101-->00000000 [snxhk.dll]

[988]lsass.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x77E37189-->00000000 [snxhk.dll]

[988]lsass.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x77E36E69-->00000000 [snxhk.dll]

[988]lsass.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x77E37001-->00000000 [snxhk.dll]

[988]lsass.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [snxhk.dll]

[988]lsass.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [snxhk.dll]

[988]lsass.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [snxhk.dll]

[988]lsass.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x77E36D81-->00000000 [snxhk.dll]

[988]lsass.exe-->mswsock.dll-->WSPStartup, Type: Inline - RelativeJump 0x71A5C29B-->00000000 [unknown_code_page]

[988]lsass.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [snxhk.dll]

[988]lsass.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [snxhk.dll]

[988]lsass.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [snxhk.dll]

[988]lsass.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [snxhk.dll]

[988]lsass.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x7E4317F7-->00000000 [snxhk.dll]

[988]lsass.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E42D5F3-->00000000 [snxhk.dll]

[988]lsass.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7E4318AC-->00000000 [snxhk.dll]

!!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)

Link to post
Share on other sites
Blake C

Blake C

Posted
  • Author
Posted

The OTL logfile

OTL logfile created on: 1/16/2011 2:35:06 AM - Run 1

OTL by OldTimer - Version 3.2.20.2 Folder = C:\Documents and Settings\Owner\Desktop

Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 51.00% Memory free

4.00 Gb Paging File | 3.00 Gb Available in Paging File | 73.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 228.79 Gb Total Space | 46.10 Gb Free Space | 20.15% Space Free | Partition Type: NTFS

Drive D: | 4.09 Gb Total Space | 2.38 Gb Free Space | 58.26% Space Free | Partition Type: FAT32

Computer Name: YOUR-CA38AA8D3F | User Name: Owner | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Owner\desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)

PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)

PRC - C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)

PRC - C:\Program Files\Opera\opera.exe (Opera Software)

PRC - C:\Program Files\Essentials Codec Pack\WECPUpdate.exe (MediaCodec.Org)

PRC - C:\WINDOWS\system32\java.exe (Sun Microsystems, Inc.)

PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()

PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)

PRC - C:\Program Files\Nero\Update\NASvc.exe (Nero AG)

PRC - C:\Program Files\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)

PRC - C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe (The Weather Channel Interactive, Inc.)

PRC - C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe (Portrait Displays, Inc.)

PRC - C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()

PRC - C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe ()

PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)

PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)

PRC - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe ()

PRC - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe ()

PRC - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)

PRC - C:\Program Files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe ()

PRC - C:\Program Files\Gateway\EzTune\dthtml.exe (Portrait Displays, Inc)

PRC - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe ()

PRC - C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe (Portrait Displays Inc.)

PRC - C:\Program Files\Cepstral\bin\CepstralLicSrv.exe (Cepstral, LLC)

PRC - C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe (Linksys LLC - A Division of Cisco Systems)

PRC - C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe ()

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Pure Networks, Inc.)

PRC - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Pure Networks, Inc.)

PRC - C:\Program Files\Linksys\WUSB600N\WUSB600N.exe (Linksys)

PRC - C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)

PRC - C:\Program Files\Portrait Displays\Pivot Software\Floater.exe ()

PRC - C:\Program Files\Portrait Displays\Pivot Software\wpCtrl.exe ()

PRC - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS (New Boundary Technologies, Inc.)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Owner\desktop\OTL.exe (OldTimer Tools)

MOD - C:\Program Files\Alwil Software\Avast5\snxhk.dll (AVAST Software)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)

MOD - C:\WINDOWS\system32\msvbvm60.dll (Microsoft Corporation)

MOD - C:\WINDOWS\system32\dinput.dll (Microsoft Corporation)

MOD - C:\Program Files\Portrait Displays\Pivot Software\Winphook.dll ()

========== Win32 Services (SafeList) ==========

SRV - (odserv) -- File not found

SRV - (gusvc) -- File not found

SRV - (5EBDEFDC) -- C:\WINDOWS\system32\5EBDEFDC.exe ()

SRV - (672AB62D) -- C:\WINDOWS\system32\672AB62D.exe ()

SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)

SRV - (Application Updater) -- C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)

SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)

SRV - (NAUpdate) -- C:\Program Files\Nero\Update\NASvc.exe (Nero AG)

SRV - (aspnet_state) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe (Microsoft Corporation)

SRV - (WPFFontCache_v0400) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)

SRV - (clr_optimization_v4.0.30319_32) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (DfSdkS) -- C:\Program Files\Ashampoo\Ashampoo WinOptimizer 7\Dfsdks.exe (mst software GmbH, Germany)

SRV - (PdiService) -- C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe (Portrait Displays, Inc.)

SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)

SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)

SRV - (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe ()

SRV - (nSvcIp) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe ()

SRV - (Asset Management Daemon) -- C:\Program Files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe ()

SRV - (DTSRVC) -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe ()

SRV - (Cepstral License Server) -- C:\Program Files\Cepstral\bin\CepstralLicSrv.exe (Cepstral, LLC)

SRV - (LinksysUpdater) -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe ()

SRV - (nmservice) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Pure Networks, Inc.)

SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)

SRV - (PrismXL) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS (New Boundary Technologies, Inc.)

SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (America Online)

SRV - (AOL TopSpeedMonitor) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe (America Online, Inc)

SRV - (MSSQL$SONY_MEDIAMGR) -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (Microsoft Corporation)

SRV - (SQLAgent$SONY_MEDIAMGR) -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)

DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)

DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)

DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)

DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)

DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)

DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)

DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (PdiPorts) -- C:\WINDOWS\system32\drivers\PdiPorts.sys (Portrait Displays, Inc.)

DRV - (LVRS) -- C:\WINDOWS\system32\drivers\lvrs.sys (Logitech Inc.)

DRV - (PID_PEPI) Logitech QuickCam IM(PID_PEPI) -- C:\WINDOWS\system32\drivers\LV302V32.SYS (Logitech Inc.)

DRV - (pepifilter) -- C:\WINDOWS\system32\drivers\lv302af.sys (Logitech Inc.)

DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys ()

DRV - (nvgts) -- C:\WINDOWS\system32\DRIVERS\nvgts.sys (NVIDIA Corporation)

DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\alcxwdm.sys (Realtek Semiconductor Corp.)

DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)

DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)

DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)

DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.)

DRV - (Cdfs) -- C:\WINDOWS\System32\drivers\cdfs.sys ()

DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)

DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)

DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)

DRV - (pnarp) -- C:\WINDOWS\system32\drivers\pnarp.sys (Pure Networks, Inc.)

DRV - (purendis) -- C:\WINDOWS\system32\drivers\purendis.sys (Pure Networks, Inc.)

DRV - (rt2870) -- C:\WINDOWS\system32\drivers\rt2870.sys (Ralink Technology, Corp.)

DRV - (tmcomm) -- C:\WINDOWS\system32\drivers\tmcomm.sys (Trend Micro Inc.)

DRV - (AmdPPM) -- C:\WINDOWS\system32\drivers\AmdPPM.sys (Advanced Micro Devices)

DRV - (Pivot) -- C:\WINDOWS\system32\drivers\pivot.sys (Portrait Displays, Inc.)

DRV - (pivotmou) -- C:\WINDOWS\system32\drivers\pivotmou.sys (Portrait Displays, Inc.)

DRV - (Cdr4_xp) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys (Sonic Solutions)

DRV - (PCASp50) -- C:\WINDOWS\system32\drivers\PCASp50.sys (Printing Communications Assoc., Inc. (PCAUSA))

DRV - (RT73) -- C:\WINDOWS\system32\drivers\rt73.sys (Ralink Technology, Corp.)

DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)

DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)

DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)

DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)

DRV - (GTNDIS5) -- C:\WINDOWS\system32\GTNDIS5.sys (Printing Communications Assoc., Inc. (PCAUSA))

DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.)

DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys ()

DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)

DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys ()

DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys ()

DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys ()

DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)

DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)

DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)

DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys ()

DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)

DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)

DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)

DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)

DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)

DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)

DRV - (mxnic) -- C:\WINDOWS\system32\drivers\mxnic.sys (Macronix International Co., Ltd. )

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=Z007&form=ZGAPHP

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 32 02 E8 DE 45 51 CB 01 [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,AutoSearch = http://ie.search.msn.com/{SUB_RFC1766}/src...autosearch.aspx

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Google, = www.google.com/search?q=%s

IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\MSN, = search.msn.com/results.asp?q=%s

IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Yahoo, = search.yahoo.com/search?p=%s

IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found

IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

IE - HKCU\..\URLSearchHook: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\4.1\youtubedownloaderToolbarIE.dll (Spigot, Inc.)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AIM Search"

FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query="

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=894204"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://www.bing.com/?pc=Z007&form=ZGAPHP"

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1

FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.1

FF - prefs.js..extensions.enabledItems: youtubedownloader@mybrowserbar.com:4.1

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.13

FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=894204&p="

FF - HKLM\software\mozilla\Firefox\Extensions\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}: C:\Program Files\Crawler\firefox\ [2008/06/20 17:16:30 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/07 03:32:34 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/06/13 15:42:01 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/27 21:10:36 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/01/15 01:29:48 | 000,000,000 | ---D | M]

[2009/05/28 21:40:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions

[2009/05/28 21:40:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2011/01/15 01:27:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wjmfp0d2.default\extensions

[2009/08/14 18:26:17 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wjmfp0d2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/04/04 16:24:24 | 000,000,000 | ---D | M] (AIM Toolbar) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wjmfp0d2.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}

[2010/04/04 16:23:57 | 000,001,490 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wjmfp0d2.default\searchplugins\AIM Search.xml

[2008/12/16 15:45:19 | 000,001,739 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wjmfp0d2.default\searchplugins\aim-search.xml

[2010/10/03 13:43:45 | 000,001,919 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wjmfp0d2.default\searchplugins\bing-zugo.xml

[2011/01/15 01:24:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2010/12/27 21:10:34 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2008/07/15 19:14:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

[2008/07/16 14:23:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

[2009/06/13 15:42:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

[2009/08/20 23:05:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

[2009/11/03 15:07:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

[2010/12/09 12:26:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

[2010/11/16 19:22:26 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM

[2009/06/13 15:42:01 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

[2010/11/18 18:21:27 | 000,000,000 | ---D | M] (YouTube Downloader Toolbar) -- C:\PROGRAM FILES\YOUTUBE DOWNLOADER TOOLBAR\FF

[2010/12/03 13:35:08 | 000,025,048 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll

[2010/12/03 13:35:08 | 000,140,248 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll

[2007/08/29 15:47:44 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll

[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

[2009/05/18 16:41:32 | 000,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll

[2009/07/07 15:20:42 | 000,061,440 | ---- | M] (AOL LLC) -- C:\Program Files\Mozilla Firefox\plugins\npdnu.dll

[2009/07/07 15:20:42 | 000,065,536 | ---- | M] (AOL LLC) -- C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll

[2010/12/03 13:35:08 | 000,066,520 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll

[2006/10/26 19:12:16 | 000,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL

[2007/03/22 18:23:30 | 000,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL

[2010/09/23 14:42:24 | 000,095,672 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll

[2010/02/15 12:00:00 | 000,140,864 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll

[2008/07/10 19:38:31 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll

[2008/07/10 19:38:31 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll

[2008/07/10 19:38:31 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll

[2008/07/10 19:38:31 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll

[2008/07/10 19:38:32 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll

[2008/07/10 19:38:32 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll

[2008/07/10 19:38:32 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll

[2010/02/15 12:00:00 | 000,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll

[2005/08/09 12:42:53 | 000,057,344 | ---- | M] (America Online, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npunagi2.dll

[2010/12/03 11:36:32 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml

[2010/12/03 11:36:32 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml

[2010/08/27 05:11:20 | 000,001,375 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\avg_igeared.xml

[2010/12/03 11:36:32 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml

[2010/12/03 11:36:32 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml

[2010/12/03 11:36:32 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml

[2010/12/03 11:36:32 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml

[2010/12/03 11:36:32 | 000,001,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2010/02/09 21:41:55 | 000,379,289 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 127.0.0.1 www.008k.com

O1 - Hosts: 127.0.0.1 008k.com

O1 - Hosts: 127.0.0.1 www.00hq.com

O1 - Hosts: 127.0.0.1 00hq.com

O1 - Hosts: 127.0.0.1 010402.com

O1 - Hosts: 127.0.0.1 www.032439.com

O1 - Hosts: 127.0.0.1 032439.com

O1 - Hosts: 127.0.0.1 www.100888290cs.com

O1 - Hosts: 127.0.0.1 100888290cs.com

O1 - Hosts: 127.0.0.1 www.100sexlinks.com

O1 - Hosts: 127.0.0.1 100sexlinks.com

O1 - Hosts: 127.0.0.1 www.10sek.com

O1 - Hosts: 127.0.0.1 10sek.com

O1 - Hosts: 127.0.0.1 www.123topsearch.com

O1 - Hosts: 127.0.0.1 123topsearch.com

O1 - Hosts: 127.0.0.1 www.132.com

O1 - Hosts: 127.0.0.1 132.com

O1 - Hosts: 127.0.0.1 www.136136.net

O1 - Hosts: 127.0.0.1 136136.net

O1 - Hosts: 127.0.0.1 www.163ns.com

O1 - Hosts: 127.0.0.1 163ns.com

O1 - Hosts: 13071 more lines...

O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: () - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Program Files\Crawler\ctbr.dll (Crawler.com)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)

O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - Reg Error: Value error. File not found

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - Reg Error: Value error. File not found

O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)

O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\WINDOWS\system32\bae.dll (Gateway Inc.)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O2 - BHO: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\4.1\youtubedownloaderToolbarIE.dll (Spigot, Inc.)

O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Reg Error: Value error. File not found

O3 - HKLM\..\Toolbar: (The Weather Channel Toolbar) - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\WINDOWS\system32\TwcToolbarIe7.dll ()

O3 - HKLM\..\Toolbar: (&Crawler li

Link to post
Share on other sites
Blake C

Blake C

Posted
  • Author
Posted

The Extras logfile report:

OTL Extras logfile created on: 1/16/2011 2:35:06 AM - Run 1

OTL by OldTimer - Version 3.2.20.2 Folder = C:\Documents and Settings\Owner\Desktop

Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 51.00% Memory free

4.00 Gb Paging File | 3.00 Gb Available in Paging File | 73.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 228.79 Gb Total Space | 46.10 Gb Free Space | 20.15% Space Free | Partition Type: NTFS

Drive D: | 4.09 Gb Total Space | 2.38 Gb Free Space | 58.26% Space Free | Partition Type: FAT32

Computer Name: YOUR-CA38AA8D3F | User Name: Owner | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html [@ = Opera.HTML] -- C:\Program Files\Opera\opera.exe (Opera Software)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- Reg Error: Key error.

http [open] -- "C:\Program Files\Opera\opera.exe" (Opera Software)

https [open] -- "C:\Program Files\Opera\opera.exe" (Opera Software)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)

Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)

Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"3389:TCP" = 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"67:UDP" = 67:UDP:*:Enabled:DHCP Discovery Service

"3389:TCP" = 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.)

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)

"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader -- (AOL LLC)

"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (America Online)

"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (America Online)

"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- (America Online, Inc.)

"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon -- (America Online, Inc)

"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed -- (America Online Inc)

"C:\Program Files\Common Files\AOL\1139343492\EE\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1139343492\EE\AOLServiceHost.exe:*:Enabled:AOL -- (America Online, Inc.)

"C:\Program Files\Common Files\AOL\System Information\sinf.exe" = C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL -- (America Online Inc.)

"C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL -- ()

"C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL -- (AOL Spyware Protection)

"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe" = C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL -- (Gteko Ltd.)

"C:\Program Files\Trillian\trillian.exe" = C:\Program Files\Trillian\trillian.exe:*:Enabled:Trillian -- (Cerulean Studios)

"C:\Program Files\Internet Explorer\IEXPLORE.EXE" = C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer -- (Microsoft Corporation)

"C:\Program Files\Opera\Opera.exe" = C:\Program Files\Opera\Opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)

"C:\Program Files\DC++\DCPlusPlus.exe" = C:\Program Files\DC++\DCPlusPlus.exe:*:Enabled:DC++ -- ()

"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)

"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- (Yahoo! Inc.)

"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"E:\Life\life.exe" = E:\Life\life.exe:*:Enabled:The Game Of Life

"C:\Program Files\BitTorrent_DNA\dna.exe" = C:\Program Files\BitTorrent_DNA\dna.exe:*:Enabled:BitTorrent DNA -- ()

"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- ()

"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on on it.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • Click the Report button and copy/paste the contents of it into your next reply

Note:It will also create a log in the C:\ directory.

Link to post
Share on other sites
Blake C

Blake C

Posted
  • Author
Posted
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on on it.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • Click the Report button and copy/paste the contents of it into your next reply

Note:It will also create a log in the C:\ directory.

Ok heres my report:

2011/01/18 00:54:13.0125 TDSS rootkit removing tool 2.4.13.0 Jan 12 2011 09:51:11

2011/01/18 00:54:13.0125 ================================================================================

2011/01/18 00:54:13.0125 SystemInfo:

2011/01/18 00:54:13.0125

2011/01/18 00:54:13.0125 OS Version: 5.1.2600 ServicePack: 3.0

2011/01/18 00:54:13.0125 Product type: Workstation

2011/01/18 00:54:13.0125 ComputerName: YOUR-CA38AA8D3F

2011/01/18 00:54:13.0125 UserName: Owner

2011/01/18 00:54:13.0125 Windows directory: C:\WINDOWS

2011/01/18 00:54:13.0125 System windows directory: C:\WINDOWS

2011/01/18 00:54:13.0125 Processor architecture: Intel x86

2011/01/18 00:54:13.0125 Number of processors: 2

2011/01/18 00:54:13.0125 Page size: 0x1000

2011/01/18 00:54:13.0125 Boot type: Normal boot

2011/01/18 00:54:13.0125 ================================================================================

2011/01/18 00:54:13.0921 Initialize success

2011/01/18 00:54:31.0656 ================================================================================

2011/01/18 00:54:31.0656 Scan started

2011/01/18 00:54:31.0656 Mode: Manual;

2011/01/18 00:54:31.0656 ================================================================================

2011/01/18 00:54:32.0031 Aavmker4 (479c9835b91147be1a92cb76fad9c6de) C:\WINDOWS\system32\drivers\Aavmker4.sys

2011/01/18 00:54:32.0078 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

2011/01/18 00:54:32.0109 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/01/18 00:54:32.0156 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

2011/01/18 00:54:32.0203 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

2011/01/18 00:54:32.0250 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2011/01/18 00:54:32.0312 AegisP (15e655baa989444f56787ef558823643) C:\WINDOWS\system32\DRIVERS\AegisP.sys

2011/01/18 00:54:32.0343 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

2011/01/18 00:54:32.0484 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

2011/01/18 00:54:32.0500 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

2011/01/18 00:54:32.0546 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

2011/01/18 00:54:32.0562 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

2011/01/18 00:54:32.0593 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

2011/01/18 00:54:32.0796 ALCXWDM (dd8520280304b6145a6be31008748c7c) C:\WINDOWS\system32\drivers\ALCXWDM.SYS

2011/01/18 00:54:33.0031 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

2011/01/18 00:54:33.0046 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys

2011/01/18 00:54:33.0078 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys

2011/01/18 00:54:33.0140 AmdK8 (59301936898ae62245a6f09c0aba9475) C:\WINDOWS\system32\DRIVERS\AmdK8.sys

2011/01/18 00:54:33.0171 AmdPPM (033448d435e65c4bd72e70521fd05c76) C:\WINDOWS\system32\DRIVERS\AmdPPM.sys

2011/01/18 00:54:33.0203 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

2011/01/18 00:54:33.0250 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

2011/01/18 00:54:33.0406 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

2011/01/18 00:54:33.0421 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

2011/01/18 00:54:33.0453 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

2011/01/18 00:54:33.0515 aswFsBlk (cba53c5e29ae0a0ce76f9a2be3a40d9e) C:\WINDOWS\system32\drivers\aswFsBlk.sys

2011/01/18 00:54:33.0546 aswMon2 (da6011867c00446f555ce0071052ed2d) C:\WINDOWS\system32\drivers\aswMon2.sys

2011/01/18 00:54:33.0546 Suspicious file (Forged): C:\WINDOWS\system32\drivers\aswMon2.sys. Real md5: da6011867c00446f555ce0071052ed2d, Fake md5: f9ad99e25f8bc00b30e642dc41db19fa

2011/01/18 00:54:33.0562 aswMon2 - detected Forged file (1)

2011/01/18 00:54:33.0578 aswRdr (b6e8c5874377a42756c282fac2e20836) C:\WINDOWS\system32\drivers\aswRdr.sys

2011/01/18 00:54:33.0640 aswSP (b93a553c9b0f14263c8f016a44c3258c) C:\WINDOWS\system32\drivers\aswSP.sys

2011/01/18 00:54:33.0781 aswTdi (1408421505257846eb336feeef33352d) C:\WINDOWS\system32\drivers\aswTdi.sys

2011/01/18 00:54:33.0828 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/01/18 00:54:33.0859 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2011/01/18 00:54:33.0906 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/01/18 00:54:33.0953 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2011/01/18 00:54:34.0093 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2011/01/18 00:54:34.0125 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

2011/01/18 00:54:34.0156 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2011/01/18 00:54:34.0203 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

2011/01/18 00:54:34.0218 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

2011/01/18 00:54:34.0250 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2011/01/18 00:54:34.0281 Cdfs (7b6e3b5365db93147ec64beab14a66db) C:\WINDOWS\system32\drivers\Cdfs.sys

2011/01/18 00:54:34.0343 Cdr4_xp (bf79e659c506674c0497cc9c61f1a165) C:\WINDOWS\system32\drivers\Cdr4_xp.sys

2011/01/18 00:54:34.0390 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/01/18 00:54:34.0562 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys

2011/01/18 00:54:34.0593 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

2011/01/18 00:54:34.0640 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

2011/01/18 00:54:34.0671 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

2011/01/18 00:54:34.0718 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2011/01/18 00:54:34.0765 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2011/01/18 00:54:34.0796 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2011/01/18 00:54:34.0828 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2011/01/18 00:54:34.0859 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2011/01/18 00:54:34.0984 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

2011/01/18 00:54:35.0015 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2011/01/18 00:54:35.0078 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2011/01/18 00:54:35.0125 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

2011/01/18 00:54:35.0156 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2011/01/18 00:54:35.0203 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

2011/01/18 00:54:35.0234 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2011/01/18 00:54:35.0406 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/01/18 00:54:35.0437 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/01/18 00:54:35.0500 GEARAspiWDM (5dc17164f66380cbfefd895c18467773) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys

2011/01/18 00:54:35.0531 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/01/18 00:54:35.0593 GTNDIS5 (fc80052194d5708254a346568f0e77c0) C:\WINDOWS\system32\GTNDIS5.SYS

2011/01/18 00:54:35.0781 hamachi (7929a161f9951d173ca9900fe7067391) C:\WINDOWS\system32\DRIVERS\hamachi.sys

2011/01/18 00:54:35.0812 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2011/01/18 00:54:35.0875 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

2011/01/18 00:54:35.0937 HSFHWBS2 (b6b0721a86e51d141ec55c3cc1ca5686) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys

2011/01/18 00:54:36.0093 HSF_DPV (698204d9c2832e53633e53a30a53fc3d) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys

2011/01/18 00:54:36.0171 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2011/01/18 00:54:36.0312 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

2011/01/18 00:54:36.0343 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys

2011/01/18 00:54:36.0375 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2011/01/18 00:54:36.0406 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2011/01/18 00:54:36.0484 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

2011/01/18 00:54:36.0500 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

2011/01/18 00:54:36.0656 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2011/01/18 00:54:36.0718 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2011/01/18 00:54:36.0765 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/01/18 00:54:36.0796 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/01/18 00:54:36.0828 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/01/18 00:54:36.0968 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2011/01/18 00:54:37.0015 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/01/18 00:54:37.0031 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/01/18 00:54:37.0062 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

2011/01/18 00:54:37.0093 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2011/01/18 00:54:37.0125 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2011/01/18 00:54:37.0265 LVPr2Mon (c57c48fb9ae3efb9848af594e3123a63) C:\WINDOWS\system32\Drivers\LVPr2Mon.sys

2011/01/18 00:54:37.0437 LVRS (87ecce893d8aec5a9337b917742d339c) C:\WINDOWS\system32\DRIVERS\lvrs.sys

2011/01/18 00:54:37.0468 LVUSBSta (23f8ef78bb9553e465a476f3cee5ca18) C:\WINDOWS\system32\drivers\LVUSBSta.sys

2011/01/18 00:54:37.0515 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

2011/01/18 00:54:37.0578 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys

2011/01/18 00:54:37.0718 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2011/01/18 00:54:37.0781 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2011/01/18 00:54:37.0812 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/01/18 00:54:37.0859 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2011/01/18 00:54:37.0890 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2011/01/18 00:54:37.0921 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

2011/01/18 00:54:37.0968 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/01/18 00:54:38.0078 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/01/18 00:54:38.0156 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2011/01/18 00:54:38.0203 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/01/18 00:54:38.0312 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/01/18 00:54:38.0343 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2011/01/18 00:54:38.0375 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/01/18 00:54:38.0421 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

2011/01/18 00:54:38.0453 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

2011/01/18 00:54:38.0515 mxnic (e1cdf20697d992cf83ff86dd04df1285) C:\WINDOWS\system32\DRIVERS\mxnic.sys

2011/01/18 00:54:38.0718 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

2011/01/18 00:54:38.0781 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2011/01/18 00:54:38.0812 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

2011/01/18 00:54:38.0859 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/01/18 00:54:38.0890 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/01/18 00:54:38.0984 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/01/18 00:54:39.0031 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

2011/01/18 00:54:39.0046 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2011/01/18 00:54:39.0078 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2011/01/18 00:54:39.0171 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

2011/01/18 00:54:39.0203 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2011/01/18 00:54:39.0328 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2011/01/18 00:54:39.0468 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2011/01/18 00:54:39.0843 nv (b9b1bb146eb9a83dcf0f5635b09d3d43) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

2011/01/18 00:54:40.0343 NVENETFD (7d275ecda4628318912f6c945d5cf963) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys

2011/01/18 00:54:40.0390 nvgts (75e2e77c5497f34e60491d27bf03f1cb) C:\WINDOWS\system32\DRIVERS\nvgts.sys

2011/01/18 00:54:40.0437 nvnetbus (b64aacefad2be5bff5353fe681253c67) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys

2011/01/18 00:54:40.0468 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2011/01/18 00:54:40.0593 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2011/01/18 00:54:40.0640 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

2011/01/18 00:54:40.0671 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys

2011/01/18 00:54:40.0703 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

2011/01/18 00:54:40.0718 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2011/01/18 00:54:40.0750 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2011/01/18 00:54:40.0796 PCASp50 (1961590aa191b6b7dcf18a6a693af7b8) C:\WINDOWS\system32\Drivers\PCASp50.sys

2011/01/18 00:54:40.0828 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2011/01/18 00:54:40.0906 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2011/01/18 00:54:41.0046 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

2011/01/18 00:54:41.0156 PdiPorts (3b2f443b8e23d17d46f0e43e2fc42cfe) C:\WINDOWS\system32\Drivers\PdiPorts.sys

2011/01/18 00:54:41.0250 pepifilter (b20f958b207e6aaac5f70d04dd2c30d8) C:\WINDOWS\system32\DRIVERS\lv302af.sys

2011/01/18 00:54:41.0281 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

2011/01/18 00:54:41.0343 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

2011/01/18 00:54:41.0578 PID_PEPI (dd184d9adfe2a8a21741dbdfe9e22f5c) C:\WINDOWS\system32\DRIVERS\LV302V32.SYS

2011/01/18 00:54:41.0781 Pivot (943f840611d33832308ec5310b616b57) C:\WINDOWS\system32\drivers\pivot.sys

2011/01/18 00:54:41.0828 pivotmou (998c58295288eedfbfe95e7f6cc94df4) C:\WINDOWS\system32\drivers\pivotmou.sys

2011/01/18 00:54:41.0875 pnarp (dea06627596015263360097c2608384e) C:\WINDOWS\system32\DRIVERS\pnarp.sys

2011/01/18 00:54:41.0921 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/01/18 00:54:41.0953 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

2011/01/18 00:54:42.0093 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2011/01/18 00:54:42.0156 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/01/18 00:54:42.0203 purendis (c0cdb9f7ce42c3487f0bea409bf5d153) C:\WINDOWS\system32\DRIVERS\purendis.sys

2011/01/18 00:54:42.0234 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys

2011/01/18 00:54:42.0250 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

2011/01/18 00:54:42.0281 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

2011/01/18 00:54:42.0296 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

2011/01/18 00:54:42.0421 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

2011/01/18 00:54:42.0468 ql1280 (d85112e2bda0932bfbea3da15ec91893) C:\WINDOWS\system32\DRIVERS\ql1280.sys

2011/01/18 00:54:42.0500 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/01/18 00:54:42.0531 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/01/18 00:54:42.0562 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/01/18 00:54:42.0625 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2011/01/18 00:54:42.0671 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/01/18 00:54:42.0875 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/01/18 00:54:42.0953 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2011/01/18 00:54:43.0031 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2011/01/18 00:54:43.0078 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2011/01/18 00:54:43.0171 rt2870 (b10c0cea067240b6741cc7862f63d2fd) C:\WINDOWS\system32\DRIVERS\rt2870.sys

2011/01/18 00:54:43.0281 RT73 (7436bfd3a542cf6ff55097200031b293) C:\WINDOWS\system32\DRIVERS\rt73.sys

2011/01/18 00:54:43.0406 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS

2011/01/18 00:54:43.0421 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

2011/01/18 00:54:43.0500 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/01/18 00:54:43.0625 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys

2011/01/18 00:54:43.0687 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2011/01/18 00:54:43.0750 sisagp (4f2810f17479bc3c4ef45b53b071aadc) C:\WINDOWS\system32\DRIVERS\sisagp.sys

2011/01/18 00:54:43.0750 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\sisagp.sys. Real md5: 4f2810f17479bc3c4ef45b53b071aadc, Fake md5: 6b33d0ebd30db32e27d1d78fe946a754

2011/01/18 00:54:43.0750 sisagp - detected Rootkit.Win32.TDSS.tdl3 (0)

2011/01/18 00:54:43.0812 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

2011/01/18 00:54:43.0875 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS

2011/01/18 00:54:43.0984 Sparrow (509c1ad428324fc3f5f8280f943caa96) C:\WINDOWS\system32\DRIVERS\sparrow.sys

2011/01/18 00:54:44.0031 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2011/01/18 00:54:44.0109 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys

2011/01/18 00:54:44.0187 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

2011/01/18 00:54:44.0218 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2011/01/18 00:54:44.0234 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2011/01/18 00:54:44.0296 symc810 (92959748dcf3d82304ea3e5cf6c63fa9) C:\WINDOWS\system32\DRIVERS\symc810.sys

2011/01/18 00:54:44.0343 symc8xx (4d6654ee7a40623de5b6aa305ae98276) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

2011/01/18 00:54:44.0375 sym_hi (b63b83db025bcb7790df1b2faaa1c540) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

2011/01/18 00:54:44.0453 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

2011/01/18 00:54:44.0484 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2011/01/18 00:54:44.0546 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/01/18 00:54:44.0609 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2011/01/18 00:54:44.0750 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2011/01/18 00:54:44.0781 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2011/01/18 00:54:44.0843 tmcomm (df8444a8fa8fd38d8848bdd40a8403b3) C:\WINDOWS\system32\drivers\tmcomm.sys

2011/01/18 00:54:44.0906 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys

2011/01/18 00:54:45.0062 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2011/01/18 00:54:45.0125 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

2011/01/18 00:54:45.0171 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2011/01/18 00:54:45.0343 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

2011/01/18 00:54:45.0406 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2011/01/18 00:54:45.0421 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2011/01/18 00:54:45.0453 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/01/18 00:54:45.0484 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys

2011/01/18 00:54:45.0546 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2011/01/18 00:54:45.0671 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2011/01/18 00:54:45.0734 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/01/18 00:54:45.0781 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2011/01/18 00:54:45.0812 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2011/01/18 00:54:45.0859 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys

2011/01/18 00:54:45.0875 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

2011/01/18 00:54:45.0890 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2011/01/18 00:54:45.0937 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/01/18 00:54:46.0109 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys

2011/01/18 00:54:46.0171 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2011/01/18 00:54:46.0234 winachsf (74cf3f2e4e40c4a2e18d39d6300a5c24) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

2011/01/18 00:54:46.0359 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

2011/01/18 00:54:46.0500 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

2011/01/18 00:54:46.0546 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2011/01/18 00:54:46.0593 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2011/01/18 00:54:46.0671 ================================================================================

2011/01/18 00:54:46.0671 Scan finished

2011/01/18 00:54:46.0671 ================================================================================

2011/01/18 00:54:46.0687 Detected object count: 2

2011/01/18 00:55:49.0984 Forged file(aswMon2) - User select action: Skip

2011/01/18 00:55:50.0140 sisagp (4f2810f17479bc3c4ef45b53b071aadc) C:\WINDOWS\system32\DRIVERS\sisagp.sys

2011/01/18 00:55:50.0140 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\sisagp.sys. Real md5: 4f2810f17479bc3c4ef45b53b071aadc, Fake md5: 6b33d0ebd30db32e27d1d78fe946a754

2011/01/18 00:55:50.0890 Backup copy found, using it..

2011/01/18 00:55:50.0921 C:\WINDOWS\system32\DRIVERS\sisagp.sys - will be cured after reboot

2011/01/18 00:55:50.0921 Rootkit.Win32.TDSS.tdl3(sisagp) - User select action: Cure

Link to post
Share on other sites
Blake C

Blake C

Posted
  • Author
Posted

Heres the results. It didnt find anything though.

File name:

clofghls.dll

Submission date:

2011-01-18 21:22:47 (UTC)

Current status:

finished

Result:

0/ 43 (0.0%) VT Community

not reviewed

Safety score: -

Compact

Print results Antivirus Version Last Update Result

AhnLab-V3 2011.01.18.00 2011.01.17 -

AntiVir 7.11.1.174 2011.01.18 -

Antiy-AVL 2.0.3.7 2011.01.18 -

Avast 4.8.1351.0 2011.01.18 -

Avast5 5.0.677.0 2011.01.18 -

AVG 10.0.0.1190 2011.01.18 -

BitDefender 7.2 2011.01.18 -

CAT-QuickHeal 11.00 2011.01.18 -

ClamAV 0.96.4.0 2011.01.18 -

Commtouch 5.2.11.5 2011.01.18 -

Comodo 7434 2011.01.18 -

DrWeb 5.0.2.03300 2011.01.18 -

Emsisoft 5.1.0.1 2011.01.18 -

eSafe 7.0.17.0 2011.01.18 -

eTrust-Vet 36.1.8106 2011.01.18 -

F-Prot 4.6.2.117 2011.01.17 -

F-Secure 9.0.16160.0 2011.01.18 -

Fortinet 4.2.254.0 2011.01.16 -

GData 21 2011.01.18 -

Ikarus T3.1.1.97.0 2011.01.18 -

Jiangmin 13.0.900 2011.01.18 -

K7AntiVirus 9.77.3570 2011.01.18 -

Kaspersky 7.0.0.125 2011.01.18 -

McAfee 5.400.0.1158 2011.01.18 -

McAfee-GW-Edition 2010.1C 2011.01.18 -

Microsoft 1.6402 2011.01.18 -

NOD32 5798 2011.01.18 -

Norman 6.06.12 2011.01.18 -

nProtect 2011-01-18.01 2011.01.18 -

Panda 10.0.2.7 2011.01.18 -

PCTools 7.0.3.5 2011.01.18 -

Prevx 3.0 2011.01.18 -

Rising 22.83.01.03 2011.01.18 -

Sophos 4.61.0 2011.01.18 -

SUPERAntiSpyware 4.40.0.1006 2011.01.18 -

Symantec 20101.3.0.103 2011.01.18 -

TheHacker 6.7.0.1.116 2011.01.18 -

TrendMicro 9.120.0.1004 2011.01.18 -

TrendMicro-HouseCall 9.120.0.1004 2011.01.18 -

VBA32 3.12.14.2 2011.01.18 -

VIPRE 8115 2011.01.18 -

ViRobot 2011.1.18.4261 2011.01.18 -

VirusBuster 13.6.152.1 2011.01.18 -

Additional information

Show all

MD5 : bd6ae8e8faad7b8d565d9280a4797ea4

SHA1 : a27e8506a6bcc062c62d4ccedc8ffce58d4b7b40

SHA256: b331539abe0786192c0b2eca57149ea5110ef553a963186989cf7f78ebf6d57e

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

  • Run OTL.exe
  • Under Custom Scans/Fixes post the following script:

:OTL
SRV - (5EBDEFDC) -- C:\WINDOWS\system32\5EBDEFDC.exe ()
SRV - (672AB62D) -- C:\WINDOWS\system32\672AB62D.exe ()
@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Owner\My Documents\MARIORPG.ips.txt:SummaryInformation
@Alternate Data Stream - 150 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07BF512B
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3B71D0B4

:files
C:\WINDOWS\System32\*.tmp
C:\WINDOWS\*.tmp
C:\WINDOWS\System32\_003411_.tmp.dll
C:\WINDOWS\System32\_003443_.tmp.dll
C:\Documents and Settings\All Users\Application Data\AVG10
C:\Documents and Settings\All Users\Application Data\avg9
C:\Documents and Settings\All Users\Application Data\Viewpoint
C:\Documents and Settings\Owner\Application Data\AVG10
C:\Documents and Settings\Owner\Application Data\FrostWire
C:\Documents and Settings\Owner\Application Data\Uniblue
C:\Documents and Settings\Owner\Application Data\uTorrent

:commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]

  • Then click the Run Fix button at the top
  • Let the program run unhindered,when it is done it will say "Fix Complete press ok to open log"
  • Please post that log in your next reply.

Link to post
Share on other sites
Blake C

Blake C

Posted
  • Author
Posted

All processes killed

========== OTL ==========

Service 5EBDEFDC stopped successfully!

Service 5EBDEFDC deleted successfully!

C:\WINDOWS\system32\5EBDEFDC.exe moved successfully.

Service 672AB62D stopped successfully!

Service 672AB62D deleted successfully!

C:\WINDOWS\system32\672AB62D.exe moved successfully.

ADS C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 deleted successfully.

ADS C:\Documents and Settings\Owner\My Documents\MARIORPG.ips.txt:SummaryInformation deleted successfully.

ADS C:\Documents and Settings\All Users\Application Data\TEMP:07BF512B deleted successfully.

ADS C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4 deleted successfully.

ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 deleted successfully.

ADS C:\Documents and Settings\All Users\Application Data\TEMP:3B71D0B4 deleted successfully.

========== FILES ==========

C:\WINDOWS\System32\CONFIG.TMP moved successfully.

C:\WINDOWS\System32\SET11D9.tmp moved successfully.

C:\WINDOWS\System32\SET11DC.tmp moved successfully.

C:\WINDOWS\System32\SET11E1.tmp moved successfully.

C:\WINDOWS\System32\SET1210.tmp moved successfully.

C:\WINDOWS\System32\SET1212.tmp moved successfully.

C:\WINDOWS\System32\SET1290.tmp moved successfully.

C:\WINDOWS\System32\SET1293.tmp moved successfully.

C:\WINDOWS\System32\SET1298.tmp moved successfully.

C:\WINDOWS\System32\SET12C9.tmp moved successfully.

C:\WINDOWS\System32\SET137E.tmp moved successfully.

C:\WINDOWS\System32\SET1381.tmp moved successfully.

C:\WINDOWS\System32\SET1386.tmp moved successfully.

C:\WINDOWS\System32\SET13B5.tmp moved successfully.

C:\WINDOWS\System32\SET13B7.tmp moved successfully.

C:\WINDOWS\System32\SET149E.tmp moved successfully.

C:\WINDOWS\System32\SET149F.tmp moved successfully.

C:\WINDOWS\System32\SET14A2.tmp moved successfully.

C:\WINDOWS\System32\SET14A7.tmp moved successfully.

C:\WINDOWS\System32\SET14A8.tmp moved successfully.

C:\WINDOWS\System32\SET14A9.tmp moved successfully.

C:\WINDOWS\System32\SET14D6.tmp moved successfully.

C:\WINDOWS\System32\SET14D8.tmp moved successfully.

C:\WINDOWS\System32\SET1519.tmp moved successfully.

C:\WINDOWS\System32\SET1581.tmp moved successfully.

C:\WINDOWS\System32\SET1582.tmp moved successfully.

C:\WINDOWS\System32\SET1585.tmp moved successfully.

C:\WINDOWS\System32\SET1586.tmp moved successfully.

C:\WINDOWS\System32\SET158A.tmp moved successfully.

C:\WINDOWS\System32\SET158B.tmp moved successfully.

C:\WINDOWS\System32\SET158C.tmp moved successfully.

C:\WINDOWS\System32\SET15BB.tmp moved successfully.

C:\WINDOWS\System32\SET15FC.tmp moved successfully.

C:\WINDOWS\System32\SET173.tmp moved successfully.

C:\WINDOWS\System32\SET174.tmp moved successfully.

C:\WINDOWS\System32\SET175.tmp moved successfully.

C:\WINDOWS\System32\SET176.tmp moved successfully.

C:\WINDOWS\System32\SET177.tmp moved successfully.

C:\WINDOWS\System32\SET178.tmp moved successfully.

C:\WINDOWS\System32\SET17A.tmp moved successfully.

C:\WINDOWS\System32\SET17B.tmp moved successfully.

C:\WINDOWS\System32\SET17D.tmp moved successfully.

C:\WINDOWS\System32\SET17F.tmp moved successfully.

C:\WINDOWS\System32\SET181.tmp moved successfully.

C:\WINDOWS\System32\SET182.tmp moved successfully.

C:\WINDOWS\System32\SET185.tmp moved successfully.

C:\WINDOWS\System32\SET1867.tmp moved successfully.

C:\WINDOWS\System32\SET1869.tmp moved successfully.

C:\WINDOWS\System32\SET186B.tmp moved successfully.

C:\WINDOWS\System32\SET1870.tmp moved successfully.

C:\WINDOWS\System32\SET1873.tmp moved successfully.

C:\WINDOWS\System32\SET187C.tmp moved successfully.

C:\WINDOWS\System32\SET187E.tmp moved successfully.

C:\WINDOWS\System32\SET1881.tmp moved successfully.

C:\WINDOWS\System32\SET1883.tmp moved successfully.

C:\WINDOWS\System32\SET1887.tmp moved successfully.

C:\WINDOWS\System32\SET1888.tmp moved successfully.

C:\WINDOWS\System32\SET188F.tmp moved successfully.

C:\WINDOWS\System32\SET189.tmp moved successfully.

C:\WINDOWS\System32\SET1890.tmp moved successfully.

C:\WINDOWS\System32\SET1891.tmp moved successfully.

C:\WINDOWS\System32\SET1897.tmp moved successfully.

C:\WINDOWS\System32\SET189B.tmp moved successfully.

C:\WINDOWS\System32\SET189D.tmp moved successfully.

C:\WINDOWS\System32\SET18A.tmp moved successfully.

C:\WINDOWS\System32\SET18A0.tmp moved successfully.

C:\WINDOWS\System32\SET18A3.tmp moved successfully.

C:\WINDOWS\System32\SET18A9.tmp moved successfully.

C:\WINDOWS\System32\SET18B.tmp moved successfully.

C:\WINDOWS\System32\SET18B0.tmp moved successfully.

C:\WINDOWS\System32\SET18B9.tmp moved successfully.

C:\WINDOWS\System32\SET18BA.tmp moved successfully.

C:\WINDOWS\System32\SET18BF.tmp moved successfully.

C:\WINDOWS\System32\SET18C.tmp moved successfully.

C:\WINDOWS\System32\SET18C1.tmp moved successfully.

C:\WINDOWS\System32\SET18C4.tmp moved successfully.

C:\WINDOWS\System32\SET18C6.tmp moved successfully.

C:\WINDOWS\System32\SET18C7.tmp moved successfully.

C:\WINDOWS\System32\SET18CA.tmp moved successfully.

C:\WINDOWS\System32\SET18CC.tmp moved successfully.

C:\WINDOWS\System32\SET18CD.tmp moved successfully.

C:\WINDOWS\System32\SET18CE.tmp moved successfully.

C:\WINDOWS\System32\SET18CF.tmp moved successfully.

C:\WINDOWS\System32\SET18D.tmp moved successfully.

C:\WINDOWS\System32\SET18D1.tmp moved successfully.

C:\WINDOWS\System32\SET18D2.tmp moved successfully.

C:\WINDOWS\System32\SET18D3.tmp moved successfully.

C:\WINDOWS\System32\SET18D5.tmp moved successfully.

C:\WINDOWS\System32\SET18D6.tmp moved successfully.

C:\WINDOWS\System32\SET18DB.tmp moved successfully.

C:\WINDOWS\System32\SET18E.tmp moved successfully.

C:\WINDOWS\System32\SET18E2.tmp moved successfully.

C:\WINDOWS\System32\SET18E5.tmp moved successfully.

C:\WINDOWS\System32\SET18E6.tmp moved successfully.

C:\WINDOWS\System32\SET18F.tmp moved successfully.

C:\WINDOWS\System32\SET190.tmp moved successfully.

C:\WINDOWS\System32\SET1902.tmp moved successfully.

C:\WINDOWS\System32\SET1907.tmp moved successfully.

C:\WINDOWS\System32\SET1908.tmp moved successfully.

C:\WINDOWS\System32\SET191.tmp moved successfully.

C:\WINDOWS\System32\SET191A.tmp moved successfully.

C:\WINDOWS\System32\SET192.tmp moved successfully.

C:\WINDOWS\System32\SET1920.tmp moved successfully.

C:\WINDOWS\System32\SET1926.tmp moved successfully.

C:\WINDOWS\System32\SET192A.tmp moved successfully.

C:\WINDOWS\System32\SET1936.tmp moved successfully.

C:\WINDOWS\System32\SET1937.tmp moved successfully.

C:\WINDOWS\System32\SET193A.tmp moved successfully.

C:\WINDOWS\System32\SET194.tmp moved successfully.

C:\WINDOWS\System32\SET195.tmp moved successfully.

C:\WINDOWS\System32\SET1950.tmp moved successfully.

C:\WINDOWS\System32\SET1958.tmp moved successfully.

C:\WINDOWS\System32\SET195F.tmp moved successfully.

C:\WINDOWS\System32\SET196.tmp moved successfully.

C:\WINDOWS\System32\SET1960.tmp moved successfully.

C:\WINDOWS\System32\SET1961.tmp moved successfully.

C:\WINDOWS\System32\SET1963.tmp moved successfully.

C:\WINDOWS\System32\SET196C.tmp moved successfully.

C:\WINDOWS\System32\SET196E.tmp moved successfully.

C:\WINDOWS\System32\SET196F.tmp moved successfully.

C:\WINDOWS\System32\SET197B.tmp moved successfully.

C:\WINDOWS\System32\SET197F.tmp moved successfully.

C:\WINDOWS\System32\SET198.tmp moved successfully.

C:\WINDOWS\System32\SET1985.tmp moved successfully.

C:\WINDOWS\System32\SET1987.tmp moved successfully.

C:\WINDOWS\System32\SET1989.tmp moved successfully.

C:\WINDOWS\System32\SET198D.tmp moved successfully.

C:\WINDOWS\System32\SET199.tmp moved successfully.

C:\WINDOWS\System32\SET19A5.tmp moved successfully.

C:\WINDOWS\System32\SET19B3.tmp moved successfully.

C:\WINDOWS\System32\SET19B5.tmp moved successfully.

C:\WINDOWS\System32\SET19BE.tmp moved successfully.

C:\WINDOWS\System32\SET19C0.tmp moved successfully.

C:\WINDOWS\System32\SET19C8.tmp moved successfully.

C:\WINDOWS\System32\SET19D0.tmp moved successfully.

C:\WINDOWS\System32\SET19D4.tmp moved successfully.

C:\WINDOWS\System32\SET19D5.tmp moved successfully.

C:\WINDOWS\System32\SET19D8.tmp moved successfully.

C:\WINDOWS\System32\SET19E.tmp moved successfully.

C:\WINDOWS\System32\SET19E3.tmp moved successfully.

C:\WINDOWS\System32\SET19E8.tmp moved successfully.

C:\WINDOWS\System32\SET19E9.tmp moved successfully.

C:\WINDOWS\System32\SET19F.tmp moved successfully.

C:\WINDOWS\System32\SET19F4.tmp moved successfully.

C:\WINDOWS\System32\SET19FA.tmp moved successfully.

C:\WINDOWS\System32\SET19FB.tmp moved successfully.

C:\WINDOWS\System32\SET1A0.tmp moved successfully.

C:\WINDOWS\System32\SET1A00.tmp moved successfully.

C:\WINDOWS\System32\SET1A02.tmp moved successfully.

C:\WINDOWS\System32\SET1A04.tmp moved successfully.

C:\WINDOWS\System32\SET1A05.tmp moved successfully.

C:\WINDOWS\System32\SET1A06.tmp moved successfully.

C:\WINDOWS\System32\SET1A07.tmp moved successfully.

C:\WINDOWS\System32\SET1A0A.tmp moved successfully.

C:\WINDOWS\System32\SET1A1.tmp moved successfully.

C:\WINDOWS\System32\SET1A15.tmp moved successfully.

C:\WINDOWS\System32\SET1A18.tmp moved successfully.

C:\WINDOWS\System32\SET1A1A.tmp moved successfully.

C:\WINDOWS\System32\SET1A1C.tmp moved successfully.

C:\WINDOWS\System32\SET1A1D.tmp moved successfully.

C:\WINDOWS\System32\SET1A1E.tmp moved successfully.

C:\WINDOWS\System32\SET1A1F.tmp moved successfully.

C:\WINDOWS\System32\SET1A2.tmp moved successfully.

C:\WINDOWS\System32\SET1A20.tmp moved successfully.

C:\WINDOWS\System32\SET1A21.tmp moved successfully.

C:\WINDOWS\System32\SET1A23.tmp moved successfully.

C:\WINDOWS\System32\SET1A27.tmp moved successfully.

C:\WINDOWS\System32\SET1A28.tmp moved successfully.

C:\WINDOWS\System32\SET1A2A.tmp moved successfully.

C:\WINDOWS\System32\SET1A2B.tmp moved successfully.

C:\WINDOWS\System32\SET1A3.tmp moved successfully.

C:\WINDOWS\System32\SET1A32.tmp moved successfully.

C:\WINDOWS\System32\SET1A35.tmp moved successfully.

C:\WINDOWS\System32\SET1A38.tmp moved successfully.

C:\WINDOWS\System32\SET1A39.tmp moved successfully.

C:\WINDOWS\System32\SET1A3E.tmp moved successfully.

C:\WINDOWS\System32\SET1A4.tmp moved successfully.

C:\WINDOWS\System32\SET1A43.tmp moved successfully.

C:\WINDOWS\System32\SET1A48.tmp moved successfully.

C:\WINDOWS\System32\SET1A4A.tmp moved successfully.

C:\WINDOWS\System32\SET1A4B.tmp moved successfully.

C:\WINDOWS\System32\SET1A4E.tmp moved successfully.

C:\WINDOWS\System32\SET1A5.tmp moved successfully.

C:\WINDOWS\System32\SET1A51.tmp moved successfully.

C:\WINDOWS\System32\SET1A52.tmp moved successfully.

C:\WINDOWS\System32\SET1A55.tmp moved successfully.

C:\WINDOWS\System32\SET1A56.tmp moved successfully.

C:\WINDOWS\System32\SET1A58.tmp moved successfully.

C:\WINDOWS\System32\SET1A5C.tmp moved successfully.

C:\WINDOWS\System32\SET1A5E.tmp moved successfully.

C:\WINDOWS\System32\SET1A5F.tmp moved successfully.

C:\WINDOWS\System32\SET1A6.tmp moved successfully.

C:\WINDOWS\System32\SET1A60.tmp moved successfully.

C:\WINDOWS\System32\SET1A66.tmp moved successfully.

C:\WINDOWS\System32\SET1A67.tmp moved successfully.

C:\WINDOWS\System32\SET1A68.tmp moved successfully.

C:\WINDOWS\System32\SET1A6D.tmp moved successfully.

C:\WINDOWS\System32\SET1A7.tmp moved successfully.

C:\WINDOWS\System32\SET1A72.tmp moved successfully.

C:\WINDOWS\System32\SET1A74.tmp moved successfully.

C:\WINDOWS\System32\SET1A75.tmp moved successfully.

C:\WINDOWS\System32\SET1A76.tmp moved successfully.

C:\WINDOWS\System32\SET1A78.tmp moved successfully.

C:\WINDOWS\System32\SET1A79.tmp moved successfully.

C:\WINDOWS\System32\SET1A7A.tmp moved successfully.

C:\WINDOWS\System32\SET1A7C.tmp moved successfully.

C:\WINDOWS\System32\SET1A7D.tmp moved successfully.

C:\WINDOWS\System32\SET1A7E.tmp moved successfully.

C:\WINDOWS\System32\SET1A7F.tmp moved successfully.

C:\WINDOWS\System32\SET1A8.tmp moved successfully.

C:\WINDOWS\System32\SET1A80.tmp moved successfully.

C:\WINDOWS\System32\SET1A83.tmp moved successfully.

C:\WINDOWS\System32\SET1A84.tmp moved successfully.

C:\WINDOWS\System32\SET1A8B.tmp moved successfully.

C:\WINDOWS\System32\SET1A8C.tmp moved successfully.

C:\WINDOWS\System32\SET1A8D.tmp moved successfully.

C:\WINDOWS\System32\SET1A9.tmp moved successfully.

C:\WINDOWS\System32\SET1A9B.tmp moved successfully.

C:\WINDOWS\System32\SET1A9C.tmp moved successfully.

C:\WINDOWS\System32\SET1A9F.tmp moved successfully.

C:\WINDOWS\System32\SET1AA6.tmp moved successfully.

C:\WINDOWS\System32\SET1AAB.tmp moved successfully.

C:\WINDOWS\System32\SET1AAD.tmp moved successfully.

C:\WINDOWS\System32\SET1AB.tmp moved successfully.

C:\WINDOWS\System32\SET1AB1.tmp moved successfully.

C:\WINDOWS\System32\SET1AB2.tmp moved successfully.

C:\WINDOWS\System32\SET1AB4.tmp moved successfully.

C:\WINDOWS\System32\SET1ABF.tmp moved successfully.

C:\WINDOWS\System32\SET1AC.tmp moved successfully.

C:\WINDOWS\System32\SET1AC0.tmp moved successfully.

C:\WINDOWS\System32\SET1AC1.tmp moved successfully.

C:\WINDOWS\System32\SET1AC3.tmp moved successfully.

C:\WINDOWS\System32\SET1AC5.tmp moved successfully.

C:\WINDOWS\System32\SET1AD.tmp moved successfully.

C:\WINDOWS\System32\SET1AD1.tmp moved successfully.

C:\WINDOWS\System32\SET1AD7.tmp moved successfully.

C:\WINDOWS\System32\SET1ADA.tmp moved successfully.

C:\WINDOWS\System32\SET1ADB.tmp moved successfully.

C:\WINDOWS\System32\SET1ADC.tmp moved successfully.

C:\WINDOWS\System32\SET1AE.tmp moved successfully.

C:\WINDOWS\System32\SET1AE3.tmp moved successfully.

C:\WINDOWS\System32\SET1AEC.tmp moved successfully.

C:\WINDOWS\System32\SET1AED.tmp moved successfully.

C:\WINDOWS\System32\SET1AEE.tmp moved successfully.

C:\WINDOWS\System32\SET1AF.tmp moved successfully.

C:\WINDOWS\System32\SET1AF7.tmp moved successfully.

C:\WINDOWS\System32\SET1AF8.tmp moved successfully.

C:\WINDOWS\System32\SET1AF9.tmp moved successfully.

C:\WINDOWS\System32\SET1AFC.tmp moved successfully.

C:\WINDOWS\System32\SET1AFD.tmp moved successfully.

C:\WINDOWS\System32\SET1B0.tmp moved successfully.

C:\WINDOWS\System32\SET1B01.tmp moved successfully.

C:\WINDOWS\System32\SET1B02.tmp moved successfully.

C:\WINDOWS\System32\SET1B05.tmp moved successfully.

C:\WINDOWS\System32\SET1B06.tmp moved successfully.

C:\WINDOWS\System32\SET1B07.tmp moved successfully.

C:\WINDOWS\System32\SET1B09.tmp moved successfully.

C:\WINDOWS\System32\SET1B0B.tmp moved successfully.

C:\WINDOWS\System32\SET1B1.tmp moved successfully.

C:\WINDOWS\System32\SET1B10.tmp moved successfully.

C:\WINDOWS\System32\SET1B2.tmp moved successfully.

C:\WINDOWS\System32\SET1B23.tmp moved successfully.

C:\WINDOWS\System32\SET1B24.tmp moved successfully.

C:\WINDOWS\System32\SET1B25.tmp moved successfully.

C:\WINDOWS\System32\SET1B26.tmp moved successfully.

C:\WINDOWS\System32\SET1B27.tmp moved successfully.

C:\WINDOWS\System32\SET1B28.tmp moved successfully.

C:\WINDOWS\System32\SET1B2A.tmp moved successfully.

C:\WINDOWS\System32\SET1B3.tmp moved successfully.

C:\WINDOWS\System32\SET1B37.tmp moved successfully.

C:\WINDOWS\System32\SET1B3B.tmp moved successfully.

C:\WINDOWS\System32\SET1B3E.tmp moved successfully.

C:\WINDOWS\System32\SET1B3F.tmp moved successfully.

C:\WINDOWS\System32\SET1B4.tmp moved successfully.

C:\WINDOWS\System32\SET1B48.tmp moved successfully.

C:\WINDOWS\System32\SET1B49.tmp moved successfully.

C:\WINDOWS\System32\SET1B4E.tmp moved successfully.

C:\WINDOWS\System32\SET1B5.tmp moved successfully.

C:\WINDOWS\System32\SET1B51.tmp moved successfully.

C:\WINDOWS\System32\SET1B52.tmp moved successfully.

C:\WINDOWS\System32\SET1B5C.tmp moved successfully.

C:\WINDOWS\System32\SET1B6.tmp moved successfully.

C:\WINDOWS\System32\SET1B64.tmp moved successfully.

C:\WINDOWS\System32\SET1B65.tmp moved successfully.

C:\WINDOWS\System32\SET1B66.tmp moved successfully.

C:\WINDOWS\System32\SET1B67.tmp moved successfully.

C:\WINDOWS\System32\SET1B6D.tmp moved successfully.

C:\WINDOWS\System32\SET1B6F.tmp moved successfully.

C:\WINDOWS\System32\SET1B7.tmp moved successfully.

C:\WINDOWS\System32\SET1B70.tmp moved successfully.

C:\WINDOWS\System32\SET1B73.tmp moved successfully.

C:\WINDOWS\System32\SET1B76.tmp moved successfully.

C:\WINDOWS\System32\SET1B7B.tmp moved successfully.

C:\WINDOWS\System32\SET1B7E.tmp moved successfully.

C:\WINDOWS\System32\SET1B8.tmp moved successfully.

C:\WINDOWS\System32\SET1B80.tmp moved successfully.

C:\WINDOWS\System32\SET1B84.tmp moved successfully.

C:\WINDOWS\System32\SET1B85.tmp moved successfully.

C:\WINDOWS\System32\SET1B86.tmp moved successfully.

C:\WINDOWS\System32\SET1B8D.tmp moved successfully.

C:\WINDOWS\System32\SET1B9.tmp moved successfully.

C:\WINDOWS\System32\SET1B91.tmp moved successfully.

C:\WINDOWS\System32\SET1B92.tmp moved successfully.

C:\WINDOWS\System32\SET1B93.tmp moved successfully.

C:\WINDOWS\System32\SET1B94.tmp moved successfully.

C:\WINDOWS\System32\SET1B95.tmp moved successfully.

C:\WINDOWS\System32\SET1B96.tmp moved successfully.

C:\WINDOWS\System32\SET1B98.tmp moved successfully.

C:\WINDOWS\System32\SET1B99.tmp moved successfully.

C:\WINDOWS\System32\SET1B9B.tmp moved successfully.

C:\WINDOWS\System32\SET1B9C.tmp moved successfully.

C:\WINDOWS\System32\SET1B9D.tmp moved successfully.

C:\WINDOWS\System32\SET1B9F.tmp moved successfully.

C:\WINDOWS\System32\SET1BA.tmp moved successfully.

C:\WINDOWS\System32\SET1BA0.tmp moved successfully.

C:\WINDOWS\System32\SET1BA1.tmp moved successfully.

C:\WINDOWS\System32\SET1BA7.tmp moved successfully.

C:\WINDOWS\System32\SET1BAA.tmp moved successfully.

C:\WINDOWS\System32\SET1BAB.tmp moved successfully.

C:\WINDOWS\System32\SET1BAE.tmp moved successfully.

C:\WINDOWS\System32\SET1BB.tmp moved successfully.

C:\WINDOWS\System32\SET1BB7.tmp moved successfully.

C:\WINDOWS\System32\SET1BB9.tmp moved successfully.

C:\WINDOWS\System32\SET1BBB.tmp moved successfully.

C:\WINDOWS\System32\SET1BBC.tmp moved successfully.

C:\WINDOWS\System32\SET1BBD.tmp moved successfully.

C:\WINDOWS\System32\SET1BBE.tmp moved successfully.

C:\WINDOWS\System32\SET1BBF.tmp moved successfully.

C:\WINDOWS\System32\SET1BC.tmp moved successfully.

C:\WINDOWS\System32\SET1BC2.tmp moved successfully.

C:\WINDOWS\System32\SET1BD.tmp moved successfully.

C:\WINDOWS\System32\SET1BF.tmp moved successfully.

C:\WINDOWS\System32\SET1C0.tmp moved successfully.

C:\WINDOWS\System32\SET1C1.tmp moved successfully.

C:\WINDOWS\System32\SET1C2.tmp moved successfully.

C:\WINDOWS\System32\SET1C3.tmp moved successfully.

C:\WINDOWS\System32\SET1C4.tmp moved successfully.

C:\WINDOWS\System32\SET1C5.tmp moved successfully.

C:\WINDOWS\System32\SET1C6.tmp moved successfully.

C:\WINDOWS\System32\SET1C8.tmp moved successfully.

C:\WINDOWS\System32\SET1C9.tmp moved successfully.

C:\WINDOWS\System32\SET1CB.tmp moved successfully.

C:\WINDOWS\System32\SET1CC.tmp moved successfully.

C:\WINDOWS\System32\SET1CD.tmp moved successfully.

C:\WINDOWS\System32\SET1CE.tmp moved successfully.

C:\WINDOWS\System32\SET1CF.tmp moved successfully.

C:\WINDOWS\System32\SET1D0.tmp moved successfully.

C:\WINDOWS\System32\SET1D2.tmp moved successfully.

C:\WINDOWS\System32\SET1D4.tmp moved successfully.

C:\WINDOWS\System32\SET1D7.tmp moved successfully.

C:\WINDOWS\System32\SET1D8.tmp moved successfully.

C:\WINDOWS\System32\SET1D9.tmp moved successfully.

C:\WINDOWS\System32\SET1DA.tmp moved successfully.

C:\WINDOWS\System32\SET1DB.tmp moved successfully.

C:\WINDOWS\System32\SET1DD.tmp moved successfully.

C:\WINDOWS\System32\SET1DE.tmp moved successfully.

C:\WINDOWS\System32\SET1DF.tmp moved successfully.

C:\WINDOWS\System32\SET1E1.tmp moved successfully.

C:\WINDOWS\System32\SET1E2.tmp moved successfully.

C:\WINDOWS\System32\SET1E3.tmp moved successfully.

C:\WINDOWS\System32\SET1E4.tmp moved successfully.

C:\WINDOWS\System32\SET1E5.tmp moved successfully.

C:\WINDOWS\System32\SET1E7.tmp moved successfully.

C:\WINDOWS\System32\SET1E8.tmp moved successfully.

C:\WINDOWS\System32\SET1E9.tmp moved successfully.

C:\WINDOWS\System32\SET1EA.tmp moved successfully.

C:\WINDOWS\System32\SET1EC.tmp moved successfully.

C:\WINDOWS\System32\SET1ED.tmp moved successfully.

C:\WINDOWS\System32\SET1EF.tmp moved successfully.

C:\WINDOWS\System32\SET1F0.tmp moved successfully.

C:\WINDOWS\System32\SET1F1.tmp moved successfully.

C:\WINDOWS\System32\SET1F2.tmp moved successfully.

C:\WINDOWS\System32\SET1F4.tmp moved successfully.

C:\WINDOWS\System32\SET1F5.tmp moved successfully.

C:\WINDOWS\System32\SET1F6.tmp moved successfully.

C:\WINDOWS\System32\SET1F7.tmp moved successfully.

C:\WINDOWS\System32\SET1F9.tmp moved successfully.

C:\WINDOWS\System32\SET1FA.tmp moved successfully.

C:\WINDOWS\System32\SET1FB.tmp moved successfully.

C:\WINDOWS\System32\SET1FC.tmp moved successfully.

C:\WINDOWS\System32\SET1FD.tmp moved successfully.

C:\WINDOWS\System32\SET203.tmp moved successfully.

C:\WINDOWS\System32\SET204.tmp moved successfully.

C:\WINDOWS\System32\SET205.tmp moved successfully.

C:\WINDOWS\System32\SET206.tmp moved successfully.

C:\WINDOWS\System32\SET207.tmp moved successfully.

C:\WINDOWS\System32\SET208.tmp moved successfully.

C:\WINDOWS\System32\SET20A.tmp moved successfully.

C:\WINDOWS\System32\SET20B.tmp moved successfully.

C:\WINDOWS\System32\SET20C.tmp moved successfully.

C:\WINDOWS\System32\SET20D.tmp moved successfully.

C:\WINDOWS\System32\SET20E.tmp moved successfully.

C:\WINDOWS\System32\SET210.tmp moved successfully.

C:\WINDOWS\System32\SET213.tmp moved successfully.

C:\WINDOWS\System32\SET214.tmp moved successfully.

C:\WINDOWS\System32\SET215.tmp moved successfully.

C:\WINDOWS\System32\SET216.tmp moved successfully.

C:\WINDOWS\System32\SET217.tmp moved successfully.

C:\WINDOWS\System32\SET218.tmp moved successfully.

C:\WINDOWS\System32\SET219.tmp moved successfully.

C:\WINDOWS\System32\SET21A.tmp moved successfully.

C:\WINDOWS\System32\SET21B.tmp moved successfully.

C:\WINDOWS\System32\SET21C.tmp moved successfully.

C:\WINDOWS\System32\SET21D.tmp moved successfully.

C:\WINDOWS\System32\SET21E.tmp moved successfully.

C:\WINDOWS\System32\SET21F.tmp moved successfully.

C:\WINDOWS\System32\SET220.tmp moved successfully.

C:\WINDOWS\System32\SET221.tmp moved successfully.

C:\WINDOWS\System32\SET223.tmp moved successfully.

C:\WINDOWS\System32\SET224.tmp moved successfully.

C:\WINDOWS\System32\SET225.tmp moved successfully.

C:\WINDOWS\System32\SET226.tmp moved successfully.

C:\WINDOWS\System32\SET228.tmp moved successfully.

C:\WINDOWS\System32\SET229.tmp moved successfully.

C:\WINDOWS\System32\SET22A.tmp moved successfully.

C:\WINDOWS\System32\SET22B.tmp moved successfully.

C:\WINDOWS\System32\SET22C.tmp moved successfully.

C:\WINDOWS\System32\SET22D.tmp moved successfully.

C:\WINDOWS\System32\SET22E.tmp moved successfully.

C:\WINDOWS\System32\SET22F.tmp moved successfully.

C:\WINDOWS\System32\SET232.tmp moved successfully.

C:\WINDOWS\System32\SET234.tmp moved successfully.

C:\WINDOWS\System32\SET235.tmp moved successfully.

C:\WINDOWS\System32\SET237.tmp moved successfully.

C:\WINDOWS\System32\SET238.tmp moved successfully.

C:\WINDOWS\System32\SET23A.tmp moved successfully.

C:\WINDOWS\System32\SET23B.tmp moved successfully.

C:\WINDOWS\System32\SET23C.tmp moved successfully.

C:\WINDOWS\System32\SET23D.tmp moved successfully.

C:\WINDOWS\System32\SET23E.tmp moved successfully.

C:\WINDOWS\System32\SET240.tmp moved successfully.

C:\WINDOWS\System32\SET241.tmp moved successfully.

C:\WINDOWS\System32\SET242.tmp moved successfully.

C:\WINDOWS\System32\SET243.tmp moved successfully.

C:\WINDOWS\System32\SET244.tmp moved successfully.

C:\WINDOWS\System32\SET245.tmp moved successfully.

C:\WINDOWS\System32\SET246.tmp moved successfully.

C:\WINDOWS\System32\SET247.tmp moved successfully.

C:\WINDOWS\System32\SET248.tmp moved successfully.

C:\WINDOWS\System32\SET249.tmp moved successfully.

C:\WINDOWS\System32\SET24B.tmp moved successfully.

C:\WINDOWS\System32\SET24C.tmp moved successfully.

C:\WINDOWS\System32\SET24D.tmp moved successfully.

C:\WINDOWS\System32\SET24F.tmp moved successfully.

C:\WINDOWS\System32\SET250.tmp moved successfully.

C:\WINDOWS\System32\SET251.tmp moved successfully.

C:\WINDOWS\System32\SET252.tmp moved successfully.

C:\WINDOWS\System32\SET253.tmp moved successfully.

C:\WINDOWS\System32\SET254.tmp moved successfully.

C:\WINDOWS\System32\SET255.tmp moved successfully.

C:\WINDOWS\System32\SET256.tmp moved successfully.

C:\WINDOWS\System32\SET257.tmp moved successfully.

C:\WINDOWS\System32\SET258.tmp moved successfully.

C:\WINDOWS\System32\SET259.tmp moved successfully.

C:\WINDOWS\System32\SET25A.tmp moved successfully.

C:\WINDOWS\System32\SET25B.tmp moved successfully.

C:\WINDOWS\System32\SET25C.tmp moved successfully.

C:\WINDOWS\System32\SET25D.tmp moved successfully.

C:\WINDOWS\System32\SET25E.tmp moved successfully.

C:\WINDOWS\System32\SET25F.tmp moved successfully.

C:\WINDOWS\System32\SET260.tmp moved successfully.

C:\WINDOWS\System32\SET261.tmp moved successfully.

C:\WINDOWS\System32\SET262.tmp moved successfully.

C:\WINDOWS\System32\SET263.tmp moved successfully.

C:\WINDOWS\System32\SET264.tmp moved successfully.

C:\WINDOWS\System32\SET265.tmp moved successfully.

C:\WINDOWS\System32\SET266.tmp moved successfully.

C:\WINDOWS\System32\SET267.tmp moved successfully.

C:\WINDOWS\System32\SET268.tmp moved successfully.

C:\WINDOWS\System32\SET269.tmp moved successfully.

C:\WINDOWS\System32\SET26B.tmp moved successfully.

C:\WINDOWS\System32\SET26C.tmp moved successfully.

C:\WINDOWS\System32\SET26D.tmp moved successfully.

C:\WINDOWS\System32\SET26E.tmp moved successfully.

C:\WINDOWS\System32\SET26F.tmp moved successfully.

C:\WINDOWS\System32\SET270.tmp moved successfully.

C:\WINDOWS\System32\SET273.tmp moved successfully.

C:\WINDOWS\System32\SET275.tmp moved successfully.

C:\WINDOWS\System32\SET276.tmp moved successfully.

C:\WINDOWS\System32\SET277.tmp moved successfully.

C:\WINDOWS\System32\SET278.tmp moved successfully.

C:\WINDOWS\System32\SET279.tmp moved successfully.

C:\WINDOWS\System32\SET27A.tmp moved successfully.

C:\WINDOWS\System32\SET27B.tmp moved successfully.

C:\WINDOWS\System32\SET27C.tmp moved successfully.

C:\WINDOWS\System32\SET27D.tmp moved successfully.

C:\WINDOWS\System32\SET27F.tmp moved successfully.

C:\WINDOWS\System32\SET280.tmp moved successfully.

C:\WINDOWS\System32\SET281.tmp moved successfully.

C:\WINDOWS\System32\SET282.tmp moved successfully.

C:\WINDOWS\System32\SET283.tmp moved successfully.

C:\WINDOWS\System32\SET284.tmp moved successfully.

C:\WINDOWS\System32\SET285.tmp moved successfully.

C:\WINDOWS\System32\SET286.tmp moved successfully.

C:\WINDOWS\System32\SET287.tmp moved successfully.

C:\WINDOWS\System32\SET288.tmp moved successfully.

C:\WINDOWS\System32\SET289.tmp moved successfully.

C:\WINDOWS\System32\SET28A.tmp moved successfully.

C:\WINDOWS\System32\SET28B.tmp moved successfully.

C:\WINDOWS\System32\SET28C.tmp moved successfully.

C:\WINDOWS\System32\SET28D.tmp moved successfully.

C:\WINDOWS\System32\SET28E.tmp moved successfully.

C:\WINDOWS\System32\SET28F.tmp moved successfully.

C:\WINDOWS\System32\SET290.tmp moved successfully.

C:\WINDOWS\System32\SET291.tmp moved successfully.

C:\WINDOWS\System32\SET292.tmp moved successfully.

C:\WINDOWS\System32\SET293.tmp moved successfully.

C:\WINDOWS\System32\SET294.tmp moved successfully.

C:\WINDOWS\System32\SET295.tmp moved successfully.

C:\WINDOWS\System32\SET296.tmp moved successfully.

C:\WINDOWS\System32\SET297.tmp moved successfully.

C:\WINDOWS\System32\SET298.tmp moved successfully.

C:\WINDOWS\System32\SET299.tmp moved successfully.

C:\WINDOWS\System32\SET29A.tmp moved successfully.

C:\WINDOWS\System32\SET29B.tmp moved successfully.

C:\WINDOWS\System32\SET29C.tmp moved successfully.

C:\WINDOWS\System32\SET29D.tmp moved successfully.

C:\WINDOWS\System32\SET29E.tmp moved successfully.

C:\WINDOWS\System32\SET29F.tmp moved successfully.

C:\WINDOWS\System32\SET2A0.tmp moved successfully.

C:\WINDOWS\System32\SET2A1.tmp moved successfully.

C:\WINDOWS\System32\SET2A2.tmp moved successfully.

C:\WINDOWS\System32\SET2A3.tmp moved successfully.

C:\WINDOWS\System32\SET2A4.tmp moved successfully.

C:\WINDOWS\System32\SET2A6.tmp moved successfully.

C:\WINDOWS\System32\SET2A7.tmp moved successfully.

C:\WINDOWS\System32\SET2A8.tmp moved successfully.

C:\WINDOWS\System32\SET2A9.tmp moved successfully.

C:\WINDOWS\System32\SET2AA.tmp moved successfully.

C:\WINDOWS\System32\SET2AB.tmp moved successfully.

C:\WINDOWS\System32\SET2AC.tmp moved successfully.

C:\WINDOWS\System32\SET2AD.tmp moved successfully.

C:\WINDOWS\System32\SET2AE.tmp moved successfully.

C:\WINDOWS\System32\SET2AF.tmp moved successfully.

C:\WINDOWS\System32\SET2B0.tmp moved successfully.

C:\WINDOWS\System32\SET2B1.tmp moved successfully.

C:\WINDOWS\System32\SET2B2.tmp moved successfully.

C:\WINDOWS\System32\SET2B3.tmp moved successfully.

C:\WINDOWS\System32\SET2B4.tmp moved successfully.

C:\WINDOWS\System32\SET2B5.tmp moved successfully.

C:\WINDOWS\System32\SET2B6.tmp moved successfully.

C:\WINDOWS\System32\SET2B7.tmp moved successfully.

C:\WINDOWS\System32\SET2B8.tmp moved successfully.

C:\WINDOWS\System32\SET2B9.tmp moved successfully.

C:\WINDOWS\System32\SET2BA.tmp moved successfully.

C:\WINDOWS\System32\SET2BB.tmp moved successfully.

C:\WINDOWS\System32\SET2BC.tmp moved successfully.

C:\WINDOWS\System32\SET2BD.tmp moved successfully.

C:\WINDOWS\System32\SET2BE.tmp moved successfully.

C:\WINDOWS\System32\SET2BF.tmp moved successfully.

C:\WINDOWS\System32\SET2C0.tmp moved successfully.

C:\WINDOWS\System32\SET2C1.tmp moved successfully.

C:\WINDOWS\System32\SET2C2.tmp moved successfully.

C:\WINDOWS\System32\SET2C3.tmp moved successfully.

C:\WINDOWS\System32\SET2C4.tmp moved successfully.

C:\WINDOWS\System32\SET2C6.tmp moved successfully.

C:\WINDOWS\System32\SET2C7.tmp moved successfully.

C:\WINDOWS\System32\SET2C9.tmp moved successfully.

C:\WINDOWS\System32\SET2CA.tmp moved successfully.

C:\WINDOWS\System32\SET2CB.tmp moved successfully.

C:\WINDOWS\System32\SET2CC.tmp moved successfully.

C:\WINDOWS\System32\SET2CD.tmp moved successfully.

C:\WINDOWS\System32\SET2CE.tmp moved successfully.

C:\WINDOWS\System32\SET2CF.tmp moved successfully.

C:\WINDOWS\System32\SET2D0.tmp moved successfully.

C:\WINDOWS\System32\SET2D1.tmp moved successfully.

C:\WINDOWS\System32\SET2D2.tmp moved successfully.

C:\WINDOWS\System32\SET2D3.tmp moved successfully.

C:\WINDOWS\System32\SET2D5.tmp moved successfully.

C:\WINDOWS\System32\SET2D6.tmp moved successfully.

C:\WINDOWS\System32\SET2D7.tmp moved successfully.

C:\WINDOWS\System32\SET2D8.tmp moved successfully.

C:\WINDOWS\System32\SET2D9.tmp moved successfully.

C:\WINDOWS\System32\SET2DA.tmp moved successfully.

C:\WINDOWS\System32\SET2DB.tmp moved successfully.

C:\WINDOWS\System32\SET2DC.tmp moved successfully.

C:\WINDOWS\System32\SET2DD.tmp moved successfully.

C:\WINDOWS\System32\SET2DE.tmp moved successfully.

C:\WINDOWS\System32\SET2DF.tmp moved successfully.

C:\WINDOWS\System32\SET2E1.tmp moved successfully.

C:\WINDOWS\System32\SET2E2.tmp moved successfully.

C:\WINDOWS\System32\SET2E3.tmp moved successfully.

C:\WINDOWS\System32\SET2E4.tmp moved successfully.

C:\WINDOWS\System32\SET2E5.tmp moved successfully.

C:\WINDOWS\System32\SET2E6.tmp moved successfully.

C:\WINDOWS\System32\SET2E7.tmp moved successfully.

C:\WINDOWS\System32\SET2E8.tmp moved successfully.

C:\WINDOWS\System32\SET2E9.tmp moved successfully.

C:\WINDOWS\System32\SET2EA.tmp moved successfully.

C:\WINDOWS\System32\SET2EB.tmp moved successfully.

C:\WINDOWS\System32\SET2EC.tmp moved successfully.

C:\WINDOWS\System32\SET2EE.tmp moved successfully.

C:\WINDOWS\System32\SET2EF.tmp moved successfully.

C:\WINDOWS\System32\SET2F0.tmp moved successfully.

C:\WINDOWS\System32\SET2F1.tmp moved successfully.

C:\WINDOWS\System32\SET2F3.tmp moved successfully.

C:\WINDOWS\System32\SET2F4.tmp moved successfully.

C:\WINDOWS\System32\SET2F6.tmp moved successfully.

C:\WINDOWS\System32\SET2F7.tmp moved successfully.

C:\WINDOWS\System32\SET2F9.tmp moved successfully.

C:\WINDOWS\System32\SET2FA.tmp moved successfully.

C:\WINDOWS\System32\SET2FB.tmp moved successfully.

C:\WINDOWS\System32\SET2FC.tmp moved successfully.

C:\WINDOWS\System32\SET2FD.tmp moved successfully.

C:\WINDOWS\System32\SET2FE.tmp moved successfully.

C:\WINDOWS\System32\SET2FF.tmp moved successfully.

C:\WINDOWS\System32\SET300.tmp moved successfully.

C:\WINDOWS\System32\SET301.tmp moved successfully.

C:\WINDOWS\System32\SET302.tmp moved successfully.

C:\WINDOWS\System32\SET303.tmp moved successfully.

C:\WINDOWS\System32\SET304.tmp moved successfully.

C:\WINDOWS\System32\SET305.tmp moved successfully.

C:\WINDOWS\System32\SET306.tmp moved successfully.

C:\WINDOWS\System32\SET307.tmp moved successfully.

C:\WINDOWS\System32\SET308.tmp moved successfully.

C:\WINDOWS\System32\SET309.tmp moved successfully.

C:\WINDOWS\System32\SET30A.tmp moved successfully.

C:\WINDOWS\System32\SET30B.tmp moved successfully.

C:\WINDOWS\System32\SET30C.tmp moved successfully.

C:\WINDOWS\System32\SET30D.tmp moved successfully.

C:\WINDOWS\System32\SET30E.tmp moved successfully.

C:\WINDOWS\System32\SET30F.tmp moved successfully.

C:\WINDOWS\System32\SET310.tmp moved successfully.

C:\WINDOWS\System32\SET311.tmp moved successfully.

C:\WINDOWS\System32\SET312.tmp moved successfully.

C:\WINDOWS\System32\SET313.tmp moved successfully.

C:\WINDOWS\System32\SET314.tmp moved successfully.

C:\WINDOWS\System32\SET315.tmp moved successfully.

C:\WINDOWS\System32\SET316.tmp moved successfully.

C:\WINDOWS\System32\SET317.tmp moved successfully.

C:\WINDOWS\System32\SET318.tmp moved successfully.

C:\WINDOWS\System32\SET319.tmp moved successfully.

C:\WINDOWS\System32\SET31C.tmp moved successfully.

C:\WINDOWS\System32\SET31D.tmp moved successfully.

C:\WINDOWS\System32\SET31E.tmp moved successfully.

C:\WINDOWS\System32\SET31F.tmp moved successfully.

C:\WINDOWS\System32\SET320.tmp moved successfully.

C:\WINDOWS\System32\SET321.tmp moved successfully.

C:\WINDOWS\System32\SET322.tmp moved successfully.

C:\WINDOWS\System32\SET323.tmp moved successfully.

C:\WINDOWS\System32\SET324.tmp moved successfully.

C:\WINDOWS\System32\SET325.tmp moved successfully.

C:\WINDOWS\System32\SET326.tmp moved successfully.

C:\WINDOWS\System32\SET327.tmp moved successfully.

C:\WINDOWS\System32\SET328.tmp moved successfully.

C:\WINDOWS\System32\SET329.tmp moved successfully.

C:\WINDOWS\System32\SET32A.tmp moved successfully.

C:\WINDOWS\System32\SET32B.tmp moved successfully.

C:\WINDOWS\System32\SET32C.tmp moved successfully.

C:\WINDOWS\System32\SET32D.tmp moved successfully.

C:\WINDOWS\System32\SET32E.tmp moved successfully.

C:\WINDOWS\System32\SET32F.tmp moved successfully.

C:\WINDOWS\System32\SET330.tmp moved successfully.

C:\WINDOWS\System32\SET331.tmp moved successfully.

C:\WINDOWS\System32\SET332.tmp moved successfully.

C:\WINDOWS\System32\SET333.tmp moved successfully.

C:\WINDOWS\System32\SET335.tmp moved successfully.

C:\WINDOWS\System32\SET336.tmp moved successfully.

C:\WINDOWS\System32\SET337.tmp moved successfully.

C:\WINDOWS\System32\SET338.tmp moved successfully.

C:\WINDOWS\System32\SET339.tmp moved successfully.

C:\WINDOWS\System32\SET33A.tmp moved successfully.

C:\WINDOWS\System32\SET33B.tmp moved successfully.

C:\WINDOWS\System32\SET33C.tmp moved successfully.

C:\WINDOWS\System32\SET33D.tmp moved successfully.

C:\WINDOWS\System32\SET33E.tmp moved successfully.

C:\WINDOWS\System32\SET33F.tmp moved successfully.

C:\WINDOWS\System32\SET340.tmp moved successfully.

C:\WINDOWS\System32\SET341.tmp moved successfully.

C:\WINDOWS\System32\SET342.tmp moved successfully.

C:\WINDOWS\System32\SET343.tmp moved successfully.

C:\WINDOWS\System32\SET344.tmp moved successfully.

C:\WINDOWS\System32\SET345.tmp moved successfully.

C:\WINDOWS\System32\SET346.tmp moved successfully.

C:\WINDOWS\System32\SET347.tmp moved successfully.

C:\WINDOWS\System32\SET348.tmp moved successfully.

C:\WINDOWS\System32\SET349.tmp moved successfully.

C:\WINDOWS\System32\SET34A.tmp moved successfully.

C:\WINDOWS\System32\SET34B.tmp moved successfully.

C:\WINDOWS\System32\SET34D.tmp moved successfully.

C:\WINDOWS\System32\SET34E.tmp moved successfully.

C:\WINDOWS\System32\SET34F.tmp moved successfully.

C:\WINDOWS\System32\SET351.tmp moved successfully.

C:\WINDOWS\System32\SET353.tmp moved successfully.

C:\WINDOWS\System32\SET354.tmp moved successfully.

C:\WINDOWS\System32\SET355.tmp moved successfully.

C:\WINDOWS\System32\SET356.tmp moved successfully.

C:\WINDOWS\System32\SET358.tmp moved successfully.

C:\WINDOWS\System32\SET359.tmp moved successfully.

C:\WINDOWS\System32\SET35A.tmp moved successfully.

C:\WINDOWS\System32\SET35B.tmp moved successfully.

C:\WINDOWS\System32\SET35C.tmp moved successfully.

C:\WINDOWS\System32\SET35D.tmp moved successfully.

C:\WINDOWS\System32\SET35E.tmp moved successfully.

C:\WINDOWS\System32\SET35F.tmp moved successfully.

C:\WINDOWS\System32\SET360.tmp moved successfully.

C:\WINDOWS\System32\SET361.tmp moved successfully.

C:\WINDOWS\System32\SET362.tmp moved successfully.

C:\WINDOWS\System32\SET363.tmp moved successfully.

C:\WINDOWS\System32\SET364.tmp moved successfully.

C:\WINDOWS\System32\SET365.tmp moved successfully.

C:\WINDOWS\System32\SET367.tmp moved successfully.

C:\WINDOWS\System32\SET368.tmp moved successfully.

C:\WINDOWS\System32\SET36A.tmp moved successfully.

C:\WINDOWS\System32\SET36B.tmp moved successfully.

C:\WINDOWS\System32\SET36C.tmp moved successfully.

C:\WINDOWS\System32\SET36D.tmp moved successfully.

C:\WINDOWS\System32\SET36E.tmp moved successfully.

C:\WINDOWS\System32\SET36F.tmp moved successfully.

C:\WINDOWS\System32\SET370.tmp moved successfully.

C:\WINDOWS\System32\SET372.tmp moved successfully.

C:\WINDOWS\System32\SET373.tmp moved successfully.

C:\WINDOWS\System32\SET375.tmp moved successfully.

C:\WINDOWS\System32\SET376.tmp moved successfully.

C:\WINDOWS\System32\SET377.tmp moved successfully.

C:\WINDOWS\System32\SET378.tmp moved successfully.

C:\WINDOWS\System32\SET379.tmp moved successfully.

C:\WINDOWS\System32\SET37A.tmp moved successfully.

C:\WINDOWS\System32\SET37B.tmp moved successfully.

C:\WINDOWS\System32\SET37C.tmp moved successfully.

C:\WINDOWS\System32\SET37D.tmp moved successfully.

C:\WINDOWS\System32\SET37E.tmp moved successfully.

C:\WINDOWS\System32\SET37F.tmp moved successfully.

C:\WINDOWS\System32\SET380.tmp moved successfully.

C:\WINDOWS\System32\SET381.tmp moved successfully.

C:\WINDOWS\System32\SET382.tmp moved successfully.

C:\WINDOWS\System32\SET383.tmp moved successfully.

C:\WINDOWS\System32\SET384.tmp moved successfully.

C:\WINDOWS\System32\SET385.tmp moved successfully.

C:\WINDOWS\System32\SET386.tmp moved successfully.

C:\WINDOWS\System32\SET387.tmp moved successfully.

C:\WINDOWS\System32\SET388.tmp moved successfully.

C:\WINDOWS\System32\SET389.tmp moved successfully.

C:\WINDOWS\System32\SET38A.tmp moved successfully.

C:\WINDOWS\System32\SET38B.tmp moved successfully.

C:\WINDOWS\System32\SET38C.tmp moved successfully.

C:\WINDOWS\System32\SET38D.tmp moved successfully.

C:\WINDOWS\System32\SET38E.tmp moved successfully.

C:\WINDOWS\System32\SET38F.tmp moved successfully.

C:\WINDOWS\System32\SET390.tmp moved successfully.

C:\WINDOWS\System32\SET392.tmp moved successfully.

C:\WINDOWS\System32\SET393.tmp moved successfully.

C:\WINDOWS\System32\SET395.tmp moved successfully.

C:\WINDOWS\System32\SET397.tmp moved successfully.

C:\WINDOWS\System32\SET398.tmp moved successfully.

C:\WINDOWS\System32\SET399.tmp moved successfully.

C:\WINDOWS\System32\SET39A.tmp moved successfully.

C:\WINDOWS\System32\SET39B.tmp moved successfully.

C:\WINDOWS\System32\SET39C.tmp moved successfully.

C:\WINDOWS\System32\SET39D.tmp moved successfully.

C:\WINDOWS\System32\SET39E.tmp moved successfully.

C:\WINDOWS\System32\SET39F.tmp moved successfully.

C:\WINDOWS\System32\SET3A0.tmp moved successfully.

C:\WINDOWS\System32\SET3A1.tmp moved successfully.

C:\WINDOWS\System32\SET3A2.tmp moved successfully.

C:\WINDOWS\System32\SET3A3.tmp moved successfully.

C:\WINDOWS\System32\SET3A4.tmp moved successfully.

C:\WINDOWS\System32\SET3A5.tmp moved successfully.

C:\WINDOWS\System32\SET3A6.tmp moved successfully.

C:\WINDOWS\System32\SET3A7.tmp moved successfully.

C:\WINDOWS\System32\SET3A9.tmp moved successfully.

C:\WINDOWS\System32\SET3AA.tmp moved successfully.

C:\WINDOWS\System32\SET3AC.tmp moved successfully.

C:\WINDOWS\System32\SET3AD.tmp moved successfully.

C:\WINDOWS\System32\SET3AF.tmp moved successfully.

C:\WINDOWS\System32\SET3B0.tmp moved successfully.

C:\WINDOWS\System32\SET3B1.tmp moved successfully.

C:\WINDOWS\System32\SET3B2.tmp moved successfully.

C:\WINDOWS\System32\SET3B3.tmp moved successfully.

C:\WINDOWS\System32\SET3B4.tmp moved successfully.

C:\WINDOWS\System32\SET3B5.tmp moved successfully.

C:\WINDOWS\System32\SET3B6.tmp moved successfully.

C:\WINDOWS\System32\SET3B7.tmp moved successfully.

C:\WINDOWS\System32\SET3B8.tmp moved successfully.

C:\WINDOWS\System32\SET3B9.tmp moved successfully.

C:\WINDOWS\System32\SET3BA.tmp moved successfully.

C:\WINDOWS\System32\SET3BB.tmp moved successfully.

C:\WINDOWS\System32\SET3BC.tmp moved successfully.

C:\WINDOWS\System32\SET3BD.tmp moved successfully.

C:\WINDOWS\System32\SET3BE.tmp moved successfully.

C:\WINDOWS\System32\SET3BF.tmp moved successfully.

C:\WINDOWS\System32\SET3C0.tmp moved successfully.

C:\WINDOWS\System32\SET3C1.tmp moved successfully.

C:\WINDOWS\System32\SET3C2.tmp moved successfully.

C:\WINDOWS\System32\SET3C3.tmp moved successfully.

C:\WINDOWS\System32\SET3C4.tmp moved successfully.

C:\WINDOWS\System32\SET3C6.tmp moved successfully.

C:\WINDOWS\System32\SET3C7.tmp moved successfully.

C:\WINDOWS\System32\SET3CA.tmp moved successfully.

C:\WINDOWS\System32\SET3CC.tmp moved successfully.

C:\WINDOWS\System32\SET3CE.tmp moved successfully.

C:\WINDOWS\System32\SET3CF.tmp moved successfully.

C:\WINDOWS\System32\SET3D1.tmp moved successfully.

C:\WINDOWS\System32\SET3D4.tmp moved successfully.

C:\WINDOWS\System32\SET3D5.tmp moved successfully.

C:\WINDOWS\System32\SET3D6.tmp moved successfully.

C:\WINDOWS\System32\SET3D8.tmp moved successfully.

C:\WINDOWS\System32\SET3D9.tmp moved successfully.

C:\WINDOWS\System32\SET3DA.tmp moved successfully.

C:\WINDOWS\System32\SET3DB.tmp moved successfully.

C:\WINDOWS\System32\SET3DD.tmp moved successfully.

C:\WINDOWS\System32\SET3DE.tmp moved successfully.

C:\WINDOWS\System32\SET3DF.tmp moved successfully.

C:\WINDOWS\System32\SET3E1.tmp moved successfully.

C:\WINDOWS\System32\SET3E2.tmp moved successfully.

C:\WINDOWS\System32\SET3E3.tmp moved successfully.

C:\WINDOWS\System32\SET3E4.tmp moved successfully.

C:\WINDOWS\System32\SET3E5.tmp moved successfully.

C:\WINDOWS\System32\SET3E6.tmp moved successfully.

C:\WINDOWS\System32\SET3E8.tmp moved successfully.

C:\WINDOWS\System32\SET3E9.tmp moved successfully.

C:\WINDOWS\System32\SET3EA.tmp moved successfully.

C:\WINDOWS\System32\SET3EB.tmp moved successfully.

C:\WINDOWS\System32\SET3EC.tmp moved successfully.

C:\WINDOWS\System32\SET3ED.tmp moved successfully.

C:\WINDOWS\System32\SET3EE.tmp moved successfully.

C:\WINDOWS\System32\SET3EF.tmp moved successfully.

C:\WINDOWS\System32\SET3F0.tmp moved successfully.

C:\WINDOWS\System32\SET3F1.tmp moved successfully.

C:\WINDOWS\System32\SET3F2.tmp moved successfully.

C:\WINDOWS\System32\SET3F3.tmp moved successfully.

C:\WINDOWS\System32\SET3F4.tmp moved successfully.

C:\WINDOWS\System32\SET3F5.tmp moved successfully.

C:\WINDOWS\System32\SET3F6.tmp moved successfully.

C:\WINDOWS\System32\SET3F7.tmp moved successfully.

C:\WINDOWS\System32\SET3F8.tmp moved successfully.

C:\WINDOWS\System32\SET3F9.tmp moved successfully.

C:\WINDOWS\System32\SET3FA.tmp moved successfully.

C:\WINDOWS\System32\SET3FB.tmp moved successfully.

C:\WINDOWS\System32\SET3FC.tmp moved successfully.

C:\WINDOWS\System32\SET3FD.tmp moved successfully.

C:\WINDOWS\System32\SET3FE.tmp moved successfully.

C:\WINDOWS\System32\SET3FF.tmp moved successfully.

C:\WINDOWS\System32\SET400.tmp moved successfully.

C:\WINDOWS\System32\SET401.tmp moved successfully.

C:\WINDOWS\System32\SET402.tmp moved successfully.

C:\WINDOWS\System32\SET403.tmp moved successfully.

C:\WINDOWS\System32\SET404.tmp moved successfully.

C:\WINDOWS\System32\SET405.tmp moved successfully.

C:\WINDOWS\System32\SET407.tmp moved successfully.

C:\WINDOWS\System32\SET408.tmp moved successfully.

C:\WINDOWS\System32\SET409.tmp moved successfully.

C:\WINDOWS\System32\SET40A.tmp moved successfully.

C:\WINDOWS\System32\SET40B.tmp moved successfully.

C:\WINDOWS\System32\SET40C.tmp moved successfully.

C:\WINDOWS\System32\SET40D.tmp moved successfully.

C:\WINDOWS\System32\SET410.tmp moved successfully.

C:\WINDOWS\System32\SET413.tmp moved successfully.

C:\WINDOWS\System32\SET414.tmp moved successfully.

C:\WINDOWS\System32\SET415.tmp moved successfully.

C:\WINDOWS\System32\SET416.tmp moved successfully.

C:\WINDOWS\System32\SET417.tmp moved successfully.

C:\WINDOWS\System32\SET419.tmp moved successfully.

C:\WINDOWS\System32\SET41B.tmp moved successfully.

C:\WINDOWS\System32\SET41C.tmp moved successfully.

C:\WINDOWS\System32\SET41D.tmp moved successfully.

C:\WINDOWS\System32\SET41E.tmp moved successfully.

C:\WINDOWS\System32\SET41F.tmp moved successfully.

C:\WINDOWS\System32\SET420.tmp moved successfully.

C:\WINDOWS\System32\SET421.tmp moved successfully.

C:\WINDOWS\System32\SET422.tmp moved successfully.

C:\WINDOWS\System32\SET423.tmp moved successfully.

C:\WINDOWS\System32\SET424.tmp moved successfully.

C:\WINDOWS\System32\SET425.tmp moved successfully.

C:\WINDOWS\System32\SET426.tmp moved successfully.

C:\WINDOWS\System32\SET427.tmp moved successfully.

C:\WINDOWS\System32\SET428.tmp moved successfully.

C:\WINDOWS\System32\SET429.tmp moved successfully.

C:\WINDOWS\System32\SET42A.tmp moved successfully.

C:\WINDOWS\System32\SET42B.tmp moved successfully.

C:\WINDOWS\System32\SET42C.tmp moved successfully.

C:\WINDOWS\System32\SET42D.tmp moved successfully.

C:\WINDOWS\System32\SET42E.tmp moved successfully.

C:\WINDOWS\System32\SET42F.tmp moved successfully.

C:\WINDOWS\System32\SET430.tmp moved successfully.

C:\WINDOWS\System32\SET431.tmp moved successfully.

C:\WINDOWS\System32\SET433.tmp moved successfully.

C:\WINDOWS\System32\SET434.tmp moved successfully.

C:\WINDOWS\System32\SET435.tmp moved successfully.

C:\WINDOWS\System32\SET436.tmp moved successfully.

C:\WINDOWS\System32\SET437.tmp moved successfully.

C:\WINDOWS\System32\SET439.tmp moved successfully.

C:\WINDOWS\System32\SET43B.tmp moved successfully.

C:\WINDOWS\System32\SET43C.tmp moved successfully.

C:\WINDOWS\System32\SET43D.tmp moved successfully.

C:\WINDOWS\System32\SET43F.tmp moved successfully.

C:\WINDOWS\System32\SET440.tmp moved successfully.

C:\WINDOWS\System32\SET441.tmp moved successfully.

C:\WINDOWS\System32\SET442.tmp moved successfully.

C:\WINDOWS\System32\SET445.tmp moved successfully.

C:\WINDOWS\System32\SET446.tmp moved successfully.

C:\WINDOWS\System32\SET448.tmp moved successfully.

C:\WINDOWS\System32\SET449.tmp moved successfully.

C:\WINDOWS\System32\SET44B.tmp moved successfully.

C:\WINDOWS\System32\SET44C.tmp moved successfully.

C:\WINDOWS\System32\SET44D.tmp moved successfully.

C:\WINDOWS\System32\SET44E.tmp moved successfully.

C:\WINDOWS\System32\SET44F.tmp moved successfully.

C:\WINDOWS\System32\SET450.tmp moved successfully.

C:\WINDOWS\System32\SET451.tmp moved successfully.

C:\WINDOWS\System32\SET452.tmp moved successfully.

C:\WINDOWS\System32\SET453.tmp moved successfully.

C:\WINDOWS\System32\SET454.tmp moved successfully.

C:\WINDOWS\System32\SET456.tmp moved successfully.

C:\WINDOWS\System32\SET457.tmp moved successfully.

C:\WINDOWS\System32\SET458.tmp moved successfully.

C:\WINDOWS\System32\SET459.tmp moved successfully.

C:\WINDOWS\System32\SET45A.tmp moved successfully.

C:\WINDOWS\System32\SET45C.tmp moved successfully.

C:\WINDOWS\System32\SET45D.tmp moved successfully.

C:\WINDOWS\System32\SET45E.tmp moved successfully.

C:\WINDOWS\System32\SET45F.tmp moved successfully.

C:\WINDOWS\System32\SET460.tmp moved successfully.

C:\WINDOWS\System32\SET461.tmp moved successfully.

C:\WINDOWS\System32\SET462.tmp moved successfully.

C:\WINDOWS\System32\SET463.tmp moved successfully.

C:\WINDOWS\System32\SET464.tmp moved successfully.

C:\WINDOWS\System32\SET465.tmp moved successfully.

C:\WINDOWS\System32\SET466.tmp moved successfully.

C:\WINDOWS\System32\SET467.tmp moved successfully.

C:\WINDOWS\System32\SET468.tmp moved successfully.

C:\WINDOWS\System32\SET469.tmp moved successfully.

C:\WINDOWS\System32\SET46A.tmp moved successfully.

C:\WINDOWS\System32\SET46B.tmp moved successfully.

C:\WINDOWS\System32\SET46E.tmp moved successfully.

C:\WINDOWS\System32\SET46F.tmp moved successfully.

C:\WINDOWS\System32\SET471.tmp moved successfully.

C:\WINDOWS\System32\SET472.tmp moved successfully.

C:\WINDOWS\System32\SET473.tmp moved successfully.

C:\WINDOWS\System32\SET474.tmp moved successfully.

C:\WINDOWS\System32\SET475.tmp moved successfully.

C:\WINDOWS\System32\SET476.tmp moved successfully.

C:\WINDOWS\System32\SET477.tmp moved successfully.

C:\WINDOWS\System32\SET479.tmp moved successfully.

C:\WINDOWS\System32\SET47A.tmp moved successfully.

C:\WINDOWS\System32\SET47B.tmp moved successfully.

C:\WINDOWS\System32\SET47C.tmp moved successfully.

C:\WINDOWS\System32\SET47D.tmp moved successfully.

C:\WINDOWS\System32\SET47E.tmp moved successfully.

C:\WINDOWS\System32\SET480.tmp moved successfully.

C:\WINDOWS\System32\SET481.tmp moved successfully.

C:\WINDOWS\System32\SET482.tmp moved successfully.

C:\WINDOWS\System32\SET483.tmp moved successfully.

C:\WINDOWS\System32\SET484.tmp moved successfully.

C:\WINDOWS\System32\SET485.tmp moved successfully.

C:\WINDOWS\System32\SET486.tmp moved successfully.

C:\WINDOWS\System32\SET487.tmp moved successfully.

C:\WINDOWS\System32\SET488.tmp moved successfully.

C:\WINDOWS\System32\SET489.tmp moved successfully.

C:\WINDOWS\System32\SET48A.tmp moved successfully.

C:\WINDOWS\System32\SET48B.tmp moved successfully.

C:\WINDOWS\System32\SET48C.tmp moved successfully.

C:\WINDOWS\System32\SET48D.tmp moved successfully.

C:\WINDOWS\System32\SET48E.tmp moved successfully.

C:\WINDOWS\System32\SET490.tmp moved successfully.

C:\WINDOWS\System32\SET491.tmp moved successfully.

C:\WINDOWS\System32\SET492.tmp moved successfully.

C:\WINDOWS\System32\SET494.tmp moved successfully.

C:\WINDOWS\System32\SET495.tmp moved successfully.

C:\WINDOWS\System32\SET496.tmp moved successfully.

C:\WINDOWS\System32\SET497.tmp moved successfully.

C:\WINDOWS\System32\SET498.tmp moved successfully.

C:\WINDOWS\System32\SET499.tmp moved successfully.

C:\WINDOWS\System32\SET49A.tmp moved successfully.

C:\WINDOWS\System32\SET49B.tmp moved successfully.

C:\WINDOWS\System32\SET49C.tmp moved successfully.

C:\WINDOWS\System32\SET49D.tmp moved successfully.

C:\WINDOWS\System32\SET49E.tmp moved successfully.

C:\WINDOWS\System32\SET49F.tmp moved successfully.

C:\WINDOWS\System32\SET4A0.tmp moved successfully.

C:\WINDOWS\System32\SET4A1.tmp moved successfully.

C:\WINDOWS\System32\SET4A2.tmp moved successfully.

C:\WINDOWS\System32\SET4A3.tmp moved successfully.

C:\WINDOWS\System32\SET4A4.tmp moved successfully.

C:\WINDOWS\System32\SET4A6.tmp moved successfully.

C:\WINDOWS\System32\SET4A8.tmp moved successfully.

C:\WINDOWS\System32\SET4AA.tmp moved successfully.

C:\WINDOWS\System32\SET4AC.tmp moved successfully.

C:\WINDOWS\System32\SET4AD.tmp moved successfully.

C:\WINDOWS\System32\SET4AF.tmp moved successfully.

C:\WINDOWS\System32\SET4B1.tmp moved successfully.

C:\WINDOWS\System32\SET4B2.tmp moved successfully.

C:\WINDOWS\System32\SET4B3.tmp moved successfully.

C:\WINDOWS\System32\SET4B6.tmp moved successfully.

C:\WINDOWS\System32\SET4B7.tmp moved successfully.

C:\WINDOWS\System32\SET4B8.tmp moved successfully.

C:\WINDOWS\System32\SET4B9.tmp moved successfully.

C:\WINDOWS\System32\SET4BA.tmp moved successfully.

C:\WINDOWS\System32\SET4BC.tmp moved successfully.

C:\WINDOWS\System32\SET4C1.tmp moved successfully.

C:\WINDOWS\System32\SET4C3.tmp moved successfully.

C:\WINDOWS\System32\SET4C4.tmp moved successfully.

C:\WINDOWS\System32\SET4C7.tmp moved successfully.

C:\WINDOWS\System32\SET4C8.tmp moved successfully.

C:\WINDOWS\System32\SET4C9.tmp moved successfully.

C:\WINDOWS\System32\SET4CA.tmp moved successfully.

C:\WINDOWS\System32\SET4CB.tmp moved successfully.

C:\WINDOWS\System32\SET4CC.tmp moved successfully.

C:\WINDOWS\System32\SET4CD.tmp moved successfully.

C:\WINDOWS\System32\SET4CF.tmp moved successfully.

C:\WINDOWS\System32\SET4D2.tmp moved successfully.

C:\WINDOWS\System32\SET4D4.tmp moved successfully.

C:\WINDOWS\System32\SET4D6.tmp moved successfully.

C:\WINDOWS\System32\SET4D7.tmp moved successfully.

C:\WINDOWS\System32\SET4D8.tmp moved successfully.

C:\WINDOWS\System32\SET4D9.tmp moved successfully.

C:\WINDOWS\System32\SET4DB.tmp moved successfully.

C:\WINDOWS\System32\SET4DC.tmp moved successfully.

C:\WINDOWS\System32\SET4DD.tmp moved successfully.

C:\WINDOWS\System32\SET4DE.tmp moved successfully.

C:\WINDOWS\System32\SET4DF.tmp moved successfully.

C:\WINDOWS\System32\SET4E0.tmp moved successfully.

C:\WINDOWS\System32\SET4E1.tmp moved successfully.

C:\WINDOWS\System32\SET4E2.tmp moved successfully.

C:\WINDOWS\System32\SET4E3.tmp moved successfully.

C:\WINDOWS\System32\SET4E4.tmp moved successfully.

C:\WINDOWS\System32\SET4E5.tmp moved successfully.

C:\WINDOWS\System32\SET4E6.tmp moved successfully.

C:\WINDOWS\System32\SET4E7.tmp moved successfully.

C:\WINDOWS\System32\SET4E8.tmp moved successfully.

C:\WINDOWS\System32\SET4E9.tmp moved successfully.

C:\WINDOWS\System32\SET4EA.tmp moved successfully.

C:\WINDOWS\System32\SET4EB.tmp moved successfully.

C:\WINDOWS\System32\SET4EC.tmp moved successfully.

C:\WINDOWS\System32\SET4ED.tmp moved successfully.

C:\WINDOWS\System32\SET4EE.tmp moved successfully.

C:\WINDOWS\System32\SET4EF.tmp moved successfully.

C:\WINDOWS\System32\SET4F.tmp moved successfully.

C:\WINDOWS\System32\SET4F0.tmp moved successfully.

C:\WINDOWS\System32\SET4F1.tmp moved successfully.

C:\WINDOWS\System32\SET4F3.tmp moved successfully.

C:\WINDOWS\System32\SET4F4.tmp moved successfully.

C:\WINDOWS\System32\SET4F6.tmp moved successfully.

C:\WINDOWS\System32\SET4F7.tmp moved successfully.

C:\WINDOWS\System32\SET4F8.tmp moved successfully.

C:\WINDOWS\System32\SET4F9.tmp moved successfully.

C:\WINDOWS\System32\SET4FA.tmp moved successfully.

C:\WINDOWS\System32\SET4FB.tmp moved successfully.

C:\WINDOWS\System32\SET4FE.tmp moved successfully.

C:\WINDOWS\System32\SET50.tmp moved successfully.

C:\WINDOWS\System32\SET500.tmp moved successfully.

C:\WINDOWS\System32\SET501.tmp moved successfully.

C:\WINDOWS\System32\SET502.tmp moved successfully.

C:\WINDOWS\System32\SET503.tmp moved successfully.

C:\WINDOWS\System32\SET504.tmp moved successfully.

C:\WINDOWS\System32\SET505.tmp moved successfully.

C:\WINDOWS\System32\SET507.tmp moved successfully.

C:\WINDOWS\System32\SET508.tmp moved successfully.

C:\WINDOWS\System32\SET50A.tmp moved successfully.

C:\WINDOWS\System32\SET50B.tmp moved successfully.

C:\WINDOWS\System32\SET50C.tmp moved successfully.

C:\WINDOWS\System32\SET50D.tmp moved successfully.

C:\WINDOWS\System32\SET50E.tmp moved successfully.

C:\WINDOWS\System32\SET50F.tmp moved successfully.

C:\WINDOWS\System32\SET510.tmp moved successfully.

C:\WINDOWS\System32\SET512.tmp moved successfully.

C:\WINDOWS\System32\SET513.tmp moved successfully.

C:\WINDOWS\System32\SET515.tmp moved successfully.

C:\WINDOWS\System32\SET517.tmp moved successfully.

C:\WINDOWS\System32\SET518.tmp moved successfully.

C:\WINDOWS\System32\SET519.tmp moved successfully.

C:\WINDOWS\System32\SET51B.tmp moved successfully.

C:\WINDOWS\System32\SET51C.tmp moved successfully.

C:\WINDOWS\System32\SET51D.tmp moved successfully.

C:\WINDOWS\System32\SET51E.tmp moved successfully.

C:\WINDOWS\System32\SET520.tmp moved successfully.

C:\WINDOWS\System32\SET521.tmp moved successfully.

C:\WINDOWS\System32\SET522.tmp moved successfully.

C:\WINDOWS\System32\SET523.tmp moved successfully.

C:\WINDOWS\System32\SET524.tmp moved successfully.

C:\WINDOWS\System32\SET525.tmp moved successfully.

C:\WINDOWS\System32\SET526.tmp moved successfully.

C:\WINDOWS\System32\SET527.tmp moved successfully.

C:\WINDOWS\System32\SET528.tmp moved successfully.

C:\WINDOWS\System32\SET529.tmp moved successfully.

C:\WINDOWS\System32\SET52A.tmp moved successfully.

C:\WINDOWS\System32\SET52B.tmp moved successfully.

C:\WINDOWS\System32\SET52C.tmp moved successfully.

C:\WINDOWS\System32\SET52D.tmp moved successfully.

C:\WINDOWS\System32\SET52E.tmp moved successfully.

C:\WINDOWS\System32\SET52F.tmp moved successfully.

C:\WINDOWS\System32\SET530.tmp moved successfully.

C:\WINDOWS\System32\SET532.tmp moved successfully.

C:\WINDOWS\System32\SET533.tmp moved successfully.

C:\WINDOWS\System32\SET535.tmp moved successfully.

C:\WINDOWS\System32\SET537.tmp moved successfully.

C:\WINDOWS\System32\SET538.tmp moved successfully.

C:\WINDOWS\System32\SET539.tmp moved successfully.

C:\WINDOWS\System32\SET53A.tmp moved successfully.

C:\WINDOWS\System32\SET53B.tmp moved successfully.

C:\WINDOWS\System32\SET53C.tmp moved successfully.

C:\WINDOWS\System32\SET541.tmp moved successfully.

C:\WINDOWS\System32\SET543.tmp moved successfully.

C:\WINDOWS\System32\SET544.tmp moved successfully.

C:\WINDOWS\System32\SET545.tmp moved successfully.

C:\WINDOWS\System32\SET548.tmp moved successfully.

C:\WINDOWS\System32\SET549.tmp moved successfully.

C:\WINDOWS\System32\SET54A.tmp moved successfully.

C:\WINDOWS\System32\SET54B.tmp moved successfully.

C:\WINDOWS\System32\SET54C.tmp moved successfully.

C:\WINDOWS\System32\SET54D.tmp moved successfully.

C:\WINDOWS\System32\SET54E.tmp moved successfully.

C:\WINDOWS\System32\SET54F.tmp moved successfully.

C:\WINDOWS\System32\SET550.tmp moved successfully.

C:\WINDOWS\System32\SET551.tmp moved successfully.

C:\WINDOWS\System32\SET553.tmp moved successfully.

C:\WINDOWS\System32\SET554.tmp moved successfully.

C:\WINDOWS\System32\SET555.tmp moved successfully.

C:\WINDOWS\System32\SET556.tmp moved successfully.

C:\WINDOWS\System32\SET558.tmp moved successfully.

C:\WINDOWS\System32\SET559.tmp moved successfully.

C:\WINDOWS\System32\SET55A.tmp moved successfully.

C:\WINDOWS\System32\SET55B.tmp moved successfully.

C:\WINDOWS\System32\SET55C.tmp moved successfully.

C:\WINDOWS\System32\SET55D.tmp moved successfully.

C:\WINDOWS\System32\SET55E.tmp moved successfully.

C:\WINDOWS\System32\SET55F.tmp moved successfully.

C:\WINDOWS\System32\SET560.tmp moved successfully.

C:\WINDOWS\System32\SET562.tmp moved successfully.

C:\WINDOWS\System32\SET564.tmp moved successfully.

C:\WINDOWS\System32\SET566.tmp moved successfully.

C:\WINDOWS\System32\SET567.tmp moved successfully.

C:\WINDOWS\System32\SET568.tmp moved successfully.

C:\WINDOWS\System32\SET569.tmp moved successfully.

C:\WINDOWS\System32\SET56A.tmp moved successfully.

C:\WINDOWS\System32\SET56B.tmp moved successfully.

C:\WINDOWS\System32\SET570.tmp moved successfully.

C:\WINDOWS\System32\SET571.tmp moved successfully.

C:\WINDOWS\System32\SET572.tmp moved successfully.

C:\WINDOWS\System32\SET573.tmp moved successfully.

C:\WINDOWS\System32\SET574.tmp moved successfully.

C:\WINDOWS\System32\SET576.tmp moved successfully.

C:\WINDOWS\System32\SET578.tmp moved successfully.

C:\WINDOWS\System32\SET57A.tmp moved successfully.

C:\WINDOWS\System32\SET57B.tmp moved successfully.

C:\WINDOWS\System32\SET57C.tmp moved successfully.

C:\WINDOWS\System32\SET57F.tmp moved successfully.

C:\WINDOWS\System32\SET580.tmp moved successfully.

C:\WINDOWS\System32\SET581.tmp moved successfully.

C:\WINDOWS\System32\SET584.tmp moved successfully.

C:\WINDOWS\System32\SET587.tmp moved successfully.

C:\WINDOWS\System32\SET588.tmp moved successfully.

C:\WINDOWS\System32\SET589.tmp moved successfully.

C:\WINDOWS\System32\SET58B.tmp moved successfully.

C:\WINDOWS\System32\SET58D.tmp moved successfully.

C:\WINDOWS\System32\SET58F.tmp moved successfully.

C:\WINDOWS\System32\SET590.tmp moved successfully.

C:\WINDOWS\System32\SET591.tmp moved successfully.

C:\WINDOWS\System32\SET592.tmp moved successfully.

C:\WINDOWS\System32\SET594.tmp moved successfully.

C:\WINDOWS\System32\SET595.tmp moved successfully.

C:\WINDOWS\System32\SET596.tmp moved successfully.

C:\WINDOWS\System32\SET597.tmp moved successfully.

C:\WINDOWS\System32\SET598.tmp moved successfully.

C:\WINDOWS\System32\SET59A.tmp moved successfully.

C:\WINDOWS\System32\SET59C.tmp moved successfully.

C:\WINDOWS\System32\SET59D.tmp moved successfully.

C:\WINDOWS\System32\SET5A0.tmp moved successfully.

C:\WINDOWS\System32\SET5A1.tmp moved successfully.

C:\WINDOWS\System32\SET5A2.tmp moved successfully.

C:\WINDOWS\System32\SET5A4.tmp moved successfully.

C:\WINDOWS\System32\SET5A8.tmp moved successfully.

C:\WINDOWS\System32\SET5A9.tmp moved successfully.

C:\WINDOWS\System32\SET5AB.tmp moved successfully.

C:\WINDOWS\System32\SET5AC.tmp moved successfully.

C:\WINDOWS\System32\SET5AE.tmp moved successfully.

C:\WINDOWS\System32\SET5B0.tmp moved successfully.

C:\WINDOWS\System32\SET5B1.tmp moved successfully.

C:\WINDOWS\System32\SET5B2.tmp moved successfully.

C:\WINDOWS\System32\SET5B3.tmp moved successfully.

C:\WINDOWS\System32\SET5B4.tmp moved successfully.

C:\WINDOWS\System32\SET5B5.tmp moved successfully.

C:\WINDOWS\System32\SET5B6.tmp moved successfully.

C:\WINDOWS\System32\SET5B7.tmp moved successfully.

C:\WINDOWS\System32\SET5B8.tmp moved successfully.

C:\WINDOWS\System32\SET5B9.tmp moved successfully.

C:\WINDOWS\System32\SET5BA.tmp moved successfully.

C:\WINDOWS\System32\SET5BB.tmp moved successfully.

C:\WINDOWS\System32\SET5BC.tmp moved successfully.

C:\WINDOWS\System32\SET5BE.tmp moved successfully.

C:\WINDOWS\System32\SET5BF.tmp moved successfully.

C:\WINDOWS\System32\SET5C1.tmp moved successfully.

C:\WINDOWS\System32\SET5C2.tmp moved successfully.

C:\WINDOWS\System32\SET5C3.tmp moved successfully.

C:\WINDOWS\System32\SET5C5.tmp moved successfully.

C:\WINDOWS\System32\SET5C6.tmp moved successfully.

C:\WINDOWS\System32\SET5C7.tmp moved successfully.

C:\WINDOWS\System32\SET5C8.tmp moved successfully.

C:\WINDOWS\System32\SET5C9.tmp moved successfully.

C:\WINDOWS\System32\SET5CA.tmp moved successfully.

C:\WINDOWS\System32\SET5CB.tmp moved successfully.

C:\WINDOWS\System32\SET5CC.tmp moved successfully.

C:\WINDOWS\System32\SET5CE.tmp moved successfully.

C:\WINDOWS\System32\SET5D0.tmp moved successfully.

C:\WINDOWS\System32\SET5D1.tmp moved successfully.

C:\WINDOWS\System32\SET5D2.tmp moved successfully.

C:\WINDOWS\System32\SET5D3.tmp moved successfully.

C:\WINDOWS\System32\SET5D4.tmp moved successfully.

C:\WINDOWS\System32\SET5D7.tmp moved successfully.

C:\WINDOWS\System32\SET5D8.tmp moved successfully.

C:\WINDOWS\System32\SET5D9.tmp moved successfully.

C:\WINDOWS\System32\SET5DA.tmp moved successfully.

C:\WINDOWS\System32\SET5DC.tmp moved successfully.

C:\WINDOWS\System32\SET5DE.tmp moved successfully.

C:\WINDOWS\System32\SET5DF.tmp moved successfully.

C:\WINDOWS\System32\SET5E0.tmp moved successfully.

C:\WINDOWS\System32\SET5E1.tmp moved successfully.

C:\WINDOWS\System32\SET5E2.tmp moved successfully.

C:\WINDOWS\System32\SET5E3.tmp moved successfully.

C:\WINDOWS\System32\SET5E4.tmp moved successfully.

C:\WINDOWS\System32\SET5E6.tmp moved successfully.

C:\WINDOWS\System32\SET5E8.tmp moved successfully.

C:\WINDOWS\System32\SET5E9.tmp moved successfully.

C:\WINDOWS\System32\SET5EA.tmp moved successfully.

C:\WINDOWS\System32\SET5EC.tmp moved successfully.

C:\WINDOWS\System32\SET5EE.tmp moved successfully.

C:\WINDOWS\System32\SET5EF.tmp moved successfully.

C:\WINDOWS\System32\SET5F0.tmp moved successfully.

C:\WINDOWS\System32\SET5F4.tmp moved successfully.

C:\WINDOWS\System32\SET5F6.tmp moved successfully.

C:\WINDOWS\System32\SET5F7.tmp moved successfully.

C:\WINDOWS\System32\SET5F9.tmp moved successfully.

C:\WINDOWS\System32\SET5FA.tmp moved successfully.

C:\WINDOWS\System32\SET5FB.tmp moved successfully.

C:\WINDOWS\System32\SET5FC.tmp moved successfully.

C:\WINDOWS\System32\SET5FD.tmp moved successfully.

C:\WINDOWS\System32\SET600.tmp moved successfully.

C:\WINDOWS\System32\SET602.tmp moved successfully.

C:\WINDOWS\System32\SET603.tmp moved successfully.

C:\WINDOWS\System32\SET607.tmp moved successfully.

C:\WINDOWS\System32\SET608.tmp moved successfully.

C:\WINDOWS\System32\SET609.tmp moved successfully.

C:\WINDOWS\System32\SET60A.tmp moved successfully.

C:\WINDOWS\System32\SET60B.tmp moved successfully.

C:\WINDOWS\System32\SET60C.tmp moved successfully.

C:\WINDOWS\System32\SET60D.tmp moved successfully.

C:\WINDOWS\System32\SET60E.tmp moved successfully.

C:\WINDOWS\System32\SET60F.tmp moved successfully.

C:\WINDOWS\System32\SET610.tmp moved successfully.

C:\WINDOWS\System32\SET612.tmp moved successfully.

C:\WINDOWS\System32\SET614.tmp moved successfully.

C:\WINDOWS\System32\SET615.tmp moved successfully.

C:\WINDOWS\System32\SET616.tmp moved successfully.

C:\WINDOWS\System32\SET617.tmp moved successfully.

C:\WINDOWS\System32\SET618.tmp moved successfully.

C:\WINDOWS\System32\SET619.tmp moved successfully.

C:\WINDOWS\System32\SET61A.tmp moved successfully.

C:\WINDOWS\System32\SET61B.tmp moved successfully.

C:\WINDOWS\System32\SET61D.tmp moved successfully.

C:\WINDOWS\System32\SET61E.tmp moved successfully.

C:\WINDOWS\System32\SET61F.tmp moved successfully.

C:\WINDOWS\System32\SET620.tmp moved successfully.

C:\WINDOWS\System32\SET621.tmp moved successfully.

C:\WINDOWS\System32\SET622.tmp moved successfully.

C:\WINDOWS\System32\SET623.tmp moved successfully.

C:\WINDOWS\System32\SET625.tmp moved successfully.

C:\WINDOWS\System32\SET626.tmp moved successfully.

C:\WINDOWS\System32\SET627.tmp moved successfully.

C:\WINDOWS\System32\SET629.tmp moved successfully.

C:\WINDOWS\System32\SET62A.tmp moved successfully.

C:\WINDOWS\System32\SET62B.tmp moved successfully.

C:\WINDOWS\System32\SET62E.tmp moved successfully.

C:\WINDOWS\System32\SET633.tmp moved successfully.

C:\WINDOWS\System32\SET634.tmp moved successfully.

C:\WINDOWS\System32\SET635.tmp moved successfully.

C:\WINDOWS\System32\SET636.tmp moved successfully.

C:\WINDOWS\System32\SET637.tmp moved successfully.

C:\WINDOWS\System32\SET639.tmp moved successfully.

C:\WINDOWS\System32\SET63D.tmp moved successfully.

C:\WINDOWS\System32\SET63E.tmp moved successfully.

C:\WINDOWS\System32\SET63F.tmp moved successfully.

C:\WINDOWS\System32\SET641.tmp moved successfully.

C:\WINDOWS\System32\SET644.tmp moved successfully.

C:\WINDOWS\System32\SET646.tmp moved successfully.

C:\WINDOWS\System32\SET647.tmp moved successfully.

C:\WINDOWS\System32\SET649.tmp moved successfully.

C:\WINDOWS\System32\SET64B.tmp moved successfully.

C:\WINDOWS\System32\SET64C.tmp moved successfully.

C:\WINDOWS\System32\SET64D.tmp moved successfully.

C:\WINDOWS\System32\SET64F.tmp moved successfully.

C:\WINDOWS\System32\SET651.tmp moved successfully.

C:\WINDOWS\System32\SET652.tmp moved successfully.

C:\WINDOWS\System32\SET655.tmp moved successfully.

C:\WINDOWS\System32\SET656.tmp moved successfully.

C:\WINDOWS\System32\SET657.tmp moved successfully.

C:\WINDOWS\System32\SET659.tmp moved successfully.

C:\WINDOWS\System32\SET65B.tmp moved successfully.

C:\WINDOWS\System32\SET65F.tmp moved successfully.

C:\WINDOWS\System32\SET663.tmp moved successfully.

C:\WINDOWS\System32\SET666.tmp moved successfully.

C:\WINDOWS\System32\SET667.tmp moved successfully.

C:\WINDOWS\System32\SET669.tmp moved successfully.

C:\WINDOWS\System32\SET66B.tmp moved successfully.

C:\WINDOWS\System32\SET66C.tmp moved successfully.

C:\WINDOWS\System32\SET66F.tmp moved successfully.

C:\WINDOWS\System32\SET670.tmp moved successfully.

C:\WINDOWS\System32\SET671.tmp moved successfully.

C:\WINDOWS\System32\SET672.tmp moved successfully.

C:\WINDOWS\System32\SET673.tmp moved successfully.

C:\WINDOWS\System32\SET674.tmp moved successfully.

C:\WINDOWS\System32\SET675.tmp moved successfully.

C:\WINDOWS\System32\SET679.tmp moved successfully.

C:\WINDOWS\System32\SET67C.tmp moved successfully.

C:\WINDOWS\System32\SET67D.tmp moved successfully.

C:\WINDOWS\System32\SET67E.tmp moved successfully.

C:\WINDOWS\System32\SET680.tmp moved successfully.

C:\WINDOWS\System32\SET681.tmp moved successfully.

C:\WINDOWS\System32\SET685.tmp moved successfully.

C:\WINDOWS\System32\SET687.tmp moved successfully.

C:\WINDOWS\System32\SET688.tmp moved successfully.

C:\WINDOWS\System32\SET689.tmp moved successfully.

C:\WINDOWS\System32\SET68A.tmp moved successfully.

C:\WINDOWS\System32\SET68B.tmp moved successfully.

C:\WINDOWS\System32\SET68C.tmp moved successfully.

C:\WINDOWS\System32\SET68D.tmp moved successfully.

C:\WINDOWS\System32\SET68E.tmp moved successfully.

C:\WINDOWS\System32\SET68F.tmp moved successfully.

C:\WINDOWS\System32\SET690.tmp moved successfully.

C:\WINDOWS\System32\SET692.tmp moved successfully.

C:\WINDOWS\System32\SET693.tmp moved successfully.

C:\WINDOWS\System32\SET695.tmp moved successfully.

C:\WINDOWS\System32\SET698.tmp moved successfully.

C:\WINDOWS\System32\SET699.tmp moved successfully.

C:\WINDOWS\System32\SET69D.tmp moved successfully.

C:\WINDOWS\System32\SET6A2.tmp moved successfully.

C:\WINDOWS\System32\SET6A5.tmp moved successfully.

C:\WINDOWS\System32\SET6A7.tmp moved successfully.

C:\WINDOWS\System32\SET6A8.tmp moved successfully.

C:\WINDOWS\System32\SET6A9.tmp moved successfully.

C:\WINDOWS\System32\SET6AA.tmp moved successfully.

C:\WINDOWS\System32\SET6AC.tmp moved successfully.

C:\WINDOWS\System32\SET6AE.tmp moved successfully.

C:\WINDOWS\System32\SET6B1.tmp moved successfully.

C:\WINDOWS\System32\SET6B4.tmp moved successfully.

C:\WINDOWS\System32\SET6B6.tmp moved successfully.

C:\WINDOWS\System32\SET6B7.tmp moved successfully.

C:\WINDOWS\System32\SET6B9.tmp moved successfully.

C:\WINDOWS\System32\SET6BA.tmp moved successfully.

C:\WINDOWS\System32\SET6BE.tmp moved successfully.

C:\WINDOWS\System32\SET6BF.tmp moved successfully.

C:\WINDOWS\System32\SET6C9.tmp moved successfully.

C:\WINDOWS\System32\SET6CA.tmp moved successfully.

C:\WINDOWS\System32\SET6CC.tmp moved successfully.

C:\WINDOWS\System32\SET6CF.tmp moved successfully.

C:\WINDOWS\System32\SET6D0.tmp moved successfully.

C:\WINDOWS\System32\SET6D4.tmp moved successfully.

C:\WINDOWS\System32\SET6D9.tmp moved successfully.

C:\WINDOWS\System32\SET6DB.tmp moved successfully.

C:\WINDOWS\System32\SET6DC.tmp moved successfully.

C:\WINDOWS\System32\SET6DF.tmp moved successfully.

C:\WINDOWS\System32\SET6E0.tmp moved successfully.

C:\WINDOWS\System32\SET6E6.tmp moved successfully.

C:\WINDOWS\System32\SET6E8.tmp moved successfully.

C:\WINDOWS\System32\SET6EA.tmp moved successfully.

C:\WINDOWS\System32\SET6EB.tmp moved successfully.

C:\WINDOWS\System32\SET6ED.tmp moved successfully.

C:\WINDOWS\System32\SET6EE.tmp moved successfully.

C:\WINDOWS\System32\SET6EF.tmp moved successfully.

C:\WINDOWS\System32\SET6F1.tmp moved successfully.

C:\WINDOWS\System32\SET6F2.tmp moved successfully.

C:\WINDOWS\System32\SET6F3.tmp moved successfully.

C:\WINDOWS\System32\SET6F4.tmp moved successfully.

C:\WINDOWS\System32\SET6F6.tmp moved successfully.

C:\WINDOWS\System32\SET6F8.tmp moved successfully.

C:\WINDOWS\System32\SET6F9.tmp moved successfully.

C:\WINDOWS\System32\SET6FB.tmp moved successfully.

C:\WINDOWS\System32\SET6FE.tmp moved successfully.

C:\WINDOWS\System32\SET700.tmp moved successfully.

C:\WINDOWS\System32\SET701.tmp moved successfully.

C:\WINDOWS\System32\SET703.tmp moved successfully.

C:\WINDOWS\System32\SET705.tmp moved successfully.

C:\WINDOWS\System32\SET706.tmp moved successfully.

C:\WINDOWS\System32\SET708.tmp moved successfully.

C:\WINDOWS\System32\SET70E.tmp moved successfully.

C:\WINDOWS\System32\SET715.tmp moved successfully.

C:\WINDOWS\System32\SET71A.tmp moved successfully.

C:\WINDOWS\System32\SET71B.tmp moved successfully.

C:\WINDOWS\System32\SET71D.tmp moved successfully.

C:\WINDOWS\System32\SET720.tmp moved successfully.

C:\WINDOWS\System32\SET721.tmp moved successfully.

C:\WINDOWS\System32\SET722.tmp moved successfully.

C:\WINDOWS\System32\SET724.tmp moved successfully.

C:\WINDOWS\System32\SET726.tmp moved successfully.

C:\WINDOWS\System32\SET727.tmp moved successfully.

C:\WINDOWS\System32\SET728.tmp moved successfully.

C:\WINDOWS\System32\SET729.tmp moved successfully.

C:\WINDOWS\System32\SET72D.tmp moved successfully.

C:\WINDOWS\System32\SET72E.tmp moved successfully.

C:\WINDOWS\System32\SET731.tmp moved successfully.

C:\WINDOWS\System32\SET732.tmp moved successfully.

C:\WINDOWS\System32\SET733.tmp moved successfully.

C:\WINDOWS\System32\SET736.tmp moved successfully.

C:\WINDOWS\System32\SET738.tmp moved successfully.

C:\WINDOWS\System32\SET739.tmp moved successfully.

C:\WINDOWS\System32\SET73A.tmp moved successfully.

C:\WINDOWS\System32\SET73D.tmp moved successfully.

C:\WINDOWS\System32\SET74.tmp moved successfully.

C:\WINDOWS\System32\SET740.tmp moved successfully.

C:\WINDOWS\System32\SET744.tmp moved successfully.

C:\WINDOWS\System32\SET746.tmp moved successfully.

C:\WINDOWS\System32\SET748.tmp moved successfully.

C:\WINDOWS\System32\SET74A.tmp moved successfully.

C:\WINDOWS\System32\SET74B.tmp moved successfully.

C:\WINDOWS\System32\SET74D.tmp moved successfully.

C:\WINDOWS\System32\SET75.tmp moved successfully.

C:\WINDOWS\System32\SET753.tmp moved successfully.

C:\WINDOWS\System32\SET755.tmp moved successfully.

C:\WINDOWS\System32\SET756.tmp moved successfully.

C:\WINDOWS\System32\SET757.tmp moved successfully.

C:\WINDOWS\System32\SET75D.tmp moved successfully.

C:\WINDOWS\System32\SET76.tmp moved successfully.

C:\WINDOWS\System32\SET761.tmp moved successfully.

C:\WINDOWS\System32\SET76F.tmp moved successfully.

C:\WINDOWS\System32\SET771.tmp moved successfully.

C:\WINDOWS\System32\SET772.tmp moved successfully.

C:\WINDOWS\System32\SET77B.tmp moved successfully.

C:\WINDOWS\System32\SET77C.tmp moved successfully.

C:\WINDOWS\System32\SET780.tmp moved successfully.

C:\WINDOWS\System32\SET782.tmp moved successfully.

C:\WINDOWS\System32\SET786.tmp moved successfully.

C:\WINDOWS\System32\SET78C.tmp moved successfully.

C:\WINDOWS\System32\SET79C.tmp moved successfully.

C:\WINDOWS\System32\SET79D.tmp moved successfully.

C:\WINDOWS\System32\SET7A2.tmp moved successfully.

C:\WINDOWS\System32\SET7BE.tmp moved successfully.

C:\WINDOWS\System32\SET7BF.tmp moved successfully.

C:\WINDOWS\System32\SET7C2.tmp moved successfully.

C:\WINDOWS\System32\SET7C9.tmp moved successfully.

C:\WINDOWS\System32\SET7CE.tmp moved successfully.

C:\WINDOWS\System32\SET7D0.tmp moved successfully.

C:\WINDOWS\System32\SET7D1.tmp moved successfully.

C:\WINDOWS\System32\SET7D2.tmp moved successfully.

C:\WINDOWS\System32\SET7D4.tmp moved successfully.

C:\WINDOWS\System32\SET7D5.tmp moved successfully.

C:\WINDOWS\System32\SET7D6.tmp moved successfully.

C:\WINDOWS\System32\SET7D7.tmp moved successfully.

C:\WINDOWS\System32\SET7D9.tmp moved successfully.

C:\WINDOWS\System32\SET7DB.tmp moved successfully.

C:\WINDOWS\System32\SET7DC.tmp moved successfully.

C:\WINDOWS\System32\SET7DE.tmp moved successfully.

C:\WINDOWS\System32\SET7E1.tmp moved successfully.

C:\WINDOWS\System32\SET7E3.tmp moved successfully.

C:\WINDOWS\System32\SET7E8.tmp moved successfully.

C:\WINDOWS\System32\SET7E9.tmp moved successfully.

C:\WINDOWS\System32\SET7F1.tmp moved successfully.

C:\WINDOWS\System32\SET7F8.tmp moved successfully.

C:\WINDOWS\System32\SET7FD.tmp moved successfully.

C:\WINDOWS\System32\SET800.tmp moved successfully.

C:\WINDOWS\System32\SET803.tmp moved successfully.

C:\WINDOWS\System32\SET805.tmp moved successfully.

C:\WINDOWS\System32\SET809.tmp moved successfully.

C:\WINDOWS\System32\SET80B.tmp moved successfully.

C:\WINDOWS\System32\SET80C.tmp moved successfully.

C:\WINDOWS\System32\SET80D.tmp moved successfully.

C:\WINDOWS\System32\SET810.tmp moved successfully.

C:\WINDOWS\System32\SET811.tmp moved successfully.

C:\WINDOWS\System32\SET815.tmp moved successfully.

C:\WINDOWS\System32\SET816.tmp moved successfully.

C:\WINDOWS\System32\SET819.tmp moved successfully.

C:\WINDOWS\System32\SET81B.tmp moved successfully.

C:\WINDOWS\System32\SET821.tmp moved successfully.

C:\WINDOWS\System32\SET824.tmp moved successfully.

C:\WINDOWS\System32\SET828.tmp moved successfully.

C:\WINDOWS\System32\SET82A.tmp moved successfully.

C:\WINDOWS\System32\SET82C.tmp moved successfully.

C:\WINDOWS\System32\SET89F.tmp moved successfully.

C:\WINDOWS\System32\SET8A5.tmp moved successfully.

C:\WINDOWS\System32\SET982.tmp moved successfully.

C:\WINDOWS\System32\SET988.tmp moved successfully.

C:\WINDOWS\System32\SETAB.tmp moved successfully.

C:\WINDOWS\System32\SETAD.tmp moved successfully.

C:\WINDOWS\System32\SETBC.tmp moved successfully.

C:\WINDOWS\003026_.tmp moved successfully.

C:\WINDOWS\003032_.tmp moved successfully.

C:\WINDOWS\003042_.tmp moved successfully.

C:\WINDOWS\003246_.tmp moved successfully.

C:\WINDOWS\006448_.tmp moved successfully.

C:\WINDOWS\006684_.tmp moved successfully.

C:\WINDOWS\msdownld.tmp folder moved successfully.

C:\WINDOWS\SET176F.tmp moved successfully.

C:\WINDOWS\SET4AD.tmp moved successfully.

C:\WINDOWS\SET56F.tmp moved successfully.

C:\WINDOWS\SET658.tmp moved successfully.

C:\WINDOWS\SET77C.tmp moved successfully.

C:\WINDOWS\SET860.tmp moved successfully.

C:\WINDOWS\wininit.tmp moved successfully.

C:\WINDOWS\System32\_003411_.tmp.dll moved successfully.

C:\WINDOWS\System32\_003443_.tmp.dll moved successfully.

C:\Documents and Settings\All Users\Application Data\AVG10\scanlogs folder moved successfully.

C:\Documents and Settings\All Users\Application Data\AVG10\log\IDP\log folder moved successfully.

C:\Documents and Settings\All Users\Application Data\AVG10\log\IDP folder moved successfully.

C:\Documents and Settings\All Users\Application Data\AVG10\log folder moved successfully.

C:\Documents and Settings\All Users\Application Data\AVG10\Chjw\248c01e28c01af7c folder moved successfully.

C:\Documents and Settings\All Users\Application Data\AVG10\Chjw folder moved successfully.

C:\Documents and Settings\All Users\Application Data\AVG10\cfgall folder moved successfully.

C:\Documents and Settings\All Users\Application Data\AVG10\Cfg folder moved successfully.

C:\Documents and Settings\All Users\Application Data\AVG10 folder moved successfully.

C:\Documents and Settings\All Users\Application Data\avg9\update\prepare\temp folder moved successfully.

C:\Documents and Settings\All Users\Application Data\avg9\update\prepare folder moved successfully.

C:\Documents and Settings\All Users\Application Data\avg9\update\backup folder moved successfully.

C:\Documents and Settings\All Users\Application Data\avg9\update folder moved successfully.

C:\Documents and Settings\All Users\Application Data\avg9\Temp folder moved successfully.

C:\Documents and Settings\All Users\Application Data\avg9\scanlogs folder moved successfully.

C:\Documents and Settings\All Users\Application Data\avg9\Log folder moved successfully.

C:\Documents and Settings\All Users\Application Data\avg9\emc folder moved successfully.

C:\Documents and Settings\All Users\Application Data\avg9\Dumps folder moved successfully.

C:\Documents and Settings\All Users\Application Data\avg9\CfgAll folder moved successfully.

C:\Documents and Settings\All Users\Application Data\avg9\Cfg folder moved successfully.

C:\Documents and Settings\All Users\Application Data\avg9\AvgApi folder moved successfully.

C:\Documents and Settings\All Users\Application Data\avg9\AvgAm folder moved successfully.

C:\Documents and Settings\All Users\Application Data\avg9\admincli folder moved successfully.

C:\Documents and Settings\All Users\Application Data\avg9 folder moved successfully.

C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar folder moved successfully.

C:\Documents and Settings\All Users\Application Data\Viewpoint\Toolbar Runtime folder moved successfully.

C:\Documents and Settings\All Users\Application Data\Viewpoint\AxMetaStream_Win folder moved successfully.

C:\Documents and Settings\All Users\Application Data\Viewpoint folder moved successfully.

C:\Documents and Settings\Owner\Application Data\AVG10\cfgall folder moved successfully.

C:\Documents and Settings\Owner\Application Data\AVG10 folder moved successfully.

C:\Documents and Settings\Owner\Application Data\FrostWire\xml\data folder moved successfully.

C:\Documents and Settings\Owner\Application Data\FrostWire\xml folder moved successfully.

C:\Documents and Settings\Owner\Application Data\FrostWire\themes\frostwirePro_theme folder moved successfully.

C:\Documents and Settings\Owner\Application Data\FrostWire\themes folder moved successfully.

C:\Documents and Settings\Owner\Application Data\FrostWire\overlays folder moved successfully.

C:\Documents and Settings\Owner\Application Data\FrostWire\hostilesUpdater\hostiles.txt.18.zip folder moved successfully.

C:\Documents and Settings\Owner\Application Data\FrostWire\hostilesUpdater folder moved successfully.

C:\Documents and Settings\Owner\Application Data\FrostWire\.NetworkShare\Incomplete folder moved successfully.

C:\Documents and Settings\Owner\Application Data\FrostWire\.NetworkShare folder moved successfully.

C:\Documents and Settings\Owner\Application Data\FrostWire\.AppSpecialShare folder moved successfully.

C:\Documents and Settings\Owner\Application Data\FrostWire folder moved successfully.

C:\Documents and Settings\Owner\Application Data\Uniblue\RegistryBooster\_temp folder moved successfully.

C:\Documents and Settings\Owner\Application Data\Uniblue\RegistryBooster\history folder moved successfully.

C:\Documents and Settings\Owner\Application Data\Uniblue\RegistryBooster\backup folder moved successfully.

C:\Documents and Settings\Owner\Application Data\Uniblue\RegistryBooster folder moved successfully.

C:\Documents and Settings\Owner\Application Data\Uniblue\Registry Booster2 folder moved successfully.

C:\Documents and Settings\Owner\Application Data\Uniblue folder moved successfully.

C:\Documents and Settings\Owner\Application Data\uTorrent folder moved successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

->Temp folder emptied: 1512950 bytes

->Temporary Internet Files folder emptied: 70726 bytes

User: All Users

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 32969 bytes

->Flash cache emptied: 84 bytes

User: Guest

->Temp folder emptied: 582155 bytes

->Temporary Internet Files folder emptied: 1021467 bytes

->FireFox cache emptied: 5302124 bytes

->Opera cache emptied: 311434 bytes

->Flash cache emptied: 405 bytes

User: LocalService

->Temp folder emptied: 65716 bytes

->Temporary Internet Files folder emptied: 6986951 bytes

->Opera cache emptied: 4358765 bytes

->Flash cache emptied: 456 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 32483170 bytes

User: Owner

->Temp folder emptied: 7748848 bytes

->Temporary Internet Files folder emptied: 24906384 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 48598630 bytes

->Google Chrome cache emptied: 7989810 bytes

->Opera cache emptied: 411000976 bytes

->Flash cache emptied: 7167 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 864115 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 2135434260 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 21857 bytes

Total Files Cleaned = 2,565.00 mb

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

->Flash cache emptied: 0 bytes

User: Guest

->Flash cache emptied: 0 bytes

User: LocalService

->Flash cache emptied: 0 bytes

User: NetworkService

User: Owner

->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

OTL by OldTimer - Version 3.2.20.2 log created on 01202011_165539

Files\Folders moved on Reboot...

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\05WXIM5I\background_button_green_full[2].png moved successfully.

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\05WXIM5I\list-item-plus[1].png moved successfully.

File\Folder C:\WINDOWS\temp\usgthrsvc\Perflib_Perfdata_600.dat not found!

File\Folder C:\WINDOWS\temp\logishrd\LVPrcInj01.dll not found!

Registry entries deleted on Reboot...

Link to post
Share on other sites
  • 3 weeks later...
  • Staff
screen317

screen317

Posted
  • Staff
Posted

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.