i'm new to this kind of community.. so i don't know what to do.. i've been trying for months now. i'm having the same problem.. sometimes.. my taskbar changes to classic then you cannot connect to the internet and the sound is disabled. if i restart it.. it goes back to normal.. but eventually my taskbar will change to classic again..

i followed what is said in user punitmanik's thread (http://www.daniweb.com/hardware-and-software/microsoft-windows/viruses-spyware-and-other-nasties/threads/363540) up to the combofix.. when i ran the combofix... it said that "rootkit activity was detected and reboot is needed" please if you can find time to help, i'd gladly appreciate it. thanks

Recommended Answers

All 22 Replies

THIS IS MY HI JACK THIS LOG FILE

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:13:12 PM, on 6/3/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEBS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\ESET\ESET Online Scanner\OnlineScannerApp.exe
C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
C:\Documents and Settings\Administrator\My Documents\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2776682
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.windowsue.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsue.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Windows uE
R3 - URLSearchHook: BitTorrentBar Toolbar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\tbBitT.dll
R3 - URLSearchHook: BrotherSoft Extreme Toolbar - {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Program Files\BrotherSoft_Extreme\prxtbBrot.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O2 - BHO: BrotherSoft Extreme - {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Program Files\BrotherSoft_Extreme\prxtbBrot.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: BitTorrentBar Toolbar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\tbBitT.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: BitTorrentBar Toolbar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\tbBitT.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: BrotherSoft Extreme Toolbar - {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Program Files\BrotherSoft_Extreme\prxtbBrot.dll
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\BitTorrent.exe"
O4 - HKCU\..\Run: [EPSON Stylus T10 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEBS.EXE /FU "C:\Windows\Temp\E_S87.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: Warkeys Update.lnk = C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1306873887328
O17 - HKLM\System\CCS\Services\Tcpip\..\{65AFADF2-7BCE-4943-A604-86EEE9493910}: NameServer = 210.4.2.61 202.78.117.7
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 8134 bytes

We can't offer assistance until we see ALL the logs. You shouldn't have run Combofix without first being PERSONALLY told to do so. It is not for use with all infections, only specific infections. We can't advise about what a log might have said without first seeing that log.
You seem to be using P2P programs, the easiest way to get a serious infection. BitTorrent shows in the HJT log. Uninstall it and all other P2P programs before going further.

Please post ALL logs.

i'm really sorry for my ignorance.. i will now read the guidelines and will post all logs.

GMER 1.0.15.15640 - http://www.gmer.net
Rootkit quick scan 2011-06-03 22:35:05
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e WDC_WD5000AAKS-00UU3A0 rev.01.03B01
Running: nvhzjqe1.exe; Driver: C:\Windows\Temp\fxddapoc.sys


---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 MBR read error
Disk \Device\Harddisk0\DR0 MBR BIOS signature not found 0

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xB4400BF2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xB4400A5D]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xB4458902]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Devices - GMER 1.0.15 ----

Device \Driver\atapi \Device\Ide\IdePort0 89DDB1D8
Device \Driver\atapi \Device\Ide\IdePort1 89DDB1D8
Device \Driver\atapi \Device\Ide\IdePort2 89DDB1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T1L0-19 89DDB1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-3 89DDB1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e 89DDB1D8
Device \Driver\iteraid \Device\Scsi\iteraid1 89E4C1D8
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
Device \FileSystem\Ntfs \Ntfs 89E4B1D8

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- EOF - GMER 1.0.15 ----

GMER two

GMER 1.0.15.15640 - http://www.gmer.net
Rootkit scan 2011-06-03 22:39:27
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdePort2 WDC_WD5000AAKS-00UU3A0 rev.01.03B01
Running: nvhzjqe1.exe; Driver: C:\Windows\Temp\fxddapoc.sys


---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2BC0 805037D4 8 Bytes [1C, E8, 3D, B4, 74, E8, 3D, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 2BCC 805037E0 4 Bytes JMP BE00EC22
.text ntkrnlpa.exe!ZwCallbackReturn + 2BFC 80503810 8 Bytes [C4, E8, 3D, B4, C6, E7, 3D, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 2C0C 80503820 4 Bytes JMP F956EC62
.text ntkrnlpa.exe!ZwCallbackReturn + 2CFC 80503910 8 Bytes [4C, E8, 3D, B4, 9C, E8, 3D, ...]
.text ...
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 805A4EB4 4 Bytes CALL B43DD335 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BAEC2 5 Bytes JMP B44542BE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 805C17F8 5 Bytes JMP B4455D5C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805CF984 7 Bytes JMP B4458906 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
? C:\WINDOWS\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process.
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB6FAE3A0, 0x585395, 0xE8000020]
.text USBPORT.SYS!DllUnload B6F4980C 5 Bytes JMP 89BF11B8
.text win32k.sys!EngFreeUserMem + 674 BF80BB6A 5 Bytes JMP B43DFCCE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSurface + 45 BF810293 5 Bytes JMP B43DFBDA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngSetLastError + 757E BF8238B7 5 Bytes JMP B43DEF60 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateBitmap + 698 BF833898 5 Bytes JMP B43DFE38 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateBitmap + 3213 BF836413 5 Bytes JMP B43E0040 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateBitmap + C7BA BF83F9BA 5 Bytes JMP B43DFB4A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngMultiByteToWideChar + 44B7 BF84C303 5 Bytes JMP B43DFF9E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetCurrentCodePage + 415A BF885EC6 5 Bytes JMP B43DF32A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 1899 BF8A5890 5 Bytes JMP B43DEE84 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 5972 BF8A9969 5 Bytes JMP B43DFD80 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBltROP + 4033 BF8ADEF1 5 Bytes JMP B43DF1AC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBltROP + 40BE BF8ADF7C 5 Bytes JMP B43DF352 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBltROP + 45FA BF8AE4B8 5 Bytes JMP B43DEFD0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBltROP + A168 BF8B4026 5 Bytes JMP B43DEE9C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngMulDiv + D14B BF8C1EE7 5 Bytes JMP B43DFC04 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngAlphaBlend + 3E8 BF8C35B4 5 Bytes JMP B43DF06A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 2B41 BF8E1AEF 5 Bytes JMP B43DF0DA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 2DC1 BF8E1D6F 5 Bytes JMP B43DF114 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + 3B5F BF8F2C27 5 Bytes JMP B43DEDB8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 1994 BF911381 5 Bytes JMP B43DEF1C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 2568 BF911F55 5 Bytes JMP B43DF034 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 4EC2 BF9148AF 5 Bytes JMP B43DF46C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 1931 BF942257 5 Bytes JMP B43DFEF6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\iTunes\iTunesHelper.exe[164] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001501F8
.text C:\Program Files\iTunes\iTunesHelper.exe[164] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Program Files\iTunes\iTunesHelper.exe[164] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001503FC
.text C:\Program Files\iTunes\iTunesHelper.exe[164] kernel32.dll!GetBinaryTypeW + 80 7C867DCC 1 Byte [62]
.text C:\Program Files\iTunes\iTunesHelper.exe[164] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 00381014
.text C:\Program Files\iTunes\iTunesHelper.exe[164] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 00380804
.text C:\Program Files\iTunes\iTunesHelper.exe[164] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 00380A08
.text C:\Program Files\iTunes\iTunesHelper.exe[164] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 00380C0C
.text C:\Program Files\iTunes\iTunesHelper.exe[164] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 00380E10
.text C:\Program Files\iTunes\iTunesHelper.exe[164] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 003801F8
.text C:\Program Files\iTunes\iTunesHelper.exe[164] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 003803FC
.text C:\Program Files\iTunes\iTunesHelper.exe[164] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 00380600
.text C:\Program Files\iTunes\iTunesHelper.exe[164] USER32.dll!UnhookWindowsHookEx 77D4F22E 5 Bytes JMP 00390A08
.text C:\Program Files\iTunes\iTunesHelper.exe[164] USER32.dll!SetWindowsHookExW 77D53DEA 5 Bytes JMP 00390804
.text C:\Program Files\iTunes\iTunesHelper.exe[164] USER32.dll!SetWindowsHookExA 77D611F1 5 Bytes JMP 00390600
.text C:\Program Files\iTunes\iTunesHelper.exe[164] USER32.dll!SetWinEventHook 77D617D0 5 Bytes JMP 003901F8
.text C:\Program Files\iTunes\iTunesHelper.exe[164] USER32.dll!UnhookWinEvent 77D61885 5 Bytes JMP 003903FC
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[200] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001501F8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[200] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[200] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001503FC
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[200] kernel32.dll!GetBinaryTypeW + 80 7C867DCC 1 Byte [62]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[200] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 00381014
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[200] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 00380804
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[200] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 00380A08
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[200] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 00380C0C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[200] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 00380E10
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[200] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 003801F8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[200] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 003803FC
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[200] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 00380600
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[200] USER32.dll!UnhookWindowsHookEx 77D4F22E 5 Bytes JMP 00390A08
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[200] USER32.dll!SetWindowsHookExW 77D53DEA 5 Bytes JMP 00390804
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[200] USER32.dll!SetWindowsHookExA 77D611F1 5 Bytes JMP 00390600
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[200] USER32.dll!SetWinEventHook 77D617D0 5 Bytes JMP 003901F8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[200] USER32.dll!UnhookWinEvent 77D61885 5 Bytes JMP 003903FC
.text C:\WINDOWS\RTHDCPL.EXE[316] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001401F8
.text C:\WINDOWS\RTHDCPL.EXE[316] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\RTHDCPL.EXE[316] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001403FC
.text C:\WINDOWS\RTHDCPL.EXE[316] kernel32.dll!GetBinaryTypeW + 80 7C867DCC 1 Byte [62]
.text C:\WINDOWS\RTHDCPL.EXE[316] USER32.dll!UnhookWindowsHookEx 77D4F22E 5 Bytes JMP 00370A08
.text C:\WINDOWS\RTHDCPL.EXE[316] USER32.dll!SetWindowsHookExW 77D53DEA 5 Bytes JMP 00370804
.text C:\WINDOWS\RTHDCPL.EXE[316] USER32.dll!SetWindowsHookExA 77D611F1 5 Bytes JMP 00370600
.text C:\WINDOWS\RTHDCPL.EXE[316] USER32.dll!SetWinEventHook 77D617D0 5 Bytes JMP 003701F8
.text C:\WINDOWS\RTHDCPL.EXE[316] USER32.dll!UnhookWinEvent 77D61885 5 Bytes JMP 003703FC
.text C:\WINDOWS\RTHDCPL.EXE[316] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 00381014
.text C:\WINDOWS\RTHDCPL.EXE[316] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 00380804
.text C:\WINDOWS\RTHDCPL.EXE[316] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 00380A08
.text C:\WINDOWS\RTHDCPL.EXE[316] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 00380C0C
.text C:\WINDOWS\RTHDCPL.EXE[316] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 00380E10
.text C:\WINDOWS\RTHDCPL.EXE[316] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 003801F8
.text C:\WINDOWS\RTHDCPL.EXE[316] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 003803FC
.text C:\WINDOWS\RTHDCPL.EXE[316] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 00380600
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[520] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[520] kernel32.dll!GetBinaryTypeW + 80 7C867DCC 1 Byte [62]
.text C:\WINDOWS\system32\RUNDLL32.EXE[524] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\RUNDLL32.EXE[524] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\RUNDLL32.EXE[524] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\RUNDLL32.EXE[524] kernel32.dll!GetBinaryTypeW + 80 7C867DCC 1 Byte [62]
.text C:\WINDOWS\system32\RUNDLL32.EXE[524] USER32.dll!UnhookWindowsHookEx 77D4F22E 5 Bytes JMP 002A0A08
.text C:\WINDOWS\system32\RUNDLL32.EXE[524] USER32.dll!SetWindowsHookExW 77D53DEA 5 Bytes JMP 002A0804
.text C:\WINDOWS\system32\RUNDLL32.EXE[524] USER32.dll!SetWindowsHookExA 77D611F1 5 Bytes JMP 002A0600
.text C:\WINDOWS\system32\RUNDLL32.EXE[524] USER32.dll!SetWinEventHook 77D617D0 5 Bytes JMP 002A01F8
.text C:\WINDOWS\system32\RUNDLL32.EXE[524] USER32.dll!UnhookWinEvent 77D61885 5 Bytes JMP 002A03FC
.text C:\WINDOWS\system32\RUNDLL32.EXE[524] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\RUNDLL32.EXE[524] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\RUNDLL32.EXE[524] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\RUNDLL32.EXE[524] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\RUNDLL32.EXE[524] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\RUNDLL32.EXE[524] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\RUNDLL32.EXE[524] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\RUNDLL32.EXE[524] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\smss.exe[584] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[640] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[640] KERNEL32.dll!GetBinaryTypeW + 80 7C867DCC 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[644] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000A01F8
.text C:\WINDOWS\system32\ctfmon.exe[644] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[644] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000A03FC
.text C:\WINDOWS\system32\ctfmon.exe[644] kernel32.dll!GetBinaryTypeW + 80 7C867DCC 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[644] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\ctfmon.exe[644] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\ctfmon.exe[644] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\ctfmon.exe[644] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\ctfmon.exe[644] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\ctfmon.exe[644] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\ctfmon.exe[644] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\ctfmon.exe[644] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\ctfmon.exe[644] USER32.dll!UnhookWindowsHookEx 77D4F22E 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\ctfmon.exe[644] USER32.dll!SetWindowsHookExW 77D53DEA 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\ctfmon.exe[644] USER32.dll!SetWindowsHookExA 77D611F1 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\ctfmon.exe[644] USER32.dll!SetWinEventHook 77D617D0 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\ctfmon.exe[644] USER32.dll!UnhookWinEvent 77D61885 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\winlogon.exe[668] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000701F8
.text C:\WINDOWS\system32\winlogon.exe[668] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[668] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000703FC
.text C:\WINDOWS\system32\winlogon.exe[668] kernel32.dll!GetBinaryTypeW + 80 7C867DCC 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[668] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 002A1014
.text C:\WINDOWS\system32\winlogon.exe[668] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 002A0804
.text C:\WINDOWS\system32\winlogon.exe[668] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 002A0A08
.text C:\WINDOWS\system32\winlogon.exe[668] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 002A0C0C
.text C:\WINDOWS\system32\winlogon.exe[668] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 002A0E10
.text C:\WINDOWS\system32\winlogon.exe[668] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 002A01F8
.text C:\WINDOWS\system32\winlogon.exe[668] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 002A03FC
.text C:\WINDOWS\system32\winlogon.exe[668] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 002A0600
.text C:\WINDOWS\system32\winlogon.exe[668] USER32.dll!UnhookWindowsHookEx 77D4F22E 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\winlogon.exe[668] USER32.dll!SetWindowsHookExW 77D53DEA 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\winlogon.exe[668] USER32.dll!SetWindowsHookExA 77D611F1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\winlogon.exe[668] USER32.dll!SetWinEventHook 77D617D0 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\winlogon.exe[668] USER32.dll!UnhookWinEvent 77D61885 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\services.exe[712] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\services.exe[712] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[712] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\services.exe[712] kernel32.dll!GetBinaryTypeW + 80 7C867DCC 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[712] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\services.exe[712] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\services.exe[712] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\services.exe[712] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\services.exe[712] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\services.exe[712] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\services.exe[712] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\services.exe[712] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\services.exe[712] USER32.dll!UnhookWindowsHookEx 77D4F22E 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\services.exe[712] USER32.dll!SetWindowsHookExW 77D53DEA 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\services.exe[712] USER32.dll!SetWindowsHookExA 77D611F1 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\services.exe[712] USER32.dll!SetWinEventHook 77D617D0 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\services.exe[712] USER32.dll!UnhookWinEvent 77D61885 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\lsass.exe[724] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\lsass.exe[724] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[724] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\lsass.exe[724] kernel32.dll!GetBinaryTypeW + 80 7C867DCC 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[724] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 002A1014
.text C:\WINDOWS\system32\lsass.exe[724] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 002A0804
.text C:\WINDOWS\system32\lsass.exe[724] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 002A0A08
.text C:\WINDOWS\system32\lsass.exe[724] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 002A0C0C
.text C:\WINDOWS\system32\lsass.exe[724] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 002A0E10
.text C:\WINDOWS\system32\lsass.exe[724] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 002A01F8
.text C:\WINDOWS\system32\lsass.exe[724] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 002A03FC
.text C:\WINDOWS\system32\lsass.exe[724] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 002A0600
.text C:\WINDOWS\system32\lsass.exe[724] USER32.dll!UnhookWindowsHookEx 77D4F22E 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\lsass.exe[724] USER32.dll!SetWindowsHookExW 77D53DEA 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\lsass.exe[724] USER32.dll!SetWindowsHookExA 77D611F1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\lsass.exe[724] USER32.dll!SetWinEventHook 77D617D0 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\lsass.exe[724] USER32.dll!UnhookWinEvent 77D61885 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\nvsvc32.exe[880] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001501F8
.text C:\WINDOWS\system32\nvsvc32.exe[880] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\nvsvc32.exe[880] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001503FC
.text C:\WINDOWS\system32\nvsvc32.exe[880] kernel32.dll!GetBinaryTypeW + 80 7C867DCC 1 Byte [62]
.text C:\WINDOWS\system32\nvsvc32.exe[880] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 00381014
.text C:\WINDOWS\system32\nvsvc32.exe[880] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 00380804
.text C:\WINDOWS\system32\nvsvc32.exe[880] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 00380A08
.text C:\WINDOWS\system32\nvsvc32.exe[880] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 00380C0C
.text C:\WINDOWS\system32\nvsvc32.exe[880] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 00380E10
.text C:\WINDOWS\system32\nvsvc32.exe[880] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 003801F8
.text C:\WINDOWS\system32\nvsvc32.exe[880] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 003803FC
.text C:\WINDOWS\system32\nvsvc32.exe[880] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 00380600
.text C:\WINDOWS\system32\nvsvc32.exe[880] USER32.dll!UnhookWindowsHookEx 77D4F22E 5 Bytes JMP 00390A08
.text C:\WINDOWS\system32\nvsvc32.exe[880] USER32.dll!SetWindowsHookExW 77D53DEA 5 Bytes JMP 00390804
.text C:\WINDOWS\system32\nvsvc32.exe[880] USER32.dll!SetWindowsHookExA 77D611F1 5 Bytes JMP 00390600
.text C:\WINDOWS\system32\nvsvc32.exe[880] USER32.dll!SetWinEventHook 77D617D0 5 Bytes JMP 003901F8
.text C:\WINDOWS\system32\nvsvc32.exe[880] USER32.dll!UnhookWinEvent 77D61885 5 Bytes JMP 003903FC
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[904] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001501F8
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[904] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[904] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001503FC
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[904] kernel32.dll!GetBinaryTypeW + 80 7C867DCC 1 Byte [62]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[904] USER32.dll!UnhookWindowsHookEx 77D4F22E 5 Bytes JMP 00380A08
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[904] USER32.dll!SetWindowsHookExW 77D53DEA 5 Bytes JMP 00380804
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[904] USER32.dll!SetWindowsHookExA 77D611F1 5 Bytes JMP 00380600
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[904] USER32.dll!SetWinEventHook 77D617D0 5 Bytes JMP 003801F8
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[904] USER32.dll!UnhookWinEvent 77D61885 5 Bytes JMP 003803FC
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[904] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 00391014
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[904] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 00390804
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[904] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 00390A08
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[904] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 00390C0C
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[904] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 00390E10
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[904] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 003901F8
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[904] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 003903FC
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[904] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 00390600
.text C:\WINDOWS\system32\svchost.exe[940] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[940] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[940] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[940] kernel32.dll!GetBinaryTypeW + 80 7C867DCC 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[940] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 002A1014
.text C:\WINDOWS\system32\svchost.exe[940] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 002A0804
.text C:\WINDOWS\system32\svchost.exe[940] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 002A0A08
.text C:\WINDOWS\system32\svchost.exe[940] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 002A0C0C
.text C:\WINDOWS\system32\svchost.exe[940] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 002A0E10
.text C:\WINDOWS\system32\svchost.exe[940] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 002A01F8
.text C:\WINDOWS\system32\svchost.exe[940] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 002A03FC
.text C:\WINDOWS\system32\svchost.exe[940] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 002A0600
.text C:\WINDOWS\system32\svchost.exe[940] USER32.dll!UnhookWindowsHookEx 77D4F22E 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[940] USER32.dll!SetWindowsHookExW 77D53DEA 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[940] USER32.dll!SetWindowsHookExA 77D611F1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[940] USER32.dll!SetWinEventHook 77D617D0 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[940] USER32.dll!UnhookWinEvent 77D61885 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[996] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[996] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[996] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!GetBinaryTypeW + 80 7C867DCC 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[996] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 002A1014
.text C:\WINDOWS\system32\svchost.exe[996] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 002A0804
.text C:\WINDOWS\system32\svchost.exe[996] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 002A0A08
.text C:\WINDOWS\system32\svchost.exe[996] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 002A0C0C
.text C:\WINDOWS\system32\svchost.exe[996] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 002A0E10
.text C:\WINDOWS\system32\svchost.exe[996] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 002A01F8
.text C:\WINDOWS\system32\svchost.exe[996] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 002A03FC
.text C:\WINDOWS\system32\svchost.exe[996] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 002A0600
.text C:\WINDOWS\system32\svchost.exe[996] USER32.dll!UnhookWindowsHookEx 77D4F22E 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[996] USER32.dll!SetWindowsHookExW 77D53DEA 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[996] USER32.dll!SetWindowsHookExA 77D611F1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[996] USER32.dll!SetWinEventHook 77D617D0 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[996] USER32.dll!UnhookWinEvent 77D61885 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEBS.EXE[1048] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEBS.EXE[1048] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEBS.EXE[1048] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEBS.EXE[1048] kernel32.dll!GetBinaryTypeW + 80 7C867DCC 1 Byte [62]
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEBS.EXE[1048] USER32.dll!UnhookWindowsHookEx 77D4F22E 5 Bytes JMP 002C0A08
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEBS.EXE[1048] USER32.dll!SetWindowsHookExW 77D53DEA 5 Bytes JMP 002C0804
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEBS.EXE[1048] USER32.dll!SetWindowsHookExA 77D611F1 5 Bytes JMP 002C0600
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEBS.EXE[1048] USER32.dll!SetWinEventHook 77D617D0 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEBS.EXE[1048] USER32.dll!UnhookWinEvent 77D61885 5 Bytes JMP 002C03FC
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEBS.EXE[1048] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 002D1014
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEBS.EXE[1048] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 002D0804
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEBS.EXE[1048] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 002D0A08
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEBS.EXE[1048] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 002D0C0C
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEBS.EXE[1048] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 002D0E10
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEBS.EXE[1048] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 002D01F8
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEBS.EXE[1048] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 002D03FC
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEBS.EXE[1048] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 002D0600
.text C:\WINDOWS\System32\svchost.exe[1088] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[1088] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1088] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[1088] kernel32.dll!GetBinaryTypeW + 80 7C867DCC 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1088] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 002A1014
.text C:\WINDOWS\System32\svchost.exe[1088] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 002A0804
.text C:\WINDOWS\System32\svchost.exe[1088] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 002A0A08
.text C:\WINDOWS\System32\svchost.exe[1088] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 002A0C0C
.text C:\WINDOWS\System32\svchost.exe[1088] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 002A0E10
.text C:\WINDOWS\System32\svchost.exe[1088] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 002A01F8
.text C:\WINDOWS\System32\svchost.exe[1088] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 002A03FC
.text C:\WINDOWS\System32\svchost.exe[1088] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 002A0600
.text C:\WINDOWS\System32\svchost.exe[1088] USER32.dll!UnhookWindowsHookEx 77D4F22E 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\svchost.exe[1088] USER32.dll!SetWindowsHookExW 77D53DEA 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\svchost.exe[1088] USER32.dll!SetWindowsHookExA 77D611F1 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\svchost.exe[1088] USER32.dll!SetWinEventHook 77D617D0 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\svchost.exe[1088] USER32.dll!UnhookWinEvent 77D61885 5 Bytes JMP 002B03FC
.text C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[1156] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001401F8
.text C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[1156] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[1156] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001403FC
.text C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[1156] kernel32.dll!GetBinaryTypeW + 80 7C867DCC 1 Byte [62]
.text C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[1156] USER32.dll!UnhookWindowsHookEx 77D4F22E 5 Bytes JMP 00370A08
.text C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[1156] USER32.dll!SetWindowsHookExW 77D53DEA 5 Bytes JMP 00370804
.text C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[1156] USER32.dll!SetWindowsHookExA 77D611F1 5 Bytes JMP 00370600
.text C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[1156] USER32.dll!SetWinEventHook 77D617D0 5 Bytes JMP 003701F8
.text C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[1156] USER32.dll!UnhookWinEvent 77D61885 5 Bytes JMP 003703FC
.text C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[1156] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 00381014
.text C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[1156] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 00380804
.text C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[1156] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 00380A08
.text C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[1156] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 00380C0C
.text C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[1156] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 00380E10
.text C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[1156] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 003801F8
.text C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[1156] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 003803FC
.text C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[1156] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 00380600
.text C:\WINDOWS\system32\svchost.exe[1176] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1176] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1176] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!GetBinaryTypeW + 80 7C867DCC 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1176] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 002A1014
.text C:\WINDOWS\system32\svchost.exe[1176] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 002A0804
.text C

.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1228] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 00500600
.text C:\WINDOWS\system32\svchost.exe[1284] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1284] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1284] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!GetBinaryTypeW + 80 7C867DCC 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1284] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 002A1014
.text C:\WINDOWS\system32\svchost.exe[1284] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 002A0804
.text C:\WINDOWS\system32\svchost.exe[1284] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 002A0A08
.text C:\WINDOWS\system32\svchost.exe[1284] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 002A0C0C
.text C:\WINDOWS\system32\svchost.exe[1284] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 002A0E10
.text C:\WINDOWS\system32\svchost.exe[1284] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 002A01F8
.text C:\WINDOWS\system32\svchost.exe[1284] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 002A03FC
.text C:\WINDOWS\system32\svchost.exe[1284] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 002A0600
.text C:\WINDOWS\system32\svchost.exe[1284] USER32.dll!UnhookWindowsHookEx 77D4F22E 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1284] USER32.dll!SetWindowsHookExW 77D53DEA 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1284] USER32.dll!SetWindowsHookExA 77D611F1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1284] USER32.dll!SetWinEventHook 77D617D0 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1284] USER32.dll!UnhookWinEvent 77D61885 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\svchost.exe[1396] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[1396] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1396] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[1396] kernel32.dll!GetBinaryTypeW + 80 7C867DCC 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1396] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 002A1014
.text C:\WINDOWS\System32\svchost.exe[1396] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 002A0804
.text C:\WINDOWS\System32\svchost.exe[1396] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 002A0A08
.text C:\WINDOWS\System32\svchost.exe[1396] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 002A0C0C
.text C:\WINDOWS\System32\svchost.exe[1396] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 002A0E10
.text C:\WINDOWS\System32\svchost.exe[1396] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 002A01F8
.text C:\WINDOWS\System32\svchost.exe[1396] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 002A03FC
.text C:\WINDOWS\System32\svchost.exe[1396] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 002A0600
.text C:\WINDOWS\System32\svchost.exe[1396] USER32.dll!UnhookWindowsHookEx 77D4F22E 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\svchost.exe[1396] USER32.dll!SetWindowsHookExW 77D53DEA 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\svchost.exe[1396] USER32.dll!SetWindowsHookExA 77D611F1 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\svchost.exe[1396] USER32.dll!SetWinEventHook 77D617D0 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\svchost.exe[1396] USER32.dll!UnhookWinEvent 77D61885 5 Bytes JMP 002B03FC
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1440] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1440] kernel32.dll!SetUnhandledExceptionFilter 7C8447B5 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1440] kernel32.dll!GetBinaryTypeW + 80 7C867DCC 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[1556] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8
.text C:\WINDOWS\Explorer.EXE[1556] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[1556] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC
.text C:\WINDOWS\Explorer.EXE[1556] kernel32.dll!GetBinaryTypeW + 80 7C867DCC 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[1556] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 002B1014
.text C:\WINDOWS\Explorer.EXE[1556] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 002B0804
.text C:\WINDOWS\Explorer.EXE[1556] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 002B0A08
.text C:\WINDOWS\Explorer.EXE[1556] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\Explorer.EXE[1556] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 002B0E10
.text C:\WINDOWS\Explorer.EXE[1556] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 002B01F8
.text C:\WINDOWS\Explorer.EXE[1556] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 002B03FC
.text C:\WINDOWS\Explorer.EXE[1556] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 002B0600
.text C:\WINDOWS\Explorer.EXE[1556] USER32.dll!UnhookWindowsHookEx 77D4F22E 5 Bytes JMP 002C0A08
.text C:\WINDOWS\Explorer.EXE[1556] USER32.dll!SetWindowsHookExW 77D53DEA 5 Bytes JMP 002C0804
.text C:\WINDOWS\Explorer.EXE[1556] USER32.dll!SetWindowsHookExA 77D611F1 5 Bytes JMP 002C0600
.text C:\WINDOWS\Explorer.EXE[1556] USER32.dll!SetWinEventHook 77D617D0 5 Bytes JMP 002C01F8
.text C:\WINDOWS\Explorer.EXE[1556] USER32.dll!UnhookWinEvent 77D61885 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\spoolsv.exe[1900] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\spoolsv.exe[1900] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1900] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\spoolsv.exe[1900] kernel32.dll!GetBinaryTypeW + 80 7C867DCC 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1900] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 002A1014
.text C:\WINDOWS\system32\spoolsv.exe[1900] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 002A0804
.text C:\WINDOWS\system32\spoolsv.exe[1900] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 002A0A08
.text C:\WINDOWS\system32\spoolsv.exe[1900] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 002A0C0C
.text C:\WINDOWS\system32\spoolsv.exe[1900] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 002A0E10
.text C:\WINDOWS\system32\spoolsv.exe[1900] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 002A01F8
.text C:\WINDOWS\system32\spoolsv.exe[1900] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 002A03FC
.text C:\WINDOWS\system32\spoolsv.exe[1900] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 002A0600
.text C:\WINDOWS\system32\spoolsv.exe[1900] USER32.dll!UnhookWindowsHookEx 77D4F22E 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\spoolsv.exe[1900] USER32.dll!SetWindowsHookExW 77D53DEA 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\spoolsv.exe[1900] USER32.dll!SetWindowsHookExA 77D611F1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\spoolsv.exe[1900] USER32.dll!SetWinEventHook 77D617D0 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\spoolsv.exe[1900] USER32.dll!UnhookWinEvent 77D61885 5 Bytes JMP 002B03FC
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1972] ntdll.dll!NtCreateFile + 6 7C90D688 4 Bytes [28, 00, 16, 00]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1972] ntdll.dll!NtCreateFile + B 7C90D68D 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1972] ntdll.dll!NtMapViewOfSection + 6 7C90DC5B 1 Byte [28]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1972] ntdll.dll!NtMapViewOfSection + 6 7C90DC5B 4 Bytes [28, 03, 16, 00]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1972] ntdll.dll!NtMapViewOfSection + B 7C90DC60 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1972] ntdll.dll!NtOpenFile + 6 7C90DD03 4 Bytes [68, 00, 16, 00]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1972] ntdll.dll!NtOpenFile + B 7C90DD08 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1972] ntdll.dll!NtOpenProcess + 6 7C90DD81 4 Bytes [A8, 01, 16, 00]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1972] ntdll.dll!NtOpenProcess + B 7C90DD86 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1972] ntdll.dll!NtOpenProcessToken + 6 7C90DD96 4 Bytes CALL 7B90F39C
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1972] ntdll.dll!NtOpenProcessToken + B 7C90DD9B 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1972] ntdll.dll!NtOpenProcessTokenEx + 6 7C90DDAB 4 Bytes [A8, 02, 16, 00]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1972] ntdll.dll!NtOpenProcessTokenEx + B 7C90DDB0 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1972] ntdll.dll!NtOpenThread + 6 7C90DDFF 4 Bytes [68, 01, 16, 00]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1972] ntdll.dll!NtOpenThread + B 7C90DE04 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1972] ntdll.dll!NtOpenThreadToken + 6 7C90DE14 4 Bytes [68, 02, 16, 00]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1972] ntdll.dll!NtOpenThreadToken + B 7C90DE19 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1972] ntdll.dll!NtOpenThreadTokenEx + 6 7C90DE29 4 Bytes CALL 7B90F430
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1972] ntdll.dll!NtOpenThreadTokenEx + B 7C90DE2E 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1972] ntdll.dll!NtQueryAttributesFile + 6 7C90DEE6 4 Bytes [A8, 00, 16, 00]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1972] ntdll.dll!NtQueryAttributesFile + B 7C90DEEB 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1972] ntdll.dll!NtQueryFullAttributesFile + 6 7C90DFB8 4 Bytes CALL 7B90F5BD
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1972] ntdll.dll!NtQueryFullAttributesFile + B 7C90DFBD 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1972] ntdll.dll!NtSetInformationFile + 6 7C90E5DF 4 Bytes [28, 01, 16, 00]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1972] ntdll.dll!NtSetInformationFile + B 7C90E5E4 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1972] ntdll.dll!NtSetInformationThread + 6 7C90E648 4 Bytes [28, 02, 16, 00]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1972] ntdll.dll!NtSetInformationThread + B 7C90E64D 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1972] ntdll.dll!NtUnmapViewOfSection + 6 7C90E966 1 Byte [68]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1972] ntdll.dll!NtUnmapViewOfSection + 6 7C90E966 4 Bytes [68, 03, 16, 00]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1972] ntdll.dll!NtUnmapViewOfSection + B 7C90E96B 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1972] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001701F8
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1972] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1972] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001703FC
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1972] kernel32.dll!GetBinaryTypeW + 80 7C867DCC 1 Byte [62]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1972] USER32.dll!UnhookWindowsHookEx 77D4F22E 5 Bytes JMP 003F0A08
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1972] USER32.dll!SetWindowsHookExW 77D53DEA 5 Bytes JMP 003F0804
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1972] USER32.dll!SetWindowsHookExA 77D611F1 5 Bytes JMP 003F0600
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1972] USER32.dll!SetWinEventHook 77D617D0 5 Bytes JMP 003F01F8
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1972] USER32.dll!UnhookWinEvent 77D61885 5 Bytes JMP 003F03FC
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1972] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 00501014
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1972] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 00500804
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1972] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 00500A08
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1972] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 00500C0C
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1972] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 00500E10
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1972] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 005001F8
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1972] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 005003FC
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1972] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 00500600
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2232] ntdll.dll!NtCreateFile + 6 7C90D688 4 Bytes [28, 00, 16, 00]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2232] ntdll.dll!NtCreateFile + B 7C90D68D 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2232] ntdll.dll!NtMapViewOfSection + 6 7C90DC5B 1 Byte [28]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2232] ntdll.dll!NtMapViewOfSection + 6 7C90DC5B 4 Bytes [28, 03, 16, 00]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2232] ntdll.dll!NtMapViewOfSection + B 7C90DC60 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2232] ntdll.dll!NtOpenFile + 6 7C90DD03 4 Bytes [68, 00, 16, 00]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2232] ntdll.dll!NtOpenFile + B 7C90DD08 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2232] ntdll.dll!NtOpenProcess + 6 7C90DD81 4 Bytes [A8, 01, 16, 00]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2232] ntdll.dll!NtOpenProcess + B 7C90DD86 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2232] ntdll.dll!NtOpenProcessToken + 6 7C90DD96 4 Bytes CALL 7B90F39C
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2232] ntdll.dll!NtOpenProcessToken + B 7C90DD9B 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2232] ntdll.dll!NtOpenProcessTokenEx + 6 7C90DDAB 4 Bytes [A8, 02, 16, 00]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2232] ntdll.dll!NtOpenProcessTokenEx + B 7C90DDB0 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2232] ntdll.dll!NtOpenThread + 6 7C90DDFF 4 Bytes [68, 01, 16, 00]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2232] ntdll.dll!NtOpenThread + B 7C90DE04 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2232] ntdll.dll!NtOpenThreadToken + 6 7C90DE14 4 Bytes [68, 02, 16, 00]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2232] ntdll.dll!NtOpenThreadToken + B 7C90DE19 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2232] ntdll.dll!NtOpenThreadTokenEx + 6 7C90DE29 4 Bytes CALL 7B90F430
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2232] ntdll.dll!NtOpenThreadTokenEx + B 7C90DE2E 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2232] ntdll.dll!NtQueryAttributesFile + 6 7C90DEE6 4 Bytes [A8, 00, 16, 00]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2232] ntdll.dll!NtQueryAttributesFile + B 7C90DEEB 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2232] ntdll.dll!NtQueryFullAttributesFile + 6 7C90DFB8 4 Bytes CALL 7B90F5BD
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2232] ntdll.dll!NtQueryFullAttributesFile + B 7C90DFBD 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2232] ntdll.dll!NtSetInformationFile + 6 7C90E5DF 4 Bytes [28, 01, 16, 00]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2232] ntdll.dll!NtSetInformationFile + B 7C90E5E4 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2232] ntdll.dll!NtSetInformationThread + 6 7C90E648 4 Bytes [28, 02, 16, 00]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2232] ntdll.dll!NtSetInformationThread + B 7C90E64D 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2232] ntdll.dll!NtUnmapViewOfSection + 6 7C90E966 1 Byte [68]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2232] ntdll.dll!NtUnmapViewOfSection + 6 7C90E966 4 Bytes [68, 03, 16, 00]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2232] ntdll.dll!NtUnmapViewOfSection + B 7C90E96B 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2232] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001701F8
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2232] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2232] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001703FC
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2232] kernel32.dll!GetBinaryTypeW + 80 7C867DCC 1 Byte [62]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2232] USER32.dll!UnhookWindowsHookEx 77D4F22E 5 Bytes JMP 003F0A08
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2232] USER32.dll!SetWindowsHookExW 77D53DEA 5 Bytes JMP 003F0804
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2232] USER32.dll!SetWindowsHookExA 77D611F1 5 Bytes JMP 003F0600
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2232] USER32.dll!SetWinEventHook 77D617D0 5 Bytes JMP 003F01F8
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2232] USER32.dll!UnhookWinEvent 77D61885 5 Bytes JMP 003F03FC
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2232] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 00501014
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2232] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 00500804
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2232] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 00500A08
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2232] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 00500C0C
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2232] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 00500E10
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2232] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 005001F8
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2232] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 005003FC
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2232] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 00500600
.text C:\Program Files\iPod\bin\iPodService.exe[2412] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001501F8
.text C:\Program Files\iPod\bin\iPodService.exe[2412] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Program Files\iPod\bin\iPodService.exe[2412] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001503FC
.text C:\Program Files\iPod\bin\iPodService.exe[2412] kernel32.dll!GetBinaryTypeW + 80 7C867DCC 1 Byte [62]
.text C:\Program Files\iPod\bin\iPodService.exe[2412] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 00381014
.text C:\Program Files\iPod\bin\iPodService.exe[2412] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 00380804
.text C:\Program Files\iPod\bin\iPodService.exe[2412] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 00380A08
.text C:\Program Files\iPod\bin\iPodService.exe[2412] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 00380C0C
.text C:\Program Files\iPod\bin\iPodService.exe[2412] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 00380E10
.text C:\Program Files\iPod\bin\iPodService.exe[2412] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 003801F8
.text C:\Program Files\iPod\bin\iPodService.exe[2412] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 003803FC
.text C:\Program Files\iPod\bin\iPodService.exe[2412] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 00380600
.text C:\Program Files\iPod\bin\iPodService.exe[2412] USER32.dll!UnhookWindowsHookEx 77D4F22E 5 Bytes JMP 00390A08
.text C:\Program Files\iPod\bin\iPodService.exe[2412] USER32.dll!SetWindowsHookExW 77D53DEA 5 Bytes JMP 00390804
.text C:\Program Files\iPod\bin\iPodService.exe[2412] USER32.dll!SetWindowsHookExA 77D611F1 5 Bytes JMP 00390600
.text C:\Program Files\iPod\bin\iPodService.exe[2412] USER32.dll!SetWinEventHook 77D617D0 5 Bytes JMP 003901F8
.text C:\Program Files\iPod\bin\iPodService.exe[2412] USER32.dll!UnhookWinEvent 77D61885 5 Bytes JMP 003903FC
.text C:\Documents and Settings\Administrator\My Documents\Downloads\nvhzjqe1.exe[2656] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001501F8
.text C:\Documents and Settings\Administrator\My Documents\Downloads\nvhzjqe1.exe[2656] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Documents and Settings\Administrator\My Documents\Downloads\nvhzjqe1.exe[2656] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001503FC
.text C:\Documents and Settings\Administrator\My Documents\Downloads\nvhzjqe1.exe[2656] kernel32.dll!GetBinaryTypeW + 80 7C867DCC 1 Byte [62]
.text C:\Documents and Settings\Administrator\My Documents\Downloads\nvhzjqe1.exe[2656] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 003D1014
.text C:\Documents and Settings\Administrator\My Documents\Downloads\nvhzjqe1.exe[2656] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 003D0804
.text C:\Documents and Settings\Administrator\My Documents\Downloads\nvhzjqe1.exe[2656] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 003D0A08
.text C:\Documents and Settings\Administrator\My Documents\Downloads\nvhzjqe1.exe[2656] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 003D0C0C
.text C:\Documents and Settings\Administrator\My Documents\Downloads\nvhzjqe1.exe[2656] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 003D0E10
.text C:\Documents and Settings\Administrator\My Documents\Downloads\nvhzjqe1.exe[2656] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 003D01F8
.text C:\Documents and Settings\Administrator\My Documents\Downloads\nvhzjqe1.exe[2656] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 003D03FC
.text C:\Documents and Settings\Administrator\My Documents\Downloads\nvhzjqe1.exe[2656] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 003D0600
.text C:\Documents and Settings\Administrator\My Documents\Downloads\nvhzjqe1.exe[2656] USER32.dll!UnhookWindowsHookEx 77D4F22E 5 Bytes JMP 003E0A08
.text C:\Documents and Settings\Administrator\My Documents\Downloads\nvhzjqe1.exe[2656] USER32.dll!SetWindowsHookExW 77D53DEA 5 Bytes JMP 003E0804
.text C:\Documents and Settings\Administrator\My Documents\Downloads\nvhzjqe1.exe[2656] USER32.dll!SetWindowsHookExA 77D611F1 5 Bytes JMP 003E0600
.text C:\Documents and Settings\Administrator\My Documents\Downloads\nvhzjqe1.exe[2656] USER32.dll!SetWinEventHook 77D617D0 5 Bytes JMP 003E01F8
.text C:\Documents and Settings\Administrator\My Documents\Downloads\nvhzjqe1.exe[2656] USER32.dll!UnhookWinEvent 77D61885 5 Bytes JMP 003E03FC
.text C:\WINDOWS\System32\alg.exe[2872] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\alg.exe[2872] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[2872] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\alg.exe[2872] kernel32.dll!GetBinaryTypeW + 80 7C867DCC 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[2872] USER32.dll!UnhookWindowsHookEx 77D4F22E 5 Bytes JMP 002A0A08
.text C:\WINDOWS\System32\alg.exe[2872] USER32.dll!SetWindowsHookExW 77D53DEA 5 Bytes JMP 002A0804
.text C:\WINDOWS\System32\alg.exe[2872] USER32.dll!SetWindowsHookExA 77D611F1 5 Bytes JMP 002A0600
.text C:\WINDOWS\System32\alg.exe[2872] USER32.dll!SetWinEventHook 77D617D0 5 Bytes JMP 002A01F8
.text C:\WINDOWS\System32\alg.exe[2872] USER32.dll!UnhookWinEvent 77D61885 5 Bytes JMP 002A03FC
.text C:\WINDOWS\System32\alg.exe[2872] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 002B1014
.text C:\WINDOWS\System32\alg.exe[2872] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\alg.exe[2872] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\alg.exe[2872] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\System32\alg.exe[2872] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 002B0E10
.text C:\WINDOWS\System32\alg.exe[2872] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\alg.exe[2872] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\alg.exe[2872] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 002B0600
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2888] ntdll.dll!NtCreateFile + 6 7C90D688 4 Bytes [28, 00, 16, 00]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2888] ntdll.dll!NtCreateFile + B 7C90D68D 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2888] ntdll.dll!NtMapViewOfSection + 6 7C90DC5B 1 Byte [28]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2888] ntdll.dll!NtMapViewOfSection + 6 7C90DC5B 4 Bytes [28, 03, 16, 00]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2888] ntdll.dll!NtMapViewOfSection + B 7C90DC60 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2888] ntdll.dll!NtOpenFile + 6 7C90DD03 4 Bytes [68, 00, 16, 00]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2888] ntdll.dll!NtOpenFile + B 7C90DD08 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2888] ntdll.dll!NtOpenProcess + 6 7C90DD81 4 Bytes [A8, 01, 16, 00]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2888] ntdll.dll!NtOpenProcess + B 7C90DD86 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2888] ntdll.dll!NtOpenProcessToken + 6 7C90DD96 4 Bytes CALL 7B90F39C
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2888] ntdll.dll!NtOpenProcessToken + B 7C90DD9B 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2888] ntdll.dll!NtOpenProcessTokenEx + 6 7C90DDAB 4 Bytes [A8, 02, 16, 00]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2888] ntdll.dll!NtOpenProcessTokenEx + B 7C90DDB0 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2888] ntdll.dll!NtOpenThread + 6 7C90DDFF 4 Bytes [68, 01, 16, 00]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2888] ntdll.dll!NtOpenThread + B 7C90DE04 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2888] ntdll.dll!NtOpenThreadToken + 6 7C90DE14 4 Bytes [68, 02, 16, 00]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2888] ntdll.dll!NtOpenThreadToken + B 7C90DE19 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2888] ntdll.dll!NtOpenThreadTokenEx + 6 7C90DE29 4 Bytes CALL 7B90F430
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2888] ntdll.dll!NtOpenThreadTokenEx + B 7C90DE2E 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2888] ntdll.dll!NtQueryAttributesFile + 6 7C90DEE6 4 Bytes [A8, 00, 16, 00]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2888] ntdll.dll!NtQueryAttributesFile + B 7C90DEEB 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2888] ntdll.dll!NtQueryFullAttributesFile + 6 7C90DFB8 4 Bytes CALL 7B90F5BD
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2888] ntdll.dll!NtQueryFullAttributesFile + B 7C90DFBD 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2888] ntdll.dll!NtSetInformationFile + 6 7C90E5DF 4 Bytes [28, 01, 16, 00]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2888] ntdll.dll!NtSetInformationFile + B 7C90E5E4 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2888] ntdll.dll!NtSetInformationThread + 6 7C90E648 4 Bytes [28, 02, 16, 00]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2888] ntdll.dll!NtSetInformationThread + B 7C90E64D 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2888] ntdll.dll!NtUnmapViewOfSection + 6 7C90E966 1 Byte [68]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2888] ntdll.dll!NtUnmapViewOfSection + 6 7C90E966 4 Bytes [68, 03, 16, 00]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2888] ntdll.dll!NtUnmapViewOfSection + B 7C90E96B 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2888] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001701F8
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2888] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2888] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001703FC
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2888] kernel32.dll!GetBinaryTypeW + 80 7C867DCC 1 Byte [62]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2888] USER32.dll!UnhookWindowsHookEx 77D4F22E 5 Bytes JMP 003F0A08
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2888] USER32.dll!SetWindowsHookExW 77D53DEA 5 Bytes JMP 003F0804
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2888] USER32.dll!SetWindowsHookExA 77D611F1 5 Bytes JMP 003F0600
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2888] USER32.dll!SetWinEventHook 77D617D0 5 Bytes JMP 003F01F8
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2888] USER32.dll!UnhookWinEvent 77D61885 5 Bytes JMP 003F03FC
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2888] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 00501014
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2888] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 00500804
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2888] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 00500A08
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2888] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 00500C0C
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2888] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 00500E10
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2888] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 005001F8
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2888] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 005003FC
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2888] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 00500600
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3008] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001501F8
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3008] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3008] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001503FC
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3008] kernel32.dll!GetBinaryTypeW + 80 7C867DCC 1 Byte [62]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3008] USER32.dll!UnhookWindowsHookEx 77D4F22E 5 Bytes JMP 00380A08
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3008] USER32.dll!SetWindowsHookExW 77D53DEA 5 Bytes JMP 00380804
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3008] USER32.dll!SetWindowsHookExA 77D611F1 5 Bytes JMP 00380600
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3008] USER32.dll!SetWinEventHook 77D617D0 5 Bytes JMP 003801F8
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3008] USER32.dll!UnhookWinEvent 77D61885 5 Bytes JMP 003803FC
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3008] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 00391014
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3008] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 00390804
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3008] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 00390A08
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3008] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 00390C0C
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3008] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 00390E10
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3008] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 003901F8
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3008] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 003903FC
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3008] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 00390600
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3344] ntdll.dll!NtCreateFile + 6 7C90D688 4 Bytes [28, 00, 16, 00]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3344] ntdll.dll!NtCreateFile + B 7C90D68D 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3344] ntdll.dll!NtMapViewOfSection + 6 7C90DC5B 1 Byte [28]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3344] ntdll.dll!NtMapViewOfSection + 6 7C90DC5B 4 Bytes [28, 03, 16, 00]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3344] ntdll.dll!NtMapViewOfSection + B 7C90DC60 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3344] ntdll.dll!NtOpenFile + 6 7C90DD03 4 Bytes [68, 00, 16, 00]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3344] ntdll.dll!NtOpenFile + B 7C90DD08 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3344] ntdll.dll!NtOpenProcess + 6 7C90DD81 4 Bytes [A8, 01, 16, 00]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3344] ntdll.dll!NtOpenProcess + B 7C90DD86 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3344] ntdll.dll!NtOpenProcessToken + 6 7C90DD96 4 Bytes CALL 7B90F39C
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3344] ntdll.dll!NtOpenProcessToken + B 7C90DD9B 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3344] ntdll.dll!NtOpenProcessTokenEx + 6 7C90DDAB 4 Bytes [A8, 02, 16, 00]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3344] ntdll.dll!NtOpenProcessTokenEx + B 7C90DDB0 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3344] ntdll.dll!NtOpenThread + 6 7C90DDFF 4 Bytes [68, 01, 16, 00]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3344] ntdll.dll!NtOpenThread + B 7C90DE04 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3344] ntdll.dll!NtOpenThreadToken + 6 7C90DE14 4 Bytes [68, 02, 16, 00]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3344] ntdll.dll!NtOpenThreadToken + B 7C90DE19 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3344] ntdll.dll!NtOpenThreadTokenEx + 6 7C90DE29 4 Bytes CALL 7B90F430
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3344] ntdll.dll!NtOpenThreadTokenEx + B 7C90DE2E 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3344] ntdll.dll!NtQueryAttributesFile + 6 7C90DEE6 4 Bytes [A8, 00, 16, 00]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3344] ntdll.dll!NtQueryAttributesFile + B 7C90DEEB 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3344] ntdll.dll!NtQueryFullAttributesFile + 6 7C90DFB8 4 Bytes CALL 7B90F5BD
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3344] ntdll.dll!NtQueryFullAttributesFile + B 7C90DFBD 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3344] ntdll.dll!NtSetInformationFile + 6 7C90E5DF 4 Bytes [28, 01, 16, 00]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3344] ntdll.dll!NtSetInformationFile + B 7C90E5E4 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3344] ntdll.dll!NtSetInformationThread + 6 7C90E648 4 Bytes [28, 02, 16, 00]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3344] ntdll.dll!NtSetInformationThread + B 7C90E64D 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3344] ntdll.dll!NtUnmapViewOfSection + 6 7C90E966 1 Byte [68]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3344] ntdll.dll!NtUnmapViewOfSection + 6 7C90E966 4 Bytes [68, 03, 16, 00]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3344] ntdll.dll!NtUnmapViewOfSection + B 7C90E96B 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3344] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001701F8
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3344] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3344] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001703FC
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3344] kernel32.dll!GetBinaryTypeW + 80 7C867DCC 1 Byte [62]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3344] USER32.dll!UnhookWindowsHookEx 77D4F22E 5 Bytes JMP 003F0A08
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Go

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6763

Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.11

6/3/2011 11:30:48 PM
mbam-log-2011-06-03 (23-30-48).txt

Scan type: Full scan (C:\|)
Objects scanned: 183704
Time elapsed: 19 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 10

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Value: ForceClassicControlPanel -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Value: ForceClassicControlPanel -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp (PUM.Hijack.Help) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5\0JBN3QC8\aeznbyf[1].gif (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5\0JBN3QC8\bb6[1].jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5\0JBN3QC8\zeyfwn[1].jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5\9VVYTU5S\fwmbexpc[1].png (Worm.Conficker) -> Quarantined and deleted successfully.
c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5\A3Z1ZOMZ\jzvouw[1].gif (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5\A3Z1ZOMZ\lbshjbm[1].bmp (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5\A3Z1ZOMZ\qrpe[1].jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5\NNAHQP0Z\afyjlumu[1].bmp (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5\NNAHQP0Z\xlriqih[1].bmp (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\uwhnk.dll (Worm.Conficker) -> Delete on reboot.

.
DDS (Ver_2011-06-03.01) - NTFSx86
Internet Explorer: 7.0.5730.11
Run by Administrator at 23:32:42 on 2011-06-03
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1279 [GMT -5:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEBS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2776682
uWindow Title = Windows Internet Explorer provided by Windows uE
mDefault_Page_URL = hxxp://www.windowsue.com
mStart Page = hxxp://www.windowsue.com
uURLSearchHooks: BrotherSoft Extreme Toolbar: {51a86bb3-6602-4c85-92a5-130ee4864f13} - c:\program files\brothersoft_extreme\prxtbBrot.dll
mWinlogon: SfcDisable=-99 (0xffffff9d)
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
BHO: BrotherSoft Extreme Toolbar: {51a86bb3-6602-4c85-92a5-130ee4864f13} - c:\program files\brothersoft_extreme\prxtbBrot.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: BrotherSoft Extreme Toolbar: {51a86bb3-6602-4c85-92a5-130ee4864f13} - c:\program files\brothersoft_extreme\prxtbBrot.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [EPSON Stylus T10 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatiebs.exe /fu "c:\windows\temp\E_S87.tmp" /EF "HKCU"
uRun: [Yahoo! Pager] "c:\progra~1\yahoo!\messen~1\YAHOOM~1.EXE" -quiet
uRun: [Google Update] "c:\documents and settings\administrator\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [QuickTime Task] "c:\program files\quicktime alternative\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
dRunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs"
StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\warkey~1.lnk - c:\program files\warkeys\autowarkey\autohotkey\AutoHotkey.exe
uPolicies-explorer: NoResolveTrack = 1 (0x1)
uPolicies-explorer: NoSMMyPictures = 1 (0x1)
uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
mPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
dPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
dPolicies-explorer: NoResolveTrack = 1 (0x1)
dPolicies-explorer: NoSMMyPictures = 1 (0x1)
dPolicies-explorer: NoSMHelp = 1 (0x1)
dPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1306873887328
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
TCP: Interfaces\{65AFADF2-7BCE-4943-A604-86EEE9493910} : NameServer = 210.4.2.61 202.78.117.7
TCP: Interfaces\{7CAFD246-5584-4F81-AAD7-E489C4A628B8} : DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{C5F9631D-A846-4886-87CB-B9B02808281E} : DhcpNameServer = 210.4.2.61 202.78.117.7
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\vgv5h33i.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2776682&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - BrotherSoft Extreme Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2776682&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2776682&SearchSource=2&q=
FF - plugin: c:\documents and settings\administrator\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
.
============= SERVICES / DRIVERS ===============
.
R0 iteraid;ITERAID_Service_Install;c:\windows\system32\drivers\iteraid.sys [2011-5-28 25105]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-5-28 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-5-28 307928]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-5-28 19544]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-5-28 42184]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-6-3 366640]
R2 RPCQT;Remote Procedure Call (CQTPM);c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-6-3 22712]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-6-3 39984]
S3 FXDRV;FXDRV;\??\f:\fxdrv.sys --> f:\Fxdrv.sys [?]
S3 GarenaPEngine;GarenaPEngine;c:\windows\temp\PQX37.tmp [2011-5-31 25616]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\garena\safedrv.sys --> c:\program files\garena\safedrv.sys [?]
.
=============== Created Last 30 ================
.
2011-06-04 04:27:57 -------- d-----w- c:\program files\VideoLAN
2011-06-04 03:42:43 -------- d-----w- c:\documents and settings\administrator\application data\Malwarebytes
2011-06-04 03:42:38 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-04 03:42:37 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-06-04 03:42:34 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-04 03:42:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-04 03:31:20 -------- d-----w- c:\documents and settings\administrator\local settings\application data\BitTorrentBar
2011-06-03 22:56:53 -------- d-----w- c:\program files\ESET
2011-06-03 19:54:42 -------- d-----w- c:\program files\Warkeys
2011-06-03 19:27:10 -------- d-----w- c:\program files\Garena
2011-06-03 19:14:49 -------- d-----w- c:\program files\Warcraft III Reign of Chaos & The Frozen Throne
2011-06-02 20:45:21 -------- d-----w- c:\documents and settings\administrator\application data\AMPSoft
2011-06-02 14:12:17 -------- d-----w- c:\windows\system32\directx
2011-06-02 14:12:15 -------- d-----w- c:\windows\Logs
2011-06-01 04:30:18 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-06-01 04:30:18 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2011-06-01 04:29:52 -------- d-----w- c:\program files\iPod
2011-06-01 04:29:50 -------- d-----w- c:\program files\iTunes
2011-06-01 04:29:50 -------- d-----w- c:\documents and settings\all users\application data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-06-01 04:29:35 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2011-06-01 04:29:35 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2011-06-01 04:29:35 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2011-06-01 04:29:35 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2011-06-01 04:29:35 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2011-06-01 04:28:56 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Apple
2011-06-01 04:28:32 -------- d-----w- c:\program files\Bonjour
2011-06-01 04:27:42 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Apple Computer
2011-05-31 21:11:52 -------- d-----w- c:\documents and settings\administrator\application data\bizarre creations
2011-05-31 20:59:39 1892184 ----a-w- c:\windows\system32\d3dx9_42.dll
2011-05-31 20:53:29 737280 ----a-w- c:\windows\system32\msidcrl40.dll
2011-05-31 20:52:06 14311680 ----a-w- c:\windows\system32\xlive.dll
2011-05-31 20:33:53 21728 ----a-w- c:\windows\system32\wucltui.dll.mui
2011-05-31 20:33:53 17632 ----a-w- c:\windows\system32\wuaueng.dll.mui
2011-05-31 20:33:53 15072 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2011-05-31 20:33:52 15064 ----a-w- c:\windows\system32\wuapi.dll.mui
2011-05-31 20:33:52 -------- d-----w- c:\windows\system32\SoftwareDistribution
2011-05-31 20:25:41 -------- d-----w- c:\documents and settings\administrator\local settings\application data\BrotherSoft_Extreme
2011-05-31 20:25:40 -------- d-----w- c:\program files\BrotherSoft_Extreme
2011-05-31 20:25:03 -------- d-----w- c:\documents and settings\administrator\local settings\application data\CAPCOM
2011-05-31 20:15:50 -------- d-----w- c:\documents and settings\administrator\application data\GetRightToGo
2011-05-31 19:56:21 -------- d-----w- c:\documents and settings\administrator\application data\2K Sports
2011-05-31 17:18:56 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Google
2011-05-31 15:21:39 -------- d-----w- C:\TEMP
2011-05-31 15:00:18 -------- d-----w- c:\program files\common files\Macrovision Shared
2011-05-29 14:31:47 -------- d-----w- c:\documents and settings\administrator\application data\mjusbsp
2011-05-29 14:27:18 59264 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2011-05-29 14:27:10 31616 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-05-29 03:45:05 282624 ----a-w- c:\program files\common files\installshield\updateservice\agent.exe
2011-05-29 03:44:06 -------- d-----w- c:\documents and settings\all users\application data\UDL
2011-05-29 03:42:32 80024 ----a-w- c:\windows\system32\PICSDK.dll
2011-05-29 03:42:32 71840 ----a-w- c:\windows\system32\EPPicMgr.dll
2011-05-29 03:42:32 501912 ----a-w- c:\windows\system32\PICSDK2.dll
2011-05-29 03:42:32 120992 ----a-w- c:\windows\system32\EpPicPrt.dll
2011-05-29 03:42:32 108704 ----a-w- c:\windows\system32\PICEntry.dll
2011-05-29 03:42:16 -------- d-----w- c:\program files\EPSON
2011-05-29 03:41:41 -------- d-----w- c:\documents and settings\all users\application data\EPSON
2011-05-29 03:41:38 8192 ----a-w- c:\windows\system32\E_DCINST.DLL
2011-05-29 03:41:34 86528 ----a-w- c:\windows\system32\E_FLBEBS.DLL
2011-05-29 03:41:34 78848 ----a-w- c:\windows\system32\E_FD4BEBS.DLL
2011-05-29 02:40:45 -------- d-----w- c:\program files\Conduit
2011-05-29 02:40:45 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Conduit
2011-05-29 02:40:44 -------- d-----w- c:\program files\ConduitEngine
2011-05-29 02:40:44 -------- d-----w- c:\documents and settings\administrator\local settings\application data\ConduitEngine
2011-05-29 02:40:39 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Temp
2011-05-29 02:39:27 -------- d-----w- c:\documents and settings\administrator\application data\BitTorrent
2011-05-29 02:20:12 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2011-05-28 23:31:19 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-28 09:07:55 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Mozilla
2011-05-28 06:17:08 -------- d-----w- c:\windows\system32\Lang
2011-05-28 06:15:01 69632 ----a-r- c:\windows\ALCMTR.EXE
2011-05-28 06:15:01 -------- d-----w- c:\windows\system32\RTCOM
2011-05-28 06:12:51 25105 ----a-r- c:\windows\system32\drivers\iteraid.sys
2011-05-28 06:12:04 126720 ----a-r- c:\windows\system32\drivers\b57xp32.sys
2011-05-28 06:11:50 -------- d-----w- c:\program files\Broadcom
2011-05-28 06:10:06 6272 ----a-w- c:\windows\system32\drivers\splitter.sys
2011-05-28 06:10:04 82944 ----a-w- c:\windows\system32\drivers\wdmaud.sys
2011-05-28 06:10:01 52864 ----a-w- c:\windows\system32\drivers\DMusic.sys
2011-05-28 06:10:00 54272 ----a-w- c:\windows\system32\drivers\swmidi.sys
2011-05-28 06:07:24 -------- d-----w- c:\program files\SuperUtility
2011-05-28 06:07:18 696320 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iKernel.dll
2011-05-28 06:07:18 57344 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\ctor.dll
2011-05-28 06:07:18 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\DotNetInstaller.exe
2011-05-28 06:07:18 32768 ----a-w- c:\program files\common files\installshield\professional\runtime\Objectps.dll
2011-05-28 06:07:18 237568 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iscript.dll
2011-05-28 06:07:18 155648 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iuser.dll
2011-05-28 06:07:12 282756 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\setup.dll
2011-05-28 06:07:12 163972 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iGdi.dll
2011-05-28 06:03:26 -------- d-----w- c:\windows\system32\ReinstallBackups
2011-05-28 06:02:52 1409 ----a-w- c:\windows\QTFont.for
2011-05-28 05:58:04 -------- d-----w- c:\documents and settings\all users\application data\NVIDIA Corporation
2011-05-28 05:58:02 234112 ----a-w- c:\windows\system32\nvdrsdb0.bin
2011-05-28 05:58:00 234112 ----a-w- c:\windows\system32\nvdrsdb1.bin
2011-05-28 05:58:00 1 ----a-w- c:\windows\system32\nvdrssel.bin
2011-05-28 05:57:48 -------- d-----w- c:\program files\NVIDIA Corporation
2011-05-28 05:55:38 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-05-28 05:55:29 40112 ----a-w- c:\windows\avastSS.scr
2011-05-28 05:55:20 -------- d-----w- c:\program files\AVAST Software
2011-05-28 05:55:20 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
.
==================== Find3M ====================
.
2011-05-31 20:32:54 716153 ----a-w- c:\windows\system32\unins000.exe
2011-05-28 04:27:47 69632 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-28 04:18:04 639224 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-04-06 21:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 21:20:16 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2011-04-06 21:20:16 197920 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 21:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
2008-03-09 12:25:10 236 ----a-w- c:\program files\common files\dx.reg
.
============= FINISH: 23:33:40.62 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-03.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 5/27/2011 11:18:18 PM
System Uptime: 6/3/2011 10:15:49 PM (1 hours ago)
.
Motherboard: | | Glenwood
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | Socket 478 | 3000/200mhz
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | Socket 478 | 3000/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: RAID Controller
Device ID: PCI\VEN_1095&DEV_3114&SUBSYS_0CC1105B&REV_02\4&1AF1648C&0&30F0
Manufacturer:
Name: RAID Controller
PNP Device ID: PCI\VEN_1095&DEV_3114&SUBSYS_0CC1105B&REV_02\4&1AF1648C&0&30F0
Service:
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Drive CS4
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Fonts All
Adobe Linguistics CS4
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Reader 8
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Shockwave Player
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Apple Application Support
Apple Mobile Device Support
Apple Software Update
avast! Free Antivirus
Bonjour
Broadcom Gigabit Integrated Controller
BrotherSoft Extreme Toolbar
Camera RAW Plug-In for EPSON Creativity Suite
Conduit Engine
Connect
DirectX10 RC2 Pre Fix 3
EPSON Attach To Email
EPSON Easy Photo Print
EPSON File Manager
EPSON Scan Assistant
EPSON Stylus S20_T10_T20 Manual
EPSON Stylus T10 Series Printer Uninstall
EPSON Web-To-Page
Garena 2010
Google Chrome
High Definition Audio Driver Package - KB835221
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
iTunes
Java(TM) SE Runtime Environment 6
kuler
Malwarebytes' Anti-Malware version 1.51.0.1200
Microsoft .NET Framework 1.1 SP1 with KB886903 Hotfix
Microsoft .NET Framework 2.0 with Security Updates
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox 4.0.1 (x86 en-US)
Nero 7.5.9.0A
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA nView Desktop Manager
NVIDIA PhysX
PDF Settings CS4
Photoshop Camera Raw
PowerDVD
QuickTime
QuickTime Alternative 1.76
Real Alternative 1.51 Lite
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Microsoft .NET Framework 2.0 (KB922770)
Suite Shared Configuration CS4
SuperUtility
VLC media player 1.1.9
Warcraft III Reign of Chaos & The Frozen Throne
Warkeys 1.18.1.0b
Winamp AudioPlayer
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
WinRAR archiver
Yahoo! Messenger
.
==== Event Viewer Messages From Past Week ========
.
6/3/2011 8:21:40 PM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
6/3/2011 8:21:35 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/3/2011 2:29:55 PM, error: Service Control Manager [7000] - The GGSAFER Driver service failed to start due to the following error: The system cannot find the path specified.
6/1/2011 9:38:00 AM, error: ipnathlp [32003] - The Network Address Translator (NAT) was unable to request an operation of the kernel-mode translation module. This may indicate misconfiguration, insufficient resources, or an internal error. The data is the error code.
6/1/2011 8:26:43 AM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
6/1/2011 12:50:08 PM, error: Dhcp [1002] - The IP address lease 192.168.1.3 for the Network Card with network address 00016CC98585 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
6/1/2011 11:13:40 PM, error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/1/2011 1:07:14 PM, error: Dhcp [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 00016CC98585 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
5/31/2011 9:55:21 PM, error: Dhcp [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 00016CC98586 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
5/31/2011 5:35:49 PM, error: Dhcp [1002] - The IP address lease 192.168.1.101 for the Network Card with network address 00016CC98586 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
5/31/2011 4:05:50 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC80.CRT. Reference error message: The referenced assembly is not installed on your system. .
5/31/2011 4:05:50 PM, error: SideBySide [59] - Generate Activation Context failed for E:\Battlefield Bad Company 2\BFBC2Game.exe. Reference error message: The operation completed successfully. .
5/31/2011 4:05:50 PM, error: SideBySide [32] - Dependent Assembly Microsoft.VC80.CRT could not be found and Last Error was The referenced assembly is not installed on your system.
5/31/2011 2:55:48 PM, error: SideBySide [59] - Generate Activation Context failed for E:\New Folder\New Folder (2)\New Folder (3)\New Folder\Battlefield Bad Company 2\BFBC2Game.exe. Reference error message: The operation completed successfully. .
5/30/2011 7:12:53 AM, error: Dhcp [1002] - The IP address lease 192.168.1.100 for the Network Card with network address 00016CC98586 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
5/30/2011 6:36:52 PM, error: Dhcp [1002] - The IP address lease 192.168.1.100 for the Network Card with network address 00016CC98585 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
5/30/2011 5:36:35 AM, error: Service Control Manager [7034] - The Workstation service terminated unexpectedly. It has done this 1 time(s).
5/30/2011 5:36:35 AM, error: Service Control Manager [7034] - The Wireless Zero Configuration service terminated unexpectedly. It has done this 1 time(s).
5/30/2011 5:36:35 AM, error: Service Control Manager [7034] - The Windows Time service terminated unexpectedly. It has done this 1 time(s).
5/30/2011 5:36:35 AM, error: Service Control Manager [7034] - The Windows Firewall/Internet Connection Sharing (ICS) service terminated unexpectedly. It has done this 1 time(s).
5/30/2011 5:36:35 AM, error: Service Control Manager [7034] - The Windows Audio service terminated unexpectedly. It has done this 1 time(s).
5/30/2011 5:36:35 AM, error: Service Control Manager [7034] - The Telephony service terminated unexpectedly. It has done this 1 time(s).
5/30/2011 5:36:35 AM, error: Service Control Manager [7034] - The System Event Notification service terminated unexpectedly. It has done this 1 time(s).
5/30/2011 5:36:35 AM, error: Service Control Manager [7034] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s).
5/30/2011 5:36:35 AM, error: Service Control Manager [7034] - The Server service terminated unexpectedly. It has done this 1 time(s).
5/30/2011 5:36:35 AM, error: Service Control Manager [7034] - The Secondary Logon service terminated unexpectedly. It has done this 1 time(s).
5/30/2011 5:36:35 AM, error: Service Control Manager [7034] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 1 time(s).
5/30/2011 5:36:35 AM, error: Service Control Manager [7034] - The Network Location Awareness (NLA) service terminated unexpectedly. It has done this 1 time(s).
5/30/2011 5:36:35 AM, error: Service Control Manager [7034] - The Network Connections service terminated unexpectedly. It has done this 1 time(s).
5/30/2011 5:36:35 AM, error: Service Control Manager [7034] - The Logical Disk Manager service terminated unexpectedly. It has done this 1 time(s).
5/30/2011 5:36:35 AM, error: Service Control Manager [7034] - The DHCP Client service terminated unexpectedly. It has done this 1 time(s).
5/30/2011 5:36:35 AM, error: Service Control Manager [7034] - The Cryptographic Services service terminated unexpectedly. It has done this 1 time(s).
5/30/2011 5:36:35 AM, error: Service Control Manager [7034] - The Computer Browser service terminated unexpectedly. It has done this 1 time(s).
5/30/2011 5:36:35 AM, error: Service Control Manager [7034] - The COM+ Event System service terminated unexpectedly. It has done this 1 time(s).
5/30/2011 5:36:35 AM, error: Service Control Manager [7034] - The Automatic Updates service terminated unexpectedly. It has done this 1 time(s).
5/30/2011 5:36:35 AM, error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/30/2011 5:36:35 AM, error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/30/2011 5:36:35 AM, error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 6000 milliseconds: Restart the service.
5/30/2011 5:36:35 AM, error: Service Control Manager [7031] - The Help and Support service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
5/30/2011 4:58:28 AM, error: Dhcp [1002] - The IP address lease 192.168.1.101 for the Network Card with network address 00016CC98585 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
5/28/2011 6:00:36 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
5/28/2011 1:08:00 AM, error: Cdrom [11] - The driver detected a controller error on \Device\CdRom0.
5/27/2011 11:18:26 PM, error: Setup [60055] - Windows Setup encountered non-fatal errors during installation. Please check the setuperr.log found in your Windows directory for more information.
.
==== End Of File ===========================

Here are all the logs. I hope you can help me. I really can't work because of this virus. Thankyou

I see no combofix log. You said you ran that. Where do you see info about a rootkit?

I see no combofix log. You said you ran that. Where do you see info about a rootkit?

i did, after the scan it said "Rootkit Activity found, please reboot" so i rebooted. where do i see the combofix log? should i run it again?

just to give you further information.. my computer is protected my avast.. and often times.. it pops up that it has blocked "Win32/x" classified as : sometimes Win32: Confi [Wrm] or Win32:Malware-gen or Win32: Rootkit-gen [Rtk]

also.. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5 is flooded with jpeg , png , bitmap files that are considered high risk threats by my anti virus... if i clean it.. it slowly comes back again.

where do i see the combofix log? should i run it again?
You see, here is the problem running a program like combofix without first being told to do so. You obviously didn't read the instructions for running it when you read whatever thread you found in on.
The combofix log will be found at C:\ComboFix.txt.

Absolutely DO NOT run it again unless I tell you to run it, leave it on the desktop and don't touch it unless I tell you to do so. That also is stated clearly in the instructions given to those we ASK to run combofix.

i'm really sorry. i don't have the combofix log.. i must have done something wrong.. i'm sorry.. i was so desperate to fix my computer that's why i followed what you said to the other user.. i'll gladly obey whatever you say now. what should i do now sir?

What did you do with the combofix log?

What did you do with the combofix log?

it's not in C:/Combofix log. I don't know.. When it said that "Rootkit activity found, reboot the system" i restarted it.

I am experiencing exactly the same problems where after a while of being on my xp will change the startbar style, sound mixer will become unusable and some sites I try to go to from google.com do not get displayed (browsers will connect to the site but not display the html). I noticed, as I have firefox set up to reload my last tabs, if I encounter this browsing problem the close ff and reopen it will successfully show the site.

I recently ran ComboFix to fix an error with my hosts file as I had the redirecting virus. If it would help I could post my ComboFix log. I am eager to find the cause of this problem as it is seriously perplexing me and causing me to have to restart my pc whenever I want to change sound levels. I don't see any foreign process running in taskbar.

As I was typing this I was dowloading and running MalwareBytes and apparently it was blocking access to a malicious site (208.73.210.29) - this was while firefox was open. Curiously, I am not experiencing site display issues if I use Chrome. Could this virus be firefox specific? I pretty sure the taskbar and sound fail even though firefox is not actively running though.

Sabre2th, you need to begin your own thread and not post in somebody else's thread. Please do not run combofix without first being asked to do so. Follow the steps given in our Read Me First sticky and then create your own thread with the requested logs.

try downloading malwarebytes running a full deep scan and see if that works if not AVGFULLINTERNETSEcURITY has a function that should remove this and maybe try avast!'s PUP scan.

try downloading malwarebytes running a full deep scan and see if that works if not AVGFULLINTERNETSEcURITY has a function that should remove this and maybe try avast!'s PUP scan.

If you had read the full thread you would have seen the poster all ready has run MBA-M on Jun 3rd, 2011

i had the same problem and i still have it...but i found the way how to turn it off...
"wscntfy.exe" is the problem, turn it off, but not the system process, turn it off in your user name if you know what i mean...example: wscntfy.exe SYSTEM
wscntfy.exe David
turn off the "David" one...do not touch the system process...i dont know how much that's effective but i noticed my sound doesn't go away when i turn it off...and if taskbar changes to classic just task kill explorer.exe and than turn it on again, it should get your bar back to normal...about blocking internet, virus is in internet temporary files. u cant delete it its probably somewhere in registers and i didnt found where yet...i only found that wscntfy.exe is a problem(not the system one)...
once long time ago i deleted that virus with anti malwere, thing is i didnt press remove, i just jumped to location and deleted by hand, and later deleted it from trash and problem vas solved, now it wont work like that. I am still checking this out if virus is still gona block my internet when i turned off wscntfy.exe, btw turn off all suspicious in registers in RUN section...if u found some other better way how to get rid of it, please post it here. Also try registrybooster, download it from pirates bay, it will delete all errors from registers. goodluck

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.