[RESOLVED] Malware Zoo

101 posts in this topic

Post #: 1   Posted

Win XP SP3 on Dell Dimension

Computer: has 'Malware Protection' infection; IE autostarts at boot; music autostarts at boot; browser re-directs; won't re-start (shuts down desktop and logs off but doesn't re-start); has boot up warning from Avast "Unauthorized change to program file"; Win firewall prompts about IE activity.

Logs (MBAM in Safe Mode + I chose to not have MBAM repair System Restore infections)

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6644

Windows 5.1.2600 Service Pack 3 (Safe Mode)

Internet Explorer 8.0.6001.18702

5/22/2011 9:19:41 PM

mbam-log-2011-05-22 (21-19-41).txt

Scan type: Full scan (C:\|)

Objects scanned: 230785

Time elapsed: 23 minute(s), 5 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 8

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\documents and settings\patti orchowski\application data\Sun\Java\deployment\cache\6.0\8\4ef70688-4098fa49 (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.

c:\documents and settings\patti orchowski\local settings\Temp\10.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.

c:\documents and settings\patti orchowski\local settings\Temp\F.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.

c:\documents and settings\patti orchowski\local settings\Temp\jar_cache986586296043204120.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.

c:\system volume information\_restore{202550a8-7a33-4bca-9586-051d24ddbf8f}\RP715\A0064989.exe (Rogue.Installer.Gen) -> Not selected for removal.

c:\system volume information\_restore{202550a8-7a33-4bca-9586-051d24ddbf8f}\RP715\A0067019.exe (Rogue.FakeHDD) -> Not selected for removal.

c:\system volume information\_restore{202550a8-7a33-4bca-9586-051d24ddbf8f}\RP715\A0067061.exe (Rogue.FakeHDD) -> Not selected for removal.

c:\documents and settings\all users\application data\defender.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

GMER

GMER 1.0.15.15627 - http://www.gmer.net

Rootkit scan 2011-05-22 22:53:58

Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\0000005c WDC_WD800JD-75MSA3 rev.10.01E04

Running: 7yn2yncm.exe; Driver: C:\DOCUME~1\PATTIO~1\LOCALS~1\Temp\fxddapow.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xF31FF202]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xF3265CB2]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xF32236C1]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xF320181C]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xF3201874]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xF320198A]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xF3223075]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xF3201772]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xF32018C4]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xF32017C6]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xF3201938]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xF31FF226]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xF3223D87]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xF322403D]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xF3201C0E]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xF3223BF2]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xF3223A5D]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xF3265D62]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xF31FEFF0]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xF31FF24A]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xF3201D82]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xF31FFCDA]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xF320184C]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xF320189C]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xF32019B4]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xF32233D1]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xF320179E]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xF3201A46]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xF3201904]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xF32017F4]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xF3201B2A]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xF3201962]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xF3265DFA]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xF32238D8]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xF31FFBA0]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xF322372A]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xF326EE48]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xF32226E8]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xF31FF26E]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xF31FF292]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xF31FF04A]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xF31FF186]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xF3223E8E]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xF31FF162]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xF31FF1AA]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xF31FF2B6]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2F14 805047B0 4 Bytes [E8, 26, 22, F3]

PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 805A64A8 4 Bytes CALL F3200335 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

? cbbtkts.sys The system cannot find the file specified. !

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF5C44360, 0x2456AE, 0xE8000020]

.text ipnat.sys F319F000 20 Bytes [FF, 01, 74, 1F, 39, 7D, 18, ...]

.text ipnat.sys F319F015 55 Bytes CALL F319E9F8 \SystemRoot\system32\DRIVERS\ipnat.sys (IP Network Address Translator/Microsoft Corporation)

.text ipnat.sys F319F04D 16 Bytes [FF, 56, FF, 75, 1C, FF, 75, ...]

.text ipnat.sys F319F05F 34 Bytes [39, 5D, 10, 6A, 44, 58, 89, ...]

.text ipnat.sys F319F083 10 Bytes JMP F319F339 \SystemRoot\system32\DRIVERS\ipnat.sys (IP Network Address Translator/Microsoft Corporation)

.text ...

.text win32k.sys!EngFreeUserMem + 674 BF809922 5 Bytes JMP F3202CCE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngDeleteSurface + 45 BF813911 5 Bytes JMP F3202BDA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngSetLastError + 783B BF824157 5 Bytes JMP F3201F60 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngCreateBitmap + F9C BF828CE9 5 Bytes JMP F3202E38 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngUnmapFontFileFD + 2C50 BF8316DA 5 Bytes JMP F3203040 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngUnmapFontFileFD + B8F2 BF83A37C 5 Bytes JMP F3202B4A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngCopyBits + 5F35 BF857E69 5 Bytes JMP F3201FD0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!XLATEOBJ_iXlate + 348C BF866FF4 5 Bytes JMP F32021AC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!XLATEOBJ_iXlate + 3517 BF86707F 5 Bytes JMP F3202352 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!XLATEOBJ_iXlate + 3F47 BF867AAF 5 Bytes JMP F3201E84 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!XLATEOBJ_iXlate + AAFC BF86E664 5 Bytes JMP F3202C04 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngUnicodeToMultiByteN + 2ED7 BF871F85 5 Bytes JMP F3202F9E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngGetCurrentCodePage + 411E BF88C9D8 5 Bytes JMP F320232A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngTextOut + 4149 BF8B0CBE 5 Bytes JMP F3201E9C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngCreatePalette + 2DBF BF8C26A3 5 Bytes JMP F3202D80 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngStretchBltROP + 450 BF8C3048 5 Bytes JMP F320206A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngFillPath + 1517 BF8CB4AA 5 Bytes JMP F32020DA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngFillPath + 1797 BF8CB72A 5 Bytes JMP F3202114 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngDeleteSemaphore + 3B3E BF8ED1B7 5 Bytes JMP F3201DB8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngCreateClip + 19B2 BF913F1F 5 Bytes JMP F3201F1C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngCreateClip + 2586 BF914AF3 5 Bytes JMP F3202034 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngCreateClip + 4EE5 BF917452 5 Bytes JMP F320246C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngPlgBlt + 1924 BF945FB0 5 Bytes JMP F3202EF6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\smss.exe[460] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]

.text C:\WINDOWS\System32\alg.exe[660] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8

.text C:\WINDOWS\System32\alg.exe[660] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]

.text C:\WINDOWS\System32\alg.exe[660] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC

.text C:\WINDOWS\System32\alg.exe[660] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]

.text C:\WINDOWS\System32\alg.exe[660] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002B0804

.text C:\WINDOWS\System32\alg.exe[660] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002B0A08

.text C:\WINDOWS\System32\alg.exe[660] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002B0600

.text C:\WINDOWS\System32\alg.exe[660] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002B01F8

.text C:\WINDOWS\System32\alg.exe[660] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002B03FC

.text C:\WINDOWS\System32\alg.exe[660] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014

.text C:\WINDOWS\System32\alg.exe[660] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804

.text C:\WINDOWS\System32\alg.exe[660] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08

.text C:\WINDOWS\System32\alg.exe[660] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C

.text C:\WINDOWS\System32\alg.exe[660] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10

.text C:\WINDOWS\System32\alg.exe[660] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8

.text C:\WINDOWS\System32\alg.exe[660] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC

.text C:\WINDOWS\System32\alg.exe[660] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600

.text C:\WINDOWS\system32\csrss.exe[672] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]

.text C:\WINDOWS\system32\csrss.exe[672] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]

.text C:\WINDOWS\system32\winlogon.exe[696] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000701F8

.text C:\WINDOWS\system32\winlogon.exe[696] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]

.text C:\WINDOWS\system32\winlogon.exe[696] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000703FC

.text C:\WINDOWS\system32\winlogon.exe[696] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]

.text C:\WINDOWS\system32\winlogon.exe[696] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014

.text C:\WINDOWS\system32\winlogon.exe[696] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804

.text C:\WINDOWS\system32\winlogon.exe[696] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08

.text C:\WINDOWS\system32\winlogon.exe[696] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C

.text C:\WINDOWS\system32\winlogon.exe[696] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10

.text C:\WINDOWS\system32\winlogon.exe[696] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8

.text C:\WINDOWS\system32\winlogon.exe[696] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC

.text C:\WINDOWS\system32\winlogon.exe[696] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600

.text C:\WINDOWS\system32\winlogon.exe[696] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804

.text C:\WINDOWS\system32\winlogon.exe[696] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08

.text C:\WINDOWS\system32\winlogon.exe[696] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600

.text C:\WINDOWS\system32\winlogon.exe[696] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8

.text C:\WINDOWS\system32\winlogon.exe[696] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC

.text C:\WINDOWS\system32\services.exe[744] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8

.text C:\WINDOWS\system32\services.exe[744] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]

.text C:\WINDOWS\system32\services.exe[744] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC

.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]

.text C:\WINDOWS\system32\services.exe[744] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00321014

.text C:\WINDOWS\system32\services.exe[744] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00320804

.text C:\WINDOWS\system32\services.exe[744] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00320A08

.text C:\WINDOWS\system32\services.exe[744] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00320C0C

.text C:\WINDOWS\system32\services.exe[744] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00320E10

.text C:\WINDOWS\system32\services.exe[744] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003201F8

.text C:\WINDOWS\system32\services.exe[744] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003203FC

.text C:\WINDOWS\system32\services.exe[744] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00320600

.text C:\WINDOWS\system32\services.exe[744] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00330804

.text C:\WINDOWS\system32\services.exe[744] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00330A08

.text C:\WINDOWS\system32\services.exe[744] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00330600

.text C:\WINDOWS\system32\services.exe[744] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003301F8

.text C:\WINDOWS\system32\services.exe[744] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003303FC

.text C:\WINDOWS\system32\lsass.exe[760] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8

.text C:\WINDOWS\system32\lsass.exe[760] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]

.text C:\WINDOWS\system32\lsass.exe[760] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC

.text C:\WINDOWS\system32\lsass.exe[760] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]

.text C:\WINDOWS\system32\lsass.exe[760] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014

.text C:\WINDOWS\system32\lsass.exe[760] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804

.text C:\WINDOWS\system32\lsass.exe[760] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08

.text C:\WINDOWS\system32\lsass.exe[760] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C

.text C:\WINDOWS\system32\lsass.exe[760] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10

.text C:\WINDOWS\system32\lsass.exe[760] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8

.text C:\WINDOWS\system32\lsass.exe[760] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC

.text C:\WINDOWS\system32\lsass.exe[760] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600

.text C:\WINDOWS\system32\lsass.exe[760] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804

.text C:\WINDOWS\system32\lsass.exe[760] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08

.text C:\WINDOWS\system32\lsass.exe[760] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600

.text C:\WINDOWS\system32\lsass.exe[760] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8

.text C:\WINDOWS\system32\lsass.exe[760] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC

.text C:\WINDOWS\system32\svchost.exe[968] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8

.text C:\WINDOWS\system32\svchost.exe[968] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]

.text C:\WINDOWS\system32\svchost.exe[968] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC

.text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]

.text C:\WINDOWS\system32\svchost.exe[968] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014

.text C:\WINDOWS\system32\svchost.exe[968] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804

.text C:\WINDOWS\system32\svchost.exe[968] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08

.text C:\WINDOWS\system32\svchost.exe[968] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C

.text C:\WINDOWS\system32\svchost.exe[968] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10

.text C:\WINDOWS\system32\svchost.exe[968] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8

.text C:\WINDOWS\system32\svchost.exe[968] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC

.text C:\WINDOWS\system32\svchost.exe[968] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600

.text C:\WINDOWS\system32\svchost.exe[968] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804

.text C:\WINDOWS\system32\svchost.exe[968] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08

.text C:\WINDOWS\system32\svchost.exe[968] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600

.text C:\WINDOWS\system32\svchost.exe[968] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8

.text C:\WINDOWS\system32\svchost.exe[968] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC

.text C:\WINDOWS\system32\svchost.exe[1036] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8

.text C:\WINDOWS\system32\svchost.exe[1036] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]

.text C:\WINDOWS\system32\svchost.exe[1036] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC

.text C:\WINDOWS\system32\svchost.exe[1036] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]

.text C:\WINDOWS\system32\svchost.exe[1036] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014

.text C:\WINDOWS\system32\svchost.exe[1036] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804

.text C:\WINDOWS\system32\svchost.exe[1036] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08

.text C:\WINDOWS\system32\svchost.exe[1036] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C

.text C:\WINDOWS\system32\svchost.exe[1036] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10

.text C:\WINDOWS\system32\svchost.exe[1036] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8

.text C:\WINDOWS\system32\svchost.exe[1036] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC

.text C:\WINDOWS\system32\svchost.exe[1036] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600

.text C:\WINDOWS\system32\svchost.exe[1036] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804

.text C:\WINDOWS\system32\svchost.exe[1036] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08

.text C:\WINDOWS\system32\svchost.exe[1036] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600

.text C:\WINDOWS\system32\svchost.exe[1036] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8

.text C:\WINDOWS\system32\svchost.exe[1036] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC

.text C:\WINDOWS\System32\svchost.exe[1100] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8

.text C:\WINDOWS\System32\svchost.exe[1100] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]

.text C:\WINDOWS\System32\svchost.exe[1100] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC

.text C:\WINDOWS\System32\svchost.exe[1100] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]

.text C:\WINDOWS\System32\svchost.exe[1100] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014

.text C:\WINDOWS\System32\svchost.exe[1100] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804

.text C:\WINDOWS\System32\svchost.exe[1100] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08

.text C:\WINDOWS\System32\svchost.exe[1100] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C

.text C:\WINDOWS\System32\svchost.exe[1100] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10

.text C:\WINDOWS\System32\svchost.exe[1100] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8

.text C:\WINDOWS\System32\svchost.exe[1100] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC

.text C:\WINDOWS\System32\svchost.exe[1100] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600

.text C:\WINDOWS\System32\svchost.exe[1100] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804

.text C:\WINDOWS\System32\svchost.exe[1100] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08

.text C:\WINDOWS\System32\svchost.exe[1100] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600

.text C:\WINDOWS\System32\svchost.exe[1100] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8

.text C:\WINDOWS\System32\svchost.exe[1100] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC

.text C:\WINDOWS\Explorer.EXE[1136] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8

.text C:\WINDOWS\Explorer.EXE[1136] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]

.text C:\WINDOWS\Explorer.EXE[1136] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC

.text C:\WINDOWS\Explorer.EXE[1136] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]

.text C:\WINDOWS\Explorer.EXE[1136] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003B1014

.text C:\WINDOWS\Explorer.EXE[1136] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003B0804

.text C:\WINDOWS\Explorer.EXE[1136] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003B0A08

.text C:\WINDOWS\Explorer.EXE[1136] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003B0C0C

.text C:\WINDOWS\Explorer.EXE[1136] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003B0E10

.text C:\WINDOWS\Explorer.EXE[1136] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003B01F8

.text C:\WINDOWS\Explorer.EXE[1136] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003B03FC

.text C:\WINDOWS\Explorer.EXE[1136] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003B0600

.text C:\WINDOWS\Explorer.EXE[1136] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003C0804

.text C:\WINDOWS\Explorer.EXE[1136] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003C0A08

.text C:\WINDOWS\Explorer.EXE[1136] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003C0600

.text C:\WINDOWS\Explorer.EXE[1136] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003C01F8

.text C:\WINDOWS\Explorer.EXE[1136] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003C03FC

.text C:\WINDOWS\system32\svchost.exe[1200] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8

.text C:\WINDOWS\system32\svchost.exe[1200] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]

.text C:\WINDOWS\system32\svchost.exe[1200] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC

.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]

.text C:\WINDOWS\system32\svchost.exe[1200] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014

.text C:\WINDOWS\system32\svchost.exe[1200] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804

.text C:\WINDOWS\system32\svchost.exe[1200] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08

.text C:\WINDOWS\system32\svchost.exe[1200] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C

.text C:\WINDOWS\system32\svchost.exe[1200] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10

.text C:\WINDOWS\system32\svchost.exe[1200] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8

.text C:\WINDOWS\system32\svchost.exe[1200] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC

.text C:\WINDOWS\system32\svchost.exe[1200] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600

.text C:\WINDOWS\system32\svchost.exe[1200] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804

.text C:\WINDOWS\system32\svchost.exe[1200] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08

.text C:\WINDOWS\system32\svchost.exe[1200] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600

.text C:\WINDOWS\system32\svchost.exe[1200] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8

.text C:\WINDOWS\system32\svchost.exe[1200] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC

.text C:\WINDOWS\system32\svchost.exe[1280] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8

.text C:\WINDOWS\system32\svchost.exe[1280] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]

.text C:\WINDOWS\system32\svchost.exe[1280] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC

.text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]

.text C:\WINDOWS\system32\svchost.exe[1280] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014

.text C:\WINDOWS\system32\svchost.exe[1280] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804

.text C:\WINDOWS\system32\svchost.exe[1280] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08

.text C:\WINDOWS\system32\svchost.exe[1280] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C

.text C:\WINDOWS\system32\svchost.exe[1280] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10

.text C:\WINDOWS\system32\svchost.exe[1280] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8

.text C:\WINDOWS\system32\svchost.exe[1280] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC

.text C:\WINDOWS\system32\svchost.exe[1280] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600

.text C:\WINDOWS\system32\svchost.exe[1280] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804

.text C:\WINDOWS\system32\svchost.exe[1280] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08

.text C:\WINDOWS\system32\svchost.exe[1280] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600

.text C:\WINDOWS\system32\svchost.exe[1280] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8

.text C:\WINDOWS\system32\svchost.exe[1280] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC

.text C:\WINDOWS\system32\spoolsv.exe[1428] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8

.text C:\WINDOWS\system32\spoolsv.exe[1428] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]

.text C:\WINDOWS\system32\spoolsv.exe[1428] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC

.text C:\WINDOWS\system32\spoolsv.exe[1428] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]

.text C:\WINDOWS\system32\spoolsv.exe[1428] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014

.text C:\WINDOWS\system32\spoolsv.exe[1428] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804

.text C:\WINDOWS\system32\spoolsv.exe[1428] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08

.text C:\WINDOWS\system32\spoolsv.exe[1428] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C

.text C:\WINDOWS\system32\spoolsv.exe[1428] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10

.text C:\WINDOWS\system32\spoolsv.exe[1428] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8

.text C:\WINDOWS\system32\spoolsv.exe[1428] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC

.text C:\WINDOWS\system32\spoolsv.exe[1428] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600

.text C:\WINDOWS\system32\spoolsv.exe[1428] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804

.text C:\WINDOWS\system32\spoolsv.exe[1428] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08

.text C:\WINDOWS\system32\spoolsv.exe[1428] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600

.text C:\WINDOWS\system32\spoolsv.exe[1428] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8

.text C:\WINDOWS\system32\spoolsv.exe[1428] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC

.text C:\WINDOWS\system32\svchost.exe[1508] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8

.text C:\WINDOWS\system32\svchost.exe[1508] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]

.text C:\WINDOWS\system32\svchost.exe[1508] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC

.text C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]

.text C:\WINDOWS\system32\svchost.exe[1508] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014

.text C:\WINDOWS\system32\svchost.exe[1508] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804

.text C:\WINDOWS\system32\svchost.exe[1508] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08

.text C:\WINDOWS\system32\svchost.exe[1508] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C

.text C:\WINDOWS\system32\svchost.exe[1508] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10

.text C:\WINDOWS\system32\svchost.exe[1508] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8

.text C:\WINDOWS\system32\svchost.exe[1508] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC

.text C:\WINDOWS\system32\svchost.exe[1508] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600

.text C:\WINDOWS\system32\svchost.exe[1508] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804

.text C:\WINDOWS\system32\svchost.exe[1508] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08

.text C:\WINDOWS\system32\svchost.exe[1508] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600

.text C:\WINDOWS\system32\svchost.exe[1508] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8

.text C:\WINDOWS\system32\svchost.exe[1508] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC

.text C:\WINDOWS\system32\cisvc.exe[1544] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8

.text C:\WINDOWS\system32\cisvc.exe[1544] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]

.text C:\WINDOWS\system32\cisvc.exe[1544] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC

.text C:\WINDOWS\system32\cisvc.exe[1544] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]

.text C:\WINDOWS\system32\cisvc.exe[1544] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002B0804

.text C:\WINDOWS\system32\cisvc.exe[1544] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002B0A08

.text C:\WINDOWS\system32\cisvc.exe[1544] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002B0600

.text C:\WINDOWS\system32\cisvc.exe[1544] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002B01F8

.text C:\WINDOWS\system32\cisvc.exe[1544] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002B03FC

.text C:\WINDOWS\system32\cisvc.exe[1544] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014

.text C:\WINDOWS\system32\cisvc.exe[1544] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804

.text C:\WINDOWS\system32\cisvc.exe[1544] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08

.text C:\WINDOWS\system32\cisvc.exe[1544] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C

.text C:\WINDOWS\system32\cisvc.exe[1544] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10

.text C:\WINDOWS\system32\cisvc.exe[1544] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8

.text C:\WINDOWS\system32\cisvc.exe[1544] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC

.text C:\WINDOWS\system32\cisvc.exe[1544] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600

.text C:\WINDOWS\system32\nvsvc32.exe[1668] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8

.text C:\WINDOWS\system32\nvsvc32.exe[1668] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]

.text C:\WINDOWS\system32\nvsvc32.exe[1668] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC

.text C:\WINDOWS\system32\nvsvc32.exe[1668] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]

.text C:\WINDOWS\system32\nvsvc32.exe[1668] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804

.text C:\WINDOWS\system32\nvsvc32.exe[1668] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08

.text C:\WINDOWS\system32\nvsvc32.exe[1668] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600

.text C:\WINDOWS\system32\nvsvc32.exe[1668] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8

.text C:\WINDOWS\system32\nvsvc32.exe[1668] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC

.text C:\WINDOWS\system32\nvsvc32.exe[1668] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014

.text C:\WINDOWS\system32\nvsvc32.exe[1668] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804

.text C:\WINDOWS\system32\nvsvc32.exe[1668] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08

.text C:\WINDOWS\system32\nvsvc32.exe[1668] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C

.text C:\WINDOWS\system32\nvsvc32.exe[1668] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10

.text C:\WINDOWS\system32\nvsvc32.exe[1668] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8

.text C:\WINDOWS\system32\nvsvc32.exe[1668] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC

.text C:\WINDOWS\system32\nvsvc32.exe[1668] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600

.text C:\WINDOWS\system32\RUNDLL32.EXE[2168] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8

.text C:\WINDOWS\system32\RUNDLL32.EXE[2168] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]

.text C:\WINDOWS\system32\RUNDLL32.EXE[2168] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC

.text C:\WINDOWS\system32\RUNDLL32.EXE[2168] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]

.text C:\WINDOWS\system32\RUNDLL32.EXE[2168] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002B0804

.text C:\WINDOWS\system32\RUNDLL32.EXE[2168] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002B0A08

.text C:\WINDOWS\system32\RUNDLL32.EXE[2168] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002B0600

.text C:\WINDOWS\system32\RUNDLL32.EXE[2168] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002B01F8

.text C:\WINDOWS\system32\RUNDLL32.EXE[2168] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002B03FC

.text C:\WINDOWS\system32\RUNDLL32.EXE[2168] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014

.text C:\WINDOWS\system32\RUNDLL32.EXE[2168] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804

.text C:\WINDOWS\system32\RUNDLL32.EXE[2168] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08

.text C:\WINDOWS\system32\RUNDLL32.EXE[2168] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C

.text C:\WINDOWS\system32\RUNDLL32.EXE[2168] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10

.text C:\WINDOWS\system32\RUNDLL32.EXE[2168] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8

.text C:\WINDOWS\system32\RUNDLL32.EXE[2168] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC

.text C:\WINDOWS\system32\RUNDLL32.EXE[2168] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600

.text C:\Program Files\Java\jre6\bin\jusched.exe[2176] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8

.text C:\Program Files\Java\jre6\bin\jusched.exe[2176] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]

.text C:\Program Files\Java\jre6\bin\jusched.exe[2176] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC

.text C:\Program Files\Java\jre6\bin\jusched.exe[2176] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]

.text C:\Program Files\Java\jre6\bin\jusched.exe[2176] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014

.text C:\Program Files\Java\jre6\bin\jusched.exe[2176] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804

.text C:\Program Files\Java\jre6\bin\jusched.exe[2176] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08

.text C:\Program Files\Java\jre6\bin\jusched.exe[2176] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C

.text C:\Program Files\Java\jre6\bin\jusched.exe[2176] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10

.text C:\Program Files\Java\jre6\bin\jusched.exe[2176] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8

.text C:\Program Files\Java\jre6\bin\jusched.exe[2176] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC

.text C:\Program Files\Java\jre6\bin\jusched.exe[2176] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600

.text C:\Program Files\Java\jre6\bin\jusched.exe[2176] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003B0804

.text C:\Program Files\Java\jre6\bin\jusched.exe[2176] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003B0A08

.text C:\Program Files\Java\jre6\bin\jusched.exe[2176] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003B0600

.text C:\Program Files\Java\jre6\bin\jusched.exe[2176] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003B01F8

.text C:\Program Files\Java\jre6\bin\jusched.exe[2176] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003B03FC

.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2200] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8

.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2200] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]

.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2200] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC

.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2200] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]

.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2200] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804

.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2200] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08

.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2200] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600

.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2200] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8

.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2200] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC

.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2200] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014

.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2200] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804

.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2200] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08

.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2200] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C

.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2200] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10

.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2200] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8

.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2200] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC

.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2200] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600

.text C:\WINDOWS\stsystra.exe[2220] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8

.text C:\WINDOWS\stsystra.exe[2220] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]

.text C:\WINDOWS\stsystra.exe[2220] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC

.text C:\WINDOWS\stsystra.exe[2220] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]

.text C:\WINDOWS\stsystra.exe[2220] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804

.text C:\WINDOWS\stsystra.exe[2220] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08

.text C:\WINDOWS\stsystra.exe[2220] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600

.text C:\WINDOWS\stsystra.exe[2220] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8

.text C:\WINDOWS\stsystra.exe[2220] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC

.text C:\WINDOWS\stsystra.exe[2220] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014

.text C:\WINDOWS\stsystra.exe[2220] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804

.text C:\WINDOWS\stsystra.exe[2220] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08

.text C:\WINDOWS\stsystra.exe[2220] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C

.text C:\WINDOWS\stsystra.exe[2220] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10

.text C:\WINDOWS\stsystra.exe[2220] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8

.text C:\WINDOWS\stsystra.exe[2220] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC

.text C:\WINDOWS\stsystra.exe[2220] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600

.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[2228] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8

.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[2228] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]

.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[2228] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC

.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[2228] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]

.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[2228] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003D1014

.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[2228] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003D0804

.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[2228] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003D0A08

.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[2228] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003D0C0C

.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[2228] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003D0E10

.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[2228] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003D01F8

.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[2228] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003D03FC

.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[2228] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003D0600

.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[2228] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003E0804

.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[2228] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003E0A08

.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[2228] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003E0600

.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[2228] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003E01F8

.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[2228] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003E03FC

.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2276] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8

.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2276] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]

.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2276] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC

.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2276] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]

.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2276] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804

.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2276] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08

.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2276] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600

.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2276] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8

.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2276] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC

.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2276] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014

.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2276] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804

.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2276] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08

.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2276] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C

.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2276] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10

.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2276] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8

.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2276] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC

.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2276] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2280] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2280] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2280] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2280] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2280] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003E1014

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2280] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003E0804

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2280] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003E0A08

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2280] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003E0C0C

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2280] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003E0E10

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2280] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003E01F8

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2280] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003E03FC

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2280] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003E0600

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2280] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154BD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2280] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003F0804

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2280] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB5C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2280] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003F0A08

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2280] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003F0600

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2280] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003F01F8

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2280] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003F03FC

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2280] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5117 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2280] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E5049 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2280] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E50B4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2280] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4F1A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2280] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4F7C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2280] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E517A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2280] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4FDE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2280] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 0111000A

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2280] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 0057000A

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2280] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 0056000A

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2280] WS2_32.dll!send 71AB4C27 5 Bytes JMP 0058000A

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2280] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 0059000A

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2280] WS2_32.dll!recv 71AB676F 5 Bytes JMP 0053000A

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2280] WININET.dll!HttpAddRequestHeadersA 3D94CF4E 5 Bytes JMP 00DD64C0

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2280] WININET.dll!HttpAddRequestHeadersW 3D94FE49 5 Bytes JMP 00DD66C0

.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2332] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8

.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2332] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]

.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2332] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC

.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2332] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]

.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2332] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014

.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2332] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804

.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2332] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08

.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2332] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C

.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2332] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10

.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2332] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8

.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2332] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC

.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2332] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600

.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2332] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003B0804

.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2332] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003B0A08

.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2332] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003B0600

.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2332] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003B01F8

.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2332] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003B03FC

.text C:\Program Files\QuickTime\qttask.exe[2352] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8

.text C:\Program Files\QuickTime\qttask.exe[2352] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]

.text C:\Program Files\QuickTime\qttask.exe[2352] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC

.text C:\Program Files\QuickTime\qttask.exe[2352] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]

.text C:\Program Files\QuickTime\qttask.exe[2352] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804

.text C:\Program Files\QuickTime\qttask.exe[2352] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08

.text C:\Program Files\QuickTime\qttask.exe[2352] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600

.text C:\Program Files\QuickTime\qttask.exe[2352] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8

.text C:\Program Files\QuickTime\qttask.exe[2352] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC

.text C:\Program Files\QuickTime\qttask.exe[2352] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014

.text C:\Program Files\QuickTime\qttask.exe[2352] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804

.text C:\Program Files\QuickTime\qttask.exe[2352] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08

.text C:\Program Files\QuickTime\qttask.exe[2352] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C

.text C:\Program Files\QuickTime\qttask.exe[2352] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10

.text C:\Program Files\QuickTime\qttask.exe[2352] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8

.text C:\Program Files\QuickTime\qttask.exe[2352] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC

.text C:\Program Files\QuickTime\qttask.exe[2352] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600

.text C:\Program Files\AVAST Software\Avast\avastUI.exe[2536] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]

.text C:\Program Files\AVAST Software\Avast\avastUI.exe[2536] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]

.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2540] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8

.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2540] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]

.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2540] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC

.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2540] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]

.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2540] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014

.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2540] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804

.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2540] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08

.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2540] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C

.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2540] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10

.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2540] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8

.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2540] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC

.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2540] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600

.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2540] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003B0804

.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2540] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003B0A08

.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2540] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003B0600

.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2540] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003B01F8

.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2540] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003B03FC

.text C:\Program Files\Dell Support\DSAgnt.exe[2828] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8

.text C:\Program Files\Dell Support\DSAgnt.exe[2828] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]

.text C:\Program Files\Dell Support\DSAgnt.exe[2828] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC

.text C:\Program Files\Dell Support\DSAgnt.exe[2828] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]

.text C:\Program Files\Dell Support\DSAgnt.exe[2828] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014

.text C:\Program Files\Dell Support\DSAgnt.exe[2828] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804

.text C:\Program Files\Dell Support\DSAgnt.exe[2828] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08

.text C:\Program Files\Dell Support\DSAgnt.exe[2828] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C

.text C:\Program Files\Dell Support\DSAgnt.exe[2828] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10

.text C:\Program Files\Dell Support\DSAgnt.exe[2828] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8

.text C:\Program Files\Dell Support\DSAgnt.exe[2828] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC

.text C:\Program Files\Dell Support\DSAgnt.exe[2828] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600

.text C:\Program Files\Dell Support\DSAgnt.exe[2828] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804

.text C:\Program Files\Dell Support\DSAgnt.exe[2828] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08

.text C:\Program Files\Dell Support\DSAgnt.exe[2828] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600

.text C:\Program Files\Dell Support\DSAgnt.exe[2828] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8

.text C:\Program Files\Dell Support\DSAgnt.exe[2828] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC

.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2856] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8

.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2856] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]

.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2856] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC

.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2856] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]

.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2856] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014

.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2856] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804

.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2856] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08

.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2856] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C

.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2856] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10

.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2856] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8

.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2856] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC

.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2856] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2904] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2904] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2904] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2904] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2904] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003E1014

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2904] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003E0804

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2904] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003E0A08

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2904] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003E0C0C

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2904] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003E0E10

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2904] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003E01F8

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2904] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003E03FC

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2904] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003E0600

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2904] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154BD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2904] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9B01 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2904] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD125 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2904] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB5C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2904] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254664 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2904] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003F0600

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2904] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003F01F8

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2904] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003F03FC

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2904] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5117 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2904] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E5049 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2904] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E50B4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2904] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4F1A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2904] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4F7C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2904] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E517A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2904] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4FDE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2904] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDBB8 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2904] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E547F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2904] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 00D5000A

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2904] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00CC000A

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2904] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00CB000A

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2904] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00CD000A

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2904] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 00D3000A

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2904] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00C9000A

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2904] WININET.dll!HttpAddRequestHeadersA 3D94CF4E 5 Bytes JMP 00DD64C0

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2904] WININET.dll!HttpAddRequestHeadersW 3D94FE49 5 Bytes JMP 00DD66C0

.text C:\WINDOWS\system32\ctfmon.exe[2916] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A01F8

.text C:\WINDOWS\system32\ctfmon.exe[2916] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]

.text C:\WINDOWS\system32\ctfmon.exe[2916] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000A03FC

.text C:\WINDOWS\system32\ctfmon.exe[2916] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]

.text C:\WINDOWS\system32\ctfmon.exe[2916] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014

.text C:\WINDOWS\system32\ctfmon.exe[2916] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804

.text C:\WINDOWS\system32\ctfmon.exe[2916] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08

.text C:\WINDOWS\system32\ctfmon.exe[2916] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C

.text C:\WINDOWS\system32\ctfmon.exe[2916] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10

.text C:\WINDOWS\system32\ctfmon.exe[2916] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8

.text C:\WINDOWS\system32\ctfmon.exe[2916] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC

.text C:\WINDOWS\system32\ctfmon.exe[2916] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600

.text C:\WINDOWS\system32\ctfmon.exe[2916] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804

.text C:\WINDOWS\system32\ctfmon.exe[2916] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08

.text C:\WINDOWS\system32\ctfmon.exe[2916] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600

.text C:\WINDOWS\system32\ctfmon.exe[2916] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8

.text C:\WINDOWS\system32\ctfmon.exe[2916] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC

.text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[2928] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8

.text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[2928] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]

.text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[2928] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC

.text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[2928] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]

.text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[2928] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00500804

.text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[2928] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00500A08

.text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[2928] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00500600

.text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[2928] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 005001F8

.text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[2928] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 005003FC

.text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[2928] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00511014

.text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[2928] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00510804

.text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[2928] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00510A08

.text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[2928] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00510C0C

.text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[2928] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00510E10

.text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[2928] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 005101F8

.text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[2928] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 005103FC

.text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[2928] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00510600

.text C:\WINDOWS\system32\svchost.exe[3264] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8

.text C:\WINDOWS\system32\svchost.exe[3264] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]

.text C:\WINDOWS\system32\svchost.exe[3264] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC

.text C:\WINDOWS\system32\svchost.exe[3264] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]

.text C:\WINDOWS\system32\svchost.exe[3264] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014

.text C:\WINDOWS\system32\svchost.exe[3264] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804

.text C:\WINDOWS\system32\svchost.exe[3264] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08

.text C:\WINDOWS\system32\svchost.exe[3264] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C

.text C:\WINDOWS\system32\svchost.exe[3264] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10

.text C:\WINDOWS\system32\svchost.exe[3264] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8

.text C:\WINDOWS\system32\svchost.exe[3264] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC

.text C:\WINDOWS\system32\svchost.exe[3264] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600

.text C:\WINDOWS\system32\svchost.exe[3264] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804

.text C:\WINDOWS\system32\svchost.exe[3264] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08

.text C:\WINDOWS\system32\svchost.exe[3264] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600

.text C:\WINDOWS\system32\svchost.exe[3264] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8

.text C:\WINDOWS\system32\svchost.exe[3264] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC

.text C:\WINDOWS\system32\wuauclt.exe[3408] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A01F8

.text C:\WINDOWS\system32\wuauclt.exe[3408] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]

.text C:\WINDOWS\system32\wuauclt.exe[3408] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000A03FC

.text C:\WINDOWS\system32\wuauclt.exe[3408] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]

.text C:\WINDOWS\system32\wuauclt.exe[3408] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014

.text C:\WINDOWS\system32\wuauclt.exe[3408] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804

.text C:\WINDOWS\system32\wuauclt.exe[3408] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08

.text C:\WINDOWS\system32\wuauclt.exe[3408] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C

.text C:\WINDOWS\system32\wuauclt.exe[3408] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10

.text C:\WINDOWS\system32\wuauclt.exe[3408] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8

.text C:\WINDOWS\system32\wuauclt.exe[3408] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC

.text C:\WINDOWS\system32\wuauclt.exe[3408] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600

.text C:\WINDOWS\system32\wuauclt.exe[3408] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804

.text C:\WINDOWS\system32\wuauclt.exe[3408] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08

.text C:\WINDOWS\system32\wuauclt.exe[3408] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600

.text C:\WINDOWS\system32\wuauclt.exe[3408] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8

.text C:\WINDOWS\system32\wuauclt.exe[3408] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC

.text C:\Documents and Settings\Patti Orchowski\Desktop\7yn2yncm.exe[3608] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8

.text C:\Documents and Settings\Patti Orchowski\Desktop\7yn2yncm.exe[3608] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]

.text C:\Documents and Settings\Patti Orchowski\Desktop\7yn2yncm.exe[3608] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC

.text C:\Documents and Settings\Patti Orchowski\Desktop\7yn2yncm.exe[3608] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]

.text C:\Documents and Settings\Patti Orchowski\Desktop\7yn2yncm.exe[3608] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 3 Bytes JMP 003C1014

.text C:\Documents and Settings\Patti Orchowski\Desktop\7yn2yncm.exe[3608] ADVAPI32.dll!SetServiceObjectSecurity + 4 77E36D85 1 Byte [88]

.text C:\Documents and Settings\Patti Orchowski\Desktop\7yn2yncm.exe[3608] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003C0804

.text C:\Documents and Settings\Patti Orchowski\Desktop\7yn2yncm.exe[3608] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003C0A08

.text C:\Documents and Settings\Patti Orchowski\Desktop\7yn2yncm.exe[3608] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003C0C0C

.text C:\Documents and Settings\Patti Orchowski\Desktop\7yn2yncm.exe[3608] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003C0E10

.text C:\Documents and Settings\Patti Orchowski\Desktop\7yn2yncm.exe[3608] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003C01F8

.text C:\Documents and Settings\Patti Orchowski\Desktop\7yn2yncm.exe[3608] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003C03FC

.text C:\Documents and Settings\Patti Orchowski\Desktop\7yn2yncm.exe[3608] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003C0600

.text C:\Documents and Settings\Patti Orchowski\Desktop\7yn2yncm.exe[3608] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003F0804

.text C:\Documents and Settings\Patti Orchowski\Desktop\7yn2yncm.exe[3608] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003F0A08

.text C:\Documents and Settings\Patti Orchowski\Desktop\7yn2yncm.exe[3608] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003F0600

.text C:\Documents and Settings\Patti Orchowski\Desktop\7yn2yncm.exe[3608] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003F01F8

.text C:\Documents and Settings\Patti Orchowski\Desktop\7yn2yncm.exe[3608] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003F03FC

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\ipnat.sys[HAL.dll!KfLowerIrql] 840F1C45

IAT \SystemRoot\system32\DRIVERS\ipnat.sys[HAL.dll!KeGetCurrentIrql] 000003E0

IAT \SystemRoot\system32\DRIVERS\ipnat.sys[HAL.dll!KfRaiseIrql] 8B24758B

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[744] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 006D0002

IAT C:\WINDOWS\system32\services.exe[744] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 006D0000

IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2904] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

Device \Driver\Disk \GLOBAL??\ACPI#PNP0303#2&da1a3ff&0 F760D8B0

Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

---- Modules - GMER 1.0.15 ----

Module (noname) (*** hidden *** ) F7667000-F7671000 (40960 bytes)

---- Threads - GMER 1.0.15 ----

Thread System [4:144] 85F06E7A

Thread System [4:148] 85F09008

Thread System [4:440] F766C440

Thread System [4:444] F766C440

Thread System [4:484] F760E710

Thread System [4:488] F760E710

---- EOF - GMER 1.0.15 ----

MBR

MBRCheck, version 1.2.3

© 2010, AD

Command-line:

Windows Version: Windows XP Home Edition

Windows Information: Service Pack 3 (build 2600)

Logical Drives Mask: 0x0000001c

Kernel Drivers (total 123):

0x804D7000 \WINDOWS\system32\ntkrnlpa.exe

0x806E5000 \WINDOWS\system32\hal.dll

0xF7987000 \WINDOWS\system32\KDCOM.DLL

0xF7897000 \WINDOWS\system32\BOOTVID.dll

0xF7487000 cbbtkts.sys

0xF7358000 ACPI.sys

0xF7989000 \WINDOWS\system32\DRIVERS\WMILIB.SYS

0xF7347000 pci.sys

0xF7497000 isapnp.sys

0xF7707000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS

0xF74A7000 MountMgr.sys

0xF7328000 ftdisk.sys

0xF74B7000 \WINDOWS\system32\drivers\CLASSPNP.SYS

0xF770F000 PartMgr.sys

0xF74C7000 VolSnap.sys

0xF72C6000 nvata.sys

0xF74D7000 disk.sys

0xF72A6000 fltmgr.sys

0xF7294000 sr.sys

0xF727E000 DRVMCDB.SYS

0xF74E7000 PxHelp20.sys

0xF7267000 KSecDD.sys

0xF71DA000 Ntfs.sys

0xF71AD000 NDIS.sys

0xF7193000 Mup.sys

0xF75B7000 \SystemRoot\system32\DRIVERS\processr.sys

0xF5C44000 \SystemRoot\system32\DRIVERS\nv4_mini.sys

0xF5C30000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS

0xF775F000 \SystemRoot\system32\DRIVERS\usbohci.sys

0xF5C0C000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

0xF7767000 \SystemRoot\system32\DRIVERS\usbehci.sys

0xF75C7000 \SystemRoot\system32\DRIVERS\imapi.sys

0xF7A29000 \SystemRoot\System32\Drivers\DLACDBHM.SYS

0xF75D7000 \SystemRoot\system32\DRIVERS\cdrom.sys

0xF75E7000 \SystemRoot\system32\DRIVERS\redbook.sys

0xF5BE9000 \SystemRoot\system32\DRIVERS\ks.sys

0xF75F7000 \SystemRoot\system32\DRIVERS\bcm4sbxp.sys

0xF5BC1000 \SystemRoot\system32\DRIVERS\HDAudBus.sys

0xF7BA5000 \SystemRoot\system32\DRIVERS\audstub.sys

0xF6355000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

0xF713B000 \SystemRoot\system32\DRIVERS\ndistapi.sys

0xF5BAA000 \SystemRoot\system32\DRIVERS\ndiswan.sys

0xF6345000 \SystemRoot\system32\DRIVERS\raspppoe.sys

0xF6335000 \SystemRoot\system32\DRIVERS\raspptp.sys

0xF776F000 \SystemRoot\system32\DRIVERS\TDI.SYS

0xF5B99000 \SystemRoot\system32\DRIVERS\psched.sys

0xF6325000 \SystemRoot\system32\DRIVERS\msgpc.sys

0xF7777000 \SystemRoot\system32\DRIVERS\ptilink.sys

0xF777F000 \SystemRoot\system32\DRIVERS\raspti.sys

0xF6315000 \SystemRoot\system32\DRIVERS\termdd.sys

0xF7787000 \SystemRoot\system32\DRIVERS\kbdclass.sys

0xF778F000 \SystemRoot\system32\DRIVERS\mouclass.sys

0xF7A2B000 \SystemRoot\system32\DRIVERS\swenum.sys

0xF5B3B000 \SystemRoot\system32\DRIVERS\update.sys

0xF7133000 \SystemRoot\system32\DRIVERS\mssmbios.sys

0xF5A28000 \SystemRoot\system32\drivers\sthda.sys

0xF5A04000 \SystemRoot\system32\drivers\portcls.sys

0xF6305000 \SystemRoot\system32\drivers\drmk.sys

0xF62F5000 \SystemRoot\System32\Drivers\NDProxy.SYS

0xF62E5000 \SystemRoot\system32\DRIVERS\usbhub.sys

0xF7A33000 \SystemRoot\system32\DRIVERS\USBD.SYS

0xF7943000 \SystemRoot\System32\Drivers\i2omgmt.SYS

0xF7A3B000 \SystemRoot\System32\Drivers\Fs_Rec.SYS

0xF7A8C000 \SystemRoot\System32\Drivers\Null.SYS

0xF7A3D000 \SystemRoot\System32\Drivers\Beep.SYS

0xF77A7000 \SystemRoot\System32\Drivers\DLARTL_N.SYS

0xF77AF000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

0xF77B7000 \SystemRoot\System32\drivers\vga.sys

0xF7A3F000 \SystemRoot\System32\Drivers\mnmdd.SYS

0xF7A41000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0xF77BF000 \SystemRoot\System32\Drivers\Msfs.SYS

0xF77C7000 \SystemRoot\System32\Drivers\Npfs.SYS

0xF794F000 \SystemRoot\system32\DRIVERS\rasacd.sys

0xF340C000 \SystemRoot\system32\DRIVERS\ipsec.sys

0xF33B3000 \SystemRoot\system32\DRIVERS\tcpip.sys

0xF62C5000 \SystemRoot\System32\Drivers\aswTdi.SYS

0xF319E000 \SystemRoot\system32\DRIVERS\ipnat.sys

0xF338B000 \SystemRoot\system32\DRIVERS\netbt.sys

0xF77EF000 \SystemRoot\System32\Drivers\aswRdr.SYS

0xF3369000 \SystemRoot\System32\drivers\afd.sys

0xF7627000 \SystemRoot\system32\DRIVERS\netbios.sys

0xF333E000 \SystemRoot\system32\DRIVERS\rdbss.sys

0xF32CE000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

0xF7647000 \SystemRoot\System32\Drivers\Fips.SYS

0xF325C000 \SystemRoot\System32\Drivers\aswSP.SYS

0xF31EC000 \SystemRoot\System32\Drivers\aswSnx.SYS

0xF7857000 \SystemRoot\System32\Drivers\Aavmker4.SYS

0xF76E7000 \SystemRoot\System32\Drivers\Cdfs.SYS

0xF7817000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS

0xF63A6000 \SystemRoot\system32\DRIVERS\hidusb.sys

0xF6BE4000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS

0xF784F000 \SystemRoot\system32\DRIVERS\usbccgp.sys

0xF797F000 \SystemRoot\system32\DRIVERS\mouhid.sys

0xF716F000 \SystemRoot\system32\DRIVERS\kbdhid.sys

0xF6B74000 \SystemRoot\system32\DRIVERS\wanarp.sys

0xBF800000 \SystemRoot\System32\win32k.sys

0xF31E4000 \SystemRoot\System32\drivers\Dxapi.sys

0xF7837000 \SystemRoot\System32\watchdog.sys

0xBF000000 \SystemRoot\System32\drivers\dxg.sys

0xF7AC1000 \SystemRoot\System32\drivers\dxgthk.sys

0xBF012000 \SystemRoot\System32\nv4_disp.dll

0xBA530000 \SystemRoot\System32\Drivers\aswFsBlk.SYS

0xF76F7000 \SystemRoot\System32\Drivers\DRVNDDM.SYS

0xF7B93000 \SystemRoot\System32\DLA\DLADResN.SYS

0xBA4AA000 \SystemRoot\System32\DLA\DLAIFS_M.SYS

0xBA50C000 \SystemRoot\System32\DLA\DLAOPIOM.SYS

0xF7A13000 \SystemRoot\System32\DLA\DLAPoolM.SYS

0xF779F000 \SystemRoot\System32\DLA\DLABOIOM.SYS

0xBA492000 \SystemRoot\System32\DLA\DLAUDFAM.SYS

0xBA47C000 \SystemRoot\System32\DLA\DLAUDF_M.SYS

0xF77D7000 \??\C:\WINDOWS\system32\ZDCNDIS5.sys

0xBA4F8000 \SystemRoot\system32\DRIVERS\ndisuio.sys

0xB9A85000 \SystemRoot\System32\Drivers\aswMon2.SYS

0xB9A39000 \SystemRoot\System32\Drivers\Fastfat.SYS

0xB99E4000 \SystemRoot\system32\DRIVERS\mrxdav.sys

0xB9784000 \SystemRoot\system32\DRIVERS\srv.sys

0xB95B7000 \SystemRoot\system32\drivers\wdmaud.sys

0xB9644000 \SystemRoot\system32\drivers\sysaudio.sys

0xB90F8000 \SystemRoot\System32\Drivers\HTTP.sys

0xF605C000 \??\C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys

0xB8367000 \??\C:\DOCUME~1\PATTIO~1\LOCALS~1\Temp\fxddapow.sys

0xB833C000 \SystemRoot\system32\drivers\kmixer.sys

0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 39):

0 System Idle Process

4 System

460 C:\WINDOWS\system32\smss.exe

672 csrss.exe

696 C:\WINDOWS\system32\winlogon.exe

744 C:\WINDOWS\system32\services.exe

760 C:\WINDOWS\system32\lsass.exe

968 C:\WINDOWS\system32\svchost.exe

1036 svchost.exe

1100 C:\WINDOWS\system32\svchost.exe

1200 svchost.exe

1280 svchost.exe

1428 C:\WINDOWS\system32\spoolsv.exe

1508 svchost.exe

1544 C:\WINDOWS\system32\cisvc.exe

1668 C:\WINDOWS\system32\nvsvc32.exe

660 alg.exe

1136 C:\WINDOWS\explorer.exe

2168 C:\WINDOWS\system32\rundll32.exe

2176 C:\Program Files\Java\jre6\bin\jusched.exe

2200 C:\Program Files\Dell\Media Experience\DMXLauncher.exe

2220 C:\WINDOWS\stsystra.exe

2228 C:\WINDOWS\system32\DLA\DLACTRLW.EXE

2276 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

2280 C:\Program Files\Internet Explorer\iexplore.exe

2332 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

2352 C:\Program Files\QuickTime\qttask.exe

2540 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

2536 C:\Program Files\AVAST Software\Avast\AvastUI.exe

2828 C:\Program Files\Dell Support\DSAgnt.exe

2856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

2916 C:\WINDOWS\system32\ctfmon.exe

2928 C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe

3264 C:\WINDOWS\system32\svchost.exe

3408 C:\WINDOWS\system32\wuauclt.exe

3676 C:\WINDOWS\system32\cidaemon.exe

3444 C:\Program Files\Internet Explorer\iexplore.exe

3992 C:\Program Files\AVAST Software\Avast\AvastSvc.exe

3232 C:\Documents and Settings\Patti Orchowski\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`02738a00 (NTFS)

PhysicalDrive0 Model Number: WDCWD800JD-75MSA3, Rev: 10.01E04

Size Device Name MBR Status

--------------------------------------------

74 GB \\.\PhysicalDrive0 Dell MBR code detected

SHA1: 57BDF501CE769EF2720C705B6C71C893DA31574E

Done!

DDS

.

DDS (Ver_11-05-19.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13

Run by Patti Orchowski at 22:56:16 on 2011-05-22

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.958.493 [GMT -5:00]

.

AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\WINDOWS\system32\cisvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Dell\Media Experience\DMXLauncher.exe

C:\WINDOWS\stsystra.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\AVAST Software\Avast\avastUI.exe

C:\Program Files\Dell Support\DSAgnt.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\cidaemon.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Documents and Settings\Patti Orchowski\Desktop\dds.scr

C:\WINDOWS\system32\WSCRIPT.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.yahoo.com/

uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us

uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us

uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6070510

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll

BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

uRun: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startup

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\MMonitor.exe"

uRun: [ieswqMPFEaliD] c:\documents and settings\all users\application data\ieswqMPFEaliD.exe

uRun: [Malware Protection] c:\documents and settings\all users\application data\defender.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe

mRun: [sigmatelSysTrayApp] stsystra.exe

mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE

mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\FirstStart.exe" /OM

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL

LSP: mswsock.dll

DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\patti orchowski\application data\mozilla\firefox\profiles\3wa5gux2.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=

FF - component: c:\documents and settings\patti orchowski\application data\mozilla\firefox\profiles\3wa5gux2.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll

FF - component: c:\documents and settings\patti orchowski\application data\mozilla\firefox\profiles\3wa5gux2.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll

FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

FF - plugin: c:\documents and settings\patti orchowski\application data\mozilla\firefox\profiles\3wa5gux2.default\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll

FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll

FF - plugin: c:\program files\picasa2\npPicasa2.dll

FF - plugin: c:\program files\picasa2\npPicasa3.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

FF - Ext: Garmin Communicator: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E} - %profile%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}

FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\documents and settings\all users\application data\google\toolbar for firefox\{3112ca9c-de6d-4884-a869-9855de68056c}

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\avast software\avast\webrep\FF

.

============= SERVICES / DRIVERS ===============

.

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-5-22 441176]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-5-22 307928]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-5-22 19544]

R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-5-22 42184]

R2 ZDCNDIS5;ZDCNDIS5 NDIS5.1 Protocol Driver;c:\windows\system32\ZDCndis5.sys [2010-6-23 20736]

S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\pattio~1\locals~1\temp\sas_selfextract\sasdifsv.sys --> c:\docume~1\pattio~1\locals~1\temp\sas_selfextract\SASDIFSV.SYS [?]

S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\pattio~1\locals~1\temp\sas_selfextract\saskutil.sys --> c:\docume~1\pattio~1\locals~1\temp\sas_selfextract\SASKUTIL.SYS [?]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-5 135664]

S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-5-10 30192]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-5 135664]

S3 ZG760_XP;ZyXEL 802.11g XG762 1211 Driver;c:\windows\system32\drivers\WlanGZXP.sys [2010-6-24 519168]

.

=============== Created Last 30 ================

.

2011-05-22 23:51:21 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-05-22 23:51:10 40112 ----a-w- c:\windows\avastSS.scr

2011-05-22 23:51:02 -------- d-----w- c:\program files\AVAST Software

2011-05-22 23:51:02 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software

2011-05-22 23:06:44 54016 ----a-w- c:\windows\system32\drivers\imsl.sys

2011-05-22 22:57:07 -------- d-----w- c:\documents and settings\patti orchowski\application data\Malwarebytes

2011-05-22 22:57:01 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-22 22:57:00 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2011-05-22 22:56:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-05-22 22:34:47 -------- d-----w- c:\documents and settings\patti orchowski\application data\SUPERAntiSpyware.com

2011-05-22 22:34:47 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com

2011-05-22 22:11:45 21504 ----a-w- c:\windows\system32\hidserv.dll

2011-05-22 22:11:45 21504 ----a-w- c:\windows\system32\dllcache\hidserv.dll

.

==================== Find3M ====================

.

2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll

2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys

2011-02-22 23:06:29 916480 ----a-w- c:\windows\system32\wininet.dll

2011-02-22 23:06:29 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-02-22 23:06:29 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-02-22 11:41:59 385024 ----a-w- c:\windows\system32\html.iec

.

=================== ROOTKIT ====================

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600 Disk: WDC_WD800JD-75MSA3 rev.10.01E04 -> Harddisk0\DR0 -> \Device\0000005c

.

device: opened successfully

user: MBR read successfully

.

Disk trace:

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xF760D8B0]<<

_asm { PUSH ECX; MOV EAX, [ESP+0x8]; PUSH EBX; PUSH EBP; PUSH ESI; PUSH EDI; CMP EAX, [0xf7613904]; JNZ 0x22; MOV EBX, [ESP+0x1c]; CALL 0xfffffffffffffcc0; }

1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x85F63AB8]

3 CLASSPNP[0xF74B7FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x85CE39F0]

\Driver\Disk[0x85D18618] -> IRP_MJ_CREATE -> 0xF760D8B0

kernel: MBR read successfully

_asm { MOV AX, 0x0; MOV SS, AX; MOV SP, 0x7c00; MOV DS, AX; CLD ; MOV CX, 0x80; MOV SI, SP; MOV DI, 0x600; MOV ES, AX; REP MOVSD ; JMP FAR 0x0:0x62d; }

user & kernel MBR OK

.

============= FINISH: 22:57:15.29 ===============

Can't find the DDS Attach file...

Thanks!


Share this post


Link to post
Share on other sites

Post #: 2   Posted

Any particular reason, why you ran MBAM from Safe Mode?

If no reason, please, re-run it from normal mode and post new log.

You can checkmark those system restore points as well.

Can't find the DDS Attach file...

Re-run DDS.

============================================================================

Download aswMBR to your desktop.

Double click the aswMBR.exe to run it.

Click the "Scan" button to start scan:

p4477038.gif

On completion of the scan click "Save log", save it to your desktop and post in your next reply:

p4477039.gif

============================================================================

Please download Rootkit Unhooker from one of the following links and save it to your desktop.

In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

  • Double-click on RKUnhookerLE.exe to start the program.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth, and uncheck the rest.
  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.

-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".

=================================================================

Download TDSSKiller and save it to your desktop.

  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.


Share this post


Link to post
Share on other sites

Post #: 3   Posted

MBAM wouldn't run in normal mode. It might now that it did some minor cleaning, I'll check.

Want me to re-run DDS before I start next round?


Share this post


Link to post
Share on other sites

Post #: 4   Posted

It really doesn't matter which one goes first.

I just want to have Attach.txt at some point.


Share this post


Link to post
Share on other sites

Post #: 5   Posted

Attach.txt - Run before any further cleaning...

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_11-05-19.01)

.

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume2

Install Date: 6/9/2007 1:05:21 PM

System Uptime: 5/22/2011 9:21:00 PM (2 hours ago)

.

Motherboard: Dell Inc | | 0UW457

Processor: AMD Athlon 64 X2 Dual Core Processor 3600+ | Socket M2 | 1904/1000mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 71 GiB total, 51.405 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP667: 2/23/2011 5:51:24 AM - System Checkpoint

RP668: 2/24/2011 2:02:17 PM - System Checkpoint

RP669: 2/25/2011 2:43:52 PM - System Checkpoint

RP670: 2/26/2011 4:14:35 PM - System Checkpoint

RP671: 3/1/2011 5:19:09 PM - System Checkpoint

RP672: 3/2/2011 9:15:14 PM - System Checkpoint

RP673: 3/5/2011 2:35:19 PM - System Checkpoint

RP674: 3/7/2011 8:53:26 AM - System Checkpoint

RP675: 3/9/2011 6:04:44 AM - System Checkpoint

RP676: 3/10/2011 5:47:50 AM - Software Distribution Service 3.0

RP677: 3/11/2011 5:40:02 PM - System Checkpoint

RP678: 3/14/2011 4:37:30 PM - System Checkpoint

RP679: 3/15/2011 8:14:19 AM - Software Distribution Service 3.0

RP680: 3/16/2011 9:38:59 AM - System Checkpoint

RP681: 3/18/2011 9:02:11 PM - Software Distribution Service 3.0

RP682: 3/23/2011 10:16:00 AM - System Checkpoint

RP683: 3/24/2011 7:45:37 PM - System Checkpoint

RP684: 3/27/2011 3:02:21 PM - Software Distribution Service 3.0

RP685: 3/29/2011 7:55:13 PM - System Checkpoint

RP686: 3/30/2011 8:01:49 PM - System Checkpoint

RP687: 3/31/2011 8:32:59 PM - System Checkpoint

RP688: 4/2/2011 5:57:03 PM - System Checkpoint

RP689: 4/3/2011 8:02:13 PM - System Checkpoint

RP690: 4/5/2011 5:33:42 PM - System Checkpoint

RP691: 4/6/2011 8:13:43 PM - System Checkpoint

RP692: 4/15/2011 8:29:39 PM - System Checkpoint

RP693: 4/16/2011 6:02:25 PM - Software Distribution Service 3.0

RP694: 4/17/2011 7:58:55 PM - System Checkpoint

RP695: 4/19/2011 7:54:46 PM - System Checkpoint

RP696: 4/22/2011 4:30:12 PM - System Checkpoint

RP697: 4/23/2011 7:12:23 PM - System Checkpoint

RP698: 4/24/2011 8:10:01 PM - System Checkpoint

RP699: 4/28/2011 7:23:31 PM - System Checkpoint

RP700: 4/30/2011 10:04:02 AM - Software Distribution Service 3.0

RP701: 5/1/2011 10:29:19 AM - System Checkpoint

RP702: 5/2/2011 6:03:09 PM - System Checkpoint

RP703: 5/4/2011 9:09:19 AM - System Checkpoint

RP704: 5/7/2011 5:12:11 PM - System Checkpoint

RP705: 5/9/2011 6:00:12 AM - System Checkpoint

RP706: 5/10/2011 6:06:15 AM - System Checkpoint

RP707: 5/11/2011 6:08:45 AM - System Checkpoint

RP708: 5/12/2011 7:06:15 AM - System Checkpoint

RP709: 5/13/2011 7:54:15 AM - System Checkpoint

RP710: 5/14/2011 8:55:20 AM - System Checkpoint

RP711: 5/15/2011 10:06:15 AM - System Checkpoint

RP712: 5/16/2011 11:06:45 AM - System Checkpoint

RP713: 5/17/2011 11:54:15 AM - System Checkpoint

RP714: 5/18/2011 12:54:15 PM - System Checkpoint

.

==== Installed Programs ======================

.

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 9.2

Advanced WindowsCare 2.55 Personal

AuthorWorks

avast! Free Antivirus

Broadcom Management Programs

Coupon Printer for Windows

Critical Update for Windows Media Player 11 (KB959772)

CutePDF Writer 2.7

Dell CinePlayer

Dell Support 3.2.1

Dell System Restore

ExamView Pro

Google Desktop

Google Earth

Google Photos Screensaver

Google Toolbar for Firefox

Google Toolbar for Internet Explorer

Google Update Helper

Google Updater

High Definition Audio Driver Package - KB835221

Hotfix for Windows Internet Explorer 7 (KB947864)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

J2SE Runtime Environment 5.0 Update 6

Java 6 Update 13

Java 6 Update 5

Java 6 Update 7

Java SE Runtime Environment 6 Update 1

LimeWire 4.18.8

Malwarebytes' Anti-Malware

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2416447)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Office Excel Viewer

Microsoft Office Professional Edition 2003

Microsoft Plus! Digital Media Edition Installer

Microsoft Plus! Photo Story 2 LE

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Mozilla Firefox (3.5.19)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 Parser and SDK

NVIDIA Drivers

OLYMPUS Master 2

OpenOffice.org Installer 1.0

PDF-XChange PDF Viewer

PH Literature Bronze TTP

PH Literature Silver TTP

Picasa 3

QuickTime

RenWeb.com

Roxio DLA

Roxio MyDVD LE

Roxio RecordNow Audio

Roxio RecordNow Copy

Roxio RecordNow Data

Security Update for Step By Step Interactive Training (KB923723)

Security Update for Windows Internet Explorer 7 (KB937143)

Security Update for Windows Internet Explorer 7 (KB938127)

Security Update for Windows Internet Explorer 7 (KB939653)

Security Update for Windows Internet Explorer 7 (KB942615)

Security Update for Windows Internet Explorer 7 (KB944533)

Security Update for Windows Internet Explorer 7 (KB950759)

Security Update for Windows Internet Explorer 7 (KB953838)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB958215)

Security Update for Windows Internet Explorer 7 (KB960714)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Internet Explorer 7 (KB969897)

Security Update for Windows Internet Explorer 7 (KB972260)

Security Update for Windows Internet Explorer 7 (KB974455)

Security Update for Windows Internet Explorer 8 (KB2183461)

Security Update for Windows Internet Explorer 8 (KB2360131)

Security Update for Windows Internet Explorer 8 (KB2416400)

Security Update for Windows Internet Explorer 8 (KB2482017)

Security Update for Windows Internet Explorer 8 (KB2497640)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB974455)

Security Update for Windows Internet Explorer 8 (KB976325)

Security Update for Windows Internet Explorer 8 (KB978207)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 10 (KB917734)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB923789)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951376)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953839)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

Sonic Activation Module

Sonic Update Manager

Spelling Dictionaries Support For Adobe Reader 9

Update for Windows Internet Explorer 8 (KB973874)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows Internet Explorer 8 (KB976749)

Update for Windows Internet Explorer 8 (KB980182)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

URL Assistant

Vocabulary Workshop - Test Generator Level B

Vocabulary Workshop - Test Generator Level C

WebFldrs XP

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Installer 3.1 (KB893803)

Windows Internet Explorer 7

Windows Internet Explorer 8

Windows Media Format 11 runtime

Windows Media Player 10

Windows Media Player 11

Windows XP Service Pack 3

.

==== Event Viewer Messages From Past Week ========

.

5/22/2011 9:21:37 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: atapi nvatabus nvraid PCIIde SASDIFSV SASKUTIL

5/22/2011 8:55:00 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD aswRdr aswSnx aswSP aswTdi Fips IPSec MRxSmb NetBIOS NetBT nvatabus nvraid Processor RasAcd Rdbss SASDIFSV SASKUTIL Tcpip

5/22/2011 8:45:36 PM, error: Service Control Manager [7034] - The Print Spooler service terminated unexpectedly. It has done this 3 time(s).

5/22/2011 8:42:35 PM, error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

5/22/2011 8:39:34 PM, error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

5/22/2011 6:58:02 PM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).

5/22/2011 5:57:37 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips nvatabus nvraid Processor SASDIFSV SASKUTIL

5/22/2011 5:52:59 PM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.

5/22/2011 5:52:40 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: nvatabus nvraid

5/22/2011 5:52:39 PM, error: Service Control Manager [7001] - The McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The system cannot find the file specified.

5/22/2011 5:52:39 PM, error: Service Control Manager [7001] - The McAfee Proxy Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.

5/22/2011 5:52:39 PM, error: Service Control Manager [7001] - The McAfee Personal Firewall Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.

5/22/2011 5:52:39 PM, error: Service Control Manager [7001] - The McAfee Network Agent service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.

5/22/2011 5:52:39 PM, error: Service Control Manager [7001] - The McAfee Firewall Core Service service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The system cannot find the file specified.

5/22/2011 5:52:39 PM, error: Service Control Manager [7001] - The McAfee Anti-Spam Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.

5/22/2011 5:52:39 PM, error: Service Control Manager [7000] - The McAfee VirusScan Announcer service failed to start due to the following error: The system cannot find the file specified.

5/22/2011 5:52:39 PM, error: Service Control Manager [7000] - The McAfee Validation Trust Protection Service service failed to start due to the following error: The system cannot find the file specified.

5/22/2011 5:52:39 PM, error: Service Control Manager [7000] - The McAfee SiteAdvisor Service service failed to start due to the following error: The system cannot find the file specified.

5/22/2011 5:52:39 PM, error: Service Control Manager [7000] - The McAfee Services service failed to start due to the following error: The system cannot find the file specified.

5/22/2011 5:52:39 PM, error: Service Control Manager [7000] - The Java Quick Starter service failed to start due to the following error: The system cannot find the file specified.

5/22/2011 5:52:37 PM, error: Dhcp [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 00188B622558 has been denied by the DHCP server 192.168.1.254 (The DHCP Server sent a DHCPNACK message).

5/22/2011 5:52:01 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

5/22/2011 5:27:00 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips IPSec mfehidk mfetdi2k MRxSmb NetBIOS NetBT nvatabus nvraid Processor RasAcd Rdbss Tcpip

5/22/2011 5:27:00 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.

5/22/2011 5:27:00 PM, error: Service Control Manager [7001] - The McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.

5/22/2011 5:27:00 PM, error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: A device attached to the system is not functioning.

5/22/2011 5:27:00 PM, error: Service Control Manager [7001] - The McAfee Firewall Core Service service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.

5/22/2011 5:27:00 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.

5/22/2011 5:27:00 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

5/22/2011 5:27:00 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.

5/22/2011 5:25:38 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

5/22/2011 5:14:03 PM, error: DCOM [10005] - DCOM got error "%2" attempting to start the service mcmscsvc with arguments "" in order to run the server: {9B3BEB4E-1C5E-4A5F-BB36-2F6587DD34E2}

5/22/2011 5:13:53 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000010' while processing the file 'loader.tlb' on the volume 'ACPI#PNP0303#2&da1a3ff&0'. It has stopped monitoring the volume.

5/22/2011 5:12:21 PM, error: DCOM [10005] - DCOM got error "%2" attempting to start the service McAfee SiteAdvisor Service with arguments "" in order to run the server: {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C}

5/22/2011 5:11:24 PM, error: Service Control Manager [7022] - The McAfee Firewall Core Service service hung on starting.

5/22/2011 5:11:24 PM, error: Service Control Manager [7001] - The McAfee Proxy Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: After starting, the service hung in a start-pending state.

5/22/2011 5:11:24 PM, error: Service Control Manager [7001] - The McAfee Personal Firewall Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: After starting, the service hung in a start-pending state.

5/22/2011 5:11:24 PM, error: Service Control Manager [7001] - The McAfee Network Agent service depends on the McAfee Firewall Core Service service which failed to start because of the following error: After starting, the service hung in a start-pending state.

5/22/2011 5:11:24 PM, error: Service Control Manager [7001] - The McAfee Anti-Spam Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: After starting, the service hung in a start-pending state.

5/22/2011 5:10:00 PM, error: Print [6161] - The document file://C:\RenWeb\RenWeb.com\RWUserFiles\Report.HTM owned by Patti Orchowski failed to print on printer hp deskjet 960c. Data type: NT EMF 1.008. Size of the spool file in bytes: 387144. Number of bytes printed: 0. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\DESKTOP. Win32 error code returned by the print processor: 259 (0x103).

5/21/2011 11:33:05 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}

5/21/2011 11:32:59 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

5/19/2011 6:30:04 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000010' while processing the file 'L' on the volume 'ACPI#PNP0303#2&da1a3ff&0'. It has stopped monitoring the volume.

.

==== End Of File ===========================

Proceeding now with instructions...


Share this post


Link to post
Share on other sites

Post #: 6   Posted

Cool :)


Share this post


Link to post
Share on other sites

Post #: 7   Posted

TDSS Killer won't open...

aswMBR

aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software

Run date: 2011-05-22 23:32:17

-----------------------------

23:32:17.984 OS Version: Windows 5.1.2600 Service Pack 3

23:32:17.984 Number of processors: 2 586 0x6B01

23:32:17.984 ComputerName: DESKTOP UserName:

23:32:18.359 Initialize success

23:32:24.750 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005c

23:32:24.750 Disk 0 Vendor: WDC_WD800JD-75MSA3 10.01E04 Size: 76293MB BusType: 3

23:32:26.812 Disk 0 MBR read successfully

23:32:26.812 Disk 0 MBR scan

23:32:26.812 Disk 0 unknown MBR code

23:32:28.843 Disk 0 scanning sectors +156232125

23:32:28.906 Disk 0 scanning C:\WINDOWS\system32\drivers

23:32:47.437 Service scanning

23:32:48.453 Disk 0 trace - called modules:

23:32:48.484 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xf760d8b0]<<

23:32:48.484 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85f63ab8]

23:32:48.484 3 CLASSPNP.SYS[f74b7fd7] -> nt!IofCallDriver -> [0x85ce39f0]

23:32:48.484 \Driver\Disk[0x85d18618] -> IRP_MJ_CREATE -> 0xf760d8b0

23:32:48.484 Scan finished successfully

23:33:16.609 Disk 0 MBR has been saved successfully to "E:\Orchowski\MBR.dat"

23:33:16.625 The log file has been saved successfully to "E:\Orchowski\aswMBR.txt"

RK Unhooker

RkU Version: 3.8.388.590, Type LE (SR2)

==============================================

OS Name: Windows XP

Version 5.1.2600 (Service Pack 3)

Number of processors #2

==============================================

>Drivers

==============================================

0xBF012000 C:\WINDOWS\System32\nv4_disp.dll 4497408 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 91.48 )

0xF5C44000 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 3960832 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 91.48 )

0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2154496 bytes (Microsoft Corporation, NT Kernel & System)

0x804D7000 PnpManager 2154496 bytes

0x804D7000 RAW 2154496 bytes

0x804D7000 WMIxWDM 2154496 bytes

0xBF800000 Win32k 1859584 bytes

0xBF800000 C:\WINDOWS\System32\win32k.sys 1859584 bytes (Microsoft Corporation, Multi-User Win32 Driver)

0xF5A28000 C:\WINDOWS\system32\drivers\sthda.sys 1126400 bytes (SigmaTel, Inc., NDRC)

0xF71DA000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)

0xF31EC000 C:\WINDOWS\System32\Drivers\aswSnx.SYS 458752 bytes (AVAST Software, avast! Virtualization Driver)

0xF32CE000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)

0xF5B3B000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)

0xF33B3000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)

0xB9784000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)

0xF325C000 C:\WINDOWS\System32\Drivers\aswSP.SYS 303104 bytes (AVAST Software, avast! self protection module)

0xB90F8000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)

0xF7358000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)

0xB99E4000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)

0xF71AD000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)

0xB8271000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)

0xF333E000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)

0xF5BC1000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)

0xF338B000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)

0xF319E000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes

0xB9A39000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)

0xF5A04000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))

0xF5C0C000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)

0xF5BE9000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)

0xF3369000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)

0x806E5000 ACPI_HAL 134400 bytes

0x806E5000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)

0xF72A6000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)

0xF7328000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)

0xF7193000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)

0xF72C6000 nvata.sys 106496 bytes (NVIDIA Corporation, NVIDIA® nForce IDE Performance Driver)

0xB8367000 C:\DOCUME~1\PATTIO~1\LOCALS~1\Temp\fxddapow.sys 102400 bytes

0xBA492000 C:\WINDOWS\System32\DLA\DLAUDFAM.SYS 98304 bytes (Sonic Solutions, Drive Letter Access Component)

0xB9A85000 C:\WINDOWS\System32\Drivers\aswMon2.SYS 94208 bytes (AVAST Software, avast! File System Filter Driver for Windows XP)

0xF7267000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)

0xF5BAA000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))

0xBA4AA000 C:\WINDOWS\System32\DLA\DLAIFS_M.SYS 90112 bytes (Sonic Solutions, Drive Letter Access Component)

0xBA47C000 C:\WINDOWS\System32\DLA\DLAUDF_M.SYS 90112 bytes (Sonic Solutions, Drive Letter Access Component)

0xF727E000 DRVMCDB.SYS 90112 bytes (Sonic Solutions, Device Driver)

0xB95B7000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)

0xF5C30000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)

0xF340C000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)

0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)

0xF7294000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)

0xF7347000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)

0xF5B99000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)

0xF75F7000 C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys 65536 bytes (Broadcom Corporation, Broadcom Corporation NDIS 5.1 ethernet driver)

0xF76E7000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)

0xF75D7000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)

0xF6305000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)

0xF75E7000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)

0xB9644000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)

0xF62E5000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)

0xF7487000 cbbtkts.sys 57344 bytes

0xF74B7000 C:\WINDOWS\system32\drivers\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)

0xF6355000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)

0xF74C7000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)

0xF6335000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)

0xB8CD8000 C:\DOCUME~1\PATTIO~1\LOCALS~1\Temp\aswMBR.sys 45056 bytes

0xF7647000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)

0xF75C7000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)

0xF74A7000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)

0xF6345000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)

!!!!!!!!!!!Hidden driver: 0xF7667000 4153369904 40960 bytes

0xF62C5000 C:\WINDOWS\System32\Drivers\aswTdi.SYS 40960 bytes (AVAST Software, avast! TDI Filter Driver)

0xF76F7000 C:\WINDOWS\System32\Drivers\DRVNDDM.SYS 40960 bytes (Sonic Solutions, Device Driver Manager)

0xF7497000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)

0xF62F5000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)

0xF6315000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)

0xF74D7000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)

0xF74D7000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)

0xF6BE4000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)

0xF6325000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)

0xF7627000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)

0xB8BA0000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)

0xF75B7000 C:\WINDOWS\system32\DRIVERS\processr.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)

0xF74E7000 PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)

0xF6B74000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)

0xF77C7000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)

0xF784F000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)

0xF7767000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)

0xF779F000 C:\WINDOWS\System32\DLA\DLABOIOM.SYS 28672 bytes (Sonic Solutions, Drive Letter Access Component)

0xF77AF000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)

0xF772F000 C:\DOCUME~1\PATTIO~1\LOCALS~1\Temp\mbr.sys 28672 bytes

0xF7707000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)

0xF7817000 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)

0xF7857000 C:\WINDOWS\System32\Drivers\Aavmker4.SYS 24576 bytes (AVAST Software, avast! Base Kernel-Mode Device Driver for Windows NT/2000/XP)

0xF77A7000 C:\WINDOWS\System32\Drivers\DLARTL_N.SYS 24576 bytes (Sonic Solutions, Shared Driver Component)

0xF7787000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)

0xF778F000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)

0xF77B7000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)

0xF77D7000 C:\WINDOWS\system32\ZDCNDIS5.sys 24576 bytes (ZDC., Inc. (ZDC), ZDC NDIS 5.0 SPR Protocol Driver)

0xF77EF000 C:\WINDOWS\System32\Drivers\aswRdr.SYS 20480 bytes (AVAST Software, avast! TDI RDR Driver)

0xF77BF000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)

0xF770F000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)

0xF7777000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)

0xF777F000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)

0xF776F000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)

0xF775F000 C:\WINDOWS\system32\DRIVERS\usbohci.sys 20480 bytes (Microsoft Corporation, OHCI USB Miniport Driver)

0xF7837000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)

0xBA50C000 C:\WINDOWS\System32\DLA\DLAOPIOM.SYS 16384 bytes (Sonic Solutions, Drive Letter Access Component)

0xF716F000 C:\WINDOWS\system32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID Mouse Filter Driver)

0xF7133000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)

0xBA4F8000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)

0xBA530000 C:\WINDOWS\System32\Drivers\aswFsBlk.SYS 12288 bytes (AVAST Software, avast! File System Access Blocking Driver)

0xF7897000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)

0xF31E4000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)

0xF63A6000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)

0xF7943000 C:\WINDOWS\System32\Drivers\i2omgmt.SYS 12288 bytes (Microsoft Corporation, I2O Utility Filter)

0xF797F000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)

0xF713B000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)

0xF794F000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)

0xF7A3D000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)

0xF7A29000 C:\WINDOWS\System32\Drivers\DLACDBHM.SYS 8192 bytes (Sonic Solutions, Shared Driver Component)

0xF7A13000 C:\WINDOWS\System32\DLA\DLAPoolM.SYS 8192 bytes (Sonic Solutions, Drive Letter Access Component)

0xF605C000 C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys 8192 bytes (GTek Technologies Ltd., Process Trigger Driver)

0xF7A3B000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)

0xF7987000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)

0xF7A3F000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)

0xF7A41000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)

0xF7A2B000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)

0xF7A33000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)

0xF7989000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)

0xF7BA5000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)

0xF7B93000 C:\WINDOWS\System32\DLA\DLADResN.SYS 4096 bytes (Sonic Solutions, Drive Letter Access Component)

0xF7AC1000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)

0xF7A8C000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)

0xF760D8B0 unknown_irp_handler 1872 bytes

==============================================

>Stealth

==============================================

0x85F03A91 Unknown page with executable code, 1391 bytes

0xF76086EC Unknown page with executable code, 2324 bytes

0xF7609F03 Unknown page with executable code, 253 bytes

0xF760C520 Unknown page with executable code, 2784 bytes

0x85F02288 Unknown page with executable code, 3448 bytes

0x85F04191 Unknown page with executable code, 3695 bytes

0xF74C7000 WARNING: Virus alike driver modification [VolSnap.sys], 53248 bytes

0xF7609DC1 Unknown page with executable code, 575 bytes

0x85F06E7A Unknown thread object [ ETHREAD 0x85F78DA8 ] TID: 144, 600 bytes

0x85F09008 Unknown thread object [ ETHREAD 0x85F78B30 ] TID: 148, 600 bytes

0x85F080DE Unknown thread object [ ETHREAD 0x85F49DA8 ] , 600 bytes

0x85F06B45 Unknown thread object [ ETHREAD 0x85F49B30 ] , 600 bytes

0xF766C440 Unknown thread object [ ETHREAD 0x85BF4860 ] TID: 440, 600 bytes

0xF766C440 Unknown thread object [ ETHREAD 0x85C1FDA8 ] TID: 444, 600 bytes

0xF760E710 Unknown thread object [ ETHREAD 0x85C9F6F8 ] TID: 484, 600 bytes

0xF760E710 Unknown thread object [ ETHREAD 0x85CD78B8 ] TID: 488, 600 bytes

0x85F08CDC Unknown page with executable code, 804 bytes


Share this post


Link to post
Share on other sites

Post #: 8   Posted

Yeah TDSSKiller won't run because VolSnap.sys file is rootkited.

This is going to take some time.

I worked on a similar issue recently, but it was on Windows 7, which has plenty of replacement files.

It looks like MBR is messed up as well.

Let's see, if Combofix will be willing to take care of a rootkit.

BTW, do you have Windows XP CD?

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

    NOTE1. If Combofix asks you to install Recovery Console, please allow it.

    NOTE 2. If Combofix asks you to update the program, always do so.

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    [*]Double click on combofix.exe & follow the prompts.

    [*]When finished, it will produce a report for you.

    [*]Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.

Use AppRemover to uninstall it: http://www.appremover.com/

We can reinstall it when we're done with CF.

**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.

If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.

Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com

Rkill.scr

Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!


Share this post


Link to post
Share on other sites

Post #: 9   Posted

BSOD when running CF. Stop Error: 0X0C5

Have not tried to re-run from Safe Mode. What do you want me to do?

BTW, I downloaded CF onto a flash drive from another computer and copied it to the infected computer desktop - FYI.


Share this post


Link to post
Share on other sites

Post #: 10   Posted

OK, I'm going to give you some instructions, because bed time is coming here.

Try to follow my Combofix instructions, starting at:

If, for some reason, Combofix refuses to run, try one of the following:

You didn't say, if you have Windows XP CD.

Also, because we may need to reset MBR at some point and this is Dell computer, I need to know, if the guy has any recovery CD.

In Dell's case, if you reset MBR, you won't be able to access recovery partition anymore.

In Windows XP, it's fixable, but it's a painful process.

I'll be up for another 15 minutes, so please answer my questions BEFORE trying Combofix.


Share this post


Link to post
Share on other sites

Post #: 11   Posted

Was just getting ready to run CF in Safe Mode - let me know if okay to do so.

I have XP disk but not for this computer.

I do not know if the owner has recovery disks...


Share this post


Link to post
Share on other sites

Post #: 12   Posted

OK. Hold on for a sec...


Share this post


Link to post
Share on other sites

Post #: 13   Posted

We won't be resetting MBR yet, so try to find out by tomorrow about that recovery CD.

Now go ahead with rKIll and Combofix from Safe Mode.

Let me know, as soon, as you find out, if it runs. That's all I need to know.

If it'll reviewing its log will happen tomorrow after work.


Share this post


Link to post
Share on other sites

Post #: 14   Posted

CF appears to be running...created new System Restore point anyway! No RKILL necessary at this point.

Go to bed, it's d/ling the Recovery Console so I think we have a go...

Scanning now...

Good night!


Share this post


Link to post
Share on other sites

Post #: 15   Posted

Good job :)

When it finishes, look at its log.

If at the beginning it'll say something about replacing VolSnap.sys file, it'll be a good sign.

Good night :)


Share this post


Link to post
Share on other sites

Post #: 16   Posted

The instance of CF that was running last night didn't complete - hung at stage 37...I let it run all night but computer was locked this AM.

Downloaded fresh copy of CF and ran in Safe Mode (couldn't get CF or any version of RKill to run in Normal Mode)

CF Log

ComboFix 11-05-22.02 - Patti Orchowski 05/23/2011 10:38:43.2.2 - x86 MINIMAL

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.958.772 [GMT -5:00]

Running from: c:\documents and settings\Patti Orchowski\Desktop\ComboFix.exe

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Patti Orchowski\WINDOWS

c:\windows\system32\config\odetmngk

.

Infected copy of c:\windows\system32\wuauclt.exe was found and disinfected

Restored copy from - c:\windows\system32\dllcache\wuauclt.exe

.

.

((((((((((((((((((((((((( Files Created from 2011-04-23 to 2011-05-23 )))))))))))))))))))))))))))))))

.

.

2011-05-23 15:34 . 2011-05-23 15:36 -------- d-----w- C:\32788R22FWJFW.0.tmp

2011-05-23 15:17 . 2008-04-14 00:11 21504 ----a-w- c:\windows\system32\drivers\hidserv.dll

2011-05-23 01:53 . 2011-05-23 01:54 -------- d-----w- c:\documents and settings\Administrator

2011-05-22 23:51 . 2011-05-23 05:20 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software

2011-05-22 23:51 . 2011-05-22 23:51 -------- d-----w- c:\program files\AVAST Software

2011-05-22 23:48 . 2011-05-22 23:48 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee

2011-05-22 23:06 . 2011-05-22 23:06 54016 ----a-w- c:\windows\system32\drivers\imsl.sys

2011-05-22 22:57 . 2011-05-22 22:57 -------- d-----w- c:\documents and settings\Patti Orchowski\Application Data\Malwarebytes

2011-05-22 22:57 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-22 22:57 . 2011-05-22 22:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2011-05-22 22:56 . 2011-05-22 22:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-05-22 22:34 . 2011-05-22 22:34 -------- d-----w- c:\documents and settings\Patti Orchowski\Application Data\SUPERAntiSpyware.com

2011-05-22 22:34 . 2011-05-22 22:34 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2011-05-22 22:11 . 2008-04-14 00:11 21504 ----a-w- c:\windows\system32\hidserv.dll

2011-05-22 22:11 . 2008-04-14 00:11 21504 ----a-w- c:\windows\system32\dllcache\hidserv.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-03-07 05:33 . 2004-08-10 18:02 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-03-04 06:37 . 2004-08-10 17:51 420864 ----a-w- c:\windows\system32\vbscript.dll

2011-03-03 13:21 . 2004-08-10 17:51 1857920 ----a-w- c:\windows\system32\win32k.sys

2011-02-22 23:06 . 2004-08-10 17:51 916480 ----a-w- c:\windows\system32\wininet.dll

2011-02-22 23:06 . 2004-08-10 17:51 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-02-22 23:06 . 2004-08-10 17:51 1469440 ------w- c:\windows\system32\inetcpl.cpl

2010-09-03 14:36 . 2007-10-02 02:13 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-08-29 395776]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-23 68856]

"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2008-02-22 95536]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-23 7630848]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-23 86016]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-10 148888]

"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]

"SigmatelSysTrayApp"="stsystra.exe" [2006-08-15 282624]

"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]

"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-09-03 30192]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-12-08 282624]

"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" [2008-02-22 54576]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [N/A]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

.

S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\PATTIO~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS --> c:\docume~1\PATTIO~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [?]

S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\PATTIO~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS --> c:\docume~1\PATTIO~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS [?]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/5/2010 8:40 PM 135664]

S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [5/10/2007 10:42 AM 30192]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/5/2010 8:40 PM 135664]

S3 ZG760_XP;ZyXEL 802.11g XG762 1211 Driver;c:\windows\system32\drivers\WlanGZXP.sys [6/24/2010 11:46 AM 519168]

.

Contents of the 'Scheduled Tasks' folder

.

2011-05-23 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-06-23 23:14]

.

2011-05-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 01:40]

.

2011-05-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 01:40]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yahoo.com/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html

LSP: mswsock.dll

FF - ProfilePath - c:\documents and settings\Patti Orchowski\Application Data\Mozilla\Firefox\Profiles\3wa5gux2.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

FF - Ext: Garmin Communicator: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E} - %profile%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}

FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\documents and settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c}

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

.

- - - - ORPHANS REMOVED - - - -

.

HKCU-Run-ieswqMPFEaliD - c:\documents and settings\All Users\Application Data\ieswqMPFEaliD.exe

HKCU-Run-Malware Protection - c:\documents and settings\All Users\Application Data\defender.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-05-23 10:45

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(2144)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\nvsvc32.exe

c:\windows\system32\wscntfy.exe

c:\windows\system32\RUNDLL32.EXE

c:\windows\stsystra.exe

.

**************************************************************************

.

Completion time: 2011-05-23 10:52:34 - machine was rebooted

ComboFix-quarantined-files.txt 2011-05-23 15:52

.

Pre-Run: 57,063,178,240 bytes free

Post-Run: 56,445,870,080 bytes free

.

- - End Of File - - 0C1C7493E645919B6FDCF28470ECD404


Share this post


Link to post
Share on other sites

Post #: 17   Posted

Owner (neighbor) does not have recovery disks but does not care about the recovery partition, i.e., it's ok to wipe out the Dell partition...


Share this post


Link to post
Share on other sites

Post #: 18   Posted

MBAM ran in normal mode; all it found was those three System Restore points...

TDSS still won't run...

Computer now shuts down and re-starts properly...

MBAM Log

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6644

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

5/23/2011 1:43:04 PM

mbam-log-2011-05-23 (13-43-04).txt

Scan type: Full scan (C:\|)

Objects scanned: 215830

Time elapsed: 22 minute(s), 2 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 3

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\system volume information\_restore{202550a8-7a33-4bca-9586-051d24ddbf8f}\RP715\A0064989.exe (Rogue.Installer.Gen) -> Quarantined and deleted successfully.

c:\system volume information\_restore{202550a8-7a33-4bca-9586-051d24ddbf8f}\RP715\A0067019.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully.

c:\system volume information\_restore{202550a8-7a33-4bca-9586-051d24ddbf8f}\RP715\A0067061.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully.


Share this post


Link to post
Share on other sites

Post #: 19   Posted

Just got home.

I'm pretty sure, we still have an issue with rootkited VolSnap.sys file.

Re-run RKUnhooker to make sure. Post the log.

Also, let's see, if we have any healthy copy of that file....

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Use the following settings:

  • Check Scan All Users.
  • For Processes choose none.
  • For Modules choose none.
  • For Services choose none.
  • For Drivers choose none.
  • For Standard Registry choose none.
  • For Extra Registry choose none.
  • For Files Created Within choose none.
  • For Files Modified Within choose none.
  • Under Custom Scans/Fixes paste:

/md5start
VolSnap.sys
/md5stop[/code]

  • Finally hit [b]Run Scan[/b] and wait for the log to open.
  • Please post the content of the log into your next reply.


Share this post


Link to post
Share on other sites

Post #: 20   Posted

I'm pretty sure, we still have an issue with rootkited VolSnap.sys file.

Yep - I haven't connected it back to the internet yet...

RK Log

RkU Version: 3.8.388.590, Type LE (SR2)

==============================================

OS Name: Windows XP

Version 5.1.2600 (Service Pack 3)

Number of processors #2

==============================================

>Drivers

==============================================

0xBF012000 C:\WINDOWS\System32\nv4_disp.dll 4497408 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 91.48 )

0xF6D5C000 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 3960832 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 91.48 )

0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2154496 bytes (Microsoft Corporation, NT Kernel & System)

0x804D7000 PnpManager 2154496 bytes

0x804D7000 RAW 2154496 bytes

0x804D7000 WMIxWDM 2154496 bytes

0xBF800000 Win32k 1859584 bytes

0xBF800000 C:\WINDOWS\System32\win32k.sys 1859584 bytes (Microsoft Corporation, Multi-User Win32 Driver)

0xF5DF0000 C:\WINDOWS\system32\drivers\sthda.sys 1126400 bytes (SigmaTel, Inc., NDRC)

0xF71DA000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)

0xF14AC000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys 503808 bytes (Microsoft Corporation, WDF Dynamic)

0xF2A18000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)

0xF6C53000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)

0xF2B2D000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)

0xB9C47000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)

0xB956B000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)

0xF7358000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)

0xB9CEF000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)

0xF71AD000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)

0xB9090000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)

0xF2A88000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)

0xF6CD9000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)

0xF2B05000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)

0xF5DCC000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))

0xF6D24000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)

0xF6D01000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)

0xF2AE3000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)

0x806E5000 ACPI_HAL 134400 bytes

0x806E5000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)

0xF72A6000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)

0xF7328000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)

0xF7193000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)

0xF72C6000 nvata.sys 106496 bytes (NVIDIA Corporation, NVIDIA® nForce IDE Performance Driver)

0xF72FA000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)

0xBA5D2000 C:\WINDOWS\System32\DLA\DLAUDFAM.SYS 98304 bytes (Sonic Solutions, Drive Letter Access Component)

0xF7267000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)

0xF6CC2000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))

0xBA5EA000 C:\WINDOWS\System32\DLA\DLAIFS_M.SYS 90112 bytes (Sonic Solutions, Drive Letter Access Component)

0xBA5BC000 C:\WINDOWS\System32\DLA\DLAUDF_M.SYS 90112 bytes (Sonic Solutions, Drive Letter Access Component)

0xF727E000 DRVMCDB.SYS 90112 bytes (Sonic Solutions, Device Driver)

0xB9A02000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)

0xF6D48000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)

0xF2B86000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)

0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)

0xF7294000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)

0xF7347000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)

0xF6CB1000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)

0xF75C7000 C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys 65536 bytes (Broadcom Corporation, Broadcom Corporation NDIS 5.1 ethernet driver)

0xEF1DA000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)

0xF75A7000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)

0xF7507000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)

0xF75B7000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)

0xB9AAF000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)

0xF6B9A000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)

0xF63B5000 4153370580 57344 bytes

0xF63B5000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 57344 bytes

0xF74A7000 C:\WINDOWS\system32\drivers\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)

0xF75D7000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)

0xF74B7000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)

0xF76C7000 C:\WINDOWS\system32\DRIVERS\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)

0xF75F7000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)

0xF6385000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)

0xF7597000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)

0xF7497000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)

0xF75E7000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)

0xF2459000 C:\WINDOWS\System32\Drivers\DRVNDDM.SYS 40960 bytes (Sonic Solutions, Device Driver Manager)

0xF7487000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)

0xF7517000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)

0xF7617000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)

0xF74C7000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)

0xF76A7000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)

0xF7607000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)

0xF63A5000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)

0xF7637000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)

0xF7587000 C:\WINDOWS\system32\DRIVERS\processr.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)

0xF74D7000 PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)

0xF7657000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)

0xF7867000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)

0xF780F000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)

0xF773F000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)

0xF778F000 C:\WINDOWS\System32\DLA\DLABOIOM.SYS 28672 bytes (Sonic Solutions, Drive Letter Access Component)

0xF784F000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)

0xF788F000 C:\WINDOWS\system32\DRIVERS\NuidFltr.sys 28672 bytes (Microsoft Corporation, Filter Driver for Microsoft Hardware HID Non-User Input Data)

0xF7707000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)

0xF7847000 C:\WINDOWS\System32\Drivers\DLARTL_N.SYS 24576 bytes (Sonic Solutions, Shared Driver Component)

0xF775F000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)

0xF7767000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)

0xF7857000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)

0xF7837000 C:\WINDOWS\system32\ZDCNDIS5.sys 24576 bytes (ZDC., Inc. (ZDC), ZDC NDIS 5.0 SPR Protocol Driver)

0xF785F000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)

0xF770F000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)

0xF774F000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)

0xF7757000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)

0xF7747000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)

0xF7737000 C:\WINDOWS\system32\DRIVERS\usbohci.sys 20480 bytes (Microsoft Corporation, OHCI USB Miniport Driver)

0xEF036000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)

0xF1057000 C:\WINDOWS\System32\DLA\DLAOPIOM.SYS 16384 bytes (Sonic Solutions, Drive Letter Access Component)

0xF105F000 C:\WINDOWS\system32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID Mouse Filter Driver)

0xF714F000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)

0xF364A000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)

0xF7897000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)

0xF7963000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)

0xF63D9000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)

0xF797B000 C:\WINDOWS\System32\Drivers\i2omgmt.SYS 12288 bytes (Microsoft Corporation, I2O Utility Filter)

0xF63D5000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)

0xF7157000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)

0xF716F000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)

0xF7A09000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)

0xF79BB000 C:\WINDOWS\System32\Drivers\DLACDBHM.SYS 8192 bytes (Sonic Solutions, Shared Driver Component)

0xF79A1000 C:\WINDOWS\System32\DLA\DLAPoolM.SYS 8192 bytes (Sonic Solutions, Drive Letter Access Component)

0xF7997000 C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys 8192 bytes (GTek Technologies Ltd., Process Trigger Driver)

0xF7A07000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)

0xF7987000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)

0xF7A0B000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)

0xF7A0D000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)

0xF79BD000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)

0xF79FF000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)

0xF7989000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)

0xF7A9F000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)

0xF7A9C000 C:\WINDOWS\System32\DLA\DLADResN.SYS 4096 bytes (Sonic Solutions, Drive Letter Access Component)

0xF7B66000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)

0xF7B96000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)

0xF7A4F000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)

==============================================

>Stealth

==============================================

0x85F12A91 Unknown page with executable code, 1391 bytes

0x85F15F14 Unknown page with executable code, 236 bytes

0x85F11288 Unknown page with executable code, 3448 bytes

0x85F13191 Unknown page with executable code, 3695 bytes

0x85F1602C Unknown page with executable code, 4052 bytes

0xF74B7000 WARNING: Virus alike driver modification [VolSnap.sys], 53248 bytes

0x85F14DC6 Unknown page with executable code, 570 bytes

0x85F15E7A Unknown thread object [ ETHREAD 0x85EEC4E8 ] TID: 140, 600 bytes

0x85F18008 Unknown thread object [ ETHREAD 0x85EEC270 ] TID: 144, 600 bytes

0x85F170DE Unknown thread object [ ETHREAD 0x85FBA020 ] , 600 bytes

0x85F15B45 Unknown thread object [ ETHREAD 0x85FBAAA0 ] , 600 bytes

0x85F17CDC Unknown page with executable code, 804 bytes

OTL Log

OTL logfile created on: 5/23/2011 6:34:37 PM - Run 1

OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Patti Orchowski\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.42 Mb Total Physical Memory | 687.96 Mb Available Physical Memory | 71.78% Memory free

2.26 Gb Paging File | 2.11 Gb Available in Paging File | 93.16% Paging File free

Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 71.46 Gb Total Space | 52.57 Gb Free Space | 73.58% Space Free | Partition Type: NTFS

Drive E: | 7.45 Gb Total Space | 6.24 Gb Free Space | 83.72% Space Free | Partition Type: FAT32

Computer Name: DESKTOP | User Name: Patti Orchowski | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Custom Scans ==========

< MD5 for: VOLSNAP.SYS >

[2008/04/13 13:41:01 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\ServicePackFiles\i386\volsnap.sys

[2004/08/04 05:00:00 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=EE4660083DEBA849FF6C485D944B379B -- C:\i386\volsnap.sys

[2004/08/04 05:00:00 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=EE4660083DEBA849FF6C485D944B379B -- C:\WINDOWS\$NtServicePackUninstall$\volsnap.sys

[2008/04/13 13:41:01 | 000,052,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\volsnap.sys

< End of report >


Share this post


Link to post
Share on other sites

Post #: 21   Posted

Very good.

We have some healthy copies.

Restart computer

When you reboot you will see an option to boot into the Recovery Console or the normal Windows installation.

You have to use the up/down arrows to choose the Recovery Console. Then press Enter but you only have 2 seconds by default.

(If you find this hard to do then you can go into Control Panel, System, Advanced, Startup and Recovery, Settings. Where it says Time to Display List of Operating Systems, change it to 10 or more seconds. OK Then reboot.)

You must enter which Windows installation to log onto. Type 1 and press enter.

It will then prompt you for the Administrator's password. If there is no password, simply press Enter.

You should get a black screen with a C:\>Windows prompt.

xp_src_console.gif

Type the bolded text below and press Enter:

copy C:\WINDOWS\ServicePackFiles\i386\volsnap.sys C:\WINDOWS\system32\drivers\volsnap.sys (<---- watch for "spaces")

(If it asks you if you are sure then say "Y".)

Reboot computer.

Post new RKUnhooker log.


Share this post


Link to post
Share on other sites

Post #: 22   Posted

RK Log

RkU Version: 3.8.388.590, Type LE (SR2)

==============================================

OS Name: Windows XP

Version 5.1.2600 (Service Pack 3)

Number of processors #2

==============================================

>Drivers

==============================================

0xBF012000 C:\WINDOWS\System32\nv4_disp.dll 4497408 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 91.48 )

0xF6B0C000 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 3960832 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 91.48 )

0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2154496 bytes (Microsoft Corporation, NT Kernel & System)

0x804D7000 PnpManager 2154496 bytes

0x804D7000 RAW 2154496 bytes

0x804D7000 WMIxWDM 2154496 bytes

0xBF800000 Win32k 1859584 bytes

0xBF800000 C:\WINDOWS\System32\win32k.sys 1859584 bytes (Microsoft Corporation, Multi-User Win32 Driver)

0xF644D000 C:\WINDOWS\system32\drivers\sthda.sys 1126400 bytes (SigmaTel, Inc., NDRC)

0xF71DA000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)

0xF3810000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys 503808 bytes (Microsoft Corporation, WDF Dynamic)

0xF388B000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)

0xF6A03000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)

0xF3970000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)

0xB9977000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)

0xB92EB000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)

0xF7358000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)

0xB9A47000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)

0xF71AD000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)

0xF38FB000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)

0xF6A89000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)

0xF3948000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)

0xF6429000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))

0xF6AD4000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)

0xF6AB1000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)

0xF3926000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)

0x806E5000 ACPI_HAL 134400 bytes

0x806E5000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)

0xF72A6000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)

0xF7328000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)

0xF7193000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)

0xF72C6000 nvata.sys 106496 bytes (NVIDIA Corporation, NVIDIA® nForce IDE Performance Driver)

0xF72FA000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)

0xBA532000 C:\WINDOWS\System32\DLA\DLAUDFAM.SYS 98304 bytes (Sonic Solutions, Drive Letter Access Component)

0xF7267000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)

0xF6A72000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))

0xBA54A000 C:\WINDOWS\System32\DLA\DLAIFS_M.SYS 90112 bytes (Sonic Solutions, Drive Letter Access Component)

0xBA51C000 C:\WINDOWS\System32\DLA\DLAUDF_M.SYS 90112 bytes (Sonic Solutions, Drive Letter Access Component)

0xF727E000 DRVMCDB.SYS 90112 bytes (Sonic Solutions, Device Driver)

0xB96BA000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)

0xF6AF8000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)

0xF39C9000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)

0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)

0xF7294000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)

0xF7347000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)

0xF6A61000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)

0xF7687000 C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys 65536 bytes (Broadcom Corporation, Broadcom Corporation NDIS 5.1 ethernet driver)

0xF75A7000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)

0xF7667000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)

0xF76E7000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)

0xF7677000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)

0xB9A94000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)

0xF7507000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)

0xF7527000 4153354196 57344 bytes

0xF7527000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 57344 bytes

0xF74A7000 C:\WINDOWS\system32\drivers\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)

0xF7697000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)

0xF74B7000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)

0xF7577000 C:\WINDOWS\system32\DRIVERS\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)

0xF76B7000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)

0xF7557000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)

0xF7657000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)

0xF7497000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)

0xF76A7000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)

0xF3A99000 C:\WINDOWS\System32\Drivers\DRVNDDM.SYS 40960 bytes (Sonic Solutions, Device Driver Manager)

0xF7487000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)

0xF76F7000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)

0xF76D7000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)

0xF74C7000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)

0xF7567000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)

0xF76C7000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)

0xF7537000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)

0xB98E7000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)

0xF7647000 C:\WINDOWS\system32\DRIVERS\processr.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)

0xF74D7000 PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)

0xF7597000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)

0xF7737000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)

0xF773F000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)

0xF7847000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)

0xF7767000 C:\WINDOWS\System32\DLA\DLABOIOM.SYS 28672 bytes (Sonic Solutions, Drive Letter Access Component)

0xF788F000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)

0xF7747000 C:\WINDOWS\system32\DRIVERS\NuidFltr.sys 28672 bytes (Microsoft Corporation, Filter Driver for Microsoft Hardware HID Non-User Input Data)

0xF7707000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)

0xF7887000 C:\WINDOWS\System32\Drivers\DLARTL_N.SYS 24576 bytes (Sonic Solutions, Shared Driver Component)

0xF7867000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)

0xF786F000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)

0xF771F000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)

0xF7777000 C:\WINDOWS\system32\ZDCNDIS5.sys 24576 bytes (ZDC., Inc. (ZDC), ZDC NDIS 5.0 SPR Protocol Driver)

0xF772F000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)

0xF770F000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)

0xF7857000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)

0xF785F000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)

0xF784F000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)

0xF783F000 C:\WINDOWS\system32\DRIVERS\usbohci.sys 20480 bytes (Microsoft Corporation, OHCI USB Miniport Driver)

0xF774F000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)

0xBA5EC000 C:\WINDOWS\System32\DLA\DLAOPIOM.SYS 16384 bytes (Sonic Solutions, Drive Letter Access Component)

0xF6EE7000 C:\WINDOWS\system32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID Mouse Filter Driver)

0xF796B000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)

0xBA594000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)

0xF7897000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)

0xF7937000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)

0xF6EF3000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)

0xF7167000 C:\WINDOWS\System32\Drivers\i2omgmt.SYS 12288 bytes (Microsoft Corporation, I2O Utility Filter)

0xF6EEF000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)

0xF795F000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)

0xF715F000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)

0xF79BF000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)

0xF79A9000 C:\WINDOWS\System32\Drivers\DLACDBHM.SYS 8192 bytes (Sonic Solutions, Shared Driver Component)

0xF79CB000 C:\WINDOWS\System32\DLA\DLAPoolM.SYS 8192 bytes (Sonic Solutions, Drive Letter Access Component)

0xF7A19000 C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys 8192 bytes (GTek Technologies Ltd., Process Trigger Driver)

0xF79BD000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)

0xF7987000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)

0xF79C1000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)

0xF79C3000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)

0xF79AB000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)

0xF79B5000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)

0xF7989000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)

0xF7BCF000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)

0xF7B27000 C:\WINDOWS\System32\DLA\DLADResN.SYS 4096 bytes (Sonic Solutions, Drive Letter Access Component)

0xF7ABE000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)

0xF7B88000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)

0xF7A4F000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)

==============================================

>Stealth

==============================================


Share this post


Link to post
Share on other sites

Post #: 23   Posted

Perfect!

See, if TDSSKiller will run now.


Share this post


Link to post
Share on other sites

Post #: 24   Posted

We have liftoff...

2011/05/23 20:07:36.0906 2644 TDSS rootkit removing tool 2.5.1.0 May 13 2011 13:20:29

2011/05/23 20:07:36.0921 2644 ================================================================================

2011/05/23 20:07:36.0921 2644 SystemInfo:

2011/05/23 20:07:36.0921 2644

2011/05/23 20:07:36.0921 2644 OS Version: 5.1.2600 ServicePack: 3.0

2011/05/23 20:07:36.0921 2644 Product type: Workstation

2011/05/23 20:07:36.0921 2644 ComputerName: DESKTOP

2011/05/23 20:07:36.0921 2644 UserName: Patti Orchowski

2011/05/23 20:07:36.0921 2644 Windows directory: C:\WINDOWS

2011/05/23 20:07:36.0921 2644 System windows directory: C:\WINDOWS

2011/05/23 20:07:36.0921 2644 Processor architecture: Intel x86

2011/05/23 20:07:36.0921 2644 Number of processors: 2

2011/05/23 20:07:36.0921 2644 Page size: 0x1000

2011/05/23 20:07:36.0921 2644 Boot type: Normal boot

2011/05/23 20:07:36.0921 2644 ================================================================================

2011/05/23 20:07:37.0218 2644 Initialize success

2011/05/23 20:07:42.0671 2660 ================================================================================

2011/05/23 20:07:42.0671 2660 Scan started

2011/05/23 20:07:42.0671 2660 Mode: Manual;

2011/05/23 20:07:42.0671 2660 ================================================================================

2011/05/23 20:07:42.0968 2660 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

2011/05/23 20:07:43.0046 2660 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/05/23 20:07:43.0093 2660 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

2011/05/23 20:07:43.0140 2660 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

2011/05/23 20:07:43.0203 2660 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2011/05/23 20:07:43.0265 2660 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys

2011/05/23 20:07:43.0328 2660 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

2011/05/23 20:07:43.0375 2660 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

2011/05/23 20:07:43.0406 2660 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

2011/05/23 20:07:43.0453 2660 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

2011/05/23 20:07:43.0484 2660 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

2011/05/23 20:07:43.0531 2660 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

2011/05/23 20:07:43.0546 2660 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys

2011/05/23 20:07:43.0578 2660 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys

2011/05/23 20:07:43.0593 2660 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

2011/05/23 20:07:43.0640 2660 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

2011/05/23 20:07:43.0656 2660 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

2011/05/23 20:07:43.0671 2660 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

2011/05/23 20:07:43.0734 2660 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/05/23 20:07:43.0765 2660 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2011/05/23 20:07:43.0921 2660 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/05/23 20:07:44.0031 2660 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2011/05/23 20:07:44.0109 2660 bcm4sbxp (78e7b52da292fa90bad2f887bbf22159) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys

2011/05/23 20:07:44.0187 2660 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2011/05/23 20:07:44.0218 2660 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

2011/05/23 20:07:44.0234 2660 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2011/05/23 20:07:44.0265 2660 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

2011/05/23 20:07:44.0281 2660 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2011/05/23 20:07:44.0312 2660 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2011/05/23 20:07:44.0359 2660 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/05/23 20:07:44.0421 2660 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys

2011/05/23 20:07:44.0453 2660 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

2011/05/23 20:07:44.0484 2660 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

2011/05/23 20:07:44.0515 2660 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

2011/05/23 20:07:44.0546 2660 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2011/05/23 20:07:44.0609 2660 DLABOIOM (e2d0de31442390c35e3163c87cb6a9eb) C:\WINDOWS\system32\DLA\DLABOIOM.SYS

2011/05/23 20:07:44.0625 2660 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS

2011/05/23 20:07:44.0640 2660 DLADResN (83545593e297f50a8e2524b4c071a153) C:\WINDOWS\system32\DLA\DLADResN.SYS

2011/05/23 20:07:44.0656 2660 DLAIFS_M (96e01d901cdc98c7817155cc057001bf) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS

2011/05/23 20:07:44.0671 2660 DLAOPIOM (0a60a39cc5e767980a31ca5d7238dfa9) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS

2011/05/23 20:07:44.0687 2660 DLAPoolM (9fe2b72558fc808357f427fd83314375) C:\WINDOWS\system32\DLA\DLAPoolM.SYS

2011/05/23 20:07:44.0703 2660 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS

2011/05/23 20:07:44.0718 2660 DLAUDFAM (f08e1dafac457893399e03430a6a1397) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS

2011/05/23 20:07:44.0734 2660 DLAUDF_M (e7d105ed1e694449d444a9933df8e060) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS

2011/05/23 20:07:44.0796 2660 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2011/05/23 20:07:44.0859 2660 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2011/05/23 20:07:44.0890 2660 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2011/05/23 20:07:44.0953 2660 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2011/05/23 20:07:45.0031 2660 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

2011/05/23 20:07:45.0062 2660 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2011/05/23 20:07:45.0093 2660 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS

2011/05/23 20:07:45.0109 2660 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS

2011/05/23 20:07:45.0296 2660 DSproct (2ac2372ffad9adc85672cc8e8ae14be9) C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys

2011/05/23 20:07:45.0406 2660 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys

2011/05/23 20:07:45.0484 2660 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2011/05/23 20:07:45.0593 2660 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

2011/05/23 20:07:45.0703 2660 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2011/05/23 20:07:45.0734 2660 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

2011/05/23 20:07:45.0765 2660 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2011/05/23 20:07:45.0812 2660 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/05/23 20:07:45.0843 2660 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/05/23 20:07:45.0890 2660 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/05/23 20:07:45.0968 2660 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2011/05/23 20:07:46.0015 2660 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2011/05/23 20:07:46.0062 2660 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

2011/05/23 20:07:46.0125 2660 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2011/05/23 20:07:46.0156 2660 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

2011/05/23 20:07:46.0203 2660 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys

2011/05/23 20:07:46.0234 2660 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2011/05/23 20:07:46.0265 2660 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2011/05/23 20:07:46.0328 2660 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

2011/05/23 20:07:46.0343 2660 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

2011/05/23 20:07:46.0390 2660 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2011/05/23 20:07:46.0437 2660 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2011/05/23 20:07:46.0453 2660 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/05/23 20:07:46.0500 2660 IpNat (030e7ce8d1053f15a8c04f0b8d0cd4cb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/05/23 20:07:46.0531 2660 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/05/23 20:07:46.0562 2660 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2011/05/23 20:07:46.0687 2660 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/05/23 20:07:46.0703 2660 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/05/23 20:07:46.0781 2660 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

2011/05/23 20:07:46.0812 2660 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2011/05/23 20:07:46.0843 2660 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2011/05/23 20:07:46.0906 2660 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2011/05/23 20:07:46.0937 2660 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2011/05/23 20:07:46.0953 2660 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/05/23 20:07:47.0000 2660 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2011/05/23 20:07:47.0031 2660 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2011/05/23 20:07:47.0078 2660 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

2011/05/23 20:07:47.0140 2660 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/05/23 20:07:47.0218 2660 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/05/23 20:07:47.0265 2660 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2011/05/23 20:07:47.0328 2660 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/05/23 20:07:47.0343 2660 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/05/23 20:07:47.0390 2660 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2011/05/23 20:07:47.0453 2660 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/05/23 20:07:47.0453 2660 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

2011/05/23 20:07:47.0531 2660 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2011/05/23 20:07:47.0562 2660 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/05/23 20:07:47.0578 2660 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/05/23 20:07:47.0593 2660 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/05/23 20:07:47.0656 2660 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

2011/05/23 20:07:47.0671 2660 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2011/05/23 20:07:47.0703 2660 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2011/05/23 20:07:47.0734 2660 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2011/05/23 20:07:47.0765 2660 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2011/05/23 20:07:47.0937 2660 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys

2011/05/23 20:07:48.0031 2660 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2011/05/23 20:07:48.0250 2660 nv (15a6306a0b958bf60f09688d0ee70479) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

2011/05/23 20:07:48.0406 2660 nvata (ef9941593b2e9b436f64a87ddb570d1a) C:\WINDOWS\system32\drivers\nvata.sys

2011/05/23 20:07:48.0421 2660 nvatabus (75562456aa672bb5fe56d3c64c6d1c7d) C:\WINDOWS\system32\drivers\nvatabus.sys

2011/05/23 20:07:48.0437 2660 nvraid (1d4781a5957300dc81b91161b45704bb) C:\WINDOWS\system32\drivers\nvraid.sys

2011/05/23 20:07:48.0484 2660 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2011/05/23 20:07:48.0515 2660 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2011/05/23 20:07:48.0578 2660 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

2011/05/23 20:07:48.0593 2660 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2011/05/23 20:07:48.0625 2660 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2011/05/23 20:07:48.0625 2660 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2011/05/23 20:07:48.0656 2660 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2011/05/23 20:07:48.0687 2660 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

2011/05/23 20:07:48.0765 2660 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

2011/05/23 20:07:48.0812 2660 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

2011/05/23 20:07:48.0890 2660 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/05/23 20:07:48.0906 2660 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

2011/05/23 20:07:48.0921 2660 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2011/05/23 20:07:48.0953 2660 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/05/23 20:07:49.0031 2660 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys

2011/05/23 20:07:49.0078 2660 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

2011/05/23 20:07:49.0109 2660 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

2011/05/23 20:07:49.0125 2660 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

2011/05/23 20:07:49.0218 2660 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

2011/05/23 20:07:49.0281 2660 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

2011/05/23 20:07:49.0421 2660 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/05/23 20:07:49.0453 2660 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/05/23 20:07:49.0484 2660 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/05/23 20:07:49.0546 2660 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2011/05/23 20:07:49.0609 2660 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/05/23 20:07:49.0625 2660 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/05/23 20:07:49.0671 2660 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2011/05/23 20:07:49.0718 2660 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2011/05/23 20:07:49.0750 2660 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2011/05/23 20:07:50.0062 2660 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/05/23 20:07:50.0109 2660 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

2011/05/23 20:07:50.0156 2660 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

2011/05/23 20:07:50.0171 2660 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2011/05/23 20:07:50.0250 2660 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys

2011/05/23 20:07:50.0296 2660 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

2011/05/23 20:07:50.0359 2660 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2011/05/23 20:07:50.0375 2660 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2011/05/23 20:07:50.0453 2660 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

2011/05/23 20:07:50.0578 2660 STHDA (8990440e4b2a7ca5a56a1833b03741fd) C:\WINDOWS\system32\drivers\sthda.sys

2011/05/23 20:07:50.0656 2660 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2011/05/23 20:07:50.0671 2660 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2011/05/23 20:07:50.0718 2660 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

2011/05/23 20:07:50.0750 2660 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

2011/05/23 20:07:50.0765 2660 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

2011/05/23 20:07:50.0875 2660 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

2011/05/23 20:07:50.0968 2660 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2011/05/23 20:07:51.0109 2660 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/05/23 20:07:51.0187 2660 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2011/05/23 20:07:51.0234 2660 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2011/05/23 20:07:51.0296 2660 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2011/05/23 20:07:51.0343 2660 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys

2011/05/23 20:07:51.0375 2660 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2011/05/23 20:07:51.0406 2660 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

2011/05/23 20:07:51.0484 2660 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2011/05/23 20:07:51.0562 2660 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2011/05/23 20:07:51.0625 2660 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2011/05/23 20:07:51.0687 2660 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/05/23 20:07:51.0750 2660 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys

2011/05/23 20:07:51.0812 2660 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2011/05/23 20:07:51.0828 2660 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/05/23 20:07:51.0875 2660 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2011/05/23 20:07:51.0921 2660 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2011/05/23 20:07:51.0984 2660 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys

2011/05/23 20:07:52.0000 2660 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

2011/05/23 20:07:52.0046 2660 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2011/05/23 20:07:52.0125 2660 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/05/23 20:07:52.0171 2660 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys

2011/05/23 20:07:52.0343 2660 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2011/05/23 20:07:52.0468 2660 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2011/05/23 20:07:52.0500 2660 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2011/05/23 20:07:52.0562 2660 ZDCNDIS5 (228ef1572ced753fe18409bb77123204) C:\WINDOWS\system32\ZDCNDIS5.sys

2011/05/23 20:07:52.0640 2660 ZG760_XP (a25a32a5b54b4c57d3d9da90024db37e) C:\WINDOWS\system32\DRIVERS\WlanGZXP.sys

2011/05/23 20:07:52.0703 2660 ================================================================================

2011/05/23 20:07:52.0703 2660 Scan finished

2011/05/23 20:07:52.0703 2660 ================================================================================


Share this post


Link to post
Share on other sites

Post #: 25   Posted

Very good :)

Give me fresh Combofix log, please.


Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.