Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootkit Worm?


  • Please log in to reply
20 replies to this topic

#1 Cactus John

Cactus John

  • Members
  • 131 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Rumney, NH
  • Local time:11:44 AM

Posted 22 March 2012 - 11:17 AM

It is amazing to me how Windows updater causes so many headaches! Did an update the other day, the computer restarted and when i came back, i no longer had internet access and Avast was going off about a virus/rootkit. Checked my logs on Avast and i have the Win32:Sirefef-PL [Rtk] which has about 7 system files in the chest since 2008!

So reading on other forums about how to fix this, and i came across the use of combofix,tds, and otl, i am a repair tech as a hobby, and i am uncomfortable running these programs.

Can not scan with Malwarebytes/Hijackthis as it closes out after i click scan.
Can not get the PC online because the rootkit corrupts the TCP/IP stack (can not repair until removed)
and the kicker Can not use CD-rom drive, which i traced back to the driver being corrupted by this issue.

Any help would be appreciated!

Also, quick question before we start, can i transfer this over to my laptop by using a flash drive to move files back and forth?

BC AdBot (Login to Remove)

 


#2 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:12:44 PM

Posted 22 March 2012 - 11:54 AM

Hi Cactus John,

:welcome: to Bleeping Computer.

My name is Jason and I'll be helping you with your computer problems. You can call me by my screename jntkwx or Jason is fine.

Some things to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please do not attach logs or put logs in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can also help.
  • Do not run anything while running a fix.
  • If you don't understand a step, please ask for clarification before continuing with any future steps.

Click on the Watch Topic button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Note to others: The instructions here are intended for the person who began this topic. If you need help, please create your own topic in the appropriate forum.

 

Yes, if you cannot get on the Internet on the infected computer, please copy any files asked for to a USB drive from a clean computer, and then run them on the infected computer. As a precaution, plug your USB drive into your clean computer, and use Panda USB Vaccine to prevent the malware from infecting your USB drive.

:step1: Download the latest version of TDSSKiller from here and save it to your USB drive, then copy it to the desktop of your infected computer. (If you've downloaded TDSSKiller before, please download a new version, as it is frequently updated.)

  • Doubleclick on TDSSKiller.exe to run the application. If you cannot get it to run, try renaming it. If that still does not work, reboot the computer into Safe Mode.
  • Click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure SKIP is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: Do not choose Cure or Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.As this infection is known to be bundled with the TDSS rootkit infection, you should also run a program that can be used to scan for this infection.

:step2: Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer Errors
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

:step3: Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


In your next reply, please include:
  • TDSSkiller log
  • MiniToolBox log
  • FSS log
  • How's the computer running now? Please be as descriptive as possible.

Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#3 Cactus John

Cactus John
  • Topic Starter

  • Members
  • 131 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Rumney, NH
  • Local time:11:44 AM

Posted 22 March 2012 - 01:08 PM

Firstly i must say that with all the posts around the web this week about this guy, i think windows should release something since, it was the update this week that brought this thing out of dormancy!

Pc is running great, didn't have any issues at all with it when it was online early this week, no redirects no slow speeds, nothing.
i have been gaming on it the last couple days and it runs just fine, the only issue is the tcp/ip socket is corrupt so no internet.


13:52:56.0687 1820 TDSS rootkit removing tool 2.7.22.0 Mar 21 2012 17:40:00
13:52:56.0734 1820 ============================================================
13:52:56.0734 1820 Current date / time: 2012/03/22 13:52:56.0734
13:52:56.0734 1820 SystemInfo:
13:52:56.0734 1820
13:52:56.0734 1820 OS Version: 5.1.2600 ServicePack: 3.0
13:52:56.0734 1820 Product type: Workstation
13:52:56.0734 1820 ComputerName: HROTHGAR
13:52:56.0734 1820 UserName: Cactus John
13:52:56.0734 1820 Windows directory: F:\WINDOWS
13:52:56.0734 1820 System windows directory: F:\WINDOWS
13:52:56.0734 1820 Processor architecture: Intel x86
13:52:56.0734 1820 Number of processors: 1
13:52:56.0734 1820 Page size: 0x1000
13:52:56.0734 1820 Boot type: Normal boot
13:52:56.0734 1820 ============================================================
13:52:57.0468 1820 Drive \Device\Harddisk0\DR0 - Size: 0x2E93E36000 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x5F01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
13:52:57.0500 1820 Drive \Device\Harddisk3\DR6 - Size: 0x7D00000 (0.12 Gb), SectorSize: 0x200, Cylinders: 0xF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
13:52:57.0500 1820 \Device\Harddisk0\DR0:
13:52:57.0500 1820 MBR used
13:52:57.0500 1820 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x17499EC1
13:52:57.0500 1820 \Device\Harddisk3\DR6:
13:52:57.0500 1820 MBR used
13:52:57.0500 1820 \Device\Harddisk3\DR6\Partition0: MBR, Type 0xB, StartLBA 0x20, BlocksNum 0x3E7DF
13:52:57.0531 1820 Initialize success
13:52:57.0531 1820 ============================================================
13:53:04.0546 3492 ============================================================
13:53:04.0546 3492 Scan started
13:53:04.0546 3492 Mode: Manual; SigCheck; TDLFS;
13:53:04.0546 3492 ============================================================
13:53:04.0703 3492 6to4 (c07d5197410aab28d0d93f943f59656d) F:\WINDOWS\System32\6to4svc.dll
13:53:05.0671 3492 6to4 - ok
13:53:05.0859 3492 Aavmker4 (473f97edc5a5312f3665ab2921196c0c) F:\WINDOWS\system32\drivers\Aavmker4.sys
13:53:05.0906 3492 Aavmker4 - ok
13:53:05.0984 3492 aawservice - ok
13:53:06.0000 3492 Abiosdsk - ok
13:53:06.0015 3492 abp480n5 - ok
13:53:06.0062 3492 ACPI (8fd99680a539792a30e97944fdaecf17) F:\WINDOWS\system32\DRIVERS\ACPI.sys
13:53:06.0734 3492 ACPI - ok
13:53:06.0859 3492 ACPIEC (9859c0f6936e723e4892d7141b1327d5) F:\WINDOWS\system32\drivers\ACPIEC.sys
13:53:07.0015 3492 ACPIEC - ok
13:53:07.0046 3492 adpu160m - ok
13:53:07.0093 3492 aec (8bed39e3c35d6a489438b8141717a557) F:\WINDOWS\system32\drivers\aec.sys
13:53:07.0218 3492 aec - ok
13:53:07.0265 3492 AFD (322d0e36693d6e24a2398bee62a268cd) F:\WINDOWS\System32\drivers\afd.sys
13:53:07.0390 3492 AFD - ok
13:53:07.0406 3492 Aha154x - ok
13:53:07.0437 3492 aic78u2 - ok
13:53:07.0453 3492 aic78xx - ok
13:53:07.0500 3492 Alerter (a9a3daa780ca6c9671a19d52456705b4) F:\WINDOWS\system32\alrsvc.dll
13:53:07.0625 3492 Alerter - ok
13:53:07.0656 3492 ALG (8c515081584a38aa007909cd02020b3d) F:\WINDOWS\System32\alg.exe
13:53:07.0750 3492 ALG - ok
13:53:07.0781 3492 AliIde - ok
13:53:07.0812 3492 AmdPPM (033448d435e65c4bd72e70521fd05c76) F:\WINDOWS\system32\DRIVERS\AmdPPM.sys
13:53:07.0859 3492 AmdPPM - ok
13:53:07.0875 3492 amsint - ok
13:53:07.0921 3492 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) F:\WINDOWS\System32\appmgmts.dll
13:53:08.0046 3492 AppMgmt - ok
13:53:08.0093 3492 Arp1394 (b5b8a80875c1dededa8b02765642c32f) F:\WINDOWS\system32\DRIVERS\arp1394.sys
13:53:08.0234 3492 Arp1394 - ok
13:53:08.0250 3492 asc - ok
13:53:08.0265 3492 asc3350p - ok
13:53:08.0281 3492 asc3550 - ok
13:53:08.0421 3492 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) F:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
13:53:08.0468 3492 aspnet_state - ok
13:53:08.0515 3492 aswFsBlk (0ae43c6c411254049279c2ee55630f95) F:\WINDOWS\system32\drivers\aswFsBlk.sys
13:53:08.0515 3492 aswFsBlk - ok
13:53:08.0562 3492 aswMon2 (8c30b7ddd2f1d8d138ebe40345af2b11) F:\WINDOWS\system32\drivers\aswMon2.sys
13:53:08.0578 3492 aswMon2 - ok
13:53:08.0609 3492 aswRdr (da12626fd9a67f4e917e2f2fbe1e1764) F:\WINDOWS\system32\drivers\aswRdr.sys
13:53:08.0609 3492 aswRdr - ok
13:53:08.0671 3492 aswSnx (dcb199b967375753b5019ec15f008f53) F:\WINDOWS\system32\drivers\aswSnx.sys
13:53:08.0718 3492 aswSnx - ok
13:53:08.0765 3492 aswSP (b32873e5a1443c0a1e322266e203bf10) F:\WINDOWS\system32\drivers\aswSP.sys
13:53:08.0781 3492 aswSP - ok
13:53:08.0828 3492 aswTdi (6ff544175a9180c5d88534d3d9c9a9f7) F:\WINDOWS\system32\drivers\aswTdi.sys
13:53:08.0843 3492 aswTdi - ok
13:53:08.0890 3492 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) F:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:53:09.0015 3492 AsyncMac - ok
13:53:09.0031 3492 atapi (9f3a2f5aa6875c72bf062c712cfa2674) F:\WINDOWS\system32\DRIVERS\atapi.sys
13:53:09.0187 3492 atapi - ok
13:53:09.0203 3492 Atdisk - ok
13:53:09.0234 3492 Atmarpc (9916c1225104ba14794209cfa8012159) F:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:53:09.0359 3492 Atmarpc - ok
13:53:09.0406 3492 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) F:\WINDOWS\System32\audiosrv.dll
13:53:09.0531 3492 AudioSrv - ok
13:53:09.0578 3492 audstub (d9f724aa26c010a217c97606b160ed68) F:\WINDOWS\system32\DRIVERS\audstub.sys
13:53:09.0687 3492 audstub - ok
13:53:09.0796 3492 avast! Antivirus (4041d31508a2a084dfb42c595854090f) F:\Program Files\AVAST Software\Avast\AvastSvc.exe
13:53:09.0796 3492 avast! Antivirus - ok
13:53:09.0859 3492 Beep (da1f27d85e0d1525f6621372e7b685e9) F:\WINDOWS\system32\drivers\Beep.sys
13:53:10.0000 3492 Beep - ok
13:53:10.0046 3492 BITS (574738f61fca2935f5265dc4e5691314) F:\WINDOWS\system32\qmgr.dll
13:53:10.0234 3492 BITS - ok
13:53:10.0281 3492 Browser (a06ce3399d16db864f55faeb1f1927a9) F:\WINDOWS\System32\browser.dll
13:53:10.0421 3492 Browser - ok
13:53:10.0531 3492 catchme - ok
13:53:10.0578 3492 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) F:\WINDOWS\system32\drivers\cbidf2k.sys
13:53:10.0703 3492 cbidf2k - ok
13:53:10.0718 3492 CCDECODE (0be5aef125be881c4f854c554f2b025c) F:\WINDOWS\system32\DRIVERS\CCDECODE.sys
13:53:10.0828 3492 CCDECODE - ok
13:53:10.0843 3492 cd20xrnt - ok
13:53:10.0890 3492 Cdaudio (c1b486a7658353d33a10cc15211a873b) F:\WINDOWS\system32\drivers\Cdaudio.sys
13:53:11.0031 3492 Cdaudio - ok
13:53:11.0062 3492 Cdfs (c885b02847f5d2fd45a24e219ed93b32) F:\WINDOWS\system32\drivers\Cdfs.sys
13:53:11.0187 3492 Cdfs - ok
13:53:11.0203 3492 Changer - ok
13:53:11.0250 3492 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) F:\WINDOWS\system32\cisvc.exe
13:53:11.0359 3492 CiSvc - ok
13:53:11.0375 3492 ClipSrv (34cbe729f38138217f9c80212a2a0c82) F:\WINDOWS\system32\clipsrv.exe
13:53:11.0484 3492 ClipSrv - ok
13:53:11.0593 3492 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) F:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:53:11.0687 3492 clr_optimization_v2.0.50727_32 - ok
13:53:11.0750 3492 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) F:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:53:11.0812 3492 clr_optimization_v4.0.30319_32 - ok
13:53:11.0859 3492 CmdIde - ok
13:53:11.0921 3492 Compbatt (6e4c9f21f0fae8940661144f41b13203) F:\WINDOWS\system32\DRIVERS\compbatt.sys
13:53:12.0031 3492 Compbatt - ok
13:53:12.0046 3492 COMSysApp - ok
13:53:12.0078 3492 Cpqarray - ok
13:53:12.0125 3492 CryptSvc (3d4e199942e29207970e04315d02ad3b) F:\WINDOWS\System32\cryptsvc.dll
13:53:12.0250 3492 CryptSvc - ok
13:53:12.0265 3492 dac2w2k - ok
13:53:12.0296 3492 dac960nt - ok
13:53:12.0359 3492 DcomLaunch (6b27a5c03dfb94b4245739065431322c) F:\WINDOWS\system32\rpcss.dll
13:53:12.0406 3492 DcomLaunch - ok
13:53:12.0437 3492 Dhcp (5e38d7684a49cacfb752b046357e0589) F:\WINDOWS\System32\dhcpcsvc.dll
13:53:12.0562 3492 Dhcp - ok
13:53:12.0578 3492 Disk (044452051f3e02e7963599fc8f4f3e25) F:\WINDOWS\system32\DRIVERS\disk.sys
13:53:12.0687 3492 Disk - ok
13:53:12.0703 3492 dmadmin - ok
13:53:12.0765 3492 dmboot (d992fe1274bde0f84ad826acae022a41) F:\WINDOWS\system32\drivers\dmboot.sys
13:53:12.0968 3492 dmboot - ok
13:53:13.0000 3492 dmio (7c824cf7bbde77d95c08005717a95f6f) F:\WINDOWS\system32\DRIVERS\dmio.sys
13:53:13.0140 3492 dmio - ok
13:53:13.0156 3492 dmload (e9317282a63ca4d188c0df5e09c6ac5f) F:\WINDOWS\system32\drivers\dmload.sys
13:53:13.0296 3492 dmload - ok
13:53:13.0343 3492 dmserver (57edec2e5f59f0335e92f35184bc8631) F:\WINDOWS\System32\dmserver.dll
13:53:13.0453 3492 dmserver - ok
13:53:13.0484 3492 DMusic (8a208dfcf89792a484e76c40e5f50b45) F:\WINDOWS\system32\drivers\DMusic.sys
13:53:13.0609 3492 DMusic - ok
13:53:13.0656 3492 Dnscache (5f7e24fa9eab896051ffb87f840730d2) F:\WINDOWS\System32\dnsrslvr.dll
13:53:13.0750 3492 Dnscache - ok
13:53:13.0796 3492 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) F:\WINDOWS\System32\dot3svc.dll
13:53:13.0937 3492 Dot3svc - ok
13:53:13.0968 3492 dpti2o - ok
13:53:13.0984 3492 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) F:\WINDOWS\system32\drivers\drmkaud.sys
13:53:14.0109 3492 drmkaud - ok
13:53:14.0140 3492 EapHost (2187855a7703adef0cef9ee4285182cc) F:\WINDOWS\System32\eapsvc.dll
13:53:14.0250 3492 EapHost - ok
13:53:14.0312 3492 ERSvc (bc93b4a066477954555966d77fec9ecb) F:\WINDOWS\System32\ersvc.dll
13:53:14.0421 3492 ERSvc - ok
13:53:14.0484 3492 Eventlog (65df52f5b8b6e9bbd183505225c37315) F:\WINDOWS\system32\services.exe
13:53:14.0531 3492 Eventlog - ok
13:53:14.0593 3492 EventSystem (d4991d98f2db73c60d042f1aef79efae) F:\WINDOWS\system32\es.dll
13:53:14.0640 3492 EventSystem - ok
13:53:14.0687 3492 Fastfat (38d332a6d56af32635675f132548343e) F:\WINDOWS\system32\drivers\Fastfat.sys
13:53:14.0828 3492 Fastfat - ok
13:53:14.0875 3492 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) F:\WINDOWS\System32\shsvcs.dll
13:53:14.0921 3492 FastUserSwitchingCompatibility - ok
13:53:14.0953 3492 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) F:\WINDOWS\system32\DRIVERS\fdc.sys
13:53:15.0078 3492 Fdc - ok
13:53:15.0109 3492 Fips (d45926117eb9fa946a6af572fbe1caa3) F:\WINDOWS\system32\drivers\Fips.sys
13:53:15.0234 3492 Fips - ok
13:53:15.0265 3492 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) F:\WINDOWS\system32\drivers\Flpydisk.sys
13:53:15.0390 3492 Flpydisk - ok
13:53:15.0421 3492 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) F:\WINDOWS\system32\drivers\fltmgr.sys
13:53:15.0546 3492 FltMgr - ok
13:53:15.0687 3492 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) f:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
13:53:15.0687 3492 FontCache3.0.0.0 - ok
13:53:15.0718 3492 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) F:\WINDOWS\system32\drivers\Fs_Rec.sys
13:53:15.0859 3492 Fs_Rec - ok
13:53:15.0875 3492 Ftdisk (6ac26732762483366c3969c9e4d2259d) F:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:53:16.0031 3492 Ftdisk - ok
13:53:16.0046 3492 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) F:\WINDOWS\system32\DRIVERS\msgpc.sys
13:53:16.0156 3492 Gpc - ok
13:53:16.0218 3492 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) F:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
13:53:16.0343 3492 helpsvc - ok
13:53:16.0375 3492 HidBatt (748031ff4fe45ccc47546294905feab8) F:\WINDOWS\system32\DRIVERS\HidBatt.sys
13:53:16.0484 3492 HidBatt - ok
13:53:16.0531 3492 HidServ (deb04da35cc871b6d309b77e1443c796) F:\WINDOWS\System32\hidserv.dll
13:53:16.0671 3492 HidServ - ok
13:53:16.0687 3492 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) F:\WINDOWS\system32\DRIVERS\hidusb.sys
13:53:16.0828 3492 HidUsb - ok
13:53:16.0843 3492 hkmsvc (8878bd685e490239777bfe51320b88e9) F:\WINDOWS\System32\kmsvc.dll
13:53:16.0984 3492 hkmsvc - ok
13:53:17.0000 3492 hpn - ok
13:53:17.0062 3492 HPZid412 (5faba4775d4c61e55ec669d643ffc71f) F:\WINDOWS\system32\DRIVERS\HPZid412.sys
13:53:17.0125 3492 HPZid412 - ok
13:53:17.0171 3492 HPZipr12 (a3c43980ee1f1beac778b44ea65dbdd4) F:\WINDOWS\system32\DRIVERS\HPZipr12.sys
13:53:17.0203 3492 HPZipr12 - ok
13:53:17.0234 3492 HPZius12 (2906949bd4e206f2bb0dd1896ce9f66f) F:\WINDOWS\system32\DRIVERS\HPZius12.sys
13:53:17.0281 3492 HPZius12 - ok
13:53:17.0343 3492 HTTP (f80a415ef82cd06ffaf0d971528ead38) F:\WINDOWS\system32\Drivers\HTTP.sys
13:53:17.0390 3492 HTTP - ok
13:53:17.0437 3492 HTTPFilter (6100a808600f44d999cebdef8841c7a3) F:\WINDOWS\System32\w3ssl.dll
13:53:17.0562 3492 HTTPFilter - ok
13:53:17.0578 3492 i2omgmt - ok
13:53:17.0593 3492 i2omp - ok
13:53:17.0656 3492 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) F:\WINDOWS\system32\DRIVERS\i8042prt.sys
13:53:17.0781 3492 i8042prt - ok
13:53:17.0906 3492 IDriverT (1cf03c69b49acb70c722df92755c0c8c) F:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
13:53:17.0921 3492 IDriverT ( UnsignedFile.Multi.Generic ) - warning
13:53:17.0921 3492 IDriverT - detected UnsignedFile.Multi.Generic (1)
13:53:18.0156 3492 idsvc (c01ac32dc5c03076cfb852cb5da5229c) f:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:53:18.0218 3492 idsvc - ok
13:53:18.0312 3492 Imapi (083a052659f5310dd8b6a6cb05edcf8e) F:\WINDOWS\system32\DRIVERS\imapi.sys
13:53:18.0421 3492 Imapi - ok
13:53:18.0484 3492 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) F:\WINDOWS\system32\imapi.exe
13:53:18.0609 3492 ImapiService - ok
13:53:18.0640 3492 ini910u - ok
13:53:18.0656 3492 IntelIde - ok
13:53:18.0687 3492 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) F:\WINDOWS\system32\drivers\ip6fw.sys
13:53:18.0796 3492 Ip6Fw - ok
13:53:18.0890 3492 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) F:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:53:19.0015 3492 IpFilterDriver - ok
13:53:19.0062 3492 IpInIp (b87ab476dcf76e72010632b5550955f5) F:\WINDOWS\system32\DRIVERS\ipinip.sys
13:53:19.0156 3492 IpInIp - ok
13:53:19.0187 3492 IpNat (cc748ea12c6effde940ee98098bf96bb) F:\WINDOWS\system32\DRIVERS\ipnat.sys
13:53:19.0312 3492 IpNat - ok
13:53:19.0359 3492 IPSec (23c74d75e36e7158768dd63d92789a91) F:\WINDOWS\system32\DRIVERS\ipsec.sys
13:53:19.0468 3492 IPSec - ok
13:53:19.0500 3492 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) F:\WINDOWS\system32\DRIVERS\irenum.sys
13:53:19.0609 3492 IRENUM - ok
13:53:19.0640 3492 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) F:\WINDOWS\system32\DRIVERS\isapnp.sys
13:53:19.0750 3492 isapnp - ok
13:53:19.0906 3492 JavaQuickStarterService (1834c96fb1f9280bcf6ddfa6de8338bf) F:\Program Files\Java\jre6\bin\jqs.exe
13:53:19.0937 3492 JavaQuickStarterService - ok
13:53:19.0968 3492 Kbdclass (463c1ec80cd17420a542b7f36a36f128) F:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:53:20.0093 3492 Kbdclass - ok
13:53:20.0140 3492 kbdhid (9ef487a186dea361aa06913a75b3fa99) F:\WINDOWS\system32\DRIVERS\kbdhid.sys
13:53:20.0265 3492 kbdhid - ok
13:53:20.0296 3492 kmixer (692bcf44383d056aed41b045a323d378) F:\WINDOWS\system32\drivers\kmixer.sys
13:53:20.0421 3492 kmixer - ok
13:53:20.0468 3492 KSecDD (b467646c54cc746128904e1654c750c1) F:\WINDOWS\system32\drivers\KSecDD.sys
13:53:20.0500 3492 KSecDD - ok
13:53:20.0546 3492 L8042Kbd (032b0247cabf54094ca7819d14e8036d) F:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
13:53:20.0593 3492 L8042Kbd - ok
13:53:20.0625 3492 L8042mou (4befd29994327e606c93cc82b208f771) F:\WINDOWS\system32\DRIVERS\L8042mou.Sys
13:53:20.0640 3492 L8042mou - ok
13:53:20.0687 3492 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) F:\WINDOWS\System32\srvsvc.dll
13:53:20.0734 3492 lanmanserver - ok
13:53:20.0796 3492 lanmanworkstation (a8888a5327621856c0cec4e385f69309) F:\WINDOWS\System32\wkssvc.dll
13:53:20.0828 3492 lanmanworkstation - ok
13:53:20.0843 3492 lbrtfdc - ok
13:53:20.0906 3492 LHidKe (5fbb5a009889c7374e4b6b3aecabce35) F:\WINDOWS\system32\DRIVERS\LHidKE.Sys
13:53:20.0906 3492 LHidKe - ok
13:53:20.0984 3492 LHidUsbK (a80261665e8b3ab3167a4593099f73c8) F:\WINDOWS\system32\Drivers\LHidUsbK.Sys
13:53:21.0031 3492 LHidUsbK - ok
13:53:21.0078 3492 LmHosts (a7db739ae99a796d91580147e919cc59) F:\WINDOWS\System32\lmhsvc.dll
13:53:21.0187 3492 LmHosts - ok
13:53:21.0250 3492 LMouKE (98e6dc123f52780a6b03cf9747cb1fc7) F:\WINDOWS\system32\DRIVERS\LMouKE.Sys
13:53:21.0265 3492 LMouKE - ok
13:53:21.0296 3492 LUsbKbd (4f8a248a8ee1d0add8bae9196a284fea) F:\WINDOWS\system32\Drivers\LUsbKbd.Sys
13:53:21.0328 3492 LUsbKbd - ok
13:53:21.0375 3492 LVUSBSta (90259f3a20fbaec1a08d74ef5415b9d8) F:\WINDOWS\system32\drivers\lvusbsta.sys
13:53:21.0421 3492 LVUSBSta - ok
13:53:21.0468 3492 LxrJD31d (3f6f7993ae46aded2db2886ed3080c80) F:\WINDOWS\system32\Drivers\LxrJD31d.sys
13:53:21.0468 3492 LxrJD31d ( UnsignedFile.Multi.Generic ) - warning
13:53:21.0468 3492 LxrJD31d - detected UnsignedFile.Multi.Generic (1)
13:53:21.0484 3492 LxrJD31s - ok
13:53:21.0531 3492 mbamchameleon (7ffd29fafcde7aaf89b689b6e156d5b0) F:\WINDOWS\system32\drivers\mbamchameleon.sys
13:53:21.0546 3492 mbamchameleon ( UnsignedFile.Multi.Generic ) - warning
13:53:21.0546 3492 mbamchameleon - detected UnsignedFile.Multi.Generic (1)
13:53:21.0578 3492 MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) F:\WINDOWS\system32\drivers\mbamswissarmy.sys
13:53:21.0593 3492 MBAMSwissArmy - ok
13:53:21.0640 3492 Messenger (986b1ff5814366d71e0ac5755c88f2d3) F:\WINDOWS\System32\msgsvc.dll
13:53:21.0750 3492 Messenger - ok
13:53:21.0796 3492 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) F:\WINDOWS\system32\drivers\mnmdd.sys
13:53:21.0921 3492 mnmdd - ok
13:53:21.0968 3492 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) F:\WINDOWS\system32\mnmsrvc.exe
13:53:22.0093 3492 mnmsrvc - ok
13:53:22.0140 3492 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) F:\WINDOWS\system32\drivers\Modem.sys
13:53:22.0250 3492 Modem - ok
13:53:22.0281 3492 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) F:\WINDOWS\system32\DRIVERS\mouclass.sys
13:53:22.0390 3492 Mouclass - ok
13:53:22.0437 3492 mouhid (b1c303e17fb9d46e87a98e4ba6769685) F:\WINDOWS\system32\DRIVERS\mouhid.sys
13:53:22.0578 3492 mouhid - ok
13:53:22.0593 3492 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) F:\WINDOWS\system32\drivers\MountMgr.sys
13:53:22.0703 3492 MountMgr - ok
13:53:22.0718 3492 mraid35x - ok
13:53:22.0734 3492 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) F:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:53:22.0859 3492 MRxDAV - ok
13:53:22.0921 3492 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) F:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:53:23.0000 3492 MRxSmb - ok
13:53:23.0046 3492 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) F:\WINDOWS\system32\msdtc.exe
13:53:23.0171 3492 MSDTC - ok
13:53:23.0187 3492 Msfs (c941ea2454ba8350021d774daf0f1027) F:\WINDOWS\system32\drivers\Msfs.sys
13:53:23.0312 3492 Msfs - ok
13:53:23.0328 3492 MSIServer - ok
13:53:23.0359 3492 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) F:\WINDOWS\system32\drivers\MSKSSRV.sys
13:53:23.0453 3492 MSKSSRV - ok
13:53:23.0484 3492 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) F:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:53:23.0593 3492 MSPCLOCK - ok
13:53:23.0625 3492 MSPQM (bad59648ba099da4a17680b39730cb3d) F:\WINDOWS\system32\drivers\MSPQM.sys
13:53:23.0718 3492 MSPQM - ok
13:53:23.0750 3492 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) F:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:53:23.0875 3492 mssmbios - ok
13:53:23.0906 3492 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) F:\WINDOWS\system32\drivers\MSTEE.sys
13:53:24.0000 3492 MSTEE - ok
13:53:24.0046 3492 Mup (de6a75f5c270e756c5508d94b6cf68f5) F:\WINDOWS\system32\drivers\Mup.sys
13:53:24.0078 3492 Mup - ok
13:53:24.0109 3492 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) F:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
13:53:24.0203 3492 NABTSFEC - ok
13:53:24.0250 3492 napagent (0102140028fad045756796e1c685d695) F:\WINDOWS\System32\qagentrt.dll
13:53:24.0390 3492 napagent - ok
13:53:24.0421 3492 NDIS (1df7f42665c94b825322fae71721130d) F:\WINDOWS\system32\drivers\NDIS.sys
13:53:24.0531 3492 NDIS - ok
13:53:24.0562 3492 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) F:\WINDOWS\system32\DRIVERS\NdisIP.sys
13:53:24.0671 3492 NdisIP - ok
13:53:24.0718 3492 NdisTapi (0109c4f3850dfbab279542515386ae22) F:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:53:24.0750 3492 NdisTapi - ok
13:53:24.0781 3492 Ndisuio (f927a4434c5028758a842943ef1a3849) F:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:53:24.0921 3492 Ndisuio - ok
13:53:24.0984 3492 NdisWan (edc1531a49c80614b2cfda43ca8659ab) F:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:53:25.0093 3492 NdisWan - ok
13:53:25.0156 3492 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) F:\WINDOWS\system32\drivers\NDProxy.sys
13:53:25.0203 3492 NDProxy - ok
13:53:25.0218 3492 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) F:\WINDOWS\system32\DRIVERS\netbios.sys
13:53:25.0343 3492 NetBIOS - ok
13:53:25.0406 3492 NetDDE (b857ba82860d7ff85ae29b095645563b) F:\WINDOWS\system32\netdde.exe
13:53:25.0531 3492 NetDDE - ok
13:53:25.0531 3492 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) F:\WINDOWS\system32\netdde.exe
13:53:25.0656 3492 NetDDEdsdm - ok
13:53:25.0687 3492 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) F:\WINDOWS\system32\lsass.exe
13:53:25.0796 3492 Netlogon - ok
13:53:25.0843 3492 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) F:\WINDOWS\System32\netman.dll
13:53:25.0968 3492 Netman - ok
13:53:26.0078 3492 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) F:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
13:53:26.0125 3492 NetTcpPortSharing - ok
13:53:26.0171 3492 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) F:\WINDOWS\system32\DRIVERS\nic1394.sys
13:53:26.0265 3492 NIC1394 - ok
13:53:26.0328 3492 Nla (943337d786a56729263071623bbb9de5) F:\WINDOWS\System32\mswsock.dll
13:53:26.0359 3492 Nla - ok
13:53:26.0390 3492 Npfs (3182d64ae053d6fb034f44b6def8034a) F:\WINDOWS\system32\drivers\Npfs.sys
13:53:26.0515 3492 Npfs - ok
13:53:26.0546 3492 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) F:\WINDOWS\system32\drivers\Ntfs.sys
13:53:26.0687 3492 Ntfs - ok
13:53:26.0734 3492 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) F:\WINDOWS\system32\lsass.exe
13:53:26.0859 3492 NtLmSsp - ok
13:53:26.0937 3492 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) F:\WINDOWS\system32\ntmssvc.dll
13:53:27.0093 3492 NtmsSvc - ok
13:53:27.0125 3492 Null (73c1e1f395918bc2c6dd67af7591a3ad) F:\WINDOWS\system32\drivers\Null.sys
13:53:27.0250 3492 Null - ok
13:53:27.0703 3492 nv (8b2c874897ea498da012284e12f9db2b) F:\WINDOWS\system32\DRIVERS\nv4_mini.sys
13:53:28.0406 3492 nv - ok
13:53:28.0515 3492 nvatabus (02be382d01daf46d4d404b97a09997de) F:\WINDOWS\system32\DRIVERS\nvatabus.sys
13:53:28.0578 3492 nvatabus - ok
13:53:28.0609 3492 nvax (3a48fdaaa2c28c242befaa936e91f641) F:\WINDOWS\system32\drivers\nvax.sys
13:53:28.0671 3492 nvax - ok
13:53:28.0718 3492 NVENETFD (78f052b466ff12fca013fe5a6466b03e) F:\WINDOWS\system32\DRIVERS\NVENETFD.sys
13:53:28.0750 3492 NVENETFD - ok
13:53:28.0796 3492 nvnetbus (f361d10293bd8b90504e8394975d66b5) F:\WINDOWS\system32\DRIVERS\nvnetbus.sys
13:53:28.0859 3492 nvnetbus - ok
13:53:28.0906 3492 nvnforce (ce40716281636c80f3178a59ae24b839) F:\WINDOWS\system32\drivers\nvapu.sys
13:53:28.0937 3492 nvnforce - ok
13:53:29.0000 3492 NVSvc (32f7dec3729b3bae66eebcab7b03b18f) F:\WINDOWS\system32\nvsvc32.exe
13:53:29.0031 3492 NVSvc - ok
13:53:29.0265 3492 nvUpdatusService (2cc4e45b0eb4c48392cec9c83b5b8e3b) F:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
13:53:29.0390 3492 nvUpdatusService - ok
13:53:29.0421 3492 nv_agp (c0fcd544a1c4eea6d11a0ae6a07dac9d) F:\WINDOWS\system32\DRIVERS\nv_agp.sys
13:53:29.0484 3492 nv_agp - ok
13:53:29.0531 3492 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) F:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:53:29.0687 3492 NwlnkFlt - ok
13:53:29.0718 3492 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) F:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:53:29.0875 3492 NwlnkFwd - ok
13:53:29.0906 3492 ohci1394 (ca33832df41afb202ee7aeb05145922f) F:\WINDOWS\system32\DRIVERS\ohci1394.sys
13:53:30.0015 3492 ohci1394 - ok
13:53:30.0062 3492 papycpu2 (395495ac8782c331dc564a2b5fba0a8f) F:\WINDOWS\system32\drivers\papycpu2.sys
13:53:30.0078 3492 papycpu2 ( UnsignedFile.Multi.Generic ) - warning
13:53:30.0078 3492 papycpu2 - detected UnsignedFile.Multi.Generic (1)
13:53:30.0093 3492 papyjoy (b3d556d7d1f917cf3b2dae152ad5bca6) F:\WINDOWS\system32\drivers\papyjoy.sys
13:53:30.0093 3492 papyjoy ( UnsignedFile.Multi.Generic ) - warning
13:53:30.0093 3492 papyjoy - detected UnsignedFile.Multi.Generic (1)
13:53:30.0109 3492 Parport (5575faf8f97ce5e713d108c2a58d7c7c) F:\WINDOWS\system32\DRIVERS\parport.sys
13:53:30.0218 3492 Parport - ok
13:53:30.0234 3492 PartMgr (beb3ba25197665d82ec7065b724171c6) F:\WINDOWS\system32\drivers\PartMgr.sys
13:53:30.0343 3492 PartMgr - ok
13:53:30.0390 3492 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) F:\WINDOWS\system32\drivers\ParVdm.sys
13:53:30.0531 3492 ParVdm - ok
13:53:30.0546 3492 PCI (a219903ccf74233761d92bef471a07b1) F:\WINDOWS\system32\DRIVERS\pci.sys
13:53:30.0640 3492 PCI - ok
13:53:30.0656 3492 PCIDump - ok
13:53:30.0687 3492 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) F:\WINDOWS\system32\DRIVERS\pciide.sys
13:53:30.0812 3492 PCIIde - ok
13:53:30.0843 3492 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) F:\WINDOWS\system32\drivers\Pcmcia.sys
13:53:30.0968 3492 Pcmcia - ok
13:53:30.0984 3492 PDCOMP - ok
13:53:31.0000 3492 PDFRAME - ok
13:53:31.0015 3492 PDRELI - ok
13:53:31.0031 3492 PDRFRAME - ok
13:53:31.0062 3492 perc2 - ok
13:53:31.0078 3492 perc2hib - ok
13:53:31.0140 3492 PID_0928 (6eeb215fabf148b8ac008f134c1f7b9f) F:\WINDOWS\system32\DRIVERS\LV561AV.SYS
13:53:31.0171 3492 PID_0928 - ok
13:53:31.0218 3492 PlugPlay (65df52f5b8b6e9bbd183505225c37315) F:\WINDOWS\system32\services.exe
13:53:31.0250 3492 PlugPlay - ok
13:53:31.0281 3492 Pml Driver HPZ12 (901c43516504cbe582e4c4193e00876a) F:\WINDOWS\system32\HPZipm12.exe
13:53:31.0281 3492 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
13:53:31.0281 3492 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
13:53:31.0328 3492 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) F:\WINDOWS\system32\lsass.exe
13:53:31.0437 3492 PolicyAgent - ok
13:53:31.0468 3492 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) F:\WINDOWS\system32\DRIVERS\raspptp.sys
13:53:31.0578 3492 PptpMiniport - ok
13:53:31.0609 3492 Processor (a32bebaf723557681bfc6bd93e98bd26) F:\WINDOWS\system32\DRIVERS\processr.sys
13:53:31.0703 3492 Processor - ok
13:53:31.0718 3492 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) F:\WINDOWS\system32\lsass.exe
13:53:31.0828 3492 ProtectedStorage - ok
13:53:31.0843 3492 PSched (09298ec810b07e5d582cb3a3f9255424) F:\WINDOWS\system32\DRIVERS\psched.sys
13:53:31.0953 3492 PSched - ok
13:53:31.0968 3492 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) F:\WINDOWS\system32\DRIVERS\ptilink.sys
13:53:32.0125 3492 Ptilink - ok
13:53:32.0171 3492 PxHelp20 (153d02480a0a2f45785522e814c634b6) F:\WINDOWS\system32\Drivers\PxHelp20.sys
13:53:32.0171 3492 PxHelp20 - ok
13:53:32.0187 3492 ql1080 - ok
13:53:32.0203 3492 Ql10wnt - ok
13:53:32.0234 3492 ql12160 - ok
13:53:32.0250 3492 ql1240 - ok
13:53:32.0265 3492 ql1280 - ok
13:53:32.0296 3492 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) F:\WINDOWS\system32\DRIVERS\rasacd.sys
13:53:32.0437 3492 RasAcd - ok
13:53:32.0468 3492 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) F:\WINDOWS\System32\rasauto.dll
13:53:32.0562 3492 RasAuto - ok
13:53:32.0593 3492 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) F:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:53:32.0703 3492 Rasl2tp - ok
13:53:32.0765 3492 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) F:\WINDOWS\System32\rasmans.dll
13:53:32.0875 3492 RasMan - ok
13:53:32.0921 3492 RasPppoe (5bc962f2654137c9909c3d4603587dee) F:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:53:33.0031 3492 RasPppoe - ok
13:53:33.0046 3492 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) F:\WINDOWS\system32\DRIVERS\raspti.sys
13:53:33.0203 3492 Raspti - ok
13:53:33.0234 3492 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) F:\WINDOWS\system32\DRIVERS\rdbss.sys
13:53:33.0343 3492 Rdbss - ok
13:53:33.0375 3492 RDPCDD (4912d5b403614ce99c28420f75353332) F:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:53:33.0515 3492 RDPCDD - ok
13:53:33.0546 3492 rdpdr (15cabd0f7c00c47c70124907916af3f1) F:\WINDOWS\system32\DRIVERS\rdpdr.sys
13:53:33.0671 3492 rdpdr - ok
13:53:33.0718 3492 RDPWD (5b3055daa788bd688594d2f5981f2a83) F:\WINDOWS\system32\drivers\RDPWD.sys
13:53:33.0750 3492 RDPWD - ok
13:53:33.0781 3492 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) F:\WINDOWS\system32\sessmgr.exe
13:53:33.0906 3492 RDSessMgr - ok
13:53:33.0937 3492 redbook (f828dd7e1419b6653894a8f97a0094c5) F:\WINDOWS\system32\DRIVERS\redbook.sys
13:53:34.0046 3492 redbook - ok
13:53:34.0093 3492 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) F:\WINDOWS\System32\mprdim.dll
13:53:34.0218 3492 RemoteAccess - ok
13:53:34.0265 3492 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) F:\WINDOWS\system32\regsvc.dll
13:53:34.0375 3492 RemoteRegistry - ok
13:53:34.0406 3492 RpcLocator (aaed593f84afa419bbae8572af87cf6a) F:\WINDOWS\system32\locator.exe
13:53:34.0500 3492 RpcLocator - ok
13:53:34.0578 3492 RpcSs (6b27a5c03dfb94b4245739065431322c) F:\WINDOWS\system32\rpcss.dll
13:53:34.0609 3492 RpcSs - ok
13:53:34.0671 3492 RSVP (471b3f9741d762abe75e9deea4787e47) F:\WINDOWS\system32\rsvp.exe
13:53:34.0812 3492 RSVP - ok
13:53:34.0937 3492 RTL8192su (fd0a03c5e862e3c0bcf4e9438d1878f4) F:\WINDOWS\system32\DRIVERS\RTL8192su.sys
13:53:35.0062 3492 RTL8192su - ok
13:53:35.0140 3492 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) F:\WINDOWS\system32\lsass.exe
13:53:35.0234 3492 SamSs - ok
13:53:35.0281 3492 SCardSvr (86d007e7a654b9a71d1d7d856b104353) F:\WINDOWS\System32\SCardSvr.exe
13:53:35.0406 3492 SCardSvr - ok
13:53:35.0453 3492 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) F:\WINDOWS\system32\schedsvc.dll
13:53:35.0562 3492 Schedule - ok
13:53:35.0625 3492 Secdrv (90a3935d05b494a5a39d37e71f09a677) F:\WINDOWS\system32\DRIVERS\secdrv.sys
13:53:35.0734 3492 Secdrv - ok
13:53:35.0765 3492 seclogon (cbe612e2bb6a10e3563336191eda1250) F:\WINDOWS\System32\seclogon.dll
13:53:35.0875 3492 seclogon - ok
13:53:35.0921 3492 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) F:\WINDOWS\system32\sens.dll
13:53:36.0031 3492 SENS - ok
13:53:36.0046 3492 serenum (0f29512ccd6bead730039fb4bd2c85ce) F:\WINDOWS\system32\DRIVERS\serenum.sys
13:53:36.0156 3492 serenum - ok
13:53:36.0171 3492 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) F:\WINDOWS\system32\DRIVERS\serial.sys
13:53:36.0281 3492 Serial - ok
13:53:36.0328 3492 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) F:\WINDOWS\system32\drivers\Sfloppy.sys
13:53:36.0437 3492 Sfloppy - ok
13:53:36.0515 3492 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) F:\WINDOWS\System32\ipnathlp.dll
13:53:36.0640 3492 SharedAccess - ok
13:53:36.0703 3492 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) F:\WINDOWS\System32\shsvcs.dll
13:53:36.0718 3492 ShellHWDetection - ok
13:53:36.0734 3492 Simbad - ok
13:53:36.0765 3492 SLIP (866d538ebe33709a5c9f5c62b73b7d14) F:\WINDOWS\system32\DRIVERS\SLIP.sys
13:53:36.0875 3492 SLIP - ok
13:53:36.0890 3492 Sparrow - ok
13:53:36.0937 3492 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) F:\WINDOWS\system32\drivers\splitter.sys
13:53:37.0046 3492 splitter - ok
13:53:37.0093 3492 Spooler (60784f891563fb1b767f70117fc2428f) F:\WINDOWS\system32\spoolsv.exe
13:53:37.0156 3492 Spooler - ok
13:53:37.0171 3492 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) F:\WINDOWS\system32\DRIVERS\sr.sys
13:53:37.0281 3492 sr - ok
13:53:37.0343 3492 srservice (3805df0ac4296a34ba4bf93b346cc378) F:\WINDOWS\system32\srsvc.dll
13:53:37.0468 3492 srservice - ok
13:53:37.0515 3492 Srv (47ddfc2f003f7f9f0592c6874962a2e7) F:\WINDOWS\system32\DRIVERS\srv.sys
13:53:37.0546 3492 Srv - ok
13:53:37.0593 3492 SSDPSRV (0a5679b3714edab99e357057ee88fca6) F:\WINDOWS\System32\ssdpsrv.dll
13:53:37.0734 3492 SSDPSRV - ok
13:53:37.0750 3492 SSHDRV85 - ok
13:53:37.0828 3492 stisvc (8bad69cbac032d4bbacfce0306174c30) F:\WINDOWS\system32\wiaservc.dll
13:53:37.0968 3492 stisvc - ok
13:53:38.0031 3492 streamip (77813007ba6265c4b6098187e6ed79d2) F:\WINDOWS\system32\DRIVERS\StreamIP.sys
13:53:38.0140 3492 streamip - ok
13:53:38.0187 3492 swenum (3941d127aef12e93addf6fe6ee027e0f) F:\WINDOWS\system32\DRIVERS\swenum.sys
13:53:38.0281 3492 swenum - ok
13:53:38.0312 3492 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) F:\WINDOWS\system32\drivers\swmidi.sys
13:53:38.0437 3492 swmidi - ok
13:53:38.0453 3492 SwPrv - ok
13:53:38.0468 3492 symc810 - ok
13:53:38.0484 3492 symc8xx - ok
13:53:38.0515 3492 sym_hi - ok
13:53:38.0531 3492 sym_u3 - ok
13:53:38.0562 3492 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) F:\WINDOWS\system32\drivers\sysaudio.sys
13:53:38.0671 3492 sysaudio - ok
13:53:38.0703 3492 SysmonLog (c7abbc59b43274b1109df6b24d617051) F:\WINDOWS\system32\smlogsvc.exe
13:53:38.0812 3492 SysmonLog - ok
13:53:38.0859 3492 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) F:\WINDOWS\System32\tapisrv.dll
13:53:38.0968 3492 TapiSrv - ok
13:53:39.0031 3492 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) F:\WINDOWS\system32\DRIVERS\tcpip.sys
13:53:39.0062 3492 Tcpip - ok
13:53:39.0125 3492 Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7) F:\WINDOWS\system32\DRIVERS\tcpip6.sys
13:53:39.0156 3492 Tcpip6 - ok
13:53:39.0171 3492 TDPIPE (6471a66807f5e104e4885f5b67349397) F:\WINDOWS\system32\drivers\TDPIPE.sys
13:53:39.0281 3492 TDPIPE - ok
13:53:39.0296 3492 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) F:\WINDOWS\system32\drivers\TDTCP.sys
13:53:39.0406 3492 TDTCP - ok
13:53:39.0421 3492 TermDD (88155247177638048422893737429d9e) F:\WINDOWS\system32\DRIVERS\termdd.sys
13:53:39.0515 3492 TermDD - ok
13:53:39.0562 3492 TermService (ff3477c03be7201c294c35f684b3479f) F:\WINDOWS\System32\termsrv.dll
13:53:39.0687 3492 TermService - ok
13:53:39.0750 3492 Themes (99bc0b50f511924348be19c7c7313bbf) F:\WINDOWS\System32\shsvcs.dll
13:53:39.0765 3492 Themes - ok
13:53:39.0812 3492 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) F:\WINDOWS\system32\tlntsvr.exe
13:53:39.0937 3492 TlntSvr - ok
13:53:39.0953 3492 TosIde - ok
13:53:40.0000 3492 TrkWks (55bca12f7f523d35ca3cb833c725f54e) F:\WINDOWS\system32\trkwks.dll
13:53:40.0093 3492 TrkWks - ok
13:53:40.0156 3492 tunmp (8f861eda21c05857eb8197300a92501c) F:\WINDOWS\system32\DRIVERS\tunmp.sys
13:53:40.0265 3492 tunmp - ok
13:53:40.0296 3492 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) F:\WINDOWS\system32\drivers\Udfs.sys
13:53:40.0406 3492 Udfs - ok
13:53:40.0421 3492 ultra - ok
13:53:40.0453 3492 Update (402ddc88356b1bac0ee3dd1580c76a31) F:\WINDOWS\system32\DRIVERS\update.sys
13:53:40.0578 3492 Update - ok
13:53:40.0625 3492 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) F:\WINDOWS\System32\upnphost.dll
13:53:40.0750 3492 upnphost - ok
13:53:40.0781 3492 UPS (05365fb38fca1e98f7a566aaaf5d1815) F:\WINDOWS\System32\ups.exe
13:53:40.0890 3492 UPS - ok
13:53:40.0921 3492 usbccgp (173f317ce0db8e21322e71b7e60a27e8) F:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:53:41.0031 3492 usbccgp - ok
13:53:41.0046 3492 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) F:\WINDOWS\system32\DRIVERS\usbehci.sys
13:53:41.0140 3492 usbehci - ok
13:53:41.0171 3492 usbhub (1ab3cdde553b6e064d2e754efe20285c) F:\WINDOWS\system32\DRIVERS\usbhub.sys
13:53:41.0281 3492 usbhub - ok
13:53:41.0296 3492 usbohci (0daecce65366ea32b162f85f07c6753b) F:\WINDOWS\system32\DRIVERS\usbohci.sys
13:53:41.0390 3492 usbohci - ok
13:53:41.0421 3492 usbprint (a717c8721046828520c9edf31288fc00) F:\WINDOWS\system32\DRIVERS\usbprint.sys
13:53:41.0531 3492 usbprint - ok
13:53:41.0546 3492 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) F:\WINDOWS\system32\DRIVERS\usbscan.sys
13:53:41.0671 3492 usbscan - ok
13:53:41.0687 3492 usbstor (a32426d9b14a089eaa1d922e0c5801a9) F:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:53:41.0796 3492 usbstor - ok
13:53:41.0828 3492 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) F:\WINDOWS\System32\drivers\vga.sys
13:53:41.0937 3492 VgaSave - ok
13:53:41.0968 3492 ViaIde - ok
13:53:42.0031 3492 Viewpoint Manager Service (5f974fde801c73952770736becde11e7) F:\Program Files\Viewpoint\Common\ViewpointService.exe
13:53:42.0046 3492 Viewpoint Manager Service ( UnsignedFile.Multi.Generic ) - warning
13:53:42.0046 3492 Viewpoint Manager Service - detected UnsignedFile.Multi.Generic (1)
13:53:42.0109 3492 VolSnap (4c8fcb5cc53aab716d810740fe59d025) F:\WINDOWS\system32\drivers\VolSnap.sys
13:53:42.0218 3492 VolSnap - ok
13:53:42.0281 3492 VSS (7a9db3a67c333bf0bd42e42b8596854b) F:\WINDOWS\System32\vssvc.exe
13:53:42.0406 3492 VSS - ok
13:53:42.0453 3492 W32Time (54af4b1d5459500ef0937f6d33b1914f) F:\WINDOWS\system32\w32time.dll
13:53:42.0562 3492 W32Time - ok
13:53:42.0609 3492 Wanarp (e20b95baedb550f32dd489265c1da1f6) F:\WINDOWS\system32\DRIVERS\wanarp.sys
13:53:42.0718 3492 Wanarp - ok
13:53:42.0734 3492 WDICA - ok
13:53:42.0796 3492 wdmaud (6768acf64b18196494413695f0c3a00f) F:\WINDOWS\system32\drivers\wdmaud.sys
13:53:42.0890 3492 wdmaud - ok
13:53:42.0937 3492 WebClient (77a354e28153ad2d5e120a5a8687bc06) F:\WINDOWS\System32\webclnt.dll
13:53:43.0046 3492 WebClient - ok
13:53:43.0140 3492 winmgmt (2d0e4ed081963804ccc196a0929275b5) F:\WINDOWS\system32\wbem\WMIsvc.dll
13:53:43.0250 3492 winmgmt - ok
13:53:43.0328 3492 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) F:\WINDOWS\system32\MsPMSNSv.dll
13:53:43.0390 3492 WmdmPmSN - ok
13:53:43.0468 3492 Wmi (e76f8807070ed04e7408a86d6d3a6137) F:\WINDOWS\System32\advapi32.dll
13:53:43.0531 3492 Wmi - ok
13:53:43.0578 3492 WmiApSrv (e0673f1106e62a68d2257e376079f821) F:\WINDOWS\system32\wbem\wmiapsrv.exe
13:53:43.0703 3492 WmiApSrv - ok
13:53:43.0812 3492 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) F:\Program Files\Windows Media Player\WMPNetwk.exe
13:53:43.0890 3492 WMPNetworkSvc - ok
13:53:44.0000 3492 WpdUsb (cf4def1bf66f06964dc0d91844239104) F:\WINDOWS\system32\DRIVERS\wpdusb.sys
13:53:44.0031 3492 WpdUsb - ok
13:53:44.0203 3492 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) F:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
13:53:44.0234 3492 WPFFontCache_v0400 - ok
13:53:44.0343 3492 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) F:\WINDOWS\System32\drivers\ws2ifsl.sys
13:53:44.0515 3492 WS2IFSL - ok
13:53:44.0578 3492 wscsvc (7c278e6408d1dce642230c0585a854d5) F:\WINDOWS\system32\wscsvc.dll
13:53:44.0703 3492 wscsvc - ok
13:53:44.0750 3492 WSTCODEC (c98b39829c2bbd34e454150633c62c78) F:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
13:53:44.0859 3492 WSTCODEC - ok
13:53:44.0875 3492 wuauserv - ok
13:53:44.0937 3492 WudfPf (f15feafffbb3644ccc80c5da584e6311) F:\WINDOWS\system32\DRIVERS\WudfPf.sys
13:53:44.0968 3492 WudfPf - ok
13:53:45.0000 3492 WudfRd (28b524262bce6de1f7ef9f510ba3985b) F:\WINDOWS\system32\DRIVERS\wudfrd.sys
13:53:45.0015 3492 WudfRd - ok
13:53:45.0046 3492 WudfSvc (05231c04253c5bc30b26cbaae680ed89) F:\WINDOWS\System32\WUDFSvc.dll
13:53:45.0109 3492 WudfSvc - ok
13:53:45.0187 3492 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) F:\WINDOWS\System32\wzcsvc.dll
13:53:45.0343 3492 WZCSVC - ok
13:53:45.0375 3492 X4HSX32 - ok
13:53:45.0437 3492 xmlprov (295d21f14c335b53cb8154e5b1f892b9) F:\WINDOWS\System32\xmlprov.dll
13:53:45.0546 3492 xmlprov - ok
13:53:45.0593 3492 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
13:53:45.0781 3492 \Device\Harddisk0\DR0 - ok
13:53:45.0828 3492 MBR (0x1B8) (e5fa06aca0d60ba9c870d0ef3d9898c9) \Device\Harddisk3\DR6
13:53:49.0218 3492 \Device\Harddisk3\DR6 - ok
13:53:49.0218 3492 Boot (0x1200) (07e7c2b44966ca65e01db99870a8e243) \Device\Harddisk0\DR0\Partition0
13:53:49.0218 3492 \Device\Harddisk0\DR0\Partition0 - ok
13:53:49.0234 3492 Boot (0x1200) (0d6d1b22d4fb1dc339702c359217a473) \Device\Harddisk3\DR6\Partition0
13:53:49.0234 3492 \Device\Harddisk3\DR6\Partition0 - ok
13:53:49.0250 3492 ============================================================
13:53:49.0250 3492 Scan finished
13:53:49.0250 3492 ============================================================
13:53:49.0375 3460 Detected object count: 7
13:53:49.0375 3460 Actual detected object count: 7
13:54:07.0281 3460 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
13:54:07.0281 3460 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:54:07.0281 3460 LxrJD31d ( UnsignedFile.Multi.Generic ) - skipped by user
13:54:07.0296 3460 LxrJD31d ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:54:07.0296 3460 mbamchameleon ( UnsignedFile.Multi.Generic ) - skipped by user
13:54:07.0296 3460 mbamchameleon ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:54:07.0296 3460 papycpu2 ( UnsignedFile.Multi.Generic ) - skipped by user
13:54:07.0296 3460 papycpu2 ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:54:07.0296 3460 papyjoy ( UnsignedFile.Multi.Generic ) - skipped by user
13:54:07.0296 3460 papyjoy ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:54:07.0296 3460 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
13:54:07.0296 3460 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:54:07.0296 3460 Viewpoint Manager Service ( UnsignedFile.Multi.Generic ) - skipped by user
13:54:07.0296 3460 Viewpoint Manager Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:54:17.0390 1864 Deinitialize success


MiniToolBox by Farbar Version: 18-01-2012
Ran by Cactus John (administrator) on 22-03-2012 at 13:59:02
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



An internal error occurred: The request is not supported.



Please contact Microsoft Product Support Services for further help.



Additional information: Unable to query host name.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
ProxyServer: http=192.168.0.1:87

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.http", "192.168.0.1"
"network.proxy.http_port", 87
"network.proxy.no_proxies_on", "www.direcwaysupport.com,www.systemcontrolcenter.com,192.168.0.*,direcwaysupport.com,192.168.0.1,localhost,127.0.0.1"
"network.proxy.type", 4

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================


127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 www.1001namen.com
127.0.0.1 1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com

There are 15178 more lines starting with "127.0.0.1"

========================= IP Configuration: ================================

1394 Net Adapter = 1394 Connection (Disconnected)
NVIDIA nForce Networking Controller = Local Area Connection (Disconnected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip



popd
# End of interface IP configuration




Windows IP Configuration



An internal error occurred: The request is not supported.



Please contact Microsoft Product Support Services for further help.



Additional information: Unable to query host name.

Server: UnKnown
Address: 127.0.0.1

Ping request could not find host google.com. Please check the name and try again.

Server: UnKnown
Address: 127.0.0.1

Ping request could not find host yahoo.com. Please check the name and try again.

Server: UnKnown
Address: 127.0.0.1

Ping request could not find host bleepingcomputer.com. Please check the name and try again.

Unable to contact IP driver, error code 2,

========================= Winsock entries =====================================

Catalog5 01 F:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 F:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 F:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 F:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 F:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 F:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 F:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 05 F:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 06 F:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 F:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 F:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 F:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 F:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 F:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 F:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 F:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 F:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 F:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 F:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 F:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 F:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 F:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 20 F:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 21 F:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 22 F:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 23 F:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 24 F:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 25 F:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 26 F:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 27 F:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 28 F:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (03/22/2012 01:57:52 PM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: bind() failed (Socket error 10050)

Error: (03/22/2012 00:12:57 PM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: bind() failed (Socket error 10050)

Error: (03/22/2012 10:44:13 AM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: bind() failed (Socket error 10050)

Error: (03/21/2012 11:35:49 AM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: bind() failed (Socket error 10050)

Error: (03/20/2012 07:43:02 AM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: bind() failed (Socket error 10050)

Error: (03/20/2012 02:42:01 AM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: bind() failed (Socket error 10050)

Error: (03/20/2012 02:24:02 AM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: bind() failed (Socket error 10050)

Error: (03/20/2012 02:20:07 AM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: bind() failed (Socket error 10050)

Error: (03/20/2012 02:11:41 AM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: bind() failed (Socket error 10050)

Error: (03/20/2012 01:51:24 AM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: bind() failed (Socket error 10050)


System errors:
=============
Error: (03/22/2012 02:01:57 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
%%2

Error: (03/22/2012 02:01:57 PM) (Source: Service Control Manager) (User: )
Description: The TCP/IP Protocol Driver service failed to start due to the following error:
%%2

Error: (03/22/2012 02:01:56 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
%%2

Error: (03/22/2012 02:01:56 PM) (Source: Service Control Manager) (User: )
Description: The TCP/IP Protocol Driver service failed to start due to the following error:
%%2

Error: (03/22/2012 02:01:56 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
%%2

Error: (03/22/2012 02:01:56 PM) (Source: Service Control Manager) (User: )
Description: The TCP/IP Protocol Driver service failed to start due to the following error:
%%2

Error: (03/22/2012 02:01:56 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
%%2

Error: (03/22/2012 02:01:56 PM) (Source: Service Control Manager) (User: )
Description: The TCP/IP Protocol Driver service failed to start due to the following error:
%%2

Error: (03/22/2012 02:01:55 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
%%2

Error: (03/22/2012 02:01:55 PM) (Source: Service Control Manager) (User: )
Description: The TCP/IP Protocol Driver service failed to start due to the following error:
%%2


Microsoft Office Sessions:
=========================
Error: (03/22/2012 01:57:52 PM) (Source: JavaQuickStarterService)(User: )
Description: Unable to create JQS API server: bind() failed (Socket error 10050)

Error: (03/22/2012 00:12:57 PM) (Source: JavaQuickStarterService)(User: )
Description: Unable to create JQS API server: bind() failed (Socket error 10050)

Error: (03/22/2012 10:44:13 AM) (Source: JavaQuickStarterService)(User: )
Description: Unable to create JQS API server: bind() failed (Socket error 10050)

Error: (03/21/2012 11:35:49 AM) (Source: JavaQuickStarterService)(User: )
Description: Unable to create JQS API server: bind() failed (Socket error 10050)

Error: (03/20/2012 07:43:02 AM) (Source: JavaQuickStarterService)(User: )
Description: Unable to create JQS API server: bind() failed (Socket error 10050)

Error: (03/20/2012 02:42:01 AM) (Source: JavaQuickStarterService)(User: )
Description: Unable to create JQS API server: bind() failed (Socket error 10050)

Error: (03/20/2012 02:24:02 AM) (Source: JavaQuickStarterService)(User: )
Description: Unable to create JQS API server: bind() failed (Socket error 10050)

Error: (03/20/2012 02:20:07 AM) (Source: JavaQuickStarterService)(User: )
Description: Unable to create JQS API server: bind() failed (Socket error 10050)

Error: (03/20/2012 02:11:41 AM) (Source: JavaQuickStarterService)(User: )
Description: Unable to create JQS API server: bind() failed (Socket error 10050)

Error: (03/20/2012 01:51:24 AM) (Source: JavaQuickStarterService)(User: )
Description: Unable to create JQS API server: bind() failed (Socket error 10050)


=========================== Installed Programs ============================

1310 (Version: 43.0.217.000)
1310_Help (Version: 43.0.217.000)
1310Tour (Version: 43.0.217.000)
1310Trb (Version: 43.0.217.000)
Ad-Aware (Version: 7.1.0.7)
Adobe AIR (Version: 2.7.0.19530)
Adobe Flash Player 10 ActiveX (Version: 10.3.181.26)
Adobe Flash Player 11 Plugin (Version: 11.1.102.62)
Adobe Reader X (10.1.0) (Version: 10.1.0)
Adobe Shockwave Player 11.5 (Version: 11.5)
AiO_Scan (Version: 43.0.217.000)
AiOSoftware (Version: 43.0.217.000)
avast! Free Antivirus (Version: 7.0.1407.0)
Belkin F7D1101 Basic Wireless USB Adapter (Version: 1.0.0.4)
BufferChm (Version: 43.1.5.000)
CCScore (Version: 5.03.0000.0003)
Content Transfer (Version: 1.2.0.07300)
ConvertHelper 2.2
Critical Update for Windows Media Player 11 (KB959772)
Destinations (Version: 43.1.5.000)
Diablo II
Director (Version: 43.1.5.000)
DivX Converter (Version: 7.1.0)
DivX Plus DirectShow Filters
DivX Setup (Version: 2.6.1.3)
DivX Version Checker (Version: 7.1.0.9)
ESSBrwr (Version: 5.03.0000.0101)
ESSCDBK (Version: 5.03.0000.0001)
ESScore (Version: 5.03.0000.0301)
ESSgui (Version: 5.03.0000.0101)
ESShelp (Version: 5.03.0000.0003)
ESSini (Version: 5.03.0000.0201)
ESSPCD (Version: 5.03.0000.0001)
ESSSONIC (Version: 5.3.0000.0001)
ESSTOOLS (Version: 5.00.0000.0004)
essvatgt (Version: 5.03.0000.0001)
essvcpt (Version: 5.03.0000.0001)
Fax (Version: 43.0.217.000)
GhostMouse 2.0
Google Chrome (Version: 17.0.963.65)
Heroes of Might and Magic V
HijackThis 1.99.1 (Version: 1.99.1)
HP Diagnostic Assistant (Version: 1.0.1.0)
HP Image Zone 4.2 (Version: 4.2)
HP PSC & OfficeJet 4.2
HP Software Update (Version: 2.0.39.20040212)
HP Unload DLL Patch (Version: 1.00.0000)
HPSystemDiagnostics (Version: 1.5.0.0)
InterActual Player
J2SE Development Kit 5.0 Update 5 (Version: 1.5.0.50)
J2SE Runtime Environment 5.0 Update 4 (Version: 1.5.0.40)
Java Auto Updater (Version: 2.0.2.1)
Java™ 6 Update 20 (Version: 6.0.200)
JD Secure 3.1
kgcbase (Version: 5.03.0000.0004)
Kodak EasyShare software
Logitech Desktop Messenger (Version: 1.0.42)
Logitech Print Service
Logitech QuickCam Software (Version: 8.41.0000)
Logitech SetPoint (Version: 2.12)
Logitech® Camera Driver
Macromedia Shockwave Player (Version: 10.1.0.11)
Malwarebytes Anti-Malware version 1.60.1.1000 (Version: 1.60.1.1000)
MediaLife
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft .NET Framework 4 Multi-Targeting Pack (Version: 4.0.30319)
Microsoft Age of Empires II
Microsoft Age of Empires II: The Conquerors Expansion
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Help Viewer 1.1 (Version: 1.1.40219)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Live Add-in 1.3 (Version: 2.0.2313.0)
Microsoft Office XP Professional with FrontPage (Version: 10.0.6626.0)
Microsoft Silverlight (Version: 4.0.60831.0)
Microsoft SQL Server 2008 R2 Management Objects (Version: 10.50.1750.9)
Microsoft SQL Server Compact 3.5 SP2 ENU (Version: 3.5.8080.0)
Microsoft SQL Server System CLR Types (Version: 10.50.1750.9)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries (Version: 1.0.0)
Microsoft Visual Basic 2010 Express - ENU (Version: 10.0.40219)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (Version: 9.0.30729.4974)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (Version: 10.0.40219)
Microsoft Visual Studio 2010 Service Pack 1 (Version: 10.0.40219)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (Version: 10.0.31007)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (Version: 10.0.31010)
Might and Magic® VI
Mozilla Firefox 10.0 (x86 en-US) (Version: 10.0)
MSN Music Assistant
MSXML 4.0 SP2 (KB925672) (Version: 4.20.9839.0)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
NASCAR® Racing 4
Nero Suite
Notifier (Version: 5.03.0000.0001)
NVIDIA Control Panel 275.33 (Version: 275.33)
NVIDIA Drivers
NVIDIA Graphics Driver 275.33 (Version: 275.33)
NVIDIA Install Application (Version: 2.275.80.0)
NVIDIA nView 135.85 (Version: 135.85)
NVIDIA nView Desktop Manager (Version: 6.14.10.13585)
NVIDIA Update 1.3.5 (Version: 1.3.5)
NVIDIA Update Components (Version: 1.3.5)
NvMixer
NWZ-S540 WALKMAN Guide (Version: 2.0.00.07010)
Oblivion - Construction Set (Version: 1.00.0000)
Oblivion (Version: 1.00.0000)
OfotoXMI (Version: 5.03.0000.0302)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
OTtBP (Version: 5.03.0000.0001)
OTtBPSDK (Version: 4.00.0000.0000)
Overland (Version: 2.1.5)
PCFriendly
ProductContext (Version: 43.0.217.000)
QFolder (Version: 1.00.0000)
QuickTime (Version: 7.60.92.0)
Readme (Version: 43.0.217.000)
Sacred Gold (Version: 2.28)
Scan (Version: 4.1.0.0)
SFR (Version: 5.00.0000.0005)
SHASTA (Version: 5.03.0000.0002)
SKIN0001 (Version: 5.03.0000.0101)
SKINXSDK (Version: 5.03.0000.0101)
Soldier of Fortune II - Double Helix GOLD (Version: 1.02)
SpeechRedist (Version: 1.0.0)
Spybot - Search & Destroy (Version: 1.6.2)
Spybot - Search & Destroy 1.4 (Version: 1.4)
staticcr (Version: 5.03.0000.0001)
The Sims 2 Nightlife
The Sims 2 Open For Business
The Sims 2 University
The Weather Channel Desktop
The Weather Channel Desktop 6
TrayApp (Version: 43.1.5.000)
Unload (Version: 4.0.0)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB968220) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows Internet Explorer 8 (KB976749) (Version: 1)
Update for Windows Internet Explorer 8 (KB980182) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB943729)
Update for Windows XP (KB951072-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
Viewpoint Media Player
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (Version: 4.0.8080.0)
VPRINTOL (Version: 5.03.0000.0101)
Weather Services
WebFldrs XP (Version: 9.50.7523)
WebReg (Version: 43.1.5.000)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage v1.3.0254.0 (Version: 1.3.0254.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 7 (Version: 20061107.210142)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live Sign-in Assistant (Version: 5.000.818.6)
Windows Media Format 11 runtime
Windows PowerShell™ 1.0 (Version: 2)
Windows XP Service Pack 3 (Version: 20080414.031525)
WinRAR archiver
WIRELESS (Version: 5.03.0000.0003)
XML Paper Specification Shared Components Pack 1.0
Yahoo! Messenger

========================= Devices: ================================

Name: NVIDIA nForce Networking Controller
Description: NVIDIA nForce Networking Controller
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Nvidia
Service: NVENETFD
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: JLMS XJ-HD166S
Description: CD-ROM Drive
Class Guid: {4D36E965-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard CD-ROM drives)
Service: cdrom
Problem: : Windows successfully loaded the device driver for this hardware but cannot find the hardware device. (Code 41)
Resolution: A driver was loaded but Windows cannot find the device. This happens when Windows does not detect a non-Plug and Play device.
If the device was removed, uninstall the driver, install the device, and then click "Scan for hardware changes" to reinstall the driver. If the hardware was not removed, obtain a new or updated driver for the device.
If the device is a non-Plug and Play device, a newer version of the driver might be needed. To install non-Plug and Play devices, use the Add Hardware wizard.
Click "Performance and Maintenance" on "Control Panel", click "System", and on the "Hardware" tab, click "Add Hardware Wizard".

Name: 1394 Net Adapter
Description: 1394 Net Adapter
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: NIC1394
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


========================= Memory info: ===================================

Percentage of memory in use: 66%
Total physical RAM: 511.48 MB
Available physical RAM: 171.26 MB
Total Pagefile: 2480.32 MB
Available Pagefile: 2211.71 MB
Total Virtual: 2047.88 MB
Available Virtual: 1970.36 MB

========================= Partitions: =====================================

2 Drive d: (NHD FLASH) (Fixed) (Total:0.12 GB) (Free:0.12 GB) FAT32
4 Drive f: () (Fixed) (Total:186.3 GB) (Free:115.91 GB) NTFS

========================= Users: ========================================

User accounts for \\HROTHGAR

Administrator ASPNET Cactus John
Guest HelpAssistant SUPPORT_388945a0
UpdatusUser

========================= Minidump Files ==================================

F:\WINDOWS\Minidump\Mini031612-01.dmp
F:\WINDOWS\Minidump\Mini031612-02.dmp
F:\WINDOWS\Minidump\Mini041506-01.dmp
F:\WINDOWS\Minidump\Mini042206-01.dmp
F:\WINDOWS\Minidump\Mini042506-01.dmp
F:\WINDOWS\Minidump\Mini042606-01.dmp
F:\WINDOWS\Minidump\Mini051707-01.dmp
F:\WINDOWS\Minidump\Mini092308-01.dmp

**** End of log ****

Farbar Service Scanner Version: 01-03-2012
Ran by Cactus John (administrator) on 22-03-2012 at 14:02:56
Running from "F:\Documents and Settings\Cactus John.RHOTHGAR\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.

Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

NetBt Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open NetBt registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open NetBt registry key. The service key does not exist.

Tcpip Service is not running. Checking service configuration:
The start type of Tcpip service is OK.
The ImagePath of Tcpip service is OK.


Connection Status:
==============
Localhost is blocked.
There is no connection to network.
Attempt to access Google IP returned error: Other errors
Attempt to access Yahoo IP returend error: Other errors


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is OK.
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv: "C:\WINDOWS\system32\wuauserv.dll".


File Check:
========
F:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
F:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
F:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
F:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
F:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
F:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
F:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
F:\WINDOWS\system32\netman.dll => MD5 is legit
F:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
F:\WINDOWS\system32\srsvc.dll => MD5 is legit
F:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
F:\WINDOWS\system32\wscsvc.dll => MD5 is legit
F:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
F:\WINDOWS\system32\wuauserv.dll => MD5 is legit
F:\WINDOWS\system32\qmgr.dll => MD5 is legit
F:\WINDOWS\system32\es.dll => MD5 is legit
F:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
F:\WINDOWS\system32\svchost.exe => MD5 is legit
F:\WINDOWS\system32\rpcss.dll => MD5 is legit
F:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
aswTdi(268435456) Gpc(3) PSched(7) Tcpip(4) Tcpip6(8)
0x0B000000050000000100000002000000030000000400000000000010060000000700000008000000090000000A000000
Attention! IpSec Tag value should be 5. Attention! IpSec Tag value is missing and it should be 5.

**** End of log ****

Holy huge post! did you want them split up for future reference?

#4 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:12:44 PM

Posted 22 March 2012 - 01:35 PM

You can split it into multiple posts if you want to, but I don't mind the large post. :)

:step1: Spybot S&D or Ad-Aware are no longer recommended
  • mvps.org is no longer recommending Spybot S&D or Ad-Aware due to poor testing results. See here - (scroll down and read under Freeware Antispyware Products)
  • Further, most people don't understand Spybot's TeaTimer or how to use it and that feature can cause more problems than it's worth. TeaTimer monitors changes to certain critical keys in Windows registry but does not indicate if the change is normal or a modification made by a malware infection. The user must have an understanding of the registry and how TeaTimer works in order to make informed decisions to allow or deny the detected changes. Additionally, TeaTimer may conflict with other security tools which do a much better job of protecting your computer and even prevent disinfection of malware by those tools.
  • More effective alternatives are Malwarebytes Anti-Malware and SUPERAntiSpyware Free.

I strongly recommend uninstalling Ad-Aware and Spybot Search & Destroy.


:step2: Before we go any further, I want you to back-up your registry.

ERUNT - Emergency Recovery Utility NT
Modifying the Registry can create unforeseen problems, so it's always wise to create a backup before doing so.
This is a free program that allows you to keep a complete backup of your registry and restore it when needed.

ERUNT utility program
Download:

  • Please download ERUNT...by Lars Hederer. Save it to your desktop.
  • Double-click erunt-setup-exe to start the install process. Follow the install prompts.
  • Use the default install settings...
    say "NO" to the section that asks you to add ERUNT to the Start-Up folder. Enable this option later if desired.
  • Start ERUNT by opting to start the program at the end of setup -or- double click the desktop icon.
  • Choose a location for the backup. Note: the default location is C:\WINDOWS\ERDNT which is acceptable.
  • Make sure that at least the first two check boxes are selected.
  • Click on OK ... Then click on "YES" to create the folder.
Run:
  • Please navigate to Start >> All Programs >> ERUNT. Click on OK within the pop-up menu.
  • In the next menu under C:\WINDOWS\ERDNT\DD-MM-YYYY under Backup options make sure both the following are selected:
    • System registry.
    • Current user registry.
  • Next click on "OK"... at the prompt... reply "Yes".
    After a short duration the Registry backup is complete! pop-up message will appear.
  • Now click on "OK". A registry backup has now been created.
< STOP > If you did not successfully complete this step. < STOP > Do not continue with any other steps, post back and let me know!


:step3: Please download the following files and save them to your USB drive:

Then, plug your USB drive into your infected computer, and double click on each of these files. When prompted, click Yes.
Then, restart your computer.

Run FSS again, checking off all the boxes, and post the new log.

Are you able to access the internet now?
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#5 Cactus John

Cactus John
  • Topic Starter

  • Members
  • 131 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Rumney, NH
  • Local time:11:44 AM

Posted 22 March 2012 - 02:15 PM

Internet hangs when trying to acquire an IP address.
Repair of the connection yields: the following action can not be completed: clearing NetBt
Odd side observation, machine is VERY slow to boot up and google chrome will not open, only browser i can use is IE9

Farbar Service Scanner Version: 01-03-2012
Ran by Cactus John (administrator) on 22-03-2012 at 15:12:12
Running from "F:\Documents and Settings\Cactus John.RHOTHGAR\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv: "C:\WINDOWS\system32\wuauserv.dll".


File Check:
========
F:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
F:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
F:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
F:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
F:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
F:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
F:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
F:\WINDOWS\system32\netman.dll => MD5 is legit
F:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
F:\WINDOWS\system32\srsvc.dll => MD5 is legit
F:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
F:\WINDOWS\system32\wscsvc.dll => MD5 is legit
F:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
F:\WINDOWS\system32\wuauserv.dll => MD5 is legit
F:\WINDOWS\system32\qmgr.dll => MD5 is legit
F:\WINDOWS\system32\es.dll => MD5 is legit
F:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
F:\WINDOWS\system32\svchost.exe => MD5 is legit
F:\WINDOWS\system32\rpcss.dll => MD5 is legit
F:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
aswTdi(268435456) Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4) Tcpip6(8)
0x0B000000050000000100000002000000030000000400000000000010060000000700000008000000090000000A000000
IpSec Tag value is correct.

**** End of log ****

#6 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:12:44 PM

Posted 22 March 2012 - 03:44 PM

We're slowly getting the Internet connection back.

Try this:

Start, click on Run, and type in: CMD and press enter to open a command prompt.
Type the following, and press enter: netsh winsock reset catalog
Type the following and press enter: netsh int ip reset reset.log

Restart your computer and try connecting to the Internet again.
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#7 Cactus John

Cactus John
  • Topic Starter

  • Members
  • 131 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Rumney, NH
  • Local time:11:44 AM

Posted 23 March 2012 - 10:18 AM

sorry for the slow response i work second shift, so anything after 4, won't receive a response till morning.

Same issue, Can not clear NetBt (when repairing the connection)

When i was researching the issue i came upon checking my services, and I am missing the AFD service, if that is any help.
Computer runs slowly on startup, but all in all runs fine.

#8 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:12:44 PM

Posted 23 March 2012 - 10:40 AM

That's odd, because FSS should have told us if AFD was missing.

Please run Farbar Service Scanner.
Type the following in the search box:

afd;lmhosts

Click "Export Service" and post the log it makes (FSS.txt).

Edited by jntkwx, 23 March 2012 - 10:41 AM.

Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#9 Cactus John

Cactus John
  • Topic Starter

  • Members
  • 131 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Rumney, NH
  • Local time:11:44 AM

Posted 23 March 2012 - 11:01 AM

so here is the issue, i have the afd.sys and the registry entries for it, but when you pull up the services it is no where to be found (in case that helps)


Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\afd]
"DisplayName"="AFD"
"Description"="AFD Networking Support Environment"
"Group"="TDI"
"ImagePath"="\\SystemRoot\\System32\\drivers\\afd.sys"
"Start"=dword:00000001
"Type"=dword:00000001
"ErrorControl"=dword:00000001

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\afd\Parameters]

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\afd\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\afd\Enum]
"0"="Root\\LEGACY_AFD\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\lmhosts]
"Type"=dword:00000020
"Start"=dword:00000002
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
6b,00,20,00,4c,00,6f,00,63,00,61,00,6c,00,53,00,65,00,72,00,76,00,69,00,63,\
00,65,00,00,00
"DisplayName"="TCP/IP NetBIOS Helper"
"Group"="TDI"
"DependOnService"=hex(7):4e,00,65,00,74,00,42,00,54,00,00,00,41,00,66,00,64,00,\
00,00,00,00
"DependOnGroup"=hex(7):00,00
"ObjectName"="NT AUTHORITY\\LocalService"
"Description"="Enables support for NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution."

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\lmhosts\Parameters]
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
6c,00,6d,00,68,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\lmhosts\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,\
05,0b,00,00,00,00,00,18,00,9d,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,\
23,02,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,20,\
02,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,05,12,00,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\lmhosts\Enum]
"0"="Root\\LEGACY_LMHOSTS\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_afd]
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_afd\0000]
"Service"="AFD"
"Legacy"=dword:00000001
"ConfigFlags"=dword:00000000
"Class"="LegacyDriver"
"ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
"DeviceDesc"="AFD"
"Capabilities"=dword:00000000
"Driver"="{8ECC055D-047F-11D1-A537-0000F8753ED1}\\0001"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_afd\0000\LogConf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_afd\0000\Control]
"ActiveService"="AFD"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_lmhosts]
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_lmhosts\0000]
"Service"="LmHosts"
"Legacy"=dword:00000001
"ConfigFlags"=dword:00000020
"Class"="LegacyDriver"
"ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
"DeviceDesc"="TCP/IP NetBIOS Helper"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_lmhosts\0000\Control]
"ActiveService"="LmHosts"

#10 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:12:44 PM

Posted 23 March 2012 - 11:19 AM

Please download GMER from one of the following locations and save it to your USD drive, then plug it into your infected computer, and copy/paste it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#11 Cactus John

Cactus John
  • Topic Starter

  • Members
  • 131 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Rumney, NH
  • Local time:11:44 AM

Posted 23 March 2012 - 12:25 PM

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-03-23 13:22:06
Windows 5.1.2600 Service Pack 3
Running: ym9wj5q2.exe; Driver: F:\DOCUME~1\CACTUS~1.RHO\LOCALS~1\Temp\fwriipow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xECD51DF8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xECDDEA5A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0xECD5285E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xECD7ED5D]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xECD572E4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xECD57330]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xECD57422]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xECD7E711]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xECD57252]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xECD57374]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xECD5729A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xECD573DC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xECD51E44]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xECD7F423]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xECD7F6D9]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xECD549A8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xECD7F28E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xECD7F0F9]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xECDDEB34]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xECD51AD6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xECD51E90]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xECD54D1C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xECD52B02]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xECD5730E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xECD57352]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xECD57446]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xECD7EA6D]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xECD57278]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xECD54518]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xECD573AE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xECD572C2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xECD5474C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xECD57400]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xECDDECA0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xECD7EF74]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xECD529CE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xECD7EDC6]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xECDE8B68]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xECD7DD84]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xECD51EDC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xECD51F28]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xECD51B46]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xECD51CEA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xECD7F52A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xECD51C92]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xECD51D5A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwTerminateProcess [0xECDDED60]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xECD51F74]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwWriteVirtualMemory [0xECDDEBE0]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xECDF4D92]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 23C8 80501C00 4 Bytes [5A, EA, DD, EC]
.text ntkrnlpa.exe!ZwCallbackReturn + 2560 80501D98 8 Bytes [6D, EA, D7, EC, 78, 72, D5, ...] {INSD ; JMP FAR 0xecd5:0x7278ecd7}
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 8059B8EC 4 Bytes CALL ECD5319F \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805B1DB4 5 Bytes JMP ECDF1C8C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 805B8C2C 5 Bytes JMP ECDF374C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805C74CC 7 Bytes JMP ECDF4D96 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
init F:\WINDOWS\system32\drivers\nvax.sys entry point in "init" section [0xF7A5D68C]
.text F:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF5C413A0, 0x88C445, 0xE8000020]
.text win32k.sys!EngFreeUserMem + 674 BF8098F2 5 Bytes JMP ECD56180 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFreeUserMem + 35D0 BF80C84E 5 Bytes JMP ECD5607C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSurface + 45 BF8138E6 5 Bytes JMP ECD56036 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!BRUSHOBJ_pvAllocRbrush + 11D3 BF81C550 5 Bytes JMP ECD55724 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngSetLastError + 79A8 BF8240C0 5 Bytes JMP ECD54F84 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateBitmap + F9C BF828A2A 5 Bytes JMP ECD562EA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + 2C50 BF831475 5 Bytes JMP ECD564F2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + B68E BF839EB3 5 Bytes JMP ECD55F3C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!FONTOBJ_pxoGetXform + 84ED BF851745 5 Bytes JMP ECD54E66 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + F17 BF85BC6A 5 Bytes JMP ECD557E6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 3581 BF85E2D4 5 Bytes JMP ECD55384 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 360C BF85E35F 5 Bytes JMP ECD55562 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + 88 BF85F5D2 5 Bytes JMP ECD54E4E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + 5457 BF8649A1 5 Bytes JMP ECD560BA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetCurrentCodePage + 4128 BF873CF0 5 Bytes JMP ECD5551C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetLastError + 1606 BF890FA2 5 Bytes JMP ECD557FE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 26EE BF89454D 5 Bytes JMP ECD56232 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBltROP + 583 BF895025 5 Bytes JMP ECD56450 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCopyBits + 3857 BF89C3CB 5 Bytes JMP ECD5570C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCopyBits + 4DEC BF89D960 5 Bytes JMP ECD54FF4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngEraseSurface + A9E0 BF8C1EE0 5 Bytes JMP ECD55104 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1517 BF8CA342 5 Bytes JMP ECD551AC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1797 BF8CA5C2 5 Bytes JMP ECD552E4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + 3B3E BF8EC017 5 Bytes JMP ECD54D52 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + CB3D BF8F5016 5 Bytes JMP ECD5573C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 19DF BF913566 5 Bytes JMP ECD54F22 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 25B3 BF91413A 5 Bytes JMP ECD550B0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 4F2C BF916AB3 5 Bytes JMP ECD5567C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 1940 BF946632 5 Bytes JMP ECD563A8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

---- User code sections - GMER 1.0.15 ----

.text F:\Program Files\Windows Media Player\WMPNetwk.exe[388] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000801F8
.text F:\Program Files\Windows Media Player\WMPNetwk.exe[388] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text F:\Program Files\Windows Media Player\WMPNetwk.exe[388] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000803FC
.text F:\Program Files\Windows Media Player\WMPNetwk.exe[388] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text F:\Program Files\Windows Media Player\WMPNetwk.exe[388] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text F:\Program Files\Windows Media Player\WMPNetwk.exe[388] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text F:\Program Files\Windows Media Player\WMPNetwk.exe[388] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text F:\Program Files\Windows Media Player\WMPNetwk.exe[388] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text F:\Program Files\Windows Media Player\WMPNetwk.exe[388] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text F:\Program Files\Windows Media Player\WMPNetwk.exe[388] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text F:\Program Files\Windows Media Player\WMPNetwk.exe[388] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text F:\Program Files\Windows Media Player\WMPNetwk.exe[388] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text F:\Program Files\Windows Media Player\WMPNetwk.exe[388] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
.text F:\Program Files\Windows Media Player\WMPNetwk.exe[388] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
.text F:\Program Files\Windows Media Player\WMPNetwk.exe[388] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
.text F:\Program Files\Windows Media Player\WMPNetwk.exe[388] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
.text F:\Program Files\Windows Media Player\WMPNetwk.exe[388] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
.text F:\WINDOWS\System32\smss.exe[448] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text F:\WINDOWS\system32\csrss.exe[504] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text F:\WINDOWS\system32\csrss.exe[504] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text F:\WINDOWS\system32\winlogon.exe[528] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000701F8
.text F:\WINDOWS\system32\winlogon.exe[528] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text F:\WINDOWS\system32\winlogon.exe[528] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000703FC
.text F:\WINDOWS\system32\winlogon.exe[528] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text F:\WINDOWS\system32\winlogon.exe[528] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text F:\WINDOWS\system32\winlogon.exe[528] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text F:\WINDOWS\system32\winlogon.exe[528] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text F:\WINDOWS\system32\winlogon.exe[528] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text F:\WINDOWS\system32\winlogon.exe[528] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text F:\WINDOWS\system32\winlogon.exe[528] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text F:\WINDOWS\system32\winlogon.exe[528] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text F:\WINDOWS\system32\winlogon.exe[528] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text F:\WINDOWS\system32\winlogon.exe[528] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text F:\WINDOWS\system32\winlogon.exe[528] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text F:\WINDOWS\system32\winlogon.exe[528] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text F:\WINDOWS\system32\winlogon.exe[528] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text F:\WINDOWS\system32\winlogon.exe[528] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text F:\WINDOWS\system32\services.exe[572] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text F:\WINDOWS\system32\services.exe[572] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text F:\WINDOWS\system32\services.exe[572] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text F:\WINDOWS\system32\services.exe[572] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text F:\WINDOWS\system32\services.exe[572] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text F:\WINDOWS\system32\services.exe[572] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text F:\WINDOWS\system32\services.exe[572] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text F:\WINDOWS\system32\services.exe[572] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text F:\WINDOWS\system32\services.exe[572] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text F:\WINDOWS\system32\services.exe[572] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text F:\WINDOWS\system32\services.exe[572] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text F:\WINDOWS\system32\services.exe[572] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text F:\WINDOWS\system32\services.exe[572] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text F:\WINDOWS\system32\services.exe[572] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text F:\WINDOWS\system32\services.exe[572] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text F:\WINDOWS\system32\services.exe[572] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text F:\WINDOWS\system32\services.exe[572] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text F:\WINDOWS\system32\lsass.exe[584] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text F:\WINDOWS\system32\lsass.exe[584] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text F:\WINDOWS\system32\lsass.exe[584] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text F:\WINDOWS\system32\lsass.exe[584] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text F:\WINDOWS\system32\lsass.exe[584] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text F:\WINDOWS\system32\lsass.exe[584] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text F:\WINDOWS\system32\lsass.exe[584] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text F:\WINDOWS\system32\lsass.exe[584] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text F:\WINDOWS\system32\lsass.exe[584] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text F:\WINDOWS\system32\lsass.exe[584] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text F:\WINDOWS\system32\lsass.exe[584] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text F:\WINDOWS\system32\lsass.exe[584] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text F:\WINDOWS\system32\lsass.exe[584] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text F:\WINDOWS\system32\lsass.exe[584] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text F:\WINDOWS\system32\lsass.exe[584] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text F:\WINDOWS\system32\lsass.exe[584] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text F:\WINDOWS\system32\lsass.exe[584] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text F:\WINDOWS\system32\svchost.exe[732] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text F:\WINDOWS\system32\svchost.exe[732] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text F:\WINDOWS\system32\svchost.exe[732] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text F:\WINDOWS\system32\svchost.exe[732] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text F:\WINDOWS\system32\svchost.exe[732] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text F:\WINDOWS\system32\svchost.exe[732] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text F:\WINDOWS\system32\svchost.exe[732] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text F:\WINDOWS\system32\svchost.exe[732] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text F:\WINDOWS\system32\svchost.exe[732] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text F:\WINDOWS\system32\svchost.exe[732] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text F:\WINDOWS\system32\svchost.exe[732] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text F:\WINDOWS\system32\svchost.exe[732] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text F:\WINDOWS\system32\svchost.exe[732] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text F:\WINDOWS\system32\svchost.exe[732] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text F:\WINDOWS\system32\svchost.exe[732] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text F:\WINDOWS\system32\svchost.exe[732] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text F:\WINDOWS\system32\svchost.exe[732] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text F:\WINDOWS\system32\RunDLL32.exe[772] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text F:\WINDOWS\system32\RunDLL32.exe[772] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text F:\WINDOWS\system32\RunDLL32.exe[772] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text F:\WINDOWS\system32\RunDLL32.exe[772] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text F:\WINDOWS\system32\RunDLL32.exe[772] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002B0804
.text F:\WINDOWS\system32\RunDLL32.exe[772] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002B0A08
.text F:\WINDOWS\system32\RunDLL32.exe[772] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002B0600
.text F:\WINDOWS\system32\RunDLL32.exe[772] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002B01F8
.text F:\WINDOWS\system32\RunDLL32.exe[772] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002B03FC
.text F:\WINDOWS\system32\RunDLL32.exe[772] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text F:\WINDOWS\system32\RunDLL32.exe[772] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text F:\WINDOWS\system32\RunDLL32.exe[772] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text F:\WINDOWS\system32\RunDLL32.exe[772] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text F:\WINDOWS\system32\RunDLL32.exe[772] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text F:\WINDOWS\system32\RunDLL32.exe[772] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text F:\WINDOWS\system32\RunDLL32.exe[772] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text F:\WINDOWS\system32\RunDLL32.exe[772] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text F:\WINDOWS\system32\svchost.exe[812] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text F:\WINDOWS\system32\svchost.exe[812] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text F:\WINDOWS\system32\svchost.exe[812] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text F:\WINDOWS\system32\svchost.exe[812] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text F:\WINDOWS\system32\svchost.exe[812] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text F:\WINDOWS\system32\svchost.exe[812] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text F:\WINDOWS\system32\svchost.exe[812] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text F:\WINDOWS\system32\svchost.exe[812] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text F:\WINDOWS\system32\svchost.exe[812] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text F:\WINDOWS\system32\svchost.exe[812] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text F:\WINDOWS\system32\svchost.exe[812] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text F:\WINDOWS\system32\svchost.exe[812] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text F:\WINDOWS\system32\svchost.exe[812] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text F:\WINDOWS\system32\svchost.exe[812] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text F:\WINDOWS\system32\svchost.exe[812] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text F:\WINDOWS\system32\svchost.exe[812] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text F:\WINDOWS\system32\svchost.exe[812] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text F:\WINDOWS\System32\svchost.exe[852] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text F:\WINDOWS\System32\svchost.exe[852] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text F:\WINDOWS\System32\svchost.exe[852] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text F:\WINDOWS\System32\svchost.exe[852] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text F:\WINDOWS\System32\svchost.exe[852] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text F:\WINDOWS\System32\svchost.exe[852] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text F:\WINDOWS\System32\svchost.exe[852] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text F:\WINDOWS\System32\svchost.exe[852] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text F:\WINDOWS\System32\svchost.exe[852] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text F:\WINDOWS\System32\svchost.exe[852] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text F:\WINDOWS\System32\svchost.exe[852] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text F:\WINDOWS\System32\svchost.exe[852] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text F:\WINDOWS\System32\svchost.exe[852] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text F:\WINDOWS\System32\svchost.exe[852] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text F:\WINDOWS\System32\svchost.exe[852] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text F:\WINDOWS\System32\svchost.exe[852] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text F:\WINDOWS\System32\svchost.exe[852] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text F:\WINDOWS\system32\svchost.exe[884] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text F:\WINDOWS\system32\svchost.exe[884] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text F:\WINDOWS\system32\svchost.exe[884] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text F:\WINDOWS\system32\svchost.exe[884] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text F:\WINDOWS\system32\svchost.exe[884] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text F:\WINDOWS\system32\svchost.exe[884] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text F:\WINDOWS\system32\svchost.exe[884] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text F:\WINDOWS\system32\svchost.exe[884] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text F:\WINDOWS\system32\svchost.exe[884] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text F:\WINDOWS\system32\svchost.exe[884] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text F:\WINDOWS\system32\svchost.exe[884] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text F:\WINDOWS\system32\svchost.exe[884] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text F:\WINDOWS\system32\svchost.exe[884] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text F:\WINDOWS\system32\svchost.exe[884] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text F:\WINDOWS\system32\svchost.exe[884] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text F:\WINDOWS\system32\svchost.exe[884] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text F:\WINDOWS\system32\svchost.exe[884] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text F:\WINDOWS\system32\svchost.exe[996] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text F:\WINDOWS\system32\svchost.exe[996] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text F:\WINDOWS\system32\svchost.exe[996] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text F:\WINDOWS\system32\svchost.exe[996] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text F:\WINDOWS\system32\svchost.exe[996] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text F:\WINDOWS\system32\svchost.exe[996] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text F:\WINDOWS\system32\svchost.exe[996] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text F:\WINDOWS\system32\svchost.exe[996] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text F:\WINDOWS\system32\svchost.exe[996] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text F:\WINDOWS\system32\svchost.exe[996] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text F:\WINDOWS\system32\svchost.exe[996] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text F:\WINDOWS\system32\svchost.exe[996] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text F:\WINDOWS\system32\svchost.exe[996] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text F:\WINDOWS\system32\svchost.exe[996] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text F:\WINDOWS\system32\svchost.exe[996] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text F:\WINDOWS\system32\svchost.exe[996] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text F:\WINDOWS\system32\svchost.exe[996] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text F:\WINDOWS\system32\svchost.exe[1052] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text F:\WINDOWS\system32\svchost.exe[1052] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text F:\WINDOWS\system32\svchost.exe[1052] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text F:\WINDOWS\system32\svchost.exe[1052] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text F:\WINDOWS\system32\svchost.exe[1052] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text F:\WINDOWS\system32\svchost.exe[1052] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text F:\WINDOWS\system32\svchost.exe[1052] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text F:\WINDOWS\system32\svchost.exe[1052] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text F:\WINDOWS\system32\svchost.exe[1052] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text F:\WINDOWS\system32\svchost.exe[1052] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text F:\WINDOWS\system32\svchost.exe[1052] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text F:\WINDOWS\system32\svchost.exe[1052] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text F:\WINDOWS\system32\svchost.exe[1052] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text F:\WINDOWS\system32\svchost.exe[1052] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text F:\WINDOWS\system32\svchost.exe[1052] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text F:\WINDOWS\system32\svchost.exe[1052] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text F:\WINDOWS\system32\svchost.exe[1052] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text F:\WINDOWS\Explorer.EXE[1260] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text F:\WINDOWS\Explorer.EXE[1260] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text F:\WINDOWS\Explorer.EXE[1260] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text F:\WINDOWS\Explorer.EXE[1260] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text F:\WINDOWS\Explorer.EXE[1260] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text F:\WINDOWS\Explorer.EXE[1260] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text F:\WINDOWS\Explorer.EXE[1260] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text F:\WINDOWS\Explorer.EXE[1260] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text F:\WINDOWS\Explorer.EXE[1260] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text F:\WINDOWS\Explorer.EXE[1260] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text F:\WINDOWS\Explorer.EXE[1260] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text F:\WINDOWS\Explorer.EXE[1260] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text F:\WINDOWS\Explorer.EXE[1260] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
.text F:\WINDOWS\Explorer.EXE[1260] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
.text F:\WINDOWS\Explorer.EXE[1260] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
.text F:\WINDOWS\Explorer.EXE[1260] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
.text F:\WINDOWS\Explorer.EXE[1260] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
.text F:\Program Files\AVAST Software\Avast\AvastSvc.exe[1296] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text F:\Program Files\AVAST Software\Avast\AvastSvc.exe[1296] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text F:\Program Files\AVAST Software\Avast\AvastSvc.exe[1296] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text F:\WINDOWS\system32\spoolsv.exe[1396] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text F:\WINDOWS\system32\spoolsv.exe[1396] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text F:\WINDOWS\system32\spoolsv.exe[1396] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text F:\WINDOWS\system32\spoolsv.exe[1396] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text F:\WINDOWS\system32\spoolsv.exe[1396] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text F:\WINDOWS\system32\spoolsv.exe[1396] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text F:\WINDOWS\system32\spoolsv.exe[1396] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text F:\WINDOWS\system32\spoolsv.exe[1396] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text F:\WINDOWS\system32\spoolsv.exe[1396] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text F:\WINDOWS\system32\spoolsv.exe[1396] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text F:\WINDOWS\system32\spoolsv.exe[1396] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text F:\WINDOWS\system32\spoolsv.exe[1396] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text F:\WINDOWS\system32\spoolsv.exe[1396] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text F:\WINDOWS\system32\spoolsv.exe[1396] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text F:\WINDOWS\system32\spoolsv.exe[1396] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text F:\WINDOWS\system32\spoolsv.exe[1396] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text F:\WINDOWS\system32\spoolsv.exe[1396] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text F:\WINDOWS\system32\svchost.exe[1496] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text F:\WINDOWS\system32\svchost.exe[1496] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text F:\WINDOWS\system32\svchost.exe[1496] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text F:\WINDOWS\system32\svchost.exe[1496] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text F:\WINDOWS\system32\svchost.exe[1496] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text F:\WINDOWS\system32\svchost.exe[1496] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text F:\WINDOWS\system32\svchost.exe[1496] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text F:\WINDOWS\system32\svchost.exe[1496] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text F:\WINDOWS\system32\svchost.exe[1496] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text F:\WINDOWS\system32\svchost.exe[1496] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text F:\WINDOWS\system32\svchost.exe[1496] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text F:\WINDOWS\system32\svchost.exe[1496] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text F:\WINDOWS\system32\svchost.exe[1496] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text F:\WINDOWS\system32\svchost.exe[1496] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text F:\WINDOWS\system32\svchost.exe[1496] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text F:\WINDOWS\system32\svchost.exe[1496] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text F:\WINDOWS\system32\svchost.exe[1496] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text F:\Program Files\AVAST Software\Avast\avastUI.exe[1576] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text F:\Program Files\AVAST Software\Avast\avastUI.exe[1576] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text F:\WINDOWS\System32\svchost.exe[1600] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text F:\WINDOWS\System32\svchost.exe[1600] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text F:\WINDOWS\System32\svchost.exe[1600] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text F:\WINDOWS\System32\svchost.exe[1600] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text F:\WINDOWS\System32\svchost.exe[1600] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text F:\WINDOWS\System32\svchost.exe[1600] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text F:\WINDOWS\System32\svchost.exe[1600] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text F:\WINDOWS\System32\svchost.exe[1600] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text F:\WINDOWS\System32\svchost.exe[1600] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text F:\WINDOWS\System32\svchost.exe[1600] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text F:\WINDOWS\System32\svchost.exe[1600] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text F:\WINDOWS\System32\svchost.exe[1600] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text F:\WINDOWS\System32\svchost.exe[1600] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text F:\WINDOWS\System32\svchost.exe[1600] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text F:\WINDOWS\System32\svchost.exe[1600] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text F:\WINDOWS\System32\svchost.exe[1600] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text F:\WINDOWS\System32\svchost.exe[1600] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text F:\Program Files\Java\jre6\bin\jqs.exe[1616] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text F:\Program Files\Java\jre6\bin\jqs.exe[1616] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text F:\Program Files\Java\jre6\bin\jqs.exe[1616] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text F:\Program Files\Java\jre6\bin\jqs.exe[1616] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text F:\Program Files\Java\jre6\bin\jqs.exe[1616] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text F:\Program Files\Java\jre6\bin\jqs.exe[1616] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text F:\Program Files\Java\jre6\bin\jqs.exe[1616] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text F:\Program Files\Java\jre6\bin\jqs.exe[1616] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text F:\Program Files\Java\jre6\bin\jqs.exe[1616] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text F:\Program Files\Java\jre6\bin\jqs.exe[1616] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text F:\Program Files\Java\jre6\bin\jqs.exe[1616] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text F:\Program Files\Java\jre6\bin\jqs.exe[1616] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text F:\Program Files\Java\jre6\bin\jqs.exe[1616] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text F:\Program Files\Java\jre6\bin\jqs.exe[1616] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text F:\Program Files\Java\jre6\bin\jqs.exe[1616] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text F:\Program Files\Java\jre6\bin\jqs.exe[1616] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text F:\Program Files\Java\jre6\bin\jqs.exe[1616] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text F:\WINDOWS\system32\LxrJD31s.exe[1672] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text F:\WINDOWS\system32\LxrJD31s.exe[1672] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text F:\WINDOWS\system32\LxrJD31s.exe[1672] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text F:\WINDOWS\system32\LxrJD31s.exe[1672] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text F:\WINDOWS\system32\LxrJD31s.exe[1672] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00381014
.text F:\WINDOWS\system32\LxrJD31s.exe[1672] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00380804
.text F:\WINDOWS\system32\LxrJD31s.exe[1672] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00380A08
.text F:\WINDOWS\system32\LxrJD31s.exe[1672] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00380C0C
.text F:\WINDOWS\system32\LxrJD31s.exe[1672] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00380E10
.text F:\WINDOWS\system32\LxrJD31s.exe[1672] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003801F8
.text F:\WINDOWS\system32\LxrJD31s.exe[1672] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003803FC
.text F:\WINDOWS\system32\LxrJD31s.exe[1672] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00380600
.text F:\WINDOWS\system32\nvsvc32.exe[1692] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text F:\WINDOWS\system32\nvsvc32.exe[1692] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text F:\WINDOWS\system32\nvsvc32.exe[1692] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text F:\WINDOWS\system32\nvsvc32.exe[1692] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text F:\WINDOWS\system32\nvsvc32.exe[1692] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text F:\WINDOWS\system32\nvsvc32.exe[1692] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text F:\WINDOWS\system32\nvsvc32.exe[1692] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text F:\WINDOWS\system32\nvsvc32.exe[1692] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text F:\WINDOWS\system32\nvsvc32.exe[1692] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text F:\WINDOWS\system32\nvsvc32.exe[1692] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text F:\WINDOWS\system32\nvsvc32.exe[1692] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text F:\WINDOWS\system32\nvsvc32.exe[1692] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text F:\WINDOWS\system32\nvsvc32.exe[1692] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text F:\WINDOWS\system32\nvsvc32.exe[1692] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text F:\WINDOWS\system32\nvsvc32.exe[1692] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text F:\WINDOWS\system32\nvsvc32.exe[1692] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text F:\WINDOWS\system32\nvsvc32.exe[1692] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text F:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1760] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text F:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1760] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text F:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1760] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text F:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1760] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text F:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1760] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text F:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1760] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text F:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1760] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text F:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1760] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text F:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1760] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text F:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1760] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text F:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1760] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text F:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1760] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text F:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1760] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text F:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1760] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text F:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1760] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text F:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1760] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text F:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1760] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text F:\WINDOWS\system32\svchost.exe[1968] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text F:\WINDOWS\system32\svchost.exe[1968] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text F:\WINDOWS\system32\svchost.exe[1968] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text F:\WINDOWS\system32\svchost.exe[1968] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text F:\WINDOWS\system32\svchost.exe[1968] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text F:\WINDOWS\system32\svchost.exe[1968] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text F:\WINDOWS\system32\svchost.exe[1968] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text F:\WINDOWS\system32\svchost.exe[1968] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text F:\WINDOWS\system32\svchost.exe[1968] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text F:\WINDOWS\system32\svchost.exe[1968] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text F:\WINDOWS\system32\svchost.exe[1968] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text F:\WINDOWS\system32\svchost.exe[1968] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text F:\WINDOWS\system32\svchost.exe[1968] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text F:\WINDOWS\system32\svchost.exe[1968] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text F:\WINDOWS\system32\svchost.exe[1968] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text F:\WINDOWS\system32\svchost.exe[1968] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text F:\WINDOWS\system32\svchost.exe[1968] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text F:\Program Files\Viewpoint\Common\ViewpointService.exe[1984] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text F:\Program Files\Viewpoint\Common\ViewpointService.exe[1984] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text F:\Program Files\Viewpoint\Common\ViewpointService.exe[1984] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text F:\Program Files\Viewpoint\Common\ViewpointService.exe[1984] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text F:\Program Files\Viewpoint\Common\ViewpointService.exe[1984] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text F:\Program Files\Viewpoint\Common\ViewpointService.exe[1984] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text F:\Program Files\Viewpoint\Common\ViewpointService.exe[1984] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text F:\Program Files\Viewpoint\Common\ViewpointService.exe[1984] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text F:\Program Files\Viewpoint\Common\ViewpointService.exe[1984] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text F:\Program Files\Viewpoint\Common\ViewpointService.exe[1984] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text F:\Program Files\Viewpoint\Common\ViewpointService.exe[1984] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text F:\Program Files\Viewpoint\Common\ViewpointService.exe[1984] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text F:\Program Files\Viewpoint\Common\ViewpointService.exe[1984] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text F:\Program Files\Viewpoint\Common\ViewpointService.exe[1984] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text F:\Program Files\Viewpoint\Common\ViewpointService.exe[1984] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text F:\Program Files\Viewpoint\Common\ViewpointService.exe[1984] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text F:\Program Files\Viewpoint\Common\ViewpointService.exe[1984] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text F:\Program Files\DivX\DivX Update\DivXUpdate.exe[2060] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8
.text F:\Program Files\DivX\DivX Update\DivXUpdate.exe[2060] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text F:\Program Files\DivX\DivX Update\DivXUpdate.exe[2060] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC
.text F:\Program Files\DivX\DivX Update\DivXUpdate.exe[2060] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text F:\Program Files\DivX\DivX Update\DivXUpdate.exe[2060] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
.text F:\Program Files\DivX\DivX Update\DivXUpdate.exe[2060] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
.text F:\Program Files\DivX\DivX Update\DivXUpdate.exe[2060] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
.text F:\Program Files\DivX\DivX Update\DivXUpdate.exe[2060] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
.text F:\Program Files\DivX\DivX Update\DivXUpdate.exe[2060] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
.text F:\Program Files\DivX\DivX Update\DivXUpdate.exe[2060] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
.text F:\Program Files\DivX\DivX Update\DivXUpdate.exe[2060] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
.text F:\Program Files\DivX\DivX Update\DivXUpdate.exe[2060] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
.text F:\Program Files\DivX\DivX Update\DivXUpdate.exe[2060] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003B0804
.text F:\Program Files\DivX\DivX Update\DivXUpdate.exe[2060] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003B0A08
.text F:\Program Files\DivX\DivX Update\DivXUpdate.exe[2060] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003B0600
.text F:\Program Files\DivX\DivX Update\DivXUpdate.exe[2060] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003B01F8
.text F:\Program Files\DivX\DivX Update\DivXUpdate.exe[2060] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003B03FC
.text F:\WINDOWS\system32\ctfmon.exe[2072] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A01F8
.text F:\WINDOWS\system32\ctfmon.exe[2072] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text F:\WINDOWS\system32\ctfmon.exe[2072] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000A03FC
.text F:\WINDOWS\system32\ctfmon.exe[2072] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text F:\WINDOWS\system32\ctfmon.exe[2072] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text F:\WINDOWS\system32\ctfmon.exe[2072] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text F:\WINDOWS\system32\ctfmon.exe[2072] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text F:\WINDOWS\system32\ctfmon.exe[2072] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text F:\WINDOWS\system32\ctfmon.exe[2072] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text F:\WINDOWS\system32\ctfmon.exe[2072] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text F:\WINDOWS\system32\ctfmon.exe[2072] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text F:\WINDOWS\system32\ctfmon.exe[2072] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text F:\WINDOWS\system32\ctfmon.exe[2072] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
.text F:\WINDOWS\system32\ctfmon.exe[2072] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
.text F:\WINDOWS\system32\ctfmon.exe[2072] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
.text F:\WINDOWS\system32\ctfmon.exe[2072] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
.text F:\WINDOWS\system32\ctfmon.exe[2072] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
.text

F:\Documents and Settings\Cactus John.RHOTHGAR\Local Settings\Application Data\Google\Update\GoogleUpdate.exe[2080] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8
.text F:\Documents and Settings\Cactus John.RHOTHGAR\Local Settings\Application Data\Google\Update\GoogleUpdate.exe[2080] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text F:\Documents and Settings\Cactus John.RHOTHGAR\Local Settings\Application Data\Google\Update\GoogleUpdate.exe[2080] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC
.text F:\Documents and Settings\Cactus John.RHOTHGAR\Local Settings\Application Data\Google\Update\GoogleUpdate.exe[2080] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text F:\Documents and Settings\Cactus John.RHOTHGAR\Local Settings\Application Data\Google\Update\GoogleUpdate.exe[2080] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text F:\Documents and Settings\Cactus John.RHOTHGAR\Local Settings\Application Data\Google\Update\GoogleUpdate.exe[2080] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text F:\Documents and Settings\Cactus John.RHOTHGAR\Local Settings\Application Data\Google\Update\GoogleUpdate.exe[2080] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text F:\Documents and Settings\Cactus John.RHOTHGAR\Local Settings\Application Data\Google\Update\GoogleUpdate.exe[2080] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text F:\Documents and Settings\Cactus John.RHOTHGAR\Local Settings\Application Data\Google\Update\GoogleUpdate.exe[2080] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text F:\Documents and Settings\Cactus John.RHOTHGAR\Local Settings\Application Data\Google\Update\GoogleUpdate.exe[2080] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text F:\Documents and Settings\Cactus John.RHOTHGAR\Local Settings\Application Data\Google\Update\GoogleUpdate.exe[2080] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text F:\Documents and Settings\Cactus John.RHOTHGAR\Local Settings\Application Data\Google\Update\GoogleUpdate.exe[2080] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text F:\Documents and Settings\Cactus John.RHOTHGAR\Local Settings\Application Data\Google\Update\GoogleUpdate.exe[2080] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text F:\Documents and Settings\Cactus John.RHOTHGAR\Local Settings\Application Data\Google\Update\GoogleUpdate.exe[2080] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text F:\Documents and Settings\Cactus John.RHOTHGAR\Local Settings\Application Data\Google\Update\GoogleUpdate.exe[2080] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text F:\Documents and Settings\Cactus John.RHOTHGAR\Local Settings\Application Data\Google\Update\GoogleUpdate.exe[2080] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text F:\Documents and Settings\Cactus John.RHOTHGAR\Local Settings\Application Data\Google\Update\GoogleUpdate.exe[2080] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text F:\Documents and Settings\Cactus John.RHOTHGAR\Local Settings\Application Data\Google\Update\1.3.21.99\GoogleCrashHandler.exe[2124] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8
.text F:\Documents and Settings\Cactus John.RHOTHGAR\Local Settings\Application Data\Google\Update\1.3.21.99\GoogleCrashHandler.exe[2124] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text F:\Documents and Settings\Cactus John.RHOTHGAR\Local Settings\Application Data\Google\Update\1.3.21.99\GoogleCrashHandler.exe[2124] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC
.text F:\Documents and Settings\Cactus John.RHOTHGAR\Local Settings\Application Data\Google\Update\1.3.21.99\GoogleCrashHandler.exe[2124] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text F:\Documents and Settings\Cactus John.RHOTHGAR\Local Settings\Application Data\Google\Update\1.3.21.99\GoogleCrashHandler.exe[2124] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text F:\Documents and Settings\Cactus John.RHOTHGAR\Local Settings\Application Data\Google\Update\1.3.21.99\GoogleCrashHandler.exe[2124] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text F:\Documents and Settings\Cactus John.RHOTHGAR\Local Settings\Application Data\Google\Update\1.3.21.99\GoogleCrashHandler.exe[2124] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text F:\Documents and Settings\Cactus John.RHOTHGAR\Local Settings\Application Data\Google\Update\1.3.21.99\GoogleCrashHandler.exe[2124] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text F:\Documents and Settings\Cactus John.RHOTHGAR\Local Settings\Application Data\Google\Update\1.3.21.99\GoogleCrashHandler.exe[2124] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text F:\Documents and Settings\Cactus John.RHOTHGAR\Local Settings\Application Data\Google\Update\1.3.21.99\GoogleCrashHandler.exe[2124] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text F:\Documents and Settings\Cactus John.RHOTHGAR\Local Settings\Application Data\Google\Update\1.3.21.99\GoogleCrashHandler.exe[2124] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text F:\Documents and Settings\Cactus John.RHOTHGAR\Local Settings\Application Data\Google\Update\1.3.21.99\GoogleCrashHandler.exe[2124] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text F:\Documents and Settings\Cactus John.RHOTHGAR\Local Settings\Application Data\Google\Update\1.3.21.99\GoogleCrashHandler.exe[2124] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text F:\Documents and Settings\Cactus John.RHOTHGAR\Local Settings\Application Data\Google\Update\1.3.21.99\GoogleCrashHandler.exe[2124] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text F:\Documents and Settings\Cactus John.RHOTHGAR\Local Settings\Application Data\Google\Update\1.3.21.99\GoogleCrashHandler.exe[2124] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text F:\Documents and Settings\Cactus John.RHOTHGAR\Local Settings\Application Data\Google\Update\1.3.21.99\GoogleCrashHandler.exe[2124] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text F:\Documents and Settings\Cactus John.RHOTHGAR\Local Settings\Application Data\Google\Update\1.3.21.99\GoogleCrashHandler.exe[2124] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text F:\Program Files\Logitech\SetPoint\KEM.exe[2260] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8
.text F:\Program Files\Logitech\SetPoint\KEM.exe[2260] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text F:\Program Files\Logitech\SetPoint\KEM.exe[2260] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC
.text F:\Program Files\Logitech\SetPoint\KEM.exe[2260] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text F:\Program Files\Logitech\SetPoint\KEM.exe[2260] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text F:\Program Files\Logitech\SetPoint\KEM.exe[2260] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text F:\Program Files\Logitech\SetPoint\KEM.exe[2260] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text F:\Program Files\Logitech\SetPoint\KEM.exe[2260] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text F:\Program Files\Logitech\SetPoint\KEM.exe[2260] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text F:\Program Files\Logitech\SetPoint\KEM.exe[2260] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
.text F:\Program Files\Logitech\SetPoint\KEM.exe[2260] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
.text F:\Program Files\Logitech\SetPoint\KEM.exe[2260] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
.text F:\Program Files\Logitech\SetPoint\KEM.exe[2260] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
.text F:\Program Files\Logitech\SetPoint\KEM.exe[2260] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
.text F:\Program Files\Logitech\SetPoint\KEM.exe[2260] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
.text F:\Program Files\Logitech\SetPoint\KEM.exe[2260] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
.text F:\Program Files\Logitech\SetPoint\KEM.exe[2260] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
.text F:\WINDOWS\System32\alg.exe[2556] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text F:\WINDOWS\System32\alg.exe[2556] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text F:\WINDOWS\System32\alg.exe[2556] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text F:\WINDOWS\System32\alg.exe[2556] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text F:\WINDOWS\System32\alg.exe[2556] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002B0804
.text F:\WINDOWS\System32\alg.exe[2556] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002B0A08
.text F:\WINDOWS\System32\alg.exe[2556] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002B0600
.text F:\WINDOWS\System32\alg.exe[2556] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002B01F8
.text F:\WINDOWS\System32\alg.exe[2556] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002B03FC
.text F:\WINDOWS\System32\alg.exe[2556] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text F:\WINDOWS\System32\alg.exe[2556] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text F:\WINDOWS\System32\alg.exe[2556] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text F:\WINDOWS\System32\alg.exe[2556] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text F:\WINDOWS\System32\alg.exe[2556] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text F:\WINDOWS\System32\alg.exe[2556] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text F:\WINDOWS\System32\alg.exe[2556] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text F:\WINDOWS\System32\alg.exe[2556] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text F:\Program Files\Logitech\SetPoint\KHALMNPR.EXE[2772] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text F:\Program Files\Logitech\SetPoint\KHALMNPR.EXE[2772] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text F:\Program Files\Logitech\SetPoint\KHALMNPR.EXE[2772] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text F:\Program Files\Logitech\SetPoint\KHALMNPR.EXE[2772] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text F:\Program Files\Logitech\SetPoint\KHALMNPR.EXE[2772] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00381014
.text F:\Program Files\Logitech\SetPoint\KHALMNPR.EXE[2772] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00380804
.text F:\Program Files\Logitech\SetPoint\KHALMNPR.EXE[2772] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00380A08
.text F:\Program Files\Logitech\SetPoint\KHALMNPR.EXE[2772] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00380C0C
.text F:\Program Files\Logitech\SetPoint\KHALMNPR.EXE[2772] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00380E10
.text F:\Program Files\Logitech\SetPoint\KHALMNPR.EXE[2772] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003801F8
.text F:\Program Files\Logitech\SetPoint\KHALMNPR.EXE[2772] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003803FC
.text F:\Program Files\Logitech\SetPoint\KHALMNPR.EXE[2772] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00380600
.text F:\Program Files\Logitech\SetPoint\KHALMNPR.EXE[2772] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text F:\Program Files\Logitech\SetPoint\KHALMNPR.EXE[2772] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text F:\Program Files\Logitech\SetPoint\KHALMNPR.EXE[2772] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text F:\Program Files\Logitech\SetPoint\KHALMNPR.EXE[2772] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text F:\Program Files\Logitech\SetPoint\KHALMNPR.EXE[2772] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text F:\WINDOWS\system32\LVComsX.exe[3052] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text F:\WINDOWS\system32\LVComsX.exe[3052] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text F:\WINDOWS\system32\wscntfy.exe[3464] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text F:\WINDOWS\system32\wscntfy.exe[3464] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text F:\Documents and Settings\Cactus John.RHOTHGAR\Desktop\ym9wj5q2.exe[3912] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text F:\Documents and Settings\Cactus John.RHOTHGAR\Desktop\ym9wj5q2.exe[3912] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]

---- User IAT/EAT - GMER 1.0.15 ----

IAT F:\WINDOWS\system32\services.exe[572] @ F:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 005E0002
IAT F:\WINDOWS\system32\services.exe[572] @ F:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 005E0000
IAT F:\Program Files\AVAST Software\Avast\AvastSvc.exe[1296] @ F:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C8F6A0] F:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software)
IAT F:\Program Files\AVAST Software\Avast\avastUI.exe[1576] @ F:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C8F6A0] F:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk1\DR2 MBR read error
Disk \Device\Harddisk1\DR2 MBR BIOS signature not found 0

---- Files - GMER 1.0.15 ----

File F:\Documents and Settings\Cactus John\Local Settings\Temp\Temporary Directory 1 for PC Programs - DVD Copy Plus 4.2 XP (with Crack DVDx & Smart Ripper).zip\DVD Copy Plus 4.2 XP (with Crack DVDx & Smart Ripper)\DVD Copy Plus 4.2 XP (with Crack DVDx & Smart Ripper)\DVD Copy Plus 4.2 207616 bytes

---- EOF - GMER 1.0.15 ----

Second Half, reply was too long!

#12 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:12:44 PM

Posted 23 March 2012 - 12:59 PM

Your GMER log indicates a cracked/keygened file (F:\Documents and Settings\Cactus John\Local Settings\Temp\Temporary Directory 1 for PC Programs - DVD Copy Plus 4.2 XP (with Crack DVDx & Smart Ripper).zip)

IMPORTANT NOTE: The practice of using cracking tools, keygens, warez or any pirated software is not only considered illegal activity but it is a serious security risk.

Cracking applications are used for illegally breaking (cracking) various copy-protection and registration techniques used in commercial software. These programs may be distributed via Web sites, Usenet, and P2P networks.

trendmicro.com/vinfo

...warez and crack web pages are being used by cybercriminals as download sites for malware related to VIRUT and VIRUX. Searches for serial numbers, cracks, and even antivirus products like Trend Micro yield malcodes that come in the form of executables or self-extracting files...quick links in these sites also lead to malicious files. Ads and banners are also infection vectors...

Keygen and Crack Sites Distribute VIRUX and FakeAV

...warez/piracy sites ranked the highest in downloading spyware...just opening the web page usually sets off an exploit, never mind actually downloading anything. And by the time the malware is finished downloading, often the machine is trashed and rendered useless.

University of Washington spyware study

...One of the most aggressive and intrusive of all bad websites on the Internet are serial, warez, software cracking type sites...they sneak malware onto your system...Where do trojan viruses originate? One of the biggest malware distributors on the Internet are serial/warez/code cracking sites.

Bad Web Sites: Malware

When you use these kind of programs, be forewarned that some of the worst types of malware infections can be contracted and spread by visiting crack, keygen, warez and other pirated software sites. In many cases, those sites are infested with a smörgåsbord of malware and an increasing source of system infection. Those who attempt to get software for free can end up with a computer system so badly damaged that recovery is not possible and it cannot be repaired. When that happens there is nothing you can do besides reformatting and reinstalling the OS.

Before we can continue, I need you to remove all cracks and keygens immediately to reduce the risk of infection/reinfection. If not, then we are just wasting time trying to clean your system. Further, other tools used during the disinfection process may detect crack and keygens so we need to ensure they have been removed.

Using these types of programs or the websites you visited to get them is almost a guaranteed way to get yourself infected!!

 

:step1: Please download MiniRegTool.zip and unzip it to your USB drive. Copy and paste it to the desktop of your infected computer.
  • Run the tool.
  • Type the following into the edit box:

    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Winsock
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Winsock2
  • Check the Delete Keys/Values including Locked/Null embedded radio button.
  • Press Go button and post the result.

:step2: Install TCP/IP
Go to Start ==> Control Panel. Double-click Network Connections. Right-click Local Area Connection, and select Properties.
  • On the General tab, click Install a popup window opens.
  • Select Protocol from the list and then click Add.
  • A new window opens, click Have Disk....
  • In the browse... box type c:\windows\inf
  • Click OK.
  • Select Internet Protocol (TCP/IP), and then click OK.
  • Restart the computer, and check the Internet connection.

Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#13 Cactus John

Cactus John
  • Topic Starter

  • Members
  • 131 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Rumney, NH
  • Local time:11:44 AM

Posted 23 March 2012 - 05:38 PM

I am at work so i will run these programs when i get home tonight, i did want to say that the "crack dvd" is in a temp directory and i have no clue what that even is. I believe i will need to remove that somehow before i continue, i am sure that may be the root of the problems.

#14 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:12:44 PM

Posted 23 March 2012 - 05:47 PM

Sounds good. :thumbup2: I'll help you remove that file later.
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#15 Cactus John

Cactus John
  • Topic Starter

  • Members
  • 131 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Rumney, NH
  • Local time:11:44 AM

Posted 24 March 2012 - 10:37 AM

The folder in temp was empty, so i just right click deleted, i do not have a program that has that name, i searched for it. No need to post removal help, im sure i got rid of it...


MiniRegTool by Farbar
Ran by Cactus John (administrator) on 2012-03-24 11:30:07

====================================
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Winsock deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Winsock2 deleted successfully.

And as usual, can not complete the action: Clearing NetBT




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users