Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cannot open .exe files (invalid win32 application)


  • This topic is locked This topic is locked
13 replies to this topic

#1 Kurt14

Kurt14

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:12:59 PM

Posted 09 July 2012 - 11:34 AM

http://www.bleepingcomputer.com/forums/topic459642.html - Link of topic posted in 'Am I infected?..'

Details: Recently I feel something weird in my computer, and I cannot open .exe files. I have Windows XP. I also have MBAM, Avast and Norton (expired) and finally Anti Trojan Elite. I did full scan with MBAM yesterday and result was 1 threat which has been removed and quarantined. I recently posted a topic in 'Am I infected..' board and Jason guided me here. And of course, I did preparation.
Symptoms: Once clicking on .exe files, a new window of Anti Trojan elite pops up '...Trojan in your computer etc..' and finally the error which says that it is an invalid win32 application. I am very sure this is malware.

D.D.S:

dds.txt:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_24
Run by too at 16:17:18 on 2012-07-09
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1013.223 [GMT 1:00]
.
AV: Norton Internet Security *Enabled/Outdated* {E10A9785-9598-4754-B552-92431C1C35F8}
AV: avast! antivirus 4.8.1351 [VPS 091101-0] *Enabled/Outdated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Norton Internet Security *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\1.3.21.111\GoogleCrashHandler.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Fichiers communs\PC Tools\sMonitor\StartManSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Micro Application\Cloneur Expert\TrueImageMonitor.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\Anti Trojan Elite\TJEnder.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Documents and Settings\too\Local Settings\Application Data\Akamai\netsession_win.exe
C:\Documents and Settings\too\Local Settings\Application Data\Akamai\netsession_win.exe
C:\Program Files\Menara\dslmon.exe
C:\Documents and Settings\too\Local Settings\Application Data\Google\Update\1.3.21.111\GoogleCrashHandler.exe
C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Mozilla Firefox\firefox.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bigseekpro.com/mdickie/{7F528376-C4C0-4CA2-8667-E6A5B848625B}
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://www.bigseekpro.com/mdickie/{7F528376-C4C0-4CA2-8667-E6A5B848625B}
uSearchAssistant = hxxp://dts.search-results.com/sr?src=ieb&appid=1022&systemid=1&sr=0&q={searchTerms}
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant =
uURLSearchHooks: ToolbarURLSearchHook Class: {ca3eb689-8f09-4026-aa10-b9534c691ce0} - c:\program files\mdickie db toolbar toolbar\tbhelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\fichiers communs\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Wincore Mediabar: {28387537-e3f9-4ed7-860c-11e69af4a8a0} - c:\progra~1\imesha~1\mediabar\datamngr\toolbar\wincoreimdtx.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: NCO 2.0 IE BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\fichiers communs\symantec shared\coshared\browser\2.5\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\fichie~1\symant~1\ids\IPSBHO.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\fichiers communs\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SMTTB2009 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - c:\program files\mdickie db toolbar toolbar\tbcore3.dll
TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\fichiers communs\symantec shared\coshared\browser\2.5\CoIEPlg.dll
TB: Wincore Mediabar: {28387537-e3f9-4ed7-860c-11e69af4a8a0} - c:\progra~1\imesha~1\mediabar\datamngr\toolbar\wincoreimdtx.dll
TB: MDickie DB Toolbar Toolbar: {338b4dfe-2e2c-4338-9e41-e176d497299e} - c:\program files\mdickie db toolbar toolbar\tbcore3.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
EB: {ACEBB9C5-8B00-43A3-B821-A5DCEFECCF0F} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [svvhost2] c:\windows\system32\svvhost2.exe
uRun: [systemlog] c:\windows\system32\systemlog.exe
uRun: [swinlogin] c:\windows\system32\swinlogin.exe
uRun: [winlogin2] c:\windows\system32\winlogin2.exe
uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" /MINIMIZED
uRun: [Akamai NetSession Interface] "c:\documents and settings\too\local settings\application data\akamai\netsession_win.exe"
uRun: [DAEMON Tools Pro Agent] "c:\program files\daemon tools pro\DTAgent.exe" -autorun
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [Google Update] "c:\documents and settings\too\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [ccApp] "c:\program files\fichiers communs\symantec shared\ccApp.exe"
mRun: [osCheck] "c:\program files\norton internet security\osCheck.exe"
mRun: [Cloneur Expert Monitor] "c:\program files\micro application\cloneur expert\TrueImageMonitor.exe"
mRun: [Acronis Scheduler2 Service] "c:\program files\fichiers communs\acronis\schedule2\schedhlp.exe"
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [TkBellExe] "c:\program files\fichiers communs\real\update_ob\realsched.exe" -osboot
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [SunJavaUpdateSched] "c:\program files\fichiers communs\java\java update\jusched.exe"
mRun: [Google Updater] "c:\program files\google\google updater\GoogleUpdater.exe" -check_deprecation
mRun: [snpstd3] c:\windows\vsnpstd3.exe
mRun: [Freecorder FLV Service] "c:\program files\freecorder\FLVSrvc.exe" /run
mRun: [GameXL]
mRun: [Anti Trojan Elite] c:\program files\anti trojan elite\TJEnder.exe :NO
dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
StartupFolder: c:\docume~1\too\menudm~1\progra~1\dmarra~1\fifa11~1.lnk - c:\program files\ea sports\fifa 11\support\EAregister.exe
StartupFolder: c:\docume~1\alluse~1\menudm~1\progra~1\dmarra~1\dslmon.lnk - c:\program files\menara\dslmon.exe
StartupFolder: c:\docume~1\alluse~1\menudm~1\progra~1\dmarra~1\metacafe.lnk - c:\program files\metacafe\MetacafeAgent.exe
uPolicies-explorer: MemCheckBoxInRunDlg = 0 (0x0)
uPolicies-explorer: NoStrCmpLogical = 0 (0x0)
mPolicies-explorer: NoChangeAnimation = 0 (0x0)
mPolicies-explorer: NoStrCmpLogical = 0 (0x0)
mPolicies-system: RunStartupScriptSync = 1 (0x1)
IE: &Download All using 4shared Desktop - c:\program files\4shared desktop\down_all.htm
IE: &Search
IE: E&xporter vers Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: TÚlÚcharger avec Mipony - file://c:\program files\mipony\browser\IEContext.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} - hxxp://www.yoyogames.com/plugins/activex/YoYo.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
TCP: Interfaces\{FB9CD8EC-1988-48E9-953C-88B70A14CA0E} : NameServer = 62.251.229.223 62.251.229.237
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\fichie~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: CLKERN.DLL c:\progra~1\google\go333c~1\GOEC62~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\too\application data\mozilla\firefox\profiles\kjl3xhnd.default\
FF - prefs.js: browser.search.selectedEngine - Search
FF - prefs.js: browser.startup.homepage - hxxp://www.bigseekpro.com/mdickie/{7F528376-C4C0-4CA2-8667-E6A5B848625B}
FF - prefs.js: keyword.URL - hxxp://www.bigseekpro.com/search/toolbar/mdickie/{7F528376-C4C0-4CA2-8667-E6A5B848625B}?q=
FF - component: c:\program files\google\google gears\firefox\lib\ff36\gears.dll
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\too\application data\mozilla\firefox\profiles\kjl3xhnd.default\extensions\{1bc9ba34-1eed-42ca-a505-6d2f1a935bbb}\plugins\npietab2.dll
FF - plugin: c:\documents and settings\too\application data\mozilla\firefox\profiles\kjl3xhnd.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\documents and settings\too\application data\mozilla\firefox\profiles\kjl3xhnd.default\extensions\battlefieldheroespatcher@ea.com\plugins\npBFHUpdater.dll
FF - plugin: c:\documents and settings\too\application data\mozilla\firefox\profiles\kjl3xhnd.default\extensions\battlefieldplay4free@ea.com\plugins\npBP4FUpdater.dll
FF - plugin: c:\documents and settings\too\application data\mozilla\firefox\profiles\kjl3xhnd.default\extensions\runtime@panda3d.org\platform\winnt_x86-msvc\plugins\nppanda3d.dll
FF - plugin: c:\documents and settings\too\application data\mozilla\firefox\profiles\kjl3xhnd.default\extensions\yyginstantplay@yoyogames.com\plugins\NPYYGInstantPlay.dll
FF - plugin: c:\documents and settings\too\local settings\application data\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\documents and settings\too\local settings\application data\robloxversions\version-6ca07d14e2274822\NPRobloxProxy.dll
FF - plugin: c:\documents and settings\too\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-9-2 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-9-2 20560]
R2 ATE_PROCMON;ATE_PROCMON;c:\program files\anti trojan elite\ATEPMON.sys [2012-6-2 9984]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-9-2 138680]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\fichiers communs\symantec shared\CCSVCHST.EXE [2008-1-25 149352]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\fichiers communs\symantec shared\CCSVCHST.EXE [2008-1-25 149352]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\fichiers communs\symantec shared\CCSVCHST.EXE [2008-1-25 149352]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\fichiers communs\pc tools\smonitor\StartManSvc.exe [2012-5-31 793048]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-9-2 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-9-2 352920]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\fichiers communs\symantec shared\eengine\EraserUtilRebootDrv.sys [2008-9-18 99376]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2008-9-18 41216]
R3 NAVENG;NAVENG;c:\progra~1\fichie~1\symant~1\virusd~1\20080917.039\NAVENG.SYS [2008-9-18 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\fichie~1\symant~1\virusd~1\20080917.039\NAVEX15.SYS [2008-9-18 873552]
S2 EjxBPXiHAs;EjxBPXiHAs;cmd /c "c:\docume~1\too\locals~1\temp\svhost.exe" --> cmd [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-8-2 133104]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-4-5 158856]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-1-12 23888]
S3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [2011-8-15 500704]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\garena messenger\room\safedrv.sys --> c:\program files\garena messenger\room\safedrv.sys [?]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2010-1-12 30192]
S3 gupdatem;Service Google Update (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-8-2 133104]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2009-12-1 34384]
S3 Symantec Core LC;Symantec Core LC;c:\progra~1\fichie~1\symant~1\ccpd-lc\symlcsvc.exe [2008-9-18 1245064]
S3 UsbEvdomAtc;LGE EVDOM USB Serial Port;c:\windows\system32\drivers\lgevdomatc.sys [2009-2-17 19840]
S3 usbevdombus;LGE EVDOM Composite USB Device;c:\windows\system32\drivers\lgevdombus.sys [2009-2-17 13696]
S3 UsbEvdomDiag;LGE EVDOM USB Serial DM Port;c:\windows\system32\drivers\lgevdomdiag.sys [2009-2-17 19840]
S3 USBEVDOmModem;LGE EVDOM USB Modem;c:\windows\system32\drivers\lgevdommodem.sys [2009-2-17 21632]
S3 vproiah;vproiah;c:\windows\system32\drivers\vproiah.sys --> c:\windows\system32\drivers\vproiah.sys [?]
S3 XDva389;XDva389;\??\c:\windows\system32\xdva389.sys --> c:\windows\system32\XDva389.sys [?]
S3 XDva397;XDva397;c:\windows\system32\XDva397.sys [2012-5-6 77136]
.
=============== Created Last 30 ================
.
2012-07-05 12:46:19 -------- d-----w- c:\program files\Strogino CS Portal
2012-06-28 15:53:51 -------- d-----w- c:\program files\ZeusPro
2012-06-28 10:25:30 -------- d-----w- c:\program files\ESET
2012-06-12 19:55:29 -------- d-----w- c:\documents and settings\too\local settings\application data\RobloxDownloads
2012-06-12 19:55:24 -------- d-----w- c:\documents and settings\too\local settings\application data\RobloxVersions
2012-06-12 19:55:10 -------- d-----w- c:\documents and settings\too\local settings\application data\Roblox
.
==================== Find3M ====================
.
2012-07-06 13:35:41 219128 ----a-w- c:\windows\system32\PnkBstrB.xtr
2012-07-06 13:35:41 219128 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-07-06 13:32:54 138592 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-07-06 13:32:20 219128 ----a-w- c:\windows\system32\PnkBstrB.ex0
2012-05-20 12:21:30 138056 ----a-w- c:\documents and settings\too\application data\PnkBstrK.sys
2012-05-20 12:21:06 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2012-05-18 17:26:05 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-18 17:26:05 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-11 19:06:07 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2012-05-06 12:10:24 77136 ----a-w- c:\windows\system32\XDva397.sys
2012-04-16 20:31:20 19456 ----a-w- c:\windows\ed4.exe
2012-04-16 20:29:30 34795 ----a-w- c:\windows\libregex.dll
2012-04-16 20:29:12 327308 ----a-w- c:\windows\libssl32.dll
2012-04-16 20:29:07 186928 ----a-w- c:\windows\stoneh.exe
2012-04-16 20:28:41 775 ----a-w- c:\documents and settings\too\ds.bat
2012-04-15 19:02:16 68888 ----a-w- c:\windows\system\xinput1_3.dll
2012-04-15 19:02:16 444776 ----a-w- c:\windows\system\d3dx10_35.dll
2012-04-15 19:02:16 3727720 ----a-w- c:\windows\system\d3dx9_35.dll
2012-04-15 19:02:16 3497832 ----a-w- c:\windows\system\d3dx9_34.dll
.
============= FINISH: 16:19:28.01 ===============

attach.txt: NOT REQUIRED by helper (please inform me if required)

GMER:

ark.txt:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-07-09 17:25:38
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST3160815AS rev.4.AAA
Running: gmer.exe; Driver: C:\DOCUME~1\too\LOCALS~1\Temp\pxtdypob.sys


---- System - GMER 1.0.15 ----

SSDT 869C4968 ZwAlertResumeThread
SSDT 869C4C38 ZwAlertThread
SSDT 86857920 ZwAllocateVirtualMemory
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xA8F286B8]
SSDT 86957BB8 ZwConnectPort
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xA8F28574]
SSDT 86864330 ZwCreateMutant
SSDT \??\C:\Program Files\Anti Trojan Elite\ATEPMon.sys ZwCreateSection [0xA87F68C6]
SSDT 8683EF00 ZwCreateThread
SSDT 86A128E0 ZwDebugActiveProcess
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xA917E2A0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xA8F28A52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xA8F2814C]
SSDT 868412F8 ZwFreeVirtualMemory
SSDT 869D76B0 ZwImpersonateAnonymousToken
SSDT 869C48A8 ZwImpersonateThread
SSDT 86841218 ZwMapViewOfSection
SSDT 868642B0 ZwOpenEvent
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xA8F2864E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xA8F2808C]
SSDT 869FFDA0 ZwOpenProcessToken
SSDT 869193C0 ZwOpenSection
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xA8F280F0]
SSDT 86271670 ZwOpenThreadToken
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xA8F2876E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xA8F2872E]
SSDT 86A57C48 ZwResumeThread
SSDT 861EF378 ZwSetContextThread
SSDT 86A0C820 ZwSetInformationProcess
SSDT 8687B358 ZwSetInformationThread
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xA8F288AE]
SSDT 86919480 ZwSuspendProcess
SSDT 869C4CB8 ZwSuspendThread
SSDT 869581F0 ZwTerminateProcess
SSDT 868343A0 ZwTerminateThread
SSDT 861EF3F8 ZwUnmapViewOfSection
SSDT 86938200 ZwWriteVirtualMemory

INT 0x62 ? 86BCDCB8
INT 0x63 ? 869BCCB8
INT 0x82 ? 86BCDCB8
INT 0x83 ? 869BCCB8
INT 0x94 ? 869BCCB8
INT 0xA4 ? 869BCCB8
INT 0xA4 ? 869BCCB8
INT 0xA4 ? 869BCCB8
INT 0xA4 ? 869BCCB8
INT 0xB4 ? 86BCDCB8
INT 0xB4 ? 86BCDCB8
INT 0xB4 ? 869BCCB8
INT 0xB4 ? 86BCDCB8

---- Kernel code sections - GMER 1.0.15 ----

.sptd1 C:\WINDOWS\system32\drivers\sptd.sys entry point in ".sptd1" section [0xF7540089]
.text USBPORT.SYS!DllUnload F6BD980C 5 Bytes JMP 869BC1C8
.text a424jami.SYS!A0DB34FC6FE35D429A28ADDE5467D4D7 F6B0E900 48 Bytes [05, 39, EF, 49, 77, 28, 94, ...]
? C:\WINDOWS\System32\Drivers\a424jami.SYS suspicious PE modification
pnidata C:\WINDOWS\system32\DRIVERS\secdrv.sys unknown last section [0xA8449F00, 0x24000, 0x48000000]

---- User code sections - GMER 1.0.15 ----

.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1612] ntdll.dll!NtCreateFile + 6 7C91D0B4 4 Bytes [28, 00, 18, 00] {SUB [EAX], AL; SBB [EAX], AL}
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1612] ntdll.dll!NtCreateFile + B 7C91D0B9 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1612] ntdll.dll!NtMapViewOfSection + 6 7C91D524 1 Byte [28]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1612] ntdll.dll!NtMapViewOfSection + 6 7C91D524 4 Bytes [28, 03, 18, 00] {SUB [EBX], AL; SBB [EAX], AL}
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1612] ntdll.dll!NtMapViewOfSection + B 7C91D529 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1612] ntdll.dll!NtOpenFile + 6 7C91D5A4 4 Bytes [68, 00, 18, 00]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1612] ntdll.dll!NtOpenFile + B 7C91D5A9 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1612] ntdll.dll!NtOpenProcess + 6 7C91D604 4 Bytes [A8, 01, 18, 00] {TEST AL, 0x1; SBB [EAX], AL}
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1612] ntdll.dll!NtOpenProcess + B 7C91D609 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1612] ntdll.dll!NtOpenProcessToken + 6 7C91D614 4 Bytes CALL 7B91EE1A
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1612] ntdll.dll!NtOpenProcessToken + B 7C91D619 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1612] ntdll.dll!NtOpenProcessTokenEx + 6 7C91D624 4 Bytes [A8, 02, 18, 00] {TEST AL, 0x2; SBB [EAX], AL}
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1612] ntdll.dll!NtOpenProcessTokenEx + B 7C91D629 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1612] ntdll.dll!NtOpenThread + 6 7C91D664 4 Bytes [68, 01, 18, 00]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1612] ntdll.dll!NtOpenThread + B 7C91D669 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1612] ntdll.dll!NtOpenThreadToken + 6 7C91D674 4 Bytes [68, 02, 18, 00]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1612] ntdll.dll!NtOpenThreadToken + B 7C91D679 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1612] ntdll.dll!NtOpenThreadTokenEx + 6 7C91D684 4 Bytes CALL 7B91EE8B
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1612] ntdll.dll!NtOpenThreadTokenEx + B 7C91D689 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1612] ntdll.dll!NtQueryAttributesFile + 6 7C91D714 4 Bytes [A8, 00, 18, 00] {TEST AL, 0x0; SBB [EAX], AL}
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1612] ntdll.dll!NtQueryAttributesFile + B 7C91D719 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1612] ntdll.dll!NtQueryFullAttributesFile + 6 7C91D7B4 4 Bytes CALL 7B91EFB9
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1612] ntdll.dll!NtQueryFullAttributesFile + B 7C91D7B9 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1612] ntdll.dll!NtSetInformationFile + 6 7C91DC64 4 Bytes [28, 01, 18, 00] {SUB [ECX], AL; SBB [EAX], AL}
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1612] ntdll.dll!NtSetInformationFile + B 7C91DC69 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1612] ntdll.dll!NtSetInformationThread + 6 7C91DCB4 4 Bytes [28, 02, 18, 00] {SUB [EDX], AL; SBB [EAX], AL}
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1612] ntdll.dll!NtSetInformationThread + B 7C91DCB9 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1612] ntdll.dll!NtUnmapViewOfSection + 6 7C91DF14 1 Byte [68]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1612] ntdll.dll!NtUnmapViewOfSection + 6 7C91DF14 4 Bytes [68, 03, 18, 00]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1612] ntdll.dll!NtUnmapViewOfSection + B 7C91DF19 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1636] ntdll.dll!NtCreateFile + 6 7C91D0B4 4 Bytes [28, 00, 1E, 00]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1636] ntdll.dll!NtCreateFile + B 7C91D0B9 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1636] ntdll.dll!NtMapViewOfSection + 6 7C91D524 1 Byte [28]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1636] ntdll.dll!NtMapViewOfSection + 6 7C91D524 4 Bytes [28, 03, 1E, 00]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1636] ntdll.dll!NtMapViewOfSection + B 7C91D529 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1636] ntdll.dll!NtOpenFile + 6 7C91D5A4 4 Bytes [68, 00, 1E, 00]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1636] ntdll.dll!NtOpenFile + B 7C91D5A9 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1636] ntdll.dll!NtOpenProcess + 6 7C91D604 4 Bytes [A8, 01, 1E, 00]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1636] ntdll.dll!NtOpenProcess + B 7C91D609 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1636] ntdll.dll!NtOpenProcessToken + 6 7C91D614 4 Bytes CALL 7B91F41A
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1636] ntdll.dll!NtOpenProcessToken + B 7C91D619 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1636] ntdll.dll!NtOpenProcessTokenEx + 6 7C91D624 4 Bytes [A8, 02, 1E, 00]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1636] ntdll.dll!NtOpenProcessTokenEx + B 7C91D629 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1636] ntdll.dll!NtOpenThread + 6 7C91D664 4 Bytes [68, 01, 1E, 00]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1636] ntdll.dll!NtOpenThread + B 7C91D669 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1636] ntdll.dll!NtOpenThreadToken + 6 7C91D674 4 Bytes [68, 02, 1E, 00]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1636] ntdll.dll!NtOpenThreadToken + B 7C91D679 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1636] ntdll.dll!NtOpenThreadTokenEx + 6 7C91D684 4 Bytes CALL 7B91F48B
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1636] ntdll.dll!NtOpenThreadTokenEx + B 7C91D689 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1636] ntdll.dll!NtQueryAttributesFile + 6 7C91D714 4 Bytes [A8, 00, 1E, 00]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1636] ntdll.dll!NtQueryAttributesFile + B 7C91D719 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1636] ntdll.dll!NtQueryFullAttributesFile + 6 7C91D7B4 4 Bytes CALL 7B91F5B9
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1636] ntdll.dll!NtQueryFullAttributesFile + B 7C91D7B9 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1636] ntdll.dll!NtSetInformationFile + 6 7C91DC64 4 Bytes [28, 01, 1E, 00]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1636] ntdll.dll!NtSetInformationFile + B 7C91DC69 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1636] ntdll.dll!NtSetInformationThread + 6 7C91DCB4 4 Bytes [28, 02, 1E, 00]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1636] ntdll.dll!NtSetInformationThread + B 7C91DCB9 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1636] ntdll.dll!NtUnmapViewOfSection + 6 7C91DF14 1 Byte [68]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1636] ntdll.dll!NtUnmapViewOfSection + 6 7C91DF14 4 Bytes [68, 03, 1E, 00]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1636] ntdll.dll!NtUnmapViewOfSection + B 7C91DF19 1 Byte [E2]
.text C:\Program Files\Mozilla Firefox\firefox.exe[3552] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3996] ntdll.dll!NtCreateFile + 6 7C91D0B4 4 Bytes [28, 00, 38, 00] {SUB [EAX], AL; CMP [EAX], AL}
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3996] ntdll.dll!NtCreateFile + B 7C91D0B9 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3996] ntdll.dll!NtMapViewOfSection + 6 7C91D524 1 Byte [28]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3996] ntdll.dll!NtMapViewOfSection + 6 7C91D524 4 Bytes [28, 03, 38, 00] {SUB [EBX], AL; CMP [EAX], AL}
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3996] ntdll.dll!NtMapViewOfSection + B 7C91D529 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3996] ntdll.dll!NtOpenFile + 6 7C91D5A4 4 Bytes [68, 00, 38, 00]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3996] ntdll.dll!NtOpenFile + B 7C91D5A9 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3996] ntdll.dll!NtOpenProcess + 6 7C91D604 4 Bytes [A8, 01, 38, 00] {TEST AL, 0x1; CMP [EAX], AL}
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3996] ntdll.dll!NtOpenProcess + B 7C91D609 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3996] ntdll.dll!NtOpenProcessToken + 6 7C91D614 4 Bytes CALL 7B920E1A
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3996] ntdll.dll!NtOpenProcessToken + B 7C91D619 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3996] ntdll.dll!NtOpenProcessTokenEx + 6 7C91D624 4 Bytes [A8, 02, 38, 00] {TEST AL, 0x2; CMP [EAX], AL}
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3996] ntdll.dll!NtOpenProcessTokenEx + B 7C91D629 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3996] ntdll.dll!NtOpenThread + 6 7C91D664 4 Bytes [68, 01, 38, 00]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3996] ntdll.dll!NtOpenThread + B 7C91D669 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3996] ntdll.dll!NtOpenThreadToken + 6 7C91D674 4 Bytes [68, 02, 38, 00]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3996] ntdll.dll!NtOpenThreadToken + B 7C91D679 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3996] ntdll.dll!NtOpenThreadTokenEx + 6 7C91D684 4 Bytes CALL 7B920E8B
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3996] ntdll.dll!NtOpenThreadTokenEx + B 7C91D689 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3996] ntdll.dll!NtQueryAttributesFile + 6 7C91D714 4 Bytes [A8, 00, 38, 00] {TEST AL, 0x0; CMP [EAX], AL}
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3996] ntdll.dll!NtQueryAttributesFile + B 7C91D719 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3996] ntdll.dll!NtQueryFullAttributesFile + 6 7C91D7B4 4 Bytes CALL 7B920FB9
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3996] ntdll.dll!NtQueryFullAttributesFile + B 7C91D7B9 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3996] ntdll.dll!NtSetInformationFile + 6 7C91DC64 4 Bytes [28, 01, 38, 00] {SUB [ECX], AL; CMP [EAX], AL}
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3996] ntdll.dll!NtSetInformationFile + B 7C91DC69 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3996] ntdll.dll!NtSetInformationThread + 6 7C91DCB4 4 Bytes [28, 02, 38, 00] {SUB [EDX], AL; CMP [EAX], AL}
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3996] ntdll.dll!NtSetInformationThread + B 7C91DCB9 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3996] ntdll.dll!NtUnmapViewOfSection + 6 7C91DF14 1 Byte [68]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3996] ntdll.dll!NtUnmapViewOfSection + 6 7C91DF14 4 Bytes [68, 03, 38, 00]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3996] ntdll.dll!NtUnmapViewOfSection + B 7C91DF19 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4432] ntdll.dll!NtCreateFile + 6 7C91D0B4 4 Bytes [28, 00, 54, 00]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4432] ntdll.dll!NtCreateFile + B 7C91D0B9 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4432] ntdll.dll!NtMapViewOfSection + 6 7C91D524 1 Byte [28]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4432] ntdll.dll!NtMapViewOfSection + 6 7C91D524 4 Bytes [28, 03, 54, 00]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4432] ntdll.dll!NtMapViewOfSection + B 7C91D529 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4432] ntdll.dll!NtOpenFile + 6 7C91D5A4 4 Bytes [68, 00, 54, 00]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4432] ntdll.dll!NtOpenFile + B 7C91D5A9 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4432] ntdll.dll!NtOpenProcess + 6 7C91D604 4 Bytes [A8, 01, 54, 00]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4432] ntdll.dll!NtOpenProcess + B 7C91D609 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4432] ntdll.dll!NtOpenProcessToken + 6 7C91D614 4 Bytes CALL 7B922A1A
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4432] ntdll.dll!NtOpenProcessToken + B 7C91D619 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4432] ntdll.dll!NtOpenProcessTokenEx + 6 7C91D624 4 Bytes [A8, 02, 54, 00]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4432] ntdll.dll!NtOpenProcessTokenEx + B 7C91D629 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4432] ntdll.dll!NtOpenThread + 6 7C91D664 4 Bytes [68, 01, 54, 00]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4432] ntdll.dll!NtOpenThread + B 7C91D669 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4432] ntdll.dll!NtOpenThreadToken + 6 7C91D674 4 Bytes [68, 02, 54, 00]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4432] ntdll.dll!NtOpenThreadToken + B 7C91D679 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4432] ntdll.dll!NtOpenThreadTokenEx + 6 7C91D684 4 Bytes CALL 7B922A8B
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4432] ntdll.dll!NtOpenThreadTokenEx + B 7C91D689 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4432] ntdll.dll!NtQueryAttributesFile + 6 7C91D714 4 Bytes [A8, 00, 54, 00]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4432] ntdll.dll!NtQueryAttributesFile + B 7C91D719 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4432] ntdll.dll!NtQueryFullAttributesFile + 6 7C91D7B4 4 Bytes CALL 7B922BB9
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4432] ntdll.dll!NtQueryFullAttributesFile + B 7C91D7B9 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4432] ntdll.dll!NtSetInformationFile + 6 7C91DC64 4 Bytes [28, 01, 54, 00]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4432] ntdll.dll!NtSetInformationFile + B 7C91DC69 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4432] ntdll.dll!NtSetInformationThread + 6 7C91DCB4 4 Bytes [28, 02, 54, 00]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4432] ntdll.dll!NtSetInformationThread + B 7C91DCB9 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4432] ntdll.dll!NtUnmapViewOfSection + 6 7C91DF14 1 Byte [68]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4432] ntdll.dll!NtUnmapViewOfSection + 6 7C91DF14 4 Bytes [68, 03, 54, 00]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4432] ntdll.dll!NtUnmapViewOfSection + B 7C91DF19 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4508] ntdll.dll!NtCreateFile + 6 7C91D0B4 4 Bytes [28, 00, 1E, 00]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4508] ntdll.dll!NtCreateFile + B 7C91D0B9 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4508] ntdll.dll!NtMapViewOfSection + 6 7C91D524 1 Byte [28]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4508] ntdll.dll!NtMapViewOfSection + 6 7C91D524 4 Bytes [28, 03, 1E, 00]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4508] ntdll.dll!NtMapViewOfSection + B 7C91D529 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4508] ntdll.dll!NtOpenFile + 6 7C91D5A4 4 Bytes [68, 00, 1E, 00]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4508] ntdll.dll!NtOpenFile + B 7C91D5A9 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4508] ntdll.dll!NtOpenProcess + 6 7C91D604 4 Bytes [A8, 01, 1E, 00]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4508] ntdll.dll!NtOpenProcess + B 7C91D609 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4508] ntdll.dll!NtOpenProcessToken + 6 7C91D614 4 Bytes CALL 7B91F41A
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4508] ntdll.dll!NtOpenProcessToken + B 7C91D619 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4508] ntdll.dll!NtOpenProcessTokenEx + 6 7C91D624 4 Bytes [A8, 02, 1E, 00]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4508] ntdll.dll!NtOpenProcessTokenEx + B 7C91D629 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4508] ntdll.dll!NtOpenThread + 6 7C91D664 4 Bytes [68, 01, 1E, 00]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4508] ntdll.dll!NtOpenThread + B 7C91D669 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4508] ntdll.dll!NtOpenThreadToken + 6 7C91D674 4 Bytes [68, 02, 1E, 00]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4508] ntdll.dll!NtOpenThreadToken + B 7C91D679 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4508] ntdll.dll!NtOpenThreadTokenEx + 6 7C91D684 4 Bytes CALL 7B91F48B
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4508] ntdll.dll!NtOpenThreadTokenEx + B 7C91D689 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4508] ntdll.dll!NtQueryAttributesFile + 6 7C91D714 4 Bytes [A8, 00, 1E, 00]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4508] ntdll.dll!NtQueryAttributesFile + B 7C91D719 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4508] ntdll.dll!NtQueryFullAttributesFile + 6 7C91D7B4 4 Bytes CALL 7B91F5B9
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4508] ntdll.dll!NtQueryFullAttributesFile + B 7C91D7B9 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4508] ntdll.dll!NtSetInformationFile + 6 7C91DC64 4 Bytes [28, 01, 1E, 00]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4508] ntdll.dll!NtSetInformationFile + B 7C91DC69 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4508] ntdll.dll!NtSetInformationThread + 6 7C91DCB4 4 Bytes [28, 02, 1E, 00]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4508] ntdll.dll!NtSetInformationThread + B 7C91DCB9 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4508] ntdll.dll!NtUnmapViewOfSection + 6 7C91DF14 1 Byte [68]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4508] ntdll.dll!NtUnmapViewOfSection + 6 7C91DF14 4 Bytes [68, 03, 1E, 00]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4508] ntdll.dll!NtUnmapViewOfSection + B 7C91DF19 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5536] ntdll.dll!NtCreateFile + 6 7C91D0B4 4 Bytes [28, 00, 17, 00]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5536] ntdll.dll!NtCreateFile + B 7C91D0B9 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5536] ntdll.dll!NtMapViewOfSection + 6 7C91D524 1 Byte [28]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5536] ntdll.dll!NtMapViewOfSection + 6 7C91D524 4 Bytes [28, 03, 17, 00]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5536] ntdll.dll!NtMapViewOfSection + B 7C91D529 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5536] ntdll.dll!NtOpenFile + 6 7C91D5A4 4 Bytes [68, 00, 17, 00]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5536] ntdll.dll!NtOpenFile + B 7C91D5A9 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5536] ntdll.dll!NtOpenProcess + 6 7C91D604 4 Bytes [A8, 01, 17, 00]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5536] ntdll.dll!NtOpenProcess + B 7C91D609 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5536] ntdll.dll!NtOpenProcessToken + 6 7C91D614 4 Bytes CALL 7B91ED1A
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5536] ntdll.dll!NtOpenProcessToken + B 7C91D619 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5536] ntdll.dll!NtOpenProcessTokenEx + 6 7C91D624 4 Bytes [A8, 02, 17, 00]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5536] ntdll.dll!NtOpenProcessTokenEx + B 7C91D629 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5536] ntdll.dll!NtOpenThread + 6 7C91D664 4 Bytes [68, 01, 17, 00]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5536] ntdll.dll!NtOpenThread + B 7C91D669 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5536] ntdll.dll!NtOpenThreadToken + 6 7C91D674 4 Bytes [68, 02, 17, 00]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5536] ntdll.dll!NtOpenThreadToken + B 7C91D679 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5536] ntdll.dll!NtOpenThreadTokenEx + 6 7C91D684 4 Bytes CALL 7B91ED8B
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5536] ntdll.dll!NtOpenThreadTokenEx + B 7C91D689 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5536] ntdll.dll!NtQueryAttributesFile + 6 7C91D714 4 Bytes [A8, 00, 17, 00]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5536] ntdll.dll!NtQueryAttributesFile + B 7C91D719 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5536] ntdll.dll!NtQueryFullAttributesFile + 6 7C91D7B4 4 Bytes CALL 7B91EEB9
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5536] ntdll.dll!NtQueryFullAttributesFile + B 7C91D7B9 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5536] ntdll.dll!NtSetInformationFile + 6 7C91DC64 4 Bytes [28, 01, 17, 00]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5536] ntdll.dll!NtSetInformationFile + B 7C91DC69 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5536] ntdll.dll!NtSetInformationThread + 6 7C91DCB4 4 Bytes [28, 02, 17, 00]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5536] ntdll.dll!NtSetInformationThread + B 7C91DCB9 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5536] ntdll.dll!NtUnmapViewOfSection + 6 7C91DF14 1 Byte [68]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5536] ntdll.dll!NtUnmapViewOfSection + 6 7C91DF14 4 Bytes [68, 03, 17, 00]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5536] ntdll.dll!NtUnmapViewOfSection + B 7C91DF19 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5636] ntdll.dll!NtCreateFile + 6 7C91D0B4 4 Bytes [28, 00, 17, 00]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5636] ntdll.dll!NtCreateFile + B 7C91D0B9 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5636] ntdll.dll!NtMapViewOfSection + 6 7C91D524 1 Byte [28]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5636] ntdll.dll!NtMapViewOfSection + 6 7C91D524 4 Bytes [28, 03, 17, 00]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5636] ntdll.dll!NtMapViewOfSection + B 7C91D529 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5636] ntdll.dll!NtOpenFile + 6 7C91D5A4 4 Bytes [68, 00, 17, 00]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5636] ntdll.dll!NtOpenFile + B 7C91D5A9 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5636] ntdll.dll!NtOpenProcess + 6 7C91D604 4 Bytes [A8, 01, 17, 00]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5636] ntdll.dll!NtOpenProcess + B 7C91D609 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5636] ntdll.dll!NtOpenProcessToken + 6 7C91D614 4 Bytes CALL 7B91ED1A
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5636] ntdll.dll!NtOpenProcessToken + B 7C91D619 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5636] ntdll.dll!NtOpenProcessTokenEx + 6 7C91D624 4 Bytes [A8, 02, 17, 00]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5636] ntdll.dll!NtOpenProcessTokenEx + B 7C91D629 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5636] ntdll.dll!NtOpenThread + 6 7C91D664 4 Bytes [68, 01, 17, 00]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5636] ntdll.dll!NtOpenThread + B 7C91D669 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5636] ntdll.dll!NtOpenThreadToken + 6 7C91D674 4 Bytes [68, 02, 17, 00]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5636] ntdll.dll!NtOpenThreadToken + B 7C91D679 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5636] ntdll.dll!NtOpenThreadTokenEx + 6 7C91D684 4 Bytes CALL 7B91ED8B
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5636] ntdll.dll!NtOpenThreadTokenEx + B 7C91D689 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5636] ntdll.dll!NtQueryAttributesFile + 6 7C91D714 4 Bytes [A8, 00, 17, 00]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5636] ntdll.dll!NtQueryAttributesFile + B 7C91D719 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5636] ntdll.dll!NtQueryFullAttributesFile + 6 7C91D7B4 4 Bytes CALL 7B91EEB9
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5636] ntdll.dll!NtQueryFullAttributesFile + B 7C91D7B9 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5636] ntdll.dll!NtSetInformationFile + 6 7C91DC64 4 Bytes [28, 01, 17, 00]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5636] ntdll.dll!NtSetInformationFile + B 7C91DC69 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5636] ntdll.dll!NtSetInformationThread + 6 7C91DCB4 4 Bytes [28, 02, 17, 00]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5636] ntdll.dll!NtSetInformationThread + B 7C91DCB9 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5636] ntdll.dll!NtUnmapViewOfSection + 6 7C91DF14 1 Byte [68]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5636] ntdll.dll!NtUnmapViewOfSection + 6 7C91DF14 4 Bytes [68, 03, 17, 00]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5636] ntdll.dll!NtUnmapViewOfSection + B 7C91DF19 1 Byte [E2]

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 86BCC1E8

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip aswRdr.SYS (avast! TDI RDR Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\NetBT \Device\NetBT_Tcpip_{613204EE-298B-4D65-9383-CB5087F42D50} 86A1C430
Device \Driver\usbuhci \Device\USBPDO-0 868BC1E8
Device \Driver\usbuhci \Device\USBPDO-1 868BC1E8
Device \Driver\usbuhci \Device\USBPDO-2 868BC1E8
Device \Driver\usbehci \Device\USBPDO-3 869AD1E8
Device \Driver\usbuhci \Device\USBPDO-4 868BC1E8

AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp aswRdr.SYS (avast! TDI RDR Driver/ALWIL Software)

Device \Driver\usbuhci \Device\USBPDO-5 868BC1E8
Device \Driver\usbuhci \Device\USBPDO-6 868BC1E8
Device \Driver\PCI_PNP5164 \Device\00000057 sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 snapman.sys (Acronis Snapshot API/Acronis)

Device \Driver\usbehci \Device\USBPDO-7 869AD1E8
Device \Driver\Cdrom \Device\CdRom0 869881E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 86BCD1E8
Device \Driver\atapi \Device\Ide\IdePort0 86BCD1E8
Device \Driver\atapi \Device\Ide\IdePort1 86BCD1E8
Device \Driver\atapi \Device\Ide\IdePort2 86BCD1E8
Device \Driver\atapi \Device\Ide\IdePort3 86BCD1E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-12 86BCD1E8
Device \Driver\Cdrom \Device\CdRom1 869881E8
Device \Driver\NetBT \Device\NetBt_Wins_Export 86A1C430
Device \Driver\NetBT \Device\NetBT_Tcpip_{FB9CD8EC-1988-48E9-953C-88B70A14CA0E} 86A1C430
Device \Driver\NetBT \Device\NetbiosSmb 86A1C430

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp aswRdr.SYS (avast! TDI RDR Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\usbuhci \Device\USBFDO-0 868BC1E8
Device \Driver\usbuhci \Device\USBFDO-1 868BC1E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 86A14430
Device \Driver\usbuhci \Device\USBFDO-2 868BC1E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 86A14430
Device \Driver\usbehci \Device\USBFDO-3 869AD1E8
Device \Driver\usbuhci \Device\USBFDO-4 868BC1E8
Device \Driver\usbuhci \Device\USBFDO-5 868BC1E8
Device \Driver\usbuhci \Device\USBFDO-6 868BC1E8
Device \Driver\usbehci \Device\USBFDO-7 869AD1E8
Device \Driver\a424jami \Device\Scsi\a424jami1Port4Path0Target0Lun0 8687A1E8
Device \Driver\a424jami \Device\Scsi\a424jami1 8687A1E8
Device \FileSystem\Cdfs \Cdfs 854AB430

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xAB 0xCA 0xF6 0x1E ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x8A 0x8C 0x57 0xDA ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x2E 0x9A 0xAD 0x9C ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x88 0xA5 0x2C 0x26 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x8A 0x8C 0x57 0xDA ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x2E 0x9A 0xAD 0x9C ...

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\Ghali\Application Data\Macromedia\Flash Player\#SharedObjects\TE798RBT\simply-land.com.\main.swf 0 bytes
File C:\Documents and Settings\Ghali\Application Data\Macromedia\Flash Player\#SharedObjects\TE798RBT\simply-land.com.\main.swf\gael.sound.Engine.root.volume.sol 65 bytes
File C:\Documents and Settings\Ghali\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#simply-land.com.\settings.sol 86 bytes

---- EOF - GMER 1.0.15 ----

BC AdBot (Login to Remove)

 


#2 Kurt14

Kurt14
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:12:59 PM

Posted 09 July 2012 - 11:59 AM

ADDITION: Normal programs with .exe extention do open.. The ones that don't open are the ones for their INSTALLATION. E.g: remix_ce_setup.exe

Edited by Kurt14, 09 July 2012 - 11:59 AM.


#3 Kurt14

Kurt14
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:12:59 PM

Posted 10 July 2012 - 09:41 AM

I did my research and possibly it is a BAGLE infection

#4 Kurt14

Kurt14
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:12:59 PM

Posted 11 July 2012 - 11:51 AM

Am I getting forgotten? :S

#5 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:08:59 AM

Posted 13 July 2012 - 01:30 PM

Hi again Kurt14 :hello:

We sincerely apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Again, some things to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please do not attach logs or put logs in code or quote boxes (unless explicitly asked to)
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can also help.
  • Do not run anything while running a fix.
  • If you don't understand a step, please ask for clarification before continuing with any future steps.

Click on the Watch Topic button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Note to others: The instructions here are intended for the person who began this topic. If you need help, please create your own topic in the appropriate forum.

 

Posted Image One or more of the identified infections is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.


I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.


:step1: More than one Antivirus program installed
I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore, before continuing with Step 2, please go to Add/Remove Programs in the Control Panel and remove either Norton Internet Security or Avast.


:step2: Install Recovery Console and Run ComboFix

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • Posted Image
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.


In your next reply, please include:
  • Combofix log
  • How is your computer running now? Please be as descriptive as possible.

Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#6 Kurt14

Kurt14
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:12:59 PM

Posted 13 July 2012 - 03:09 PM

Luckily in Morocco people don't usually store financial info in their computers, so let's say I'm technically safe..

And how will I run ComboFix if I can't execute installation files??

#7 Kurt14

Kurt14
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:12:59 PM

Posted 13 July 2012 - 03:16 PM

Besides, if the installation .exe was INSIDE a .zip folder, it'll definitely work! I tried it the past years! :thumbsup:

#8 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:08:59 AM

Posted 13 July 2012 - 03:25 PM

Kurt14,

First, to answer to your question asked on PM, there are several items that are definitely malicious and potentially backdoor trojans, one of them being c:\docume~1\too\locals~1\temp\svhost.exe

To get Combofix to run, try renaming it, following these steps:

Click on the Start menu, click on Run.
In the Run window, type in: control folders
In the Folder Options window that opens, click on the View tab.
Uncheck the box next to Hide extensions for known file types
Click Apply, then OK.

Right click on the Combofix.exe file on your desktop, and rename it to Combofix.scr

  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.scr and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • Posted Image
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.


In your next reply, please include:
  • Combofix log
  • How is your computer running now? Please be as descriptive as possible.

Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#9 Kurt14

Kurt14
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:12:59 PM

Posted 13 July 2012 - 03:35 PM

I hope you don't mind if I skip step 1, please, I am not familiar with that and i do not think it's a good idea to remove one of them especially if both are outdated (stupid me). Thanks for the latest advice and answering my question. Do you mind if I skip step 1, please?

#10 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:08:59 AM

Posted 13 July 2012 - 03:50 PM

Kurt14,

Actually, I do mind. That's why I included it as the first step to complete before running Combofix. Having more than one antivirus program running at the same time slows your computer down. Each of them detect the other as a virus (even though they are not). It may also cause the Combofix scan to take longer to run. Please either uninstall Avast or Norton Internet Security before following my instructions to rename and run Combofix.

If you have any questions or need clarification on how to uninstall Avast or Norton Internet Security, please ask me, and I'd be happy to give you better instructions.
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#11 Kurt14

Kurt14
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:12:59 PM

Posted 14 July 2012 - 07:34 AM

I'll be on vacation, what a coincidence.. Ramadan is drawing near and i need to spend more time with family, I'll see you in around 1 week.

#12 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:08:59 AM

Posted 14 July 2012 - 08:15 AM

Kurt14,

Okay, I'll leave this topic open.

When you are back, see this topic for instructions to uninstall Norton Internet Security.

- OR -

Go to Avast Software Uninstall for instructions on how to uninstall Avast.
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#13 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:08:59 AM

Posted 15 July 2012 - 05:19 PM

Kurt14,

It was brought to my attention you may be getting help on another forum.

Have you been getting help here? http://forums.whatthetech.com/index.php?showtopic=123738
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#14 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:08:59 AM

Posted 16 July 2012 - 04:24 PM

Kurt14,

Following advice from more than one helper makes it extremely difficult to clean a machine. It not only ties up valuable helper time, but it also makes it very confusing as the helpers do not know what the other helper is doing. Sometimes the fixes can be in conflict with each other and cause problems.

Therefore, I am closing this topic to avoid any confusion.
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users