[faathihz]

Hi

I cant access facebook.com from any browser (internet explorer, chrome or firefox) after i managed to clean a backdoor virus my laptop caught from what seemed like a virus from facebook. I accidentally ran a flashplayer.exe file which was required to view the facebook video. I used spyware doctor and kaspersky to clean the virus and have managed to use my laptop normally but i cant access facebook.com,

I tried to scan my laptop for more viruses but both programs say that i dun have any.

Please help!!!

Thanks

[faathihz]

just thought anyone who wants to help might need this info.

this is what i got after i run command :

Ping facebook.com

Pinging facebook.com [127.0.0.1] with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms


NOTEPAD c:\Windows\system32\drivers\etc\HOSTS.

# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

[dvk01]

follow advice here and post the logs those programs make

[faathihz]

sorry about that. please see below.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:33:35 AM, on 8/30/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\ChgService.exe
C:\Program Files\Common Files\Sony Ericsson\Emma Core\Services\EmmaDeviceMgmt.exe
C:\Program Files\Common Files\Sony Ericsson\Emma Core\Services\EmmaUpdateMgmt.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\1.3.21.65\GoogleCrashHandler.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\VideoLAN\VLC\vlc.exe
C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\user\My Documents\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://jookz.toolbaroptions.com/?tmp...kwbtb04ie&v=15
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://jookz.toolbaroptions.com/?tmp...kwbtb04ie&v=15
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R3 - URLSearchHook: Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSoft.dll (file missing)
R3 - URLSearchHook: (no name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSoft.dll (file missing)
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSoft.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Microsoft Firewall Client Management.lnk = C:\Program Files\Microsoft Firewall Client 2004\FwcMgmt.exe
O4 - Global Startup: WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
O9 - Extra button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1261241121123
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Change Modem Device Service - Unknown owner - C:\WINDOWS\system32\ChgService.exe
O23 - Service: ddservice - Unknown owner - C:\WINDOWS\update.7.1\svchostdriver.exe (file missing)
O23 - Service: Emma Device Management (EmmaDevMgmtSvc) - Sony Ericsson Mobile Communications - C:\Program Files\Common Files\Sony Ericsson\Emma Core\Services\EmmaDeviceMgmt.exe
O23 - Service: Emma Update Management (EmmaUpdMgmtSvc) - Sony Ericsson Mobile Communications - C:\Program Files\Common Files\Sony Ericsson\Emma Core\Services\EmmaUpdateMgmt.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Jookz Toolbar Helper - Unknown owner - C:\Program Files\Jookz Toolbar\tbsvc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\PC Tools Security\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\PC Tools Security\pctsSvc.exe
O23 - Service: srviecheck - Unknown owner - C:\WINDOWS\update.2\svchost.exe (file missing)
O23 - Service: ThreatFire - PC Tools - C:\Program Files\PC Tools Security\TFEngine\TFService.exe
O23 - Service: WDDMService - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
O23 - Service: WD File Management Engine (WDFME) - Unknown owner - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
O23 - Service: WD File Management Shadow Engine (WDSC) - Unknown owner - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
O23 - Service: Zwangie Service - Unknown owner - C:\Documents and Settings\All Users\Application Data\Zwangie\zwangie159.exe (file missing)

--
End of file - 12691 bytes




.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by user at 0:58:40 on 2011-08-30
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.361 [GMT 5:00]
.
AV: Kaspersky Anti-Virus *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
svchost.exe
C:\WINDOWS\system32\ChgService.exe
C:\Program Files\Common Files\Sony Ericsson\Emma Core\Services\EmmaDeviceMgmt.exe
C:\Program Files\Common Files\Sony Ericsson\Emma Core\Services\EmmaUpdateMgmt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\1.3.21.65\GoogleCrashHandler.exe
C:\Program Files\Microsoft Firewall Client 2004\FwcMgmt.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
.
============== Pseudo HJT Report ===============
.
uLocal Page = hxxp://jookz.toolbaroptions.com/?tmp=toolbar_results_jookz_v2_homepage&prt=jkwbtb04ie&v=15
mLocal Page = hxxp://jookz.toolbaroptions.com/?tmp=toolbar_results_jookz_v2_homepage&prt=jkwbtb04ie&v=15
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
uInternet Settings,ProxyOverride = <local>
uURLSearchHooks: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - c:\program files\softonic-eng7\tbSoft.dll
uURLSearchHooks: H - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - c:\program files\softonic-eng7\tbSoft.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky anti-virus 2011\ievkbd.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky anti-virus 2011\klwtbbho.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - c:\program files\softonic-eng7\tbSoft.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: {4C350B19-6CA1-4569-B14C-296D8D6535B2} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\user\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [NCLaunch] c:\windows\NCLAUNCH.EXe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [tray_ico]
mRun: [tray_ico3]
mRun: [tray_ico4]
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky anti-virus 2011\avp.exe"
StartupFolder: c:\docume~1\user\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft firewall client 2004\FwcMgmt.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wddmst~1.lnk - c:\program files\western digital\wd smartware\wd drive manager\WDDMStatus.exe
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableSecureUIAPaths = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky anti-virus 2011\klwtbbho.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky anti-virus 2011\klwtbbho.dll
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
LSP: c:\program files\microsoft firewall client 2004\FwcWsp.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1261241121123
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.2.1 192.168.1.1 202.1.192.196 202.1.201.201
TCP: Interfaces\{961790E2-32EB-4B0A-99CE-89582CA05182} : DhcpNameServer = 192.168.2.1 192.168.1.1 202.1.192.196 202.1.201.201
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: igfxcui - igfxdev.dll
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\user\application data\mozilla\firefox\profiles\dh0zp2zd.default\
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserre cordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim. dll
FF - plugin: c:\documents and settings\user\local settings\application data\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\documents and settings\user\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R0 KL1;kl1;c:\windows\system32\drivers\kl1.sys [2010-6-9 132184]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2011-8-25 263888]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2011-8-25 338880]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2011-8-25 656320]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2011-8-25 51984]
R0 TFSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2011-8-25 69392]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2010-6-9 11352]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2011-8-26 475736]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2011-8-25 253096]
R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [2011-8-25 233976]
R2 Change Modem Device Service;Change Modem Device Service;c:\windows\system32\ChgService.exe [2010-6-27 135168]
R2 EmmaDevMgmtSvc;Emma Device Management;c:\program files\common files\sony ericsson\emma core\services\EmmaDeviceMgmt.exe [2010-7-1 306296]
R2 EmmaUpdMgmtSvc;Emma Update Management;c:\program files\common files\sony ericsson\emma core\services\EmmaUpdateMgmt.exe [2010-7-1 162936]
R2 FwcAgent;Firewall Client Agent;c:\program files\microsoft firewall client 2004\FwcAgent.exe [2006-12-9 128832]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\sony ericsson\sony ericsson pc suite\SupServ.exe [2010-7-20 90112]
R2 WDDMService;WDDMService;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2011-3-9 238592]
R2 WDFME;WD File Management Engine;c:\program files\western digital\wd smartware\front parlor\wdfme\WDFME.exe [2011-3-9 1060864]
R2 WDSC;WD File Management Shadow Engine;c:\program files\western digital\wd smartware\front parlor\WDSC.exe [2011-3-9 484352]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2010-5-7 32856]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-11-2 19472]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2010-7-20 27632]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2011-7-28 11520]
S1 SBRE;SBRE;\??\c:\windows\system32\drivers\sbredrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky anti-virus 2011\avp.exe [2010-7-1 352976]
S2 ddservice;ddservice;c:\windows\update.7.1\svchostdriver.exe srv --> c:\windows\update.7.1\svchostdriver.exe srv [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-14 136176]
S2 Jookz Toolbar Helper;Jookz Toolbar Helper;c:\program files\jookz toolbar\tbsvc.exe --> c:\program files\jookz toolbar\tbsvc.exe [?]
S2 srviecheck;srviecheck;c:\windows\update.2\svchost.exe srv --> c:\windows\update.2\svchost.exe srv [?]
S2 Zwangie Service;Zwangie Service;"c:\documents and settings\all users\application data\zwangie\zwangie159.exe" "c:\program files\zwangie\zwangie.dll" bputqxbwqq --> c:\documents and settings\all users\application data\zwangie\zwangie159.exe [?]
S3 cmnsusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2053s;c:\windows\system32\drivers\cmnsusbser.sys [2010-6-27 103424]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2010-7-20 13224]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-5-14 136176]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2004-8-3 14336]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2011-8-25 70664]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools security\pctsAuxs.exe [2011-8-25 371472]
S3 sdCoreService;PC Tools Security Service;c:\program files\pc tools security\pctsSvc.exe [2011-8-25 1117144]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2011-8-25 33552]
S3 ThreatFire;ThreatFire;c:\program files\pc tools security\tfengine\tfservice.exe service --> c:\program files\pc tools security\tfengine\TFService.exe service [?]
.
=============== Created Last 30 ================
.
2011-08-29 19:54:48 150200 ----a-w- c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\kavlinkfilter.dll
2011-08-26 16:04:11 -------- d-----w- c:\program files\Microsoft Firewall Client 2004
2011-08-26 12:12:21 115369 ----a-w- c:\windows\system32\drivers\klin.dat
2011-08-26 12:12:20 97859 ----a-w- c:\windows\system32\drivers\klick.dat
2011-08-26 11:47:49 -------- d-----w- c:\program files\Kaspersky Lab
2011-08-26 11:47:49 -------- d-----w- c:\documents and settings\all users\application data\Kaspersky Lab
2011-08-26 11:30:05 -------- d--h--w- C:\kleaner.tmp
2011-08-25 16:40:03 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2011-08-25 16:28:28 69392 --s---w- c:\windows\system32\drivers\TfSysMon.sys
2011-08-25 16:28:28 51984 --s---w- c:\windows\system32\drivers\TfFsMon.sys
2011-08-25 16:28:28 33552 --s---w- c:\windows\system32\drivers\TfNetMon.sys
2011-08-25 16:23:27 -------- d--h--w- c:\windows\update.8.1
2011-08-25 15:39:07 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2011-08-25 15:39:07 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys
2011-08-25 15:39:06 253096 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2011-08-25 15:38:51 263888 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2011-08-25 15:38:50 160576 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2011-08-25 15:38:45 233976 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2011-08-25 15:38:31 70664 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2011-08-25 15:38:08 -------- d-----w- c:\program files\PC Tools Security
2011-08-25 15:38:08 -------- d-----w- c:\program files\common files\PC Tools
2011-08-25 15:36:37 -------- d-----w- c:\documents and settings\all users\application data\PC Tools
2011-08-25 12:06:18 -------- d--h--w- c:\windows\update.tray-0-0-lnk
2011-08-25 12:06:18 -------- d--h--w- c:\windows\update.tray-0-0
2011-08-25 11:32:20 -------- d-----w- c:\program files\common files\SYMANT~1
2011-08-25 00:18:08 -------- d--h--w- c:\windows\update.tray-12-0-lnk
2011-08-25 00:18:08 -------- d--h--w- c:\windows\update.tray-12-0
2011-08-24 23:52:13 -------- d--h--w- c:\documents and settings\all users\application data\Common Files
2011-08-24 23:51:06 -------- d-----w- c:\documents and settings\all users\application data\MFAData
2011-08-24 22:58:21 -------- d-----w- c:\documents and settings\user\application data\Sammsoft
2011-08-24 20:56:41 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-08-24 20:56:41 -------- d-----w- c:\windows\system32\wbem\Repository
2011-08-24 20:37:22 16342528 ----a-w- c:\windows\SETAF.tmp
2011-08-21 14:17:35 -------- d-----w- c:\windows\av_ico
2011-08-21 12:43:18 -------- d--h--w- c:\windows\update.7.1
2011-08-21 12:41:50 246272 ----a-w- c:\windows\unrar.exe
2011-08-21 12:37:10 -------- d--h--w- c:\windows\update.tray-10-0-lnk
2011-08-21 12:37:10 -------- d--h--w- c:\windows\update.tray-10-0
2011-08-21 11:03:47 -------- d-----w- c:\documents and settings\user\local settings\application data\Help
2011-08-11 03:22:43 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2011-08-11 03:21:48 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
.
==================== Find3M ====================
.
2011-08-20 19:38:21 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-06-24 14:10:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:36:30 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:36:30 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-23 18:36:30 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05:13 385024 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44:52 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 1:02:25.76 ===============






.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 1/3/2008 1:38:29 PM
System Uptime: 8/30/2011 12:52:53 AM (1 hours ago)
.
Motherboard: NEC | | VERSA E6300
Processor: Intel(R) Pentium(R) Dual CPU T2330 @ 1.60GHz | U2E1 | 1994/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 39 GiB total, 13.063 GiB free.
D: is FIXED (NTFS) - 68 GiB total, 49.788 GiB free.
E: is CDROM ()
F: is CDROM (UDF)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP585: 8/22/2011 7:22:30 PM - System Checkpoint
RP586: 8/24/2011 6:16:38 PM - System Checkpoint
RP587: 8/25/2011 1:46:32 AM - Restore Operation
RP588: 8/25/2011 1:50:07 AM - Restore Operation
RP589: 8/25/2011 2:01:26 AM - Software Distribution Service 3.0
RP590: 8/25/2011 3:57:56 AM - ARO 2011 - Before Installation
RP591: 8/25/2011 3:58:55 AM - ARO 2011 - FIRST RUN
RP592: 8/25/2011 4:08:31 AM - ARO 2011 Thu, Aug 25, 11 04:08
RP593: 8/25/2011 4:31:09 AM - ARO 2011 - Before Optimize
RP594: 8/25/2011 5:06:45 AM - Installed AVG 2011
RP595: 8/25/2011 5:08:46 AM - Installed AVG 2011
RP596: 8/25/2011 8:53:13 AM - Installed AVG 2011
RP597: 8/25/2011 9:16:08 AM - Removed AVG 2011
RP598: 8/25/2011 4:31:25 PM - Removed Symantec AntiVirus
RP599: 8/25/2011 4:55:36 PM - Installed Kaspersky Anti-Virus 2011.
RP600: 8/25/2011 8:46:46 PM - Removed Kaspersky Anti-Virus 2011.
RP601: 8/25/2011 9:27:27 PM - Removed Kaspersky Anti-Virus 2011.
RP602: 8/25/2011 10:11:32 PM - Removed Kaspersky Anti-Virus 2011.
RP603: 8/26/2011 1:09:34 AM - Removed Skype™ 5.5
RP604: 8/26/2011 3:50:23 PM - Removed Kaspersky Anti-Virus 2011.
RP605: 8/26/2011 4:15:33 PM - Removed Kaspersky Anti-Virus 2011.
RP606: 8/26/2011 4:46:16 PM - Installed Kaspersky Anti-Virus 2011.
RP607: 8/26/2011 9:04:06 PM - Installed Microsoft Firewall Client
RP608: 8/28/2011 6:13:48 AM - System Checkpoint
RP609: 8/29/2011 6:22:07 AM - System Checkpoint
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS4
Adobe Bridge Start Meeting
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS4
Adobe Reader X (10.1.0)
Adobe Setup
Adobe Shockwave Player 11.5
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Agere Systems HDA Modem
Ahead Nero Burning ROM
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Avanquest update
AVG 2011
BitTorrent
CAS Lite for NEC
Click to Call with Skype
Content Transfer
Convert DOC to PDF For Word 3.50
Convert Image To PDF
Dhiraagu Mobile Broadband USB Modem version 5.014
DivX Setup
Emma Core
Google Chrome
Google Update Helper
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel(R) Graphics Media Accelerator Driver
iTunes
Java Auto Updater
Java(TM) 6 Update 26
Junk Mail filter update
Kaspersky Anti-Virus 2011
Marvell Miniport Driver
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Firewall Client
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 6.0 (x86 en-US)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB933579)
NVIDIA Drivers
NWZ-W250 WALKMAN Guide
PDF Settings
Photoshop Camera Raw
PowerDVD
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office 2007 System (KB2541012)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2541007)
Security Update for Microsoft Office Groove 2007 (KB2494047)
Security Update for Microsoft Office InfoPath 2007 (KB2510061)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
SEMC OMSI Module
Skype™ 5.5
Sony Ericsson PC Suite 6.012.00
Spelling Dictionaries Support For Adobe Reader 8
Spyware Doctor
Synaptics Pointing Device Driver
Unity Web Player
UnRAR for Windows
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office Outlook 2007 (KB2509470)
Update for Outlook 2007 Junk Email Filter (KB2586924)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Internet Explorer 8 (KB982632)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.4053
VLC media player 1.1.4
WD SmartWare
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows Rights Management Client Backwards Compatibility SP2
Windows Rights Management Client with Service Pack 2
Windows XP Service Pack 3
WinRAR archiver
WinZip 15.0
WinZip Self-Extractor
xpot
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
8/26/2011 5:09:02 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the WDFME service.
8/26/2011 4:27:28 PM, error: Service Control Manager [7000] - The KLIF service failed to start due to the following error: The system cannot find the file specified.
8/26/2011 12:23:58 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
8/26/2011 12:10:30 PM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
8/26/2011 12:09:52 PM, error: Service Control Manager [7034] - The Workstation service terminated unexpectedly. It has done this 1 time(s).
8/26/2011 12:09:52 PM, error: Service Control Manager [7034] - The Wireless Zero Configuration service terminated unexpectedly. It has done this 1 time(s).
8/26/2011 12:09:52 PM, error: Service Control Manager [7034] - The Windows Firewall/Internet Connection Sharing (ICS) service terminated unexpectedly. It has done this 1 time(s).
8/26/2011 12:09:52 PM, error: Service Control Manager [7034] - The Windows Audio service terminated unexpectedly. It has done this 1 time(s).
8/26/2011 12:09:52 PM, error: Service Control Manager [7034] - The Telephony service terminated unexpectedly. It has done this 1 time(s).
8/26/2011 12:09:52 PM, error: Service Control Manager [7034] - The System Restore Service service terminated unexpectedly. It has done this 1 time(s).
8/26/2011 12:09:52 PM, error: Service Control Manager [7034] - The System Event Notification service terminated unexpectedly. It has done this 1 time(s).
8/26/2011 12:09:52 PM, error: Service Control Manager [7034] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s).
8/26/2011 12:09:52 PM, error: Service Control Manager [7034] - The Server service terminated unexpectedly. It has done this 1 time(s).
8/26/2011 12:09:52 PM, error: Service Control Manager [7034] - The Security Center service terminated unexpectedly. It has done this 1 time(s).
8/26/2011 12:09:52 PM, error: Service Control Manager [7034] - The Secondary Logon service terminated unexpectedly. It has done this 1 time(s).
8/26/2011 12:09:52 PM, error: Service Control Manager [7034] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 1 time(s).
8/26/2011 12:09:52 PM, error: Service Control Manager [7034] - The Network Location Awareness (NLA) service terminated unexpectedly. It has done this 1 time(s).
8/26/2011 12:09:52 PM, error: Service Control Manager [7034] - The Network Connections service terminated unexpectedly. It has done this 1 time(s).
8/26/2011 12:09:52 PM, error: Service Control Manager [7034] - The Logical Disk Manager service terminated unexpectedly. It has done this 1 time(s).
8/26/2011 12:09:52 PM, error: Service Control Manager [7034] - The HID Input Service service terminated unexpectedly. It has done this 1 time(s).
8/26/2011 12:09:52 PM, error: Service Control Manager [7034] - The Fast User Switching Compatibility service terminated unexpectedly. It has done this 1 time(s).
8/26/2011 12:09:52 PM, error: Service Control Manager [7034] - The Error Reporting Service service terminated unexpectedly. It has done this 1 time(s).
8/26/2011 12:09:52 PM, error: Service Control Manager [7034] - The Distributed Link Tracking Client service terminated unexpectedly. It has done this 1 time(s).
8/26/2011 12:09:52 PM, error: Service Control Manager [7034] - The DHCP Client service terminated unexpectedly. It has done this 1 time(s).
8/26/2011 12:09:52 PM, error: Service Control Manager [7034] - The Cryptographic Services service terminated unexpectedly. It has done this 1 time(s).
8/26/2011 12:09:52 PM, error: Service Control Manager [7034] - The COM+ Event System service terminated unexpectedly. It has done this 1 time(s).
8/26/2011 12:09:52 PM, error: Service Control Manager [7034] - The Automatic Updates service terminated unexpectedly. It has done this 1 time(s).
8/26/2011 12:09:52 PM, error: Service Control Manager [7034] - The Application Management service terminated unexpectedly. It has done this 1 time(s).
8/26/2011 12:09:52 PM, error: Service Control Manager [7031] - The Windows Time service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/26/2011 12:09:52 PM, error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/26/2011 12:09:52 PM, error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/26/2011 12:09:52 PM, error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 6000 milliseconds: Restart the service.
8/26/2011 12:09:52 PM, error: Service Control Manager [7031] - The Help and Support service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
8/26/2011 12:09:52 PM, error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/26/2011 1:46:17 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
8/26/2011 1:37:05 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: eeCtrl Fips intelppm PCTSD SBRE TfFsMon TFSysMon
8/25/2011 9:00:56 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgldx86 Avgmfx86 Avgtdix eeCtrl Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SAVRT SAVRTPEL SBRE SYMTDI Tcpip
8/25/2011 8:35:28 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/25/2011 8:32:06 PM, error: Service Control Manager [7034] - The Yahoo! Updater service terminated unexpectedly. It has done this 1 time(s).
8/25/2011 8:32:06 PM, error: Service Control Manager [7034] - The wxpdrivers service terminated unexpectedly. It has done this 1 time(s).
8/25/2011 8:32:06 PM, error: Service Control Manager [7034] - The WDDMService service terminated unexpectedly. It has done this 1 time(s).
8/25/2011 8:32:06 PM, error: Service Control Manager [7034] - The WD File Management Shadow Engine service terminated unexpectedly. It has done this 1 time(s).
8/25/2011 8:32:06 PM, error: Service Control Manager [7034] - The WD File Management Engine service terminated unexpectedly. It has done this 1 time(s).
8/25/2011 8:32:06 PM, error: Service Control Manager [7034] - The srviecheck service terminated unexpectedly. It has done this 1 time(s).
8/25/2011 8:32:06 PM, error: Service Control Manager [7034] - The Sony Ericsson OMSI download service service terminated unexpectedly. It has done this 1 time(s).
8/25/2011 8:32:06 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
8/25/2011 8:32:06 PM, error: Service Control Manager [7034] - The Emma Update Management service terminated unexpectedly. It has done this 1 time(s).
8/25/2011 8:32:06 PM, error: Service Control Manager [7034] - The Emma Device Management service terminated unexpectedly. It has done this 1 time(s).
8/25/2011 8:32:06 PM, error: Service Control Manager [7034] - The ddservice service terminated unexpectedly. It has done this 1 time(s).
8/25/2011 8:32:06 PM, error: Service Control Manager [7034] - The Change Modem Device Service service terminated unexpectedly. It has done this 1 time(s).
8/25/2011 8:32:06 PM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
8/25/2011 8:32:06 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/25/2011 5:13:01 PM, error: Service Control Manager [7000] - The Kaspersky Anti-Virus Service service failed to start due to the following error: The system cannot find the path specified.
8/25/2011 5:05:55 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD eeCtrl Fips intelppm IPSec kl2 KLIF MRxSmb NetBIOS NetBT RasAcd Rdbss SBRE Tcpip
8/25/2011 4:49:34 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: eeCtrl SBRE
8/25/2011 4:32:08 PM, error: DCOM [10000] - Unable to start a DCOM Server: {DBA28A20-5CE1-4E8D-AD35-418B62269E54}. The error: "%3" Happened while starting this command: C:\PROGRA~1\COMMON~1\SYMANT~1\ccPwdSvc.exe -Embedding
8/25/2011 2:40:31 AM, error: Service Control Manager [7000] - The srvsysdriver32 service failed to start due to the following error: The system cannot find the file specified.
8/25/2011 2:30:51 AM, error: Service Control Manager [7034] - The srvsysdriver32 service terminated unexpectedly. It has done this 1 time(s).
8/25/2011 1:48:45 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: eeCtrl SAVRT SAVRTPEL SBRE
8/25/2011 1:48:45 AM, error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
8/25/2011 1:48:45 AM, error: Service Control Manager [7000] - The Jookz Toolbar Helper service failed to start due to the following error: The system cannot find the file specified.
8/25/2011 1:45:27 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
8/25/2011 1:45:12 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD eeCtrl Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SAVRT SAVRTPEL SBRE SYMTDI Tcpip
8/25/2011 1:45:12 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
8/25/2011 1:45:12 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/25/2011 1:45:12 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/25/2011 1:45:12 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
8/25/2011 1:45:12 AM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/25/2011 1:45:12 AM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/25/2011 1:44:51 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
8/24/2011 9:00:00 AM, error: Schedule [7901] - The At1.job command failed to start due to the following error: %%2147942402
.
==== End Of File ===========================





GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-08-30 08:55:39
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e FUJITSU_MHW2120BH rev.00000012
Running: 7ozgxd0z.exe; Driver: C:\DOCUME~1\user\LOCALS~1\Temp\kxliifog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0xAA127558]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwClose [0xAA127E5C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwConnectPort [0xAA128C90]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateEvent [0xAA1291DA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateFile [0xAA128138]
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwCreateKey [0xF6E84C30]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateMutant [0xAA1290C0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateNamedPipeFile [0xAA127146]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreatePort [0xAA128F94]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xF6F9B0CC]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xF6F9B394]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSection [0xAA1272EE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSemaphore [0xAA1292FA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateThread [0xAA127AE4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateWaitablePort [0xAA12902A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDebugActiveProcess [0xAA12A9E2]
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwDeleteKey [0xF6E84E90]
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwDeleteValueKey [0xF6E84F50]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeviceIoControlFile [0xAA1285BA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDuplicateObject [0xAA12BBEE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateKey [0xAA126ED2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateValueKey [0xAA126F6A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwFsControlFile [0xAA1283C8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadDriver [0xAA12AAD4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadKey [0xAA1263A4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadKey2 [0xAA1263B6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwMapViewOfSection [0xAA12B23C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwNotifyChangeKey [0xAA127096]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenEvent [0xAA129270]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenFile [0xAA127EDE]
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwOpenKey [0xF6E84AD0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenMutant [0xAA129150]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenProcess [0xAA127794]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenSection [0xAA12AFD6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenSemaphore [0xAA129390]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenThread [0xAA127686]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryKey [0xAA127002]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryMultipleValueKey [0xAA126C3A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQuerySection [0xAA12B576]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryValueKey [0xAA126864]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueueApcThread [0xAA12AE68]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xF6FC2BC6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplaceKey [0xAA125DDE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplyPort [0xAA1296F4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0xAA1295BA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRequestWaitReplyPort [0xAA12A77C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRestoreKey [0xAA126156]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwResumeThread [0xAA12BA90]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSaveKey [0xAA125D76]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSecureConnectPort [0xAA1289D6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetContextThread [0xAA127D00]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetInformationToken [0xAA12A01C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetSecurityObject [0xAA12AC72]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetSystemInformation [0xAA12B6C6]
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwSetValueKey [0xF6E85150]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSuspendProcess [0xAA12B7B8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSuspendThread [0xAA12B8F2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSystemDebugControl [0xAA12A906]
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwTerminateProcess [0xF6E87300]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwTerminateThread [0xAA127890]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwUnmapViewOfSection [0xAA12B41A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwWriteVirtualMemory [0xAA127A1A]

Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) FsRtlCheckLockForReadAccess
Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) IoIsOperationSynchronous

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!ZwYieldExecution + 12E 804E4988 12 Bytes [94, 8F, 12, AA, CC, B0, F9, ...]
.text ntoskrnl.exe!ZwYieldExecution + 17A 804E49D4 8 Bytes CALL 92D404CF
.text ntoskrnl.exe!ZwYieldExecution + 1FA 804E4A54 12 Bytes [D4, AA, 12, AA, A4, 63, 12, ...]
.text ntoskrnl.exe!ZwYieldExecution + 252 804E4AAC 8 Bytes CALL 92DF9BA7
.text ntoskrnl.exe!ZwYieldExecution + 2F7 804E4B51 7 Bytes [70, 12, AA, 3A, 6C, 12, AA] {JO 0x14; STOSB ; CMP CH, [EDX+EDX-0x56]}
.text ...
.text ntoskrnl.exe!IoIsOperationSynchronous 804EAFCE 5 Bytes JMP AA11A3C2 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)
.text ntoskrnl.exe!FsRtlCheckLockForReadAccess 804F45B3 5 Bytes JMP AA119FE6 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)
? C:\DOCUME~1\user\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[680] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[680] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[680] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[680] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[680] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[680] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[680] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[680] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[680] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[680] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED1A
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[680] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[680] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[680] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[680] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[680] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[680] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[680] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[680] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED8B
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[680] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[680] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[680] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[680] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EEB9
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[680] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[680] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[680] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[680] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[680] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[680] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[680] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[680] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1068] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1068] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1068] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1068] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1068] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1068] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1068] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1068] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1068] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1068] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED1A
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1068] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1068] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1068] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1068] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1068] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1068] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1068] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1068] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED8B
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1068] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1068] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1068] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1068] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EEB9
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1068] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1068] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1068] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1068] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1068] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1068] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1068] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1068] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1128] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1128] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1128] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1128] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1128] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1128] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1128] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1128] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1128] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1128] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED1A
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1128] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1128] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1128] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1128] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1128] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1128] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1128] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1128] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED8B
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1128] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1128] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1128] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1128] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EEB9
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1128] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1128] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1128] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1128] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1128] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1128] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1128] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1128] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1220] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1220] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1220] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1220] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1220] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1220] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1220] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1220] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1220] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1220] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED1A
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1220] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1220] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1220] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1220] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1220] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1220] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1220] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1220] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED8B
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1220] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1220] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1220] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1220] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EEB9
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1220] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1220] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1220] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1220] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1220] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1220] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1220] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1220] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1804] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1804] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1804] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1804] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1804] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1804] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1804] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1804] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1804] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1804] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED1A
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1804] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1804] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1804] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1804] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1804] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1804] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1804] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1804] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED8B
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1804] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1804] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1804] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1804] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EEB9
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1804] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1804] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1804] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1804] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1804] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1804] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1804] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1804] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2388] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2388] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2388] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2388] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2388] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2388] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2388] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2388] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2388] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2388] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED1A
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2388] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2388] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2388] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2388] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2388] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2388] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2388] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2388] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED8B
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2388] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2388] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2388] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2388] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EEB9
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2388] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2388] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2388] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2388] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2388] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2388] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2388] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2388] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED1A
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED8B
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EEB9
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3224] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3224] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3224] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3224] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3224] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3224] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3224] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3224] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3224] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3224] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED1A
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3224] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3224] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3224] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3224] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3224] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3224] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3224] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3224] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED8B
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3224] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3224] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3224] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3224] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EEB9
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3224] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3224] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3224] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3224] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3224] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3224] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3224] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3224] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3464] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3464] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3464] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3464] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3464] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3464] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3464] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3464] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3464] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3464] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED1A
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3464] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3464] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3464] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3464] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3464] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3464] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3464] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3464] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED8B
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3464] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3464] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3464] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3464] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EEB9
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3464] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3464] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3464] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3464] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3464] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3464] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3464] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3464] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED1A
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED8B
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EEB9
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 17, 00]
.text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs TfFsMon.sys (ThreatFire Filesystem Monitor/PC Tools)

Device \Driver\Tcpip \Device\Ip pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)

AttachedDevice \Driver\Tcpip \Device\Ip kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device \Driver\Tcpip \Device\Tcp pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)

AttachedDevice \Driver\Tcpip \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)

Device \Driver\Tcpip \Device\Udp pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)

AttachedDevice \Driver\Tcpip \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)

Device \Driver\Tcpip \Device\RawIp pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)

AttachedDevice \Driver\Tcpip \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)

Device \Driver\Tcpip \Device\IPMULTICAST pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat TfFsMon.sys (ThreatFire Filesystem Monitor/PC Tools)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\001dd9f6d365 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\001dd9f6d57d (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001dd9f6d365 (not active ControlSet)
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001dd9f6d365
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001dd9f6d57d

---- EOF - GMER 1.0.15 ----

[dvk01]

nothing showing wrong there, except that facebook is listed as being on your local machine & not the internetfor DNS to look it up
normally that is done by the hosts file but that all looks clear


Is it possible that someone has set Kaspersky parental controls to block facebook

[faathihz]

unlikely.. i'm the only one using this laptop and i installed kaspersky about a week ago only.

what do think i should do??

[dvk01]

lets reset hosts to default just in case but as DDS isn't showing any hosts divert, iyt is unlikely to be responsible

use the Microsoft fixit tool on http://support.microsoft.com/kb/972034 to reset hosts to default
then

Delete any existing version of ComboFix you have sitting on your desktop

Please read and follow all these instructions very carefully

Do not edit or remove any information or user names etc, otherwise we cannot fix the problem. If you insist on editing out anything then I will close the topic & refuse to offer any help.

Download ComboFix from Here or Hereto your Desktop.
As you download it rename it to username123.exe


**Note: It is important that it is saved directly to your desktop and run from the desktop and not any other folder on your computer**
--------------------------------------------------------------------
1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

• Very Important! Temporarily disable your anti-virus and anti-malware real-time protection and any script blocking components of them or your firewall before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results" or stop combofix running at all
• Click on THIS LINK to see instructions on how to temporarily disable many security programs while running combofix. The list does not cover every program. If yours is not listed and you don't know how to disable it, please ask.
• Remember to re enable the protection again after combofix has finished

--------------------------------------------------------------------
2. Close any open browsers and any other programs you might have running

Double click on renamed combofix.exe & follow the prompts.

If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?"
Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" for further review


****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read HERE why we disable autoruns

Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

Please tell us if it has cured the problems or if there are any outstanding issues

[faathihz]

IT WORKED... I WORKED .. thank u soo much dude

just to be sure am free of all malware i'm posting the log file too.. but thanks man.. YOU ROCK!!!


ComboFix 11-08-31.02 - user 08/31/2011 18:41:14.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.605 [GMT 5:00]
Running from: c:\documents and settings\user\Desktop\username123.exe
AV: Kaspersky Anti-Virus *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\hpeDBA.dll
c:\windows\w_distrib_iplist.txt
c:\windows\winlog-dirs.txt
c:\windows\winlog-ids.txt
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_DDSERVICE
-------\Legacy_SRVIECHECK
-------\Service_ddservice
-------\Service_srviecheck
-------\Legacy_Jookz_Toolbar_Helper
-------\Legacy_Zwangie_Service
-------\Service_Jookz Toolbar Helper
-------\Service_Zwangie Service
.
.
((((((((((((((((((((((((( Files Created from 2011-07-28 to 2011-08-31 )))))))))))))))))))))))))))))))
.
.
2011-08-26 16:04 . 2011-08-26 16:04 -------- d-----w- c:\program files\Microsoft Firewall Client 2004
2011-08-26 12:12 . 2011-08-26 13:36 115369 ----a-w- c:\windows\system32\drivers\klin.dat
2011-08-26 12:12 . 2011-08-26 13:36 97859 ----a-w- c:\windows\system32\drivers\klick.dat
2011-08-26 11:47 . 2011-08-31 15:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2011-08-26 11:47 . 2011-08-26 11:47 -------- d-----w- c:\program files\Kaspersky Lab
2011-08-26 11:30 . 2011-08-26 11:30 -------- d-----w- C:\kleaner.tmp
2011-08-25 16:40 . 2011-08-26 15:20 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2011-08-25 16:28 . 2011-01-20 08:27 69392 --s---w- c:\windows\system32\drivers\TfSysMon.sys
2011-08-25 12:06 . 2011-08-26 07:23 -------- d--h--w- c:\windows\update.tray-0-0-lnk
2011-08-25 12:06 . 2011-08-25 16:10 -------- d--h--w- c:\windows\update.tray-0-0
2011-08-25 11:32 . 2011-08-25 11:32 -------- d-----w- c:\program files\Common Files\SYMANT~1
2011-08-25 00:18 . 2011-08-26 18:50 -------- d--h--w- c:\windows\update.tray-12-0-lnk
2011-08-25 00:18 . 2011-08-25 16:10 -------- d--h--w- c:\windows\update.tray-12-0
2011-08-24 23:52 . 2011-08-24 23:52 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2011-08-24 23:51 . 2011-08-25 04:16 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-08-24 22:58 . 2011-08-25 16:15 -------- d-----w- c:\documents and settings\user\Application Data\Sammsoft
2011-08-24 20:56 . 2011-08-24 20:56 -------- d-----w- c:\windows\system32\wbem\Repository
2011-08-24 20:37 . 2011-08-24 20:37 16342528 ----a-w- c:\windows\SETAF.tmp
2011-08-24 20:32 . 2011-08-24 20:52 -------- d-s---w- c:\documents and settings\Administrator
2011-08-21 14:17 . 2011-08-25 12:12 -------- d-----w- c:\windows\av_ico
2011-08-21 12:43 . 2011-08-25 16:40 -------- d--h--w- c:\windows\update.7.1
2011-08-21 12:41 . 2011-08-25 16:20 246272 ----a-w- c:\windows\unrar.exe
2011-08-21 12:37 . 2011-08-26 18:50 -------- d--h--w- c:\windows\update.tray-10-0-lnk
2011-08-21 12:37 . 2011-08-25 16:10 -------- d--h--w- c:\windows\update.tray-10-0
2011-08-21 11:03 . 2011-08-21 11:03 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Help
2011-08-11 03:22 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2011-08-11 03:21 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-20 19:38 . 2011-06-10 04:23 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-15 13:29 . 2004-08-03 15:15 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2001-08-23 12:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-06-24 14:10 . 2008-01-03 08:30 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:36 . 2004-08-03 16:56 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-06-23 18:36 . 2004-08-03 16:56 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:36 . 2004-08-03 16:56 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-23 12:05 . 2004-08-03 14:59 385024 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2004-08-03 16:56 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-08-12 05:57 . 2011-08-26 20:22 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NCLaunch"="c:\windows\NCLAUNCH.EXe" [2010-08-28 40960]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-08-18 17360520]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe" [2011-08-26 352976]
.
c:\documents and settings\user\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Firewall Client Management.lnk - c:\program files\Microsoft Firewall Client 2004\FwcMgmt.exe [2006-12-9 117568]
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2011-3-9 3986944]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"EnableSecureUIAPaths"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf010 00.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"2865827.exe"="c:\windows\TEMP\2865827.exe"
"wxpdrv"=c:\windows\services32.exe
"vptray"=c:\progra~1\SYMANT~1\\vptray.exe
"tray_ico4"=
"tray_ico3"=
"tray_ico2"=
"tray_ico1"=
"tray_ico0"=c:\windows\update.tray-10-0\svchost.exe
"tray_ico"=
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" -osboot
"SynTPEnh"=c:\program files\Synaptics\SynTP\SynTPEnh.exe
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"SoundMan"=SOUNDMAN.EXE
"SkyTel"=SkyTel.EXE
"Rtlupd"=c:\program files\Realtek\InstallShield\RtlUpd.exe -u -s -fi
"RTHDCPL"=RTHDCPL.EXE
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"Persistence"=c:\windows\system32\igfxpers.exe
"nwiz"=nwiz.exe /install
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"NeroCheck"=c:\windows\system32\NeroCheck.exe
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"IgfxTray"=c:\windows\system32\igfxtray.exe
"HotKeysCmds"=c:\windows\system32\hkcmd.exe
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"ContentTransferWMDetector.exe"=c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe"
"BluetoothAuthenticationAgent"=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
"AlcWzrd"=ALCWZRD.EXE
"Alcmtr"=ALCMTR.EXE
"AGRSMMSG"=AGRSMMSG.exe
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Sony Ericsson\\SEMC OMSI Module\\SEMC OMSI Module.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Real\\realplayer\\realplay.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\user\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [8/25/2011 8:38 PM 263888]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [8/25/2011 8:39 PM 338880]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [8/25/2011 8:39 PM 656320]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [8/25/2011 9:28 PM 51984]
R0 TFSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [8/25/2011 9:28 PM 69392]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [6/9/2010 5:43 PM 11352]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [8/25/2011 8:39 PM 253096]
R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [8/25/2011 8:38 PM 233976]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [5/7/2010 12:06 PM 32856]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [11/2/2009 8:27 PM 19472]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [7/20/2010 11:28 PM 27632]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [7/28/2011 12:12 AM 11520]
S1 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S3 cmnsusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2053s;c:\windows\system32\drivers\cmnsusbser.sys [6/27/2010 1:09 AM 103424]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [7/20/2010 11:42 PM 13224]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [8/25/2011 8:38 PM 70664]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [8/25/2011 9:28 PM 33552]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 07:34]
.
2011-08-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-14 08:48]
.
2011-08-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-14 08:48]
.
2011-08-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1390067357-1417001333-725345543-1003Core.job
- c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-28 14:15]
.
2011-08-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1390067357-1417001333-725345543-1003UA.job
- c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-28 14:15]
.
2011-08-31 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1390067357-1417001333-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 05:47]
.
2011-08-26 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1390067357-1417001333-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 05:47]
.
2011-08-31 c:\windows\Tasks\User_Feed_Synchronization-{3BFE773E-1E44-4180-8309-E0B0F72926AA}.job
- c:\windows\system32\msfeedssync.exe [2009-03-07 20:31]
.
2011-08-31 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-12-22 14:18]
.
.
------- Supplementary Scan -------
.
uLocal Page = hxxp://jookz.toolbaroptions.com/?tmp=toolbar_results_jookz_v2_homepage&prt=jkwbtb04ie&v=15
mLocal Page = hxxp://jookz.toolbaroptions.com/?tmp=toolbar_results_jookz_v2_homepage&prt=jkwbtb04ie&v=15
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
LSP: c:\program files\Microsoft Firewall Client 2004\FwcWsp.dll
TCP: DhcpNameServer = 192.168.2.1 192.168.1.1 202.1.192.196 202.1.201.201
FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\dh0zp2zd.default\
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - c:\program files\Softonic-Eng7\tbSoft.dll
BHO-{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - c:\program files\Softonic-Eng7\tbSoft.dll
Toolbar-{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - c:\program files\Softonic-Eng7\tbSoft.dll
WebBrowser-{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} - c:\program files\Softonic-Eng7\tbSoft.dll
HKLM-Run-tray_ico - (no file)
HKLM-Run-tray_ico3 - (no file)
HKLM-Run-tray_ico4 - (no file)
HKLM-Run-AVG_TRAY - c:\program files\AVG\AVG10\avgtray.exe
Notify-NavLogon - (no file)
AddRemove-AVG - c:\program files\AVG\AVG10\avgmfapx.exe
AddRemove-Convert Image To PDF_is1 - c:\program files\Softinterface
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-31 20:04
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1390067357-1417001333-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
"{20D04FE0-3AEA-1069-A2D8-08002B30309D}"="c:\\WINDOWS\\System32\\shell32.dll,15"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="c:\\WINDOWS\\system32\\SHELL32.dll,17"
"{208D2C60-3AEA-1069-A2D7-08002B30309D}"="c:\\WINDOWS\\system32\\SHELL32.dll,17"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="c:\\WINDOWS\\system32\\shell32.dll,22"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="c:\\WINDOWS\\system32\\shell32.dll,23"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="c:\\WINDOWS\\system32\\shell32.dll,24"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="c:\\WINDOWS\\system32\\shell32.dll,-175"
"{21EC2020-3AEA-1069-A2DD-08002B30309D}"="c:\\WINDOWS\\System32\\shell32.dll,-137"
"{2227A280-3AEA-1069-A2DE-08002B30309D}"="c:\\WINDOWS\\System32\\shell32.dll,-138"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="c:\\WINDOWS\\system32\\shell32.dll,38"
"AudioCD"="c:\\WINDOWS\\System32\\shell32.dll,40"
"{FBF23B42-E3F0-101B-8488-00AA003E56F8}"="c:\\WINDOWS\\system32\\shell32.dll,220"
"{450D8FBA-AD25-11D0-98A8-0800361B1103}"="c:\\WINDOWS\\system32\\mydocs.dll,0"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="c:\\WINDOWS\\system32\\main.cpl,10"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="c:\\WINDOWS\\system32\\wiashext.dll,0"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="c:\\WINDOWS\\system32\\mstask.dll,-100"
"{88C6C381-2E85-11D0-94DE-444553540000}"="c:\\WINDOWS\\System32\\occache.dll,0"
"{BDEADF00-C265-11d0-BCED-00A0C90AB50F}"="c:\\Program Files\\COMMON~1\\MICROS~1\\WEBFOL~1\\MSONSEXT.DLL,0"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="c:\\WINDOWS\\System32\\shdocvw.dll,-20785"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="c:\\WINDOWS\\System32\\webcheck.dll,0"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="c:\\WINDOWS\\system32\\syncui.dll,0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\User Data\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•A~*]
"AB141C35E9F4BF344B9FC010BB17F68A"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(1420)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.
- - - - - - - > 'explorer.exe'(328)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\ChgService.exe
c:\program files\Common Files\Sony Ericsson\Emma Core\Services\EmmaDeviceMgmt.exe
c:\program files\Common Files\Sony Ericsson\Emma Core\Services\EmmaUpdateMgmt.exe
c:\program files\Microsoft Firewall Client 2004\FwcAgent.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
c:\program files\PC Tools Security\pctsAuxs.exe
c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
c:\program files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-08-31 20:24:47 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-31 15:24
.
Pre-Run: 18,608,365,568 bytes free
Post-Run: 18,602,381,312 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=AlwaysOff /fastdetect
.
- - End Of File - - F4B7B2E27F4ACBA9B636FD537EC4C52E

[dvk01]

looks like a bit more to do and some files & folders, I want to look at

Download the attached CFScript.txt and save it to your desktop ( click on the link underneath this post & if you are using internet explorer when the "File download" pop up comes press SAVE and choose desktop in the list of selections in that window & press save)
Disable any antivirus/antimalware/firewall realtime protection or script blocking in the same way you did previously before running combofix & remember to re-enable it when it has finished
Close any open browsers
Then drag the CFScript.txt into the ComboFix.exe or renamed combofix icon as shown in the screenshot below.







This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply


Note: these instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system and will not fix your problem. If you have a similar problem start your own topic in the malware fixing forum

This will create a zip file inside C:\QooBox\quarantine named something like [38]-Submit_2008-01-17@17.50.zip

at the end it will pop up an alert & open your browser and ask you to send the zip file

please follow those instructions. We need to see the zip file before we can carry on with the fix

If there is no pop up alert or open browser then

please go to http://www.thespykiller.co.uk/index.php?board=1.0 and upload these files so I can examine them and if needed distribute them to antivirus companies.
Just press new topic, fill in the needed details and just give a link to your post here & then press the browse button and then navigate to & select the files on your computer, If there is more than 1 file then press the more attachments button for each extra file and browse and select etc and then when all the files are listed in the windows press send to upload the files ( do not post HJT logs there as they will not get dealt with)

Files to submit:
the zip file inside C:\QooBox\quarantine created by combofix named something like [38]-Submit_2008-01-17@17.50.zip

or to
http://www.bleepingcomputer.com/subm...php?channel=38