Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Solved: Screen goes black on DELL Inspiron 8600 Win XP Pro


(!)

sjajdld's Avatar
sjajdld sjajdld is offline sjajdld has a Profile Picture
Computer Specs
Member with 148 posts.
THREAD STARTER
 
Join Date: Jan 2007
Location: Western New York
Experience: Computer Illiterate
25-Aug-2012, 12:40 PM #1
Screen goes black on DELL Inspiron 8600 Win XP Pro
Within the last day my screen will go completely black... not like when it is turned off, but a completely deep black. No cursor, nothing. Is this a virus I have??? It's a DELL Inspiron 8600 with Win XP Pro. It did it the first time while on Facebook. So I shut it off and tried again. Second time it did it on Facebook again, third time, on desktop screen, fourth was at start-up. I booted in f 2 and went to diagnostics and it went black as soon as page popped up withCPU or whatever and then proceeded to do a series of 3 beeps at different intervals. After listening to that horrid sound for about 3 minutes, I shut if off !!! lol Turned on and again did f 2 and started in first option (can't recall exact name) of internal HD ??? and this is how I ended up here . Still on and going, but for how long? No clue. Am wondering if this is a virus I have or is my laptop really about to bite the dust? Currently running a full scan on Malwarebytes. Thanks for any help offered !!!!
sjajdld's Avatar
sjajdld sjajdld is offline sjajdld has a Profile Picture
Computer Specs
Member with 148 posts.
THREAD STARTER
 
Join Date: Jan 2007
Location: Western New York
Experience: Computer Illiterate
25-Aug-2012, 01:23 PM #2
UPDATE *** Ok I BARELY can see the screen underneath the "blackness" so I am guessing I have a virus... weird thing is if I unplug the power cord from my laptop, I am able to keep the screen up longer before going "balck" How do I fix this !!!!!!! PLEASE HELP !!!! TYTYTYTYTY Still running a full scan in Malwarebytes as i type.... going to try to go to hijack this and add what i get from there too crossing fingers
sjajdld's Avatar
sjajdld sjajdld is offline sjajdld has a Profile Picture
Computer Specs
Member with 148 posts.
THREAD STARTER
 
Join Date: Jan 2007
Location: Western New York
Experience: Computer Illiterate
25-Aug-2012, 01:30 PM #3
Here's my Hijack this




Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:29:11 PM, on 8/25/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\WINDOWS\system32\lxdncoms.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\tlntsvr.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\SearchProtocolHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.searchonme.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:5555
R3 - URLSearchHook: (no name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://rewards.mydrivefm.com
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - https://support.microsoft.com/Dcode/ActiveX/MSDcode.cab
O16 - DPF: {0D221D00-A6ED-477C-8A91-41F3B660A832} (RSClientPrint 2005 Class) - https://members.ladiesauxvfw.org/EWE...pType=PrintCab
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/...?1326218597187
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1267219565705
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1343793071963
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - http://upload.facebook.com/controls/...Uploader55.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
O23 - Service: lxdnCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdnserv.exe
O23 - Service: lxdn_device - - C:\WINDOWS\system32\lxdncoms.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 6539 bytes
sjajdld's Avatar
sjajdld sjajdld is offline sjajdld has a Profile Picture
Computer Specs
Member with 148 posts.
THREAD STARTER
 
Join Date: Jan 2007
Location: Western New York
Experience: Computer Illiterate
25-Aug-2012, 07:49 PM #4
One more update... 8.25.12 If I boot with just battery power, it does not go black as quickly. I tried taking the battery out and then replacing it. Tried using it just with battery, but since the battery is old, it only holds power for about 45 minutes... not even long enough to run a full scan with Malwarebytes. So I'm still not sure if anything is showing up (virus, spyware, etc) If any other info is needed please let me know TYTYTY again and again
~susan
sjajdld@yahoo.com
sjajdld's Avatar
sjajdld sjajdld is offline sjajdld has a Profile Picture
Computer Specs
Member with 148 posts.
THREAD STARTER
 
Join Date: Jan 2007
Location: Western New York
Experience: Computer Illiterate
26-Aug-2012, 01:10 PM #5
Ok so I apologize for not posting all I should have as I originally posted this in a different forum and just noticed that it had been moved to this forum... so here goes with update and the required scans.... Forgive me if this goes in spurts but since this is my only computer and it is acting up (why I'm here... ) I may have to post in intervals, so forgive me in advance for all of this nonsense
*** okay I restored to an earlier point on my computer on 8.25.12 after the above posts and same thing is happeneing. Black screen like very dark sunglasses were put over it. I can barely make out the icons etc on my desktop. I can access internet and everything else that I have tried so far while the screen is black like this. I found if I shine a flashlight at an angle i can see the screen a little better and have accessed it this way at times. VERY frustrating to say the least. ***Also, I seem to be able to have everything be normal as long as the ac power adapter is NOT connected... as soon as I plug it into the laptop, POOF* black screen. If I allow the battery to completely charge and then unplug ac adapter before turning on computer, I am able to get on with no black screen, no known issues, everything seems completely fine until my battery depletes itself, which is not long. Approximately an hour or so. So with all that being said, I redid all scans you asked for in the forum top post and am including them with this TYTYTYTY again for ANY help whatsoever... I miss my computer lol


hijack this 8.26.12


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:07:07 AM, on 8/26/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Frontier\Security\Anti-Virus\fsgk32st.exe
C:\Program Files\Frontier\Security\Common\FSMA32.EXE
C:\Program Files\Frontier\Security\Anti-Virus\FSGK32.EXE
C:\Program Files\Frontier\Security\Common\FSHDLL32.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\WINDOWS\system32\lxdncoms.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\tlntsvr.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Frontier\Security\Common\FSM32.EXE
C:\Program Files\Frontier\Security\FWES\Program\fsdfwd.exe
C:\Program Files\Frontier\Security\Anti-Virus\fssm32.exe
C:\Program Files\Frontier\Security\Anti-Virus\fsav32.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\My Documents\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.searchonme.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:5555
R3 - URLSearchHook: (no name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: LitmusBHO - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files\Frontier\Security\NRS\iescript\baselitmus.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O3 - Toolbar: Browsing Protection Toolbar - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files\Frontier\Security\NRS\iescript\baselitmus.dll
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Frontier\Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Frontier\Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://rewards.mydrivefm.com
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - https://support.microsoft.com/Dcode/ActiveX/MSDcode.cab
O16 - DPF: {0D221D00-A6ED-477C-8A91-41F3B660A832} (RSClientPrint 2005 Class) - https://members.ladiesauxvfw.org/EWE...pType=PrintCab
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/...?1326218597187
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1267219565705
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1343793071963
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - http://upload.facebook.com/controls/...Uploader55.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - C:\Program Files\Frontier\Security\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Frontier\Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Frontier\Security\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\Frontier\Security\ORSP Client\fsorsp.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
O23 - Service: lxdnCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdnserv.exe
O23 - Service: lxdn_device - - C:\WINDOWS\system32\lxdncoms.exe
O23 - Service: Microsoft Antimalware Service (MsMpSvc) - Unknown owner - c:\Program Files\Microsoft Security Client\MsMpEng.exe (file missing)
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 8370 bytes
*************************************************************************** ******************************************************

dds file 8.26.12

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.5.1
Run by Administrator at 10:19:55 on 2012-08-26
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.434 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Max Security 9.17 *Enabled/Updated* {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: Max Security 9.17 *Enabled*
FW: ZoneAlarm Firewall *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Frontier\Security\Anti-Virus\fsgk32st.exe
C:\Program Files\Frontier\Security\Common\FSMA32.EXE
C:\Program Files\Frontier\Security\Anti-Virus\FSGK32.EXE
C:\Program Files\Frontier\Security\Common\FSHDLL32.EXE
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\WINDOWS\system32\lxdncoms.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\tlntsvr.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Frontier\Security\Common\FSM32.EXE
C:\Program Files\Frontier\Security\FWES\Program\fsdfwd.exe
C:\Program Files\Frontier\Security\Anti-Virus\fssm32.exe
C:\Program Files\Frontier\Security\Anti-Virus\fsav32.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\cidaemon.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = https://www.google.com/
mStart Page = hxxp://search.searchonme.com/
uInternet Settings,ProxyServer = 127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: Browsing Protection Class: {c6867eb7-8350-4856-877f-93cf8ae3dc9c} - c:\program files\frontier\security\nrs\iescript\baselitmus.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
TB: Browsing Protection Toolbar: {265eee8e-3228-44d3-aea5-f7fdf5860049} - c:\program files\frontier\security\nrs\iescript\baselitmus.dll
TB: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [F-Secure Manager] "c:\program files\frontier\security\common\FSM32.EXE" /splash
mRun: [F-Secure TNB] "c:\program files\frontier\security\fsgui\TNBUtil.exe" /CHECKALL /WAITFORSW
dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki...
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
LSP: c:\program files\frontier\security\fsps\program\FSLSP.DLL
Trusted Zone: mydrivefm.com\rewards
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/Dcode/ActiveX/MSDcode.cab
DPF: {0D221D00-A6ED-477C-8A91-41F3B660A832} - hxxps://members.ladiesauxvfw.org/EWEBREPORTSERVER/Reserved.ReportViewerWebControl.axd?ExecutionID=idpqch45rkbyrkfgjvf2rrjo&Co ntrolID=79beb4c6385b404d9f2d7e368b1a9fd6&Culture=1033&UICulture=9&ReportSta ck=1&OpType=PrintCab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1326218597187
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1267219565705
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1343793071963
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.254.254
TCP: Interfaces\{1CF38442-E0F6-4221-89B5-D3EC4BEF932B} : DhcpNameServer = 192.168.10.24 192.168.10.25
TCP: Interfaces\{76313147-6AC4-43F5-BE56-F3429732AA9D} : DhcpNameServer = 192.168.254.254
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File
.
============= SERVICES / DRIVERS ===============
.
R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [2012-8-25 44240]
R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2012-8-25 82160]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\frontier\security\hips\drivers\fshs.sys [2012-8-25 70192]
R2 F-Secure Gatekeeper Handler Starter;FSGKHS;c:\program files\frontier\security\anti-virus\fsgk32st.exe [2012-8-25 221872]
R2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\frontier\security\anti-virus\minifilter\fsgk.sys [2012-8-25 149672]
R3 FSORSPClient;F-Secure ORSP Client;c:\program files\frontier\security\orsp client\fsorsp.exe [2012-8-25 61088]
S0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\mpfilter.sys --> c:\windows\system32\drivers\MpFilter.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-3-11 135664]
S2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\system32\s pool\drivers\w32x86\3\lxdnserv.exe [2012-1-14 94208]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-3-11 135664]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v040 0.exe [2010-3-18 753504]
S4 McComponentHostService;McAfee Security Scan Component Host Service;"c:\program files\mcafee security scan\2.1.121\mcchsvc.exe" --> c:\program files\mcafee security scan\2.1.121\McCHSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-08-26 02:48:42 44240 ----a-w- c:\windows\system32\drivers\fsbts.sys
2012-08-26 02:47:54 82160 ----a-w- c:\windows\system32\drivers\fsdfw.sys
2012-08-26 01:44:59 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-08-26 01:44:59 -------- d-----w- c:\windows\system32\wbem\Repository
2012-08-25 18:27:22 -------- d-----w- c:\program files\Frontier
2012-08-25 18:24:35 -------- d-----w- c:\documents and settings\all users\application data\fssg
2012-08-25 17:26:01 388096 ----a-r- c:\documents and settings\administrator\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-08-25 16:45:57 -------- d-----w- c:\documents and settings\all users\application data\f-secure
2012-08-15 19:36:34 -------- d-----w- c:\documents and settings\administrator\application data\Virtual Prophecy
.
==================== Find3M ====================
.
2012-07-06 13:58:51 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-06 02:07:08 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-07-06 02:06:30 772544 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-07-06 02:06:20 687544 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-04 14:05:18 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 13:40:15 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-07-02 17:49:33 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:49:32 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-07-02 17:49:32 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-07-02 12:05:43 385024 ----a-w- c:\windows\system32\html.iec
2012-06-05 15:50:25 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 21:35:26 222448 ----a-w- c:\windows\system32\muweb.dll
2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 19:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 19:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 19:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 19:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
.
============= FINISH: 10:23:38.22 ===============
*************************************************************************** ***************************************************************


*** the gmer ark.txt scan is taking a longggg time so I will post that as soon as I can but am posting these now before I lose it all to a black screen again ty for patience

sjajdld@yahoo.com
~Susan

Last edited by sjajdld; 26-Aug-2012 at 01:15 PM..
sjajdld's Avatar
sjajdld sjajdld is offline sjajdld has a Profile Picture
Computer Specs
Member with 148 posts.
THREAD STARTER
 
Join Date: Jan 2007
Location: Western New York
Experience: Computer Illiterate
26-Aug-2012, 01:13 PM #6
sorry this is the attached zip file for
here is the attach file
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
sjajdld's Avatar
sjajdld sjajdld is offline sjajdld has a Profile Picture
Computer Specs
Member with 148 posts.
THREAD STARTER
 
Join Date: Jan 2007
Location: Western New York
Experience: Computer Illiterate
26-Aug-2012, 05:02 PM #7
ahhhhhhhhhhhhhhhhhhhhhhhh finally finished the gmer... whatever it is...scan.... took FOREVER !!!!!!!!!
here goes:


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-08-26 16:50:38
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 FUJITSU_MHV2060AH rev.00000096
Running: ks9qelwz.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\pxtdypow.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\Frontier\Security\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwCreateProcess [0xF6D9BCC6]
SSDT \??\C:\Program Files\Frontier\Security\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwCreateProcessEx [0xF6D9BCE0]
SSDT \??\C:\Program Files\Frontier\Security\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwCreateThread [0xF6D9AE7C]
SSDT \??\C:\Program Files\Frontier\Security\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwLoadDriver [0xF6D9B1AC]
SSDT \??\C:\Program Files\Frontier\Security\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwMapViewOfSection [0xF6D9ABBC]
SSDT \??\C:\Program Files\Frontier\Security\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwOpenSection [0xF6D9B5DE]
SSDT \??\C:\Program Files\Frontier\Security\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwRenameKey [0xF6D9C87C]
SSDT \??\C:\Program Files\Frontier\Security\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwSetSystemInformation [0xF6D9B42E]
SSDT \??\C:\Program Files\Frontier\Security\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwSuspendProcess [0xF6D9AA3C]
SSDT \??\C:\Program Files\Frontier\Security\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwSuspendThread [0xF6D9AEB0]
SSDT \??\C:\Program Files\Frontier\Security\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwSystemDebugControl [0xF6D9B032]
SSDT \??\C:\Program Files\Frontier\Security\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwTerminateProcess [0xF6D9A996]
SSDT \??\C:\Program Files\Frontier\Security\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwTerminateThread [0xF6D9AAF6]
SSDT \??\C:\Program Files\Frontier\Security\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwWriteVirtualMemory [0xF6D9AF76]

Code fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation) IoCreateDevice

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + 440 804E2AAC 12 Bytes [3C, AA, D9, F6, B0, AE, D9, ...]
PAGE ntoskrnl.exe!IoCreateDevice 8059EC46 5 Bytes JMP F7683010 fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
PAGENPNP NDIS.SYS!NdisRegisterProtocol F765317F 5 Bytes JMP F7682E22 fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
PAGENPNP NDIS.SYS!NdisOpenAdapter F7653399 5 Bytes JMP F76833AA fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
PAGENPNP NDIS.SYS!NdisCloseAdapter F765D642 5 Bytes JMP F7682F2E fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
PAGENPNP NDIS.SYS!NdisDeregisterProtocol F765D821 5 Bytes JMP F76831C6 fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
PAGENDSP NDIS.SYS!NdisReturnPackets F7660810 5 Bytes JMP F7683C22 fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
PAGENDSP NDIS.SYS!NdisRequest F766097B 5 Bytes JMP F76835C2 fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
PAGENDSP NDIS.SYS!NdisSend F7663986 5 Bytes JMP F76845A2 fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
PAGENDSP NDIS.SYS!NdisSendPackets F76639A3 5 Bytes JMP F7684674 fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
PAGENDSP NDIS.SYS!NdisTransferData F76639BE 5 Bytes JMP F7683D20 fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
PAGENDCO NDIS.SYS!NdisCoCreateVc F766A186 5 Bytes JMP F7682E8C fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
PAGENDCO NDIS.SYS!NdisCoDeleteVc F766B557 5 Bytes JMP F7682EFA fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
PAGENDCO NDIS.SYS!NdisCoSendPackets F766BAF1 5 Bytes JMP F768438C fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\Explorer.EXE[228] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0266000C
.text C:\WINDOWS\Explorer.EXE[228] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0266100C
.text C:\WINDOWS\Explorer.EXE[228] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0266200C
.text C:\WINDOWS\Explorer.EXE[228] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 0266300C
.text C:\WINDOWS\Explorer.EXE[228] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 0266700C
.text C:\WINDOWS\Explorer.EXE[228] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 0266500C
.text C:\WINDOWS\Explorer.EXE[228] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 0266600C
.text C:\WINDOWS\Explorer.EXE[228] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0266800C
.text C:\WINDOWS\Explorer.EXE[228] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 0266400C
.text C:\WINDOWS\Explorer.EXE[228] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 0266A00C
.text C:\WINDOWS\Explorer.EXE[228] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 0266900C
.text C:\Program Files\Frontier\Security\Common\FSM32.EXE[544] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0102000C
.text C:\Program Files\Frontier\Security\Common\FSM32.EXE[544] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0102100C
.text C:\WINDOWS\system32\winlogon.exe[856] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00C0000C
.text C:\WINDOWS\system32\winlogon.exe[856] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00C0100C
.text C:\WINDOWS\system32\winlogon.exe[856] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C0200C
.text C:\WINDOWS\system32\winlogon.exe[856] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 00C0300C
.text C:\WINDOWS\system32\winlogon.exe[856] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 00C0700C
.text C:\WINDOWS\system32\winlogon.exe[856] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 00C0500C
.text C:\WINDOWS\system32\winlogon.exe[856] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 00C0600C
.text C:\WINDOWS\system32\winlogon.exe[856] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00C0800C
.text C:\WINDOWS\system32\winlogon.exe[856] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00C0400C
.text C:\WINDOWS\system32\winlogon.exe[856] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 00C0A00C
.text C:\WINDOWS\system32\winlogon.exe[856] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 00C0900C
.text C:\WINDOWS\system32\lsass.exe[916] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00B8000C
.text C:\WINDOWS\system32\lsass.exe[916] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00B8100C
.text C:\WINDOWS\system32\lsass.exe[916] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00B8200C
.text C:\WINDOWS\system32\lsass.exe[916] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 00B8300C
.text C:\WINDOWS\system32\lsass.exe[916] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 00B8700C
.text C:\WINDOWS\system32\lsass.exe[916] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 00B8500C
.text C:\WINDOWS\system32\lsass.exe[916] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 00B8600C
.text C:\WINDOWS\system32\lsass.exe[916] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00B8800C
.text C:\WINDOWS\system32\lsass.exe[916] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00B8400C
.text C:\WINDOWS\system32\lsass.exe[916] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 00B8A00C
.text C:\WINDOWS\system32\lsass.exe[916] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 00B8900C
.text C:\WINDOWS\system32\cisvc.exe[1036] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 006C000C
.text C:\WINDOWS\system32\cisvc.exe[1036] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 006C100C
.text C:\WINDOWS\system32\cisvc.exe[1036] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 006C200C
.text C:\WINDOWS\system32\cisvc.exe[1036] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 006C300C
.text C:\WINDOWS\system32\cisvc.exe[1036] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 006C400C
.text C:\WINDOWS\system32\cisvc.exe[1036] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 006CA00C
.text C:\WINDOWS\system32\cisvc.exe[1036] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 006C700C
.text C:\WINDOWS\system32\cisvc.exe[1036] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 006C500C
.text C:\WINDOWS\system32\cisvc.exe[1036] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 006C600C
.text C:\WINDOWS\system32\cisvc.exe[1036] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 006C800C
.text C:\WINDOWS\system32\cisvc.exe[1036] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 006C900C
.text C:\WINDOWS\system32\Ati2evxx.exe[1076] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0240000C
.text C:\WINDOWS\system32\Ati2evxx.exe[1076] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0240100C
.text C:\WINDOWS\system32\Ati2evxx.exe[1076] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0240200C
.text C:\WINDOWS\system32\Ati2evxx.exe[1076] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 0240300C
.text C:\WINDOWS\system32\Ati2evxx.exe[1076] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 0240400C
.text C:\WINDOWS\system32\Ati2evxx.exe[1076] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 0240A00C
.text C:\WINDOWS\system32\Ati2evxx.exe[1076] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 0240900C
.text C:\WINDOWS\system32\Ati2evxx.exe[1076] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 0240700C
.text C:\WINDOWS\system32\Ati2evxx.exe[1076] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 0240500C
.text C:\WINDOWS\system32\Ati2evxx.exe[1076] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 0240600C
.text C:\WINDOWS\system32\Ati2evxx.exe[1076] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0240800C
.text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[1524] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 026F000C
.text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[1524] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 026F100C
.text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[1524] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 026F200C
.text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[1524] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 026F300C
.text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[1524] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 026F700C
.text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[1524] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 026F500C
.text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[1524] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 026F600C
.text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[1524] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 026F800C
.text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[1524] user32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 026F400C
.text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[1524] user32.dll!DdeConnect 7E4581C3 5 Bytes JMP 026FA00C
.text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[1524] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 026F900C
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1596] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00A1000C
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1596] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00A1100C
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1596] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00A1200C
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1596] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 00A1300C
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1596] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 00A1700C
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1596] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 00A1500C
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1596] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 00A1600C
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1596] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00A1800C
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1596] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00A1400C
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1596] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 00A1900C
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1596] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 00A1A00C
.text C:\WINDOWS\System32\WLTRYSVC.EXE[1624] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 003A000C
.text C:\WINDOWS\System32\WLTRYSVC.EXE[1624] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 003A100C
.text C:\WINDOWS\System32\WLTRYSVC.EXE[1624] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 003A200C
.text C:\WINDOWS\System32\WLTRYSVC.EXE[1624] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 003A300C
.text C:\WINDOWS\System32\WLTRYSVC.EXE[1624] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 003A700C
.text C:\WINDOWS\System32\WLTRYSVC.EXE[1624] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 003A500C
.text C:\WINDOWS\System32\WLTRYSVC.EXE[1624] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 003A600C
.text C:\WINDOWS\System32\WLTRYSVC.EXE[1624] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A800C
.text C:\WINDOWS\System32\WLTRYSVC.EXE[1624] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A400C
.text C:\WINDOWS\System32\WLTRYSVC.EXE[1624] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 003A900C
.text C:\WINDOWS\System32\bcmwltry.exe[1636] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00CD000C
.text C:\WINDOWS\System32\bcmwltry.exe[1636] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00CD100C
.text C:\WINDOWS\System32\bcmwltry.exe[1636] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00CD200C
.text C:\WINDOWS\System32\bcmwltry.exe[1636] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 00CD300C
.text C:\WINDOWS\System32\bcmwltry.exe[1636] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 00CD700C
.text C:\WINDOWS\System32\bcmwltry.exe[1636] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 00CD500C
.text C:\WINDOWS\System32\bcmwltry.exe[1636] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 00CD600C
.text C:\WINDOWS\System32\bcmwltry.exe[1636] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00CD800C
.text C:\WINDOWS\System32\bcmwltry.exe[1636] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00CD400C
.text C:\WINDOWS\System32\bcmwltry.exe[1636] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 00CDA00C
.text C:\WINDOWS\System32\bcmwltry.exe[1636] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 00CD900C
.text C:\WINDOWS\system32\lxdncoms.exe[1808] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 003F000C
.text C:\WINDOWS\system32\lxdncoms.exe[1808] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 003F100C
.text C:\WINDOWS\system32\lxdncoms.exe[1808] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 003F200C
.text C:\WINDOWS\system32\lxdncoms.exe[1808] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 003F300C
.text C:\WINDOWS\system32\lxdncoms.exe[1808] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003F400C
.text C:\WINDOWS\system32\lxdncoms.exe[1808] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 003F900C
.text C:\WINDOWS\system32\lxdncoms.exe[1808] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 003F700C
.text C:\WINDOWS\system32\lxdncoms.exe[1808] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 003F500C
.text C:\WINDOWS\system32\lxdncoms.exe[1808] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 003F600C
.text C:\WINDOWS\system32\lxdncoms.exe[1808] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003F800C
.text C:\WINDOWS\system32\Ati2evxx.exe[2020] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00C4000C
.text C:\WINDOWS\system32\Ati2evxx.exe[2020] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00C4100C
.text C:\WINDOWS\system32\Ati2evxx.exe[2020] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C4200C
.text C:\WINDOWS\system32\Ati2evxx.exe[2020] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 00C4300C
.text C:\WINDOWS\system32\Ati2evxx.exe[2020] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00C4400C
.text C:\WINDOWS\system32\Ati2evxx.exe[2020] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 00C4A00C
.text C:\WINDOWS\system32\Ati2evxx.exe[2020] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 00C4900C
.text C:\WINDOWS\system32\Ati2evxx.exe[2020] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 00C4700C
.text C:\WINDOWS\system32\Ati2evxx.exe[2020] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 00C4500C
.text C:\WINDOWS\system32\Ati2evxx.exe[2020] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 00C4600C
.text C:\WINDOWS\system32\Ati2evxx.exe[2020] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00C4800C
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2116] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 2A, 00] {SUB [EAX], AL; SUB AL, [EAX]}
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2116] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2116] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0095000C
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2116] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0095100C
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2116] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2116] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 2A, 00] {SUB [EBX], AL; SUB AL, [EAX]}
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2116] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2116] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 2A, 00]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2116] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2116] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 2A, 00] {TEST AL, 0x1; SUB AL, [EAX]}
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2116] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2116] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91001A
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2116] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2116] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 2A, 00] {TEST AL, 0x2; SUB AL, [EAX]}
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2116] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2116] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 2A, 00]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2116] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2116] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 2A, 00]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2116] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2116] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91008B
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2116] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2116] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 2A, 00] {TEST AL, 0x0; SUB AL, [EAX]}
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2116] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2116] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B9101B9
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2116] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2116] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 2A, 00] {SUB [ECX], AL; SUB AL, [EAX]}
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2116] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2116] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 2A, 00] {SUB [EDX], AL; SUB AL, [EAX]}
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2116] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2116] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2116] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 2A, 00]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2116] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2116] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0095200C
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2116] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 0095300C
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2116] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 0095700C
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2116] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 0095500C
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2116] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 0095600C
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2116] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0095800C
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2116] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 0095400C
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2116] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 0095900C
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 52, 00]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00AC000C
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00AC100C
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 52, 00]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 52, 00]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 52, 00]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91281A
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 52, 00]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 52, 00]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 52, 00]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91288B
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 52, 00]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B9129B9
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 52, 00]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 52, 00]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 52, 00]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2128] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00AC200C
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2128] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 00AC300C
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2128] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 00AC700C
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2128] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 00AC500C
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2128] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 00AC600C
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2128] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00AC800C
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2128] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00AC400C
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2128] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 00AC900C
.text C:\WINDOWS\system32\tlntsvr.exe[2396] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00A2000C
.text C:\WINDOWS\system32\tlntsvr.exe[2396] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00A2100C
.text C:\WINDOWS\system32\tlntsvr.exe[2396] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00A2200C
.text C:\WINDOWS\system32\tlntsvr.exe[2396] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 00A2300C
.text C:\WINDOWS\system32\tlntsvr.exe[2396] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 00A2700C
.text C:\WINDOWS\system32\tlntsvr.exe[2396] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 00A2500C
.text C:\WINDOWS\system32\tlntsvr.exe[2396] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 00A2600C
.text C:\WINDOWS\system32\tlntsvr.exe[2396] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00A2800C
.text C:\WINDOWS\system32\tlntsvr.exe[2396] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00A2400C
.text C:\WINDOWS\system32\tlntsvr.exe[2396] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 00A2A00C
.text C:\WINDOWS\system32\tlntsvr.exe[2396] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 00A2900C
.text C:\Documents and Settings\Administrator\My Documents\Downloads\ks9qelwz.exe[2432] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0038000C
.text C:\Documents and Settings\Administrator\My Documents\Downloads\ks9qelwz.exe[2432] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0038100C
.text C:\Documents and Settings\Administrator\My Documents\Downloads\ks9qelwz.exe[2432] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0038200C
.text C:\Documents and Settings\Administrator\My Documents\Downloads\ks9qelwz.exe[2432] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 0038300C
.text C:\Documents and Settings\Administrator\My Documents\Downloads\ks9qelwz.exe[2432] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 0038400C
.text C:\Documents and Settings\Administrator\My Documents\Downloads\ks9qelwz.exe[2432] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 0038900C
.text C:\Documents and Settings\Administrator\My Documents\Downloads\ks9qelwz.exe[2432] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 0038700C
.text C:\Documents and Settings\Administrator\My Documents\Downloads\ks9qelwz.exe[2432] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 0038500C
.text C:\Documents and Settings\Administrator\My Documents\Downloads\ks9qelwz.exe[2432] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 0038600C
.text C:\Documents and Settings\Administrator\My Documents\Downloads\ks9qelwz.exe[2432] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0038800C
.text C:\Documents and Settings\Administrator\My Documents\Downloads\ks9qelwz.exe[2432] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 0038A00C
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2528] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00A1000C
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2528] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00A1100C
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2528] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00A1200C
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2528] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 00A1300C
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2528] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 00A1700C
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2528] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 00A1500C
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2528] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 00A1600C
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2528] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00A1800C
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2528] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00A1400C
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2528] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 00A1900C
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2528] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 00A1A00C
.text C:\WINDOWS\system32\SearchIndexer.exe[2568] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0D58000C
.text C:\WINDOWS\system32\SearchIndexer.exe[2568] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0D58100C
.text C:\WINDOWS\system32\SearchIndexer.exe[2568] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0D58200C
.text C:\WINDOWS\system32\SearchIndexer.exe[2568] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text C:\WINDOWS\system32\SearchIndexer.exe[2568] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 0D58300C
.text C:\WINDOWS\system32\SearchIndexer.exe[2568] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 0D58700C
.text C:\WINDOWS\system32\SearchIndexer.exe[2568] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 0D58500C
.text C:\WINDOWS\system32\SearchIndexer.exe[2568] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 0D58600C
.text C:\WINDOWS\system32\SearchIndexer.exe[2568] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0D58800C
.text C:\WINDOWS\system32\SearchIndexer.exe[2568] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 0D58400C
.text C:\WINDOWS\system32\SearchIndexer.exe[2568] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 0D58A00C
.text C:\WINDOWS\system32\SearchIndexer.exe[2568] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 0D58900C
.text C:\WINDOWS\system32\wuauclt.exe[2720] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 03D9000C
.text C:\WINDOWS\system32\wuauclt.exe[2720] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 03D9100C
.text C:\WINDOWS\system32\wuauclt.exe[2720] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 03D9200C
.text C:\WINDOWS\system32\wuauclt.exe[2720] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 03D9300C
.text C:\WINDOWS\system32\wuauclt.exe[2720] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 03D9900C
.text C:\WINDOWS\system32\wuauclt.exe[2720] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 03D9700C
.text C:\WINDOWS\system32\wuauclt.exe[2720] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 03D9500C
.text C:\WINDOWS\system32\wuauclt.exe[2720] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 03D9600C
.text C:\WINDOWS\system32\wuauclt.exe[2720] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 03D9800C
.text C:\WINDOWS\system32\wuauclt.exe[2720] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 03D9400C
.text C:\WINDOWS\system32\wuauclt.exe[2720] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 03D9A00C
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3088] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00E1000C
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3088] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00E1100C
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3088] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00E1200C
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3088] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 00E1300C
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3088] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 00E1700C
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3088] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 00E1500C
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3088] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 00E1600C
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3088] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00E1800C
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3088] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00E1400C
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3088] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 00E1A00C
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3088] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 00E1900C
.text C:\WINDOWS\System32\alg.exe[3960] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00AD000C
.text C:\WINDOWS\System32\alg.exe[3960] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00AD100C
.text C:\WINDOWS\System32\alg.exe[3960] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00AD200C
.text C:\WINDOWS\System32\alg.exe[3960] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 00AD300C
.text C:\WINDOWS\System32\alg.exe[3960] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00AD400C
.text C:\WINDOWS\System32\alg.exe[3960] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 00ADA00C
.text C:\WINDOWS\System32\alg.exe[3960] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 00AD700C
.text C:\WINDOWS\System32\alg.exe[3960] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 00AD500C
.text C:\WINDOWS\System32\alg.exe[3960] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 00AD600C
.text C:\WINDOWS\System32\alg.exe[3960] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00AD800C
.text C:\WINDOWS\System32\alg.exe[3960] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 00AD900C

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2116] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 003D0010
IAT C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2128] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00690010

---- Devices - GMER 1.0.15 ----

Device \Driver\Tcpip \Device\Ip fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
Device \Driver\Tcpip \Device\Tcp fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
Device \Driver\Tcpip \Device\Udp fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
Device \Driver\Tcpip \Device\RawIp fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
Device \Driver\Tcpip \Device\IPMULTICAST fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)

---- EOF - GMER 1.0.15 ----
sjajdld's Avatar
sjajdld sjajdld is offline sjajdld has a Profile Picture
Computer Specs
Member with 148 posts.
THREAD STARTER
 
Join Date: Jan 2007
Location: Western New York
Experience: Computer Illiterate
27-Aug-2012, 10:53 AM #8
I've tried to add pictures of what the screen looks like when black, but it won't let me add the photos. I tried a zip file as well.... no luck So I'm trying a link to my facebook page so you can see them. You can see the desktop underneath the blackness and I still have full function of the laptop... just can't see anything to use it unless I shine a flashlight on it and that is making me go blind !!! As I stated above, I can use it if it's not on AC power, but the battery only lasts for an hour, give or take a few minutes. As soon as I plug the AC cord in, boom, the screen goes black within 10-15 seconds.

https://www.facebook.com/media/set/?...3150561&type=1

Hope this works

http://www.facebook.com/media/set/?s...3150561&type=1
sjajdld's Avatar
sjajdld sjajdld is offline sjajdld has a Profile Picture
Computer Specs
Member with 148 posts.
THREAD STARTER
 
Join Date: Jan 2007
Location: Western New York
Experience: Computer Illiterate
27-Aug-2012, 06:43 PM #9
No one? Was hoping someone would see this and Be able to help me out...
sjajdld's Avatar
sjajdld sjajdld is offline sjajdld has a Profile Picture
Computer Specs
Member with 148 posts.
THREAD STARTER
 
Join Date: Jan 2007
Location: Western New York
Experience: Computer Illiterate
28-Aug-2012, 11:32 AM #10
Bump ! and please HELP !!!!!
sjajdld's Avatar
sjajdld sjajdld is offline sjajdld has a Profile Picture
Computer Specs
Member with 148 posts.
THREAD STARTER
 
Join Date: Jan 2007
Location: Western New York
Experience: Computer Illiterate
29-Aug-2012, 12:54 PM #11
bumping back up...
sjajdld's Avatar
sjajdld sjajdld is offline sjajdld has a Profile Picture
Computer Specs
Member with 148 posts.
THREAD STARTER
 
Join Date: Jan 2007
Location: Western New York
Experience: Computer Illiterate
31-Aug-2012, 10:25 PM #12
Seriously... no one??? It's getting worse now... goes black while on battery now too... I'm running out of time. PLEASE HELPPPPPPPPPPPPPPPPPPPPPPPPPPP PLEASE !!!
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 97,184 posts.
 
Join Date: Aug 2003
02-Sep-2012, 01:01 PM #13
Please visit Combofix Guide & Instructions for instructions for installing the Recovery Console and downloading and running ComboFix.

The only thing different from the instructions there is that when downloading and saving the ComboFix.exe I would like you to rename it to puppy.exe please.

Post the log from ComboFix when you've accomplished that.

Important notes regarding ComboFix:

ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. This can easily be changed once we're finished.

ComboFix also prevents autorun of ALL CDs, floppies and USB devices (don't worry, the keyboard and mouse will still function) to assist with malware removal & increase security. If this is an issue or makes it difficult for you, please let me know. This can be undone manually when we're finished. Read HERE for an article written by dvk01 on why we disable autoruns.
__________________
Microsoft MVP - Consumer Security
sjajdld's Avatar
sjajdld sjajdld is offline sjajdld has a Profile Picture
Computer Specs
Member with 148 posts.
THREAD STARTER
 
Join Date: Jan 2007
Location: Western New York
Experience: Computer Illiterate
02-Sep-2012, 11:40 PM #14
puppy.exe
ComboFix 12-09-01.01 - Administrator 09/02/2012 22:52:37.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.562 [GMT -4:00]
Running from: c:\documents and settings\Administrator\My Documents\Downloads\ComboFix.exe
AV: F-Secure Anti-Virus 9.20.17320 *Disabled/Updated* {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\100
c:\documents and settings\All Users\Application Data\Codecv
c:\documents and settings\All Users\Application Data\Codecv\background.html
c:\documents and settings\All Users\Application Data\Codecv\content.js
c:\documents and settings\All Users\Application Data\Codecv\data\content.js
c:\documents and settings\All Users\Application Data\Codecv\data\jsondb.js
c:\documents and settings\All Users\Application Data\Codecv\mpkhppmnhgaocboaancgaipdlcifneik.crx
c:\documents and settings\All Users\Application Data\Codecv\settings.ini
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\{889C6F39-241F-4119-8026-1B2F4A124839}\PostBuild.exe
c:\documents and settings\All Users\Application Data\TEMP\{89A43E80-AC6C-4DA8-9800-F4B30ED577C0}\PostBuild.exe
c:\program files\Shared
c:\windows\Downloaded Program Files\ODCTOOLS
c:\windows\EventSystem.log
c:\windows\system32\AutoRun.inf
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\Tasks\wxiwwczw.job
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SRVOKO6
.
.
((((((((((((((((((((((((( Files Created from 2012-08-03 to 2012-09-03 )))))))))))))))))))))))))))))))
.
.
2012-09-03 02:32 . 2012-08-23 04:15 7022536 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9157C03B-6555-454F-8E61-F751D4BEE779}\mpengine.dll
2012-09-01 17:35 . 2012-08-23 04:15 7022536 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-09-01 17:30 . 2012-09-01 17:30 -------- d-----w- c:\program files\Microsoft Security Client
2012-09-01 15:40 . 2012-09-01 17:07 -------- d-----w- C:\d80e6c2efb9c4c9564
2012-08-29 17:07 . 2012-08-29 17:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Tarma Installer
2012-08-26 02:48 . 2012-08-26 02:57 44240 ----a-w- c:\windows\system32\drivers\fsbts.sys
2012-08-26 02:47 . 2011-09-26 15:52 82160 ----a-w- c:\windows\system32\drivers\fsdfw.sys
2012-08-26 01:44 . 2012-08-26 01:44 -------- d-----w- c:\windows\system32\wbem\Repository
2012-08-25 18:29 . 2012-08-25 18:29 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\F-Secure
2012-08-25 18:27 . 2012-08-25 18:27 -------- d-----w- c:\program files\Frontier
2012-08-25 18:24 . 2012-08-25 19:09 -------- d-----w- c:\documents and settings\All Users\Application Data\fssg
2012-08-25 17:26 . 2012-08-25 17:26 388096 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-08-25 16:45 . 2012-08-26 02:47 -------- d-----w- c:\documents and settings\All Users\Application Data\f-secure
2012-08-15 19:36 . 2012-08-15 19:36 -------- d-----w- c:\documents and settings\Administrator\Application Data\Virtual Prophecy
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-06 13:58 . 2004-08-04 12:00 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-06 02:07 . 2011-09-25 01:21 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-07-06 02:06 . 2012-07-14 16:35 772544 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-07-06 02:06 . 2010-12-01 13:40 687544 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-04 14:05 . 2007-04-12 14:07 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 13:40 . 2004-08-04 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-07-02 17:49 . 2004-08-04 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:49 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-07-02 17:49 . 2004-08-04 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-07-02 12:05 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
2012-06-05 15:50 . 2007-05-15 19:43 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2004-08-04 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2010-02-28 519584]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\Shell ExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSv c]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoneAlarm Client
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-09-27 11:22 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2005-08-06 01:05 344064 -c--a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
2005-12-19 22:08 1347584 ----a-w- c:\windows\system32\WLTRAY.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
2010-02-04 04:05 107176 ----a-w- c:\program files\Lexmark 2600 Series\ezprint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure Manager]
2011-09-26 15:53 201392 ----a-w- c:\program files\Frontier\Security\Common\FSM32.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure TNB]
2011-09-26 15:52 1655472 ----a-w- c:\program files\Frontier\Security\FSGUI\tnbutil.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-09-09 20:33 136176 ----atw- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdnmon.exe]
2010-02-04 04:05 660136 ----a-w- c:\program files\Lexmark 2600 Series\lxdnmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]
2012-03-26 21:08 931200 ----a-w- c:\program files\Microsoft Security Client\msseces.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 18:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-17 15:07 252296 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Synchronization Manager]
2008-04-14 00:12 143360 ----a-w- c:\windows\system32\mobsync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"seclogon"=2 (0x2)
"mnmsrvc"=3 (0x3)
"Messenger"=2 (0x2)
"McComponentHostService"=3 (0x3)
"FSORSPClient"=3 (0x3)
"FSMA"=2 (0x2)
"FSDFWD"=3 (0x3)
"F-Secure Gatekeeper Handler Starter"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\lxdncoms.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdnpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdntime.exe"=
"c:\\Program Files\\Lexmark 2600 Series\\lxdnmon.exe"=
"c:\\Program Files\\Lexmark 2600 Series\\lxdnlscn.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdnjswx.exe"=
"c:\\Program Files\\Lexmark 2600 Series\\Diagnostics\\LXDNdiag.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Glob allyOpenPorts\List]
"8085:TCP"= 8085:TCP:GateOKO
"3389:TCP"= 3389:TCP:*isabled:@xpsp2res.dll,-22009
.
R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [8/25/2012 10:48 PM 44240]
R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [8/25/2012 10:47 PM 82160]
R2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/11/2010 9:53 PM 135664]
S2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\system32\s pool\drivers\w32x86\3\lxdnserv.exe [1/14/2012 8:44 PM 94208]
S3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\Frontier\Security\Anti-Virus\minifilter\fsgk.sys [8/25/2012 10:46 PM 149672]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [3/11/2010 9:53 PM 135664]
S4 FSORSPClient;F-Secure ORSP Client;c:\program files\Frontier\Security\ORSP Client\fsorsp.exe [8/25/2012 10:47 PM 61088]
S4 McComponentHostService;McAfee Security Scan Component Host Service;"c:\program files\McAfee Security Scan\2.1.121\McCHSvc.exe" --> c:\program files\McAfee Security Scan\2.1.121\McCHSvc.exe [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2012-09-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-12 01:53]
.
2012-09-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-12 01:53]
.
2012-09-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-963248029-2652404320-3942384350-500Core1cc902a60d0ab00.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-09-10 20:33]
.
2012-09-03 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 21:03]
.
.
------- Supplementary Scan -------
.
uStart Page = https://www.google.com/
mStart Page = hxxp://search.searchonme.com/
uInternet Settings,ProxyServer = 127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
IE: Google Sidewiki...
LSP: c:\program files\Frontier\Security\FSPS\program\FSLSP.DLL
Trusted Zone: mydrivefm.com\rewards
TCP: DhcpNameServer = 192.168.254.254
DPF: {0D221D00-A6ED-477C-8A91-41F3B660A832} - hxxps://members.ladiesauxvfw.org/EWEBREPORTSERVER/Reserved.ReportViewerWebControl.axd?ExecutionID=idpqch45rkbyrkfgjvf2rrjo&Co ntrolID=79beb4c6385b404d9f2d7e368b1a9fd6&Culture=1033&UICulture=9&ReportSta ck=1&OpType=PrintCab
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
Toolbar-Locked - (no file)
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
Notify-NavLogon - (no file)
SafeBoot-klmdb.sys
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-DivXUpdate - c:\program files\DivX\DivX Update\DivXUpdate.exe
MSConfigStartUp-DW6 - c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe
MSConfigStartUp-lxdnamon - c:\program files\Lexmark 2600 Series\lxdnamon.exe
MSConfigStartUp-Spotify - c:\documents and settings\Administrator\Application Data\Spotify\Spotify.exe
AddRemove-CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1 - c:\program files\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1\HXFSETUP.EX E
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-02 23:21
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-963248029-2652404320-3942384350-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01 ,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d8,46,9b,77,1c,6d,83,42,8f,1b,06, \
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01 ,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,45,36,bc,8d,8b,90,21,43,88,81,b2, \
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01 ,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d8,46,9b,77,1c,6d,83,42,8f,1b,06, \
.
[HKEY_USERS\S-1-5-21-963248029-2652404320-3942384350-500\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01 ,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,45,36,bc,8d,8b,90,21,43,88,81,b2, \
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01 ,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,45,36,bc,8d,8b,90,21,43,88,81,b2, \
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(856)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'lsass.exe'(916)
c:\program files\Frontier\Security\FSPS\program\FSLSP.DLL
.
- - - - - - - > 'explorer.exe'(2456)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Frontier\Security\FSPS\program\FSLSP.DLL
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\frontier\security\scanner-interface\fsgkiapi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
c:\windows\system32\lxdncoms.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2012-09-02 23:27:17 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-03 03:27
.
Pre-Run: 1,621,151,744 bytes free
Post-Run: 3,374,657,536 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 634D80E040BBBAABE211330C83A1D205


thank you very much !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 97,184 posts.
 
Join Date: Aug 2003
03-Sep-2012, 04:46 PM #15
You have both F-Secure Anti-virus and Microsoft Security Essentials. You need to uninstall one of them as it's not good to have two on the machine at the same time because they will conflict and cause problems.

Open Notepad and copy and paste the text in the code box below into it:

Code:
Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8085:TCP"=-

DDS::
uInternet Settings,ProxyServer = 127.0.0.1:5555
Save the file to your desktop and name it CFScript.txt

Referring to the picture below, drag CFScript.txt into ComboFix.exe




This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply.

Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑