1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Screen goes black on DELL Inspiron 8600 Win XP Pro

Discussion in 'Virus & Other Malware Removal' started by sjajdld, Aug 25, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. sjajdld

    sjajdld Thread Starter

    Joined:
    Jan 24, 2007
    Messages:
    148
    Within the last day my screen will go completely black... not like when it is turned off, but a completely deep black. No cursor, nothing. Is this a virus I have??? It's a DELL Inspiron 8600 with Win XP Pro. It did it the first time while on Facebook. So I shut it off and tried again. Second time it did it on Facebook again, third time, on desktop screen, fourth was at start-up. I booted in f 2 and went to diagnostics and it went black as soon as page popped up withCPU or whatever and then proceeded to do a series of 3 beeps at different intervals. After listening to that horrid sound for about 3 minutes, I shut if off !!! lol Turned on and again did f 2 and started in first option (can't recall exact name) of internal HD ??? and this is how I ended up here :). Still on and going, but for how long? No clue. Am wondering if this is a virus I have or is my laptop really about to bite the dust? Currently running a full scan on Malwarebytes. Thanks for any help offered !!!!
     
  2. sjajdld

    sjajdld Thread Starter

    Joined:
    Jan 24, 2007
    Messages:
    148
    UPDATE *** Ok I BARELY can see the screen underneath the "blackness" so I am guessing I have a virus... weird thing is if I unplug the power cord from my laptop, I am able to keep the screen up longer before going "balck" How do I fix this !!!!!!! PLEASE HELP !!!! TYTYTYTYTY Still running a full scan in Malwarebytes as i type.... going to try to go to hijack this and add what i get from there too :) crossing fingers :)
     
  3. sjajdld

    sjajdld Thread Starter

    Joined:
    Jan 24, 2007
    Messages:
    148
    Here's my Hijack this :)




    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 1:29:11 PM, on 8/25/2012
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\System32\bcmwltry.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
    C:\WINDOWS\system32\lxdncoms.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\tlntsvr.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.searchonme.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:5555
    R3 - URLSearchHook: (no name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
    O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://rewards.mydrivefm.com
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
    O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - https://support.microsoft.com/Dcode/ActiveX/MSDcode.cab
    O16 - DPF: {0D221D00-A6ED-477C-8A91-41F3B660A832} (RSClientPrint 2005 Class) - https://members.ladiesauxvfw.org/EW...033&UICulture=9&ReportStack=1&OpType=PrintCab
    O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com.../en/x86/MuCatalogWebControl.cab?1326218597187
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1267219565705
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1343793071963
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
    O23 - Service: lxdnCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdnserv.exe
    O23 - Service: lxdn_device - - C:\WINDOWS\system32\lxdncoms.exe
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

    --
    End of file - 6539 bytes
     
  4. sjajdld

    sjajdld Thread Starter

    Joined:
    Jan 24, 2007
    Messages:
    148
    One more update... 8.25.12 If I boot with just battery power, it does not go black as quickly. I tried taking the battery out and then replacing it. Tried using it just with battery, but since the battery is old, it only holds power for about 45 minutes... not even long enough to run a full scan with Malwarebytes. So I'm still not sure if anything is showing up (virus, spyware, etc) If any other info is needed please let me know :) TYTYTY again and again :)
    ~susan
    [email protected]
     
  5. sjajdld

    sjajdld Thread Starter

    Joined:
    Jan 24, 2007
    Messages:
    148
    Ok so I apologize for not posting all I should have as I originally posted this in a different forum and just noticed that it had been moved to this forum... so here goes with update and the required scans.... Forgive me if this goes in spurts but since this is my only computer and it is acting up (why I'm here...:) ) I may have to post in intervals, so forgive me in advance for all of this nonsense ;)
    *** okay I restored to an earlier point on my computer on 8.25.12 after the above posts and same thing is happeneing. Black screen like very dark sunglasses were put over it. I can barely make out the icons etc on my desktop. I can access internet and everything else that I have tried so far while the screen is black like this. I found if I shine a flashlight at an angle i can see the screen a little better and have accessed it this way at times. VERY frustrating to say the least. ***Also, I seem to be able to have everything be normal as long as the ac power adapter is NOT connected... as soon as I plug it into the laptop, POOF* black screen. If I allow the battery to completely charge and then unplug ac adapter before turning on computer, I am able to get on with no black screen, no known issues, everything seems completely fine until my battery depletes itself, which is not long. Approximately an hour or so. So with all that being said, I redid all scans you asked for in the forum top post and am including them with this TYTYTYTY again for ANY help whatsoever... I miss my computer :( lol


    hijack this 8.26.12


    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 10:07:07 AM, on 8/26/2012
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\System32\bcmwltry.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\Frontier\Security\Anti-Virus\fsgk32st.exe
    C:\Program Files\Frontier\Security\Common\FSMA32.EXE
    C:\Program Files\Frontier\Security\Anti-Virus\FSGK32.EXE
    C:\Program Files\Frontier\Security\Common\FSHDLL32.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
    C:\WINDOWS\system32\lxdncoms.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\tlntsvr.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Frontier\Security\Common\FSM32.EXE
    C:\Program Files\Frontier\Security\FWES\Program\fsdfwd.exe
    C:\Program Files\Frontier\Security\Anti-Virus\fssm32.exe
    C:\Program Files\Frontier\Security\Anti-Virus\fsav32.exe
    C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Administrator\My Documents\Downloads\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.searchonme.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:5555
    R3 - URLSearchHook: (no name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
    O2 - BHO: LitmusBHO - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files\Frontier\Security\NRS\iescript\baselitmus.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
    O3 - Toolbar: Browsing Protection Toolbar - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files\Frontier\Security\NRS\iescript\baselitmus.dll
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Frontier\Security\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Frontier\Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://rewards.mydrivefm.com
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
    O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - https://support.microsoft.com/Dcode/ActiveX/MSDcode.cab
    O16 - DPF: {0D221D00-A6ED-477C-8A91-41F3B660A832} (RSClientPrint 2005 Class) - https://members.ladiesauxvfw.org/EW...033&UICulture=9&ReportStack=1&OpType=PrintCab
    O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com.../en/x86/MuCatalogWebControl.cab?1326218597187
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1267219565705
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1343793071963
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - C:\Program Files\Frontier\Security\Anti-Virus\fsgk32st.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Frontier\Security\FWES\Program\fsdfwd.exe
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Frontier\Security\Common\FSMA32.EXE
    O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\Frontier\Security\ORSP Client\fsorsp.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
    O23 - Service: lxdnCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdnserv.exe
    O23 - Service: lxdn_device - - C:\WINDOWS\system32\lxdncoms.exe
    O23 - Service: Microsoft Antimalware Service (MsMpSvc) - Unknown owner - c:\Program Files\Microsoft Security Client\MsMpEng.exe (file missing)
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

    --
    End of file - 8370 bytes
    *********************************************************************************************************************************

    dds file 8.26.12

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.5.1
    Run by Administrator at 10:19:55 on 2012-08-26
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.434 [GMT -4:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    AV: Max Security 9.17 *Enabled/Updated* {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
    FW: Max Security 9.17 *Enabled*
    FW: ZoneAlarm Firewall *Disabled*
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\System32\bcmwltry.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\Frontier\Security\Anti-Virus\fsgk32st.exe
    C:\Program Files\Frontier\Security\Common\FSMA32.EXE
    C:\Program Files\Frontier\Security\Anti-Virus\FSGK32.EXE
    C:\Program Files\Frontier\Security\Common\FSHDLL32.EXE
    C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
    C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
    C:\WINDOWS\system32\lxdncoms.exe
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\system32\tlntsvr.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Frontier\Security\Common\FSM32.EXE
    C:\Program Files\Frontier\Security\FWES\Program\fsdfwd.exe
    C:\Program Files\Frontier\Security\Anti-Virus\fssm32.exe
    C:\Program Files\Frontier\Security\Anti-Virus\fsav32.exe
    C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\WINDOWS\system32\cidaemon.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = https://www.google.com/
    mStart Page = hxxp://search.searchonme.com/
    uInternet Settings,ProxyServer = 127.0.0.1:5555
    uInternet Settings,ProxyOverride = <local>
    uURLSearchHooks: H - No File
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
    BHO: Browsing Protection Class: {c6867eb7-8350-4856-877f-93cf8ae3dc9c} - c:\program files\frontier\security\nrs\iescript\baselitmus.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
    TB: Browsing Protection Toolbar: {265eee8e-3228-44d3-aea5-f7fdf5860049} - c:\program files\frontier\security\nrs\iescript\baselitmus.dll
    TB: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File
    mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    mRun: [F-Secure Manager] "c:\program files\frontier\security\common\FSM32.EXE" /splash
    mRun: [F-Secure TNB] "c:\program files\frontier\security\fsgui\TNBUtil.exe" /CHECKALL /WAITFORSW
    dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Google Sidewiki...
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    LSP: c:\program files\frontier\security\fsps\program\FSLSP.DLL
    Trusted Zone: mydrivefm.com\rewards
    DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
    DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/Dcode/ActiveX/MSDcode.cab
    DPF: {0D221D00-A6ED-477C-8A91-41F3B660A832} - hxxps://members.ladiesauxvfw.org/EWEBREPORTSERVER/Reserved.ReportViewerWebControl.axd?ExecutionID=idpqch45rkbyrkfgjvf2rrjo&ControlID=79beb4c6385b404d9f2d7e368b1a9fd6&Culture=1033&UICulture=9&ReportStack=1&OpType=PrintCab
    DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1326218597187
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1267219565705
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1343793071963
    DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 192.168.254.254
    TCP: Interfaces\{1CF38442-E0F6-4221-89B5-D3EC4BEF932B} : DhcpNameServer = 192.168.10.24 192.168.10.25
    TCP: Interfaces\{76313147-6AC4-43F5-BE56-F3429732AA9D} : DhcpNameServer = 192.168.254.254
    Notify: AtiExtEvent - Ati2evxx.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
    SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [2012-8-25 44240]
    R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2012-8-25 82160]
    R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\frontier\security\hips\drivers\fshs.sys [2012-8-25 70192]
    R2 F-Secure Gatekeeper Handler Starter;FSGKHS;c:\program files\frontier\security\anti-virus\fsgk32st.exe [2012-8-25 221872]
    R2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?]
    R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\frontier\security\anti-virus\minifilter\fsgk.sys [2012-8-25 149672]
    R3 FSORSPClient;F-Secure ORSP Client;c:\program files\frontier\security\orsp client\fsorsp.exe [2012-8-25 61088]
    S0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\mpfilter.sys --> c:\windows\system32\drivers\MpFilter.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-3-11 135664]
    S2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdnserv.exe [2012-1-14 94208]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-3-11 135664]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S4 McComponentHostService;McAfee Security Scan Component Host Service;"c:\program files\mcafee security scan\2.1.121\mcchsvc.exe" --> c:\program files\mcafee security scan\2.1.121\McCHSvc.exe [?]
    .
    =============== Created Last 30 ================
    .
    2012-08-26 02:48:42 44240 ----a-w- c:\windows\system32\drivers\fsbts.sys
    2012-08-26 02:47:54 82160 ----a-w- c:\windows\system32\drivers\fsdfw.sys
    2012-08-26 01:44:59 -------- d-----w- c:\windows\system32\wbem\repository\FS
    2012-08-26 01:44:59 -------- d-----w- c:\windows\system32\wbem\Repository
    2012-08-25 18:27:22 -------- d-----w- c:\program files\Frontier
    2012-08-25 18:24:35 -------- d-----w- c:\documents and settings\all users\application data\fssg
    2012-08-25 17:26:01 388096 ----a-r- c:\documents and settings\administrator\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
    2012-08-25 16:45:57 -------- d-----w- c:\documents and settings\all users\application data\f-secure
    2012-08-15 19:36:34 -------- d-----w- c:\documents and settings\administrator\application data\Virtual Prophecy
    .
    ==================== Find3M ====================
    .
    2012-07-06 13:58:51 78336 ----a-w- c:\windows\system32\browser.dll
    2012-07-06 02:07:08 143872 ----a-w- c:\windows\system32\javacpl.cpl
    2012-07-06 02:06:30 772544 ----a-w- c:\windows\system32\npDeployJava1.dll
    2012-07-06 02:06:20 687544 ----a-w- c:\windows\system32\deployJava1.dll
    2012-07-04 14:05:18 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-07-03 13:40:15 1866112 ----a-w- c:\windows\system32\win32k.sys
    2012-07-02 17:49:33 916992 ----a-w- c:\windows\system32\wininet.dll
    2012-07-02 17:49:32 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2012-07-02 17:49:32 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-07-02 12:05:43 385024 ----a-w- c:\windows\system32\html.iec
    2012-06-05 15:50:25 1372672 ----a-w- c:\windows\system32\msxml6.dll
    2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll
    2012-06-04 21:35:26 222448 ----a-w- c:\windows\system32\muweb.dll
    2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll
    2012-06-02 19:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
    2012-06-02 19:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
    2012-06-02 19:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
    2012-06-02 19:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
    2012-06-02 19:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
    2012-06-02 19:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
    2012-06-02 19:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
    2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
    .
    ============= FINISH: 10:23:38.22 ===============
    ******************************************************************************************************************************************


    *** the gmer ark.txt scan is taking a longggg time so I will post that as soon as I can but am posting these now before I lose it all to a black screen again ty for patience :)

    [email protected]
    ~Susan
     
  6. sjajdld

    sjajdld Thread Starter

    Joined:
    Jan 24, 2007
    Messages:
    148
    here is the attach file
     

    Attached Files:

  7. sjajdld

    sjajdld Thread Starter

    Joined:
    Jan 24, 2007
    Messages:
    148
    ahhhhhhhhhhhhhhhhhhhhhhhh finally finished the gmer... whatever it is...scan.... took FOREVER !!!!!!!!!
    here goes:


    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-08-26 16:50:38
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 FUJITSU_MHV2060AH rev.00000096
    Running: ks9qelwz.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\pxtdypow.sys


    ---- System - GMER 1.0.15 ----

    SSDT \??\C:\Program Files\Frontier\Security\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwCreateProcess [0xF6D9BCC6]
    SSDT \??\C:\Program Files\Frontier\Security\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwCreateProcessEx [0xF6D9BCE0]
    SSDT \??\C:\Program Files\Frontier\Security\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwCreateThread [0xF6D9AE7C]
    SSDT \??\C:\Program Files\Frontier\Security\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwLoadDriver [0xF6D9B1AC]
    SSDT \??\C:\Program Files\Frontier\Security\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwMapViewOfSection [0xF6D9ABBC]
    SSDT \??\C:\Program Files\Frontier\Security\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwOpenSection [0xF6D9B5DE]
    SSDT \??\C:\Program Files\Frontier\Security\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwRenameKey [0xF6D9C87C]
    SSDT \??\C:\Program Files\Frontier\Security\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwSetSystemInformation [0xF6D9B42E]
    SSDT \??\C:\Program Files\Frontier\Security\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwSuspendProcess [0xF6D9AA3C]
    SSDT \??\C:\Program Files\Frontier\Security\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwSuspendThread [0xF6D9AEB0]
    SSDT \??\C:\Program Files\Frontier\Security\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwSystemDebugControl [0xF6D9B032]
    SSDT \??\C:\Program Files\Frontier\Security\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwTerminateProcess [0xF6D9A996]
    SSDT \??\C:\Program Files\Frontier\Security\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwTerminateThread [0xF6D9AAF6]
    SSDT \??\C:\Program Files\Frontier\Security\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwWriteVirtualMemory [0xF6D9AF76]

    Code fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation) IoCreateDevice

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntoskrnl.exe!_abnormal_termination + 440 804E2AAC 12 Bytes [3C, AA, D9, F6, B0, AE, D9, ...]
    PAGE ntoskrnl.exe!IoCreateDevice 8059EC46 5 Bytes JMP F7683010 fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
    PAGENPNP NDIS.SYS!NdisRegisterProtocol F765317F 5 Bytes JMP F7682E22 fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
    PAGENPNP NDIS.SYS!NdisOpenAdapter F7653399 5 Bytes JMP F76833AA fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
    PAGENPNP NDIS.SYS!NdisCloseAdapter F765D642 5 Bytes JMP F7682F2E fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
    PAGENPNP NDIS.SYS!NdisDeregisterProtocol F765D821 5 Bytes JMP F76831C6 fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
    PAGENDSP NDIS.SYS!NdisReturnPackets F7660810 5 Bytes JMP F7683C22 fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
    PAGENDSP NDIS.SYS!NdisRequest F766097B 5 Bytes JMP F76835C2 fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
    PAGENDSP NDIS.SYS!NdisSend F7663986 5 Bytes JMP F76845A2 fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
    PAGENDSP NDIS.SYS!NdisSendPackets F76639A3 5 Bytes JMP F7684674 fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
    PAGENDSP NDIS.SYS!NdisTransferData F76639BE 5 Bytes JMP F7683D20 fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
    PAGENDCO NDIS.SYS!NdisCoCreateVc F766A186 5 Bytes JMP F7682E8C fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
    PAGENDCO NDIS.SYS!NdisCoDeleteVc F766B557 5 Bytes JMP F7682EFA fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
    PAGENDCO NDIS.SYS!NdisCoSendPackets F766BAF1 5 Bytes JMP F768438C fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)

    ---- User code sections - GMER 1.0.15 ----

    .text C:\WINDOWS\Explorer.EXE[228] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0266000C
    .text C:\WINDOWS\Explorer.EXE[228] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0266100C
    .text C:\WINDOWS\Explorer.EXE[228] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0266200C
    .text C:\WINDOWS\Explorer.EXE[228] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 0266300C
    .text C:\WINDOWS\Explorer.EXE[228] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 0266700C
    .text C:\WINDOWS\Explorer.EXE[228] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 0266500C
    .text C:\WINDOWS\Explorer.EXE[228] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 0266600C
    .text C:\WINDOWS\Explorer.EXE[228] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0266800C
    .text C:\WINDOWS\Explorer.EXE[228] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 0266400C
    .text C:\WINDOWS\Explorer.EXE[228] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 0266A00C
    .text C:\WINDOWS\Explorer.EXE[228] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 0266900C
    .text C:\Program Files\Frontier\Security\Common\FSM32.EXE[544] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0102000C
    .text C:\Program Files\Frontier\Security\Common\FSM32.EXE[544] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0102100C
    .text C:\WINDOWS\system32\winlogon.exe[856] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00C0000C
    .text C:\WINDOWS\system32\winlogon.exe[856] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00C0100C
    .text C:\WINDOWS\system32\winlogon.exe[856] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C0200C
    .text C:\WINDOWS\system32\winlogon.exe[856] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 00C0300C
    .text C:\WINDOWS\system32\winlogon.exe[856] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 00C0700C
    .text C:\WINDOWS\system32\winlogon.exe[856] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 00C0500C
    .text C:\WINDOWS\system32\winlogon.exe[856] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 00C0600C
    .text C:\WINDOWS\system32\winlogon.exe[856] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00C0800C
    .text C:\WINDOWS\system32\winlogon.exe[856] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00C0400C
    .text C:\WINDOWS\system32\winlogon.exe[856] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 00C0A00C
    .text C:\WINDOWS\system32\winlogon.exe[856] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 00C0900C
    .text C:\WINDOWS\system32\lsass.exe[916] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00B8000C
    .text C:\WINDOWS\system32\lsass.exe[916] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00B8100C
    .text C:\WINDOWS\system32\lsass.exe[916] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00B8200C
    .text C:\WINDOWS\system32\lsass.exe[916] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 00B8300C
    .text C:\WINDOWS\system32\lsass.exe[916] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 00B8700C
    .text C:\WINDOWS\system32\lsass.exe[916] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 00B8500C
    .text C:\WINDOWS\system32\lsass.exe[916] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 00B8600C
    .text C:\WINDOWS\system32\lsass.exe[916] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00B8800C
    .text C:\WINDOWS\system32\lsass.exe[916] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00B8400C
    .text C:\WINDOWS\system32\lsass.exe[916] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 00B8A00C
    .text C:\WINDOWS\system32\lsass.exe[916] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 00B8900C
    .text C:\WINDOWS\system32\cisvc.exe[1036] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 006C000C
    .text C:\WINDOWS\system32\cisvc.exe[1036] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 006C100C
    .text C:\WINDOWS\system32\cisvc.exe[1036] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 006C200C
    .text C:\WINDOWS\system32\cisvc.exe[1036] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 006C300C
    .text C:\WINDOWS\system32\cisvc.exe[1036] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 006C400C
    .text C:\WINDOWS\system32\cisvc.exe[1036] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 006CA00C
    .text C:\WINDOWS\system32\cisvc.exe[1036] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 006C700C
    .text C:\WINDOWS\system32\cisvc.exe[1036] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 006C500C
    .text C:\WINDOWS\system32\cisvc.exe[1036] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 006C600C
    .text C:\WINDOWS\system32\cisvc.exe[1036] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 006C800C
    .text C:\WINDOWS\system32\cisvc.exe[1036] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 006C900C
    .text C:\WINDOWS\system32\Ati2evxx.exe[1076] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0240000C
    .text C:\WINDOWS\system32\Ati2evxx.exe[1076] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0240100C
    .text C:\WINDOWS\system32\Ati2evxx.exe[1076] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0240200C
    .text C:\WINDOWS\system32\Ati2evxx.exe[1076] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 0240300C
    .text C:\WINDOWS\system32\Ati2evxx.exe[1076] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 0240400C
    .text C:\WINDOWS\system32\Ati2evxx.exe[1076] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 0240A00C
    .text C:\WINDOWS\system32\Ati2evxx.exe[1076] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 0240900C
    .text C:\WINDOWS\system32\Ati2evxx.exe[1076] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 0240700C
    .text C:\WINDOWS\system32\Ati2evxx.exe[1076] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 0240500C
    .text C:\WINDOWS\system32\Ati2evxx.exe[1076] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 0240600C
    .text C:\WINDOWS\system32\Ati2evxx.exe[1076] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0240800C
    .text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[1524] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 026F000C
    .text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[1524] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 026F100C
    .text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[1524] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 026F200C
    .text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[1524] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 026F300C
    .text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[1524] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 026F700C
    .text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[1524] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 026F500C
    .text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[1524] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 026F600C
    .text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[1524] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 026F800C
    .text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[1524] user32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 026F400C
    .text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[1524] user32.dll!DdeConnect 7E4581C3 5 Bytes JMP 026FA00C
    .text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[1524] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 026F900C
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1596] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00A1000C
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1596] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00A1100C
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1596] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00A1200C
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1596] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 00A1300C
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1596] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 00A1700C
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1596] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 00A1500C
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1596] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 00A1600C
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1596] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00A1800C
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1596] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00A1400C
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1596] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 00A1900C
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1596] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 00A1A00C
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[1624] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 003A000C
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[1624] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 003A100C
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[1624] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 003A200C
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[1624] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 003A300C
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[1624] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 003A700C
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[1624] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 003A500C
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[1624] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 003A600C
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[1624] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A800C
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[1624] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A400C
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[1624] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 003A900C
    .text C:\WINDOWS\System32\bcmwltry.exe[1636] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00CD000C
    .text C:\WINDOWS\System32\bcmwltry.exe[1636] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00CD100C
    .text C:\WINDOWS\System32\bcmwltry.exe[1636] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00CD200C
    .text C:\WINDOWS\System32\bcmwltry.exe[1636] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 00CD300C
    .text C:\WINDOWS\System32\bcmwltry.exe[1636] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 00CD700C
    .text C:\WINDOWS\System32\bcmwltry.exe[1636] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 00CD500C
    .text C:\WINDOWS\System32\bcmwltry.exe[1636] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 00CD600C
    .text C:\WINDOWS\System32\bcmwltry.exe[1636] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00CD800C
    .text C:\WINDOWS\System32\bcmwltry.exe[1636] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00CD400C
    .text C:\WINDOWS\System32\bcmwltry.exe[1636] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 00CDA00C
    .text C:\WINDOWS\System32\bcmwltry.exe[1636] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 00CD900C
    .text C:\WINDOWS\system32\lxdncoms.exe[1808] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 003F000C
    .text C:\WINDOWS\system32\lxdncoms.exe[1808] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 003F100C
    .text C:\WINDOWS\system32\lxdncoms.exe[1808] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 003F200C
    .text C:\WINDOWS\system32\lxdncoms.exe[1808] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 003F300C
    .text C:\WINDOWS\system32\lxdncoms.exe[1808] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003F400C
    .text C:\WINDOWS\system32\lxdncoms.exe[1808] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 003F900C
    .text C:\WINDOWS\system32\lxdncoms.exe[1808] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 003F700C
    .text C:\WINDOWS\system32\lxdncoms.exe[1808] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 003F500C
    .text C:\WINDOWS\system32\lxdncoms.exe[1808] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 003F600C
    .text C:\WINDOWS\system32\lxdncoms.exe[1808] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003F800C
    .text C:\WINDOWS\system32\Ati2evxx.exe[2020] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00C4000C
    .text C:\WINDOWS\system32\Ati2evxx.exe[2020] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00C4100C
    .text C:\WINDOWS\system32\Ati2evxx.exe[2020] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C4200C
    .text C:\WINDOWS\system32\Ati2evxx.exe[2020] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 00C4300C
    .text C:\WINDOWS\system32\Ati2evxx.exe[2020] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00C4400C
    .text C:\WINDOWS\system32\Ati2evxx.exe[2020] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 00C4A00C
    .text C:\WINDOWS\system32\Ati2evxx.exe[2020] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 00C4900C
    .text C:\WINDOWS\system32\Ati2evxx.exe[2020] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 00C4700C
    .text C:\WINDOWS\system32\Ati2evxx.exe[2020] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 00C4500C
    .text C:\WINDOWS\system32\Ati2evxx.exe[2020] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 00C4600C
    .text C:\WINDOWS\system32\Ati2evxx.exe[2020] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00C4800C
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2116] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 2A, 00] {SUB [EAX], AL; SUB AL, [EAX]}
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2116] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2116] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0095000C
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2116] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0095100C
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2116] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2116] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 2A, 00] {SUB [EBX], AL; SUB AL, [EAX]}
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2116] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2116] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 2A, 00]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2116] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2116] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 2A, 00] {TEST AL, 0x1; SUB AL, [EAX]}
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2116] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2116] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91001A
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2116] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2116] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 2A, 00] {TEST AL, 0x2; SUB AL, [EAX]}
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2116] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2116] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 2A, 00]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2116] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2116] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 2A, 00]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2116] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2116] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91008B
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2116] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2116] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 2A, 00] {TEST AL, 0x0; SUB AL, [EAX]}
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2116] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2116] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B9101B9
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2116] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2116] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 2A, 00] {SUB [ECX], AL; SUB AL, [EAX]}
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2116] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2116] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 2A, 00] {SUB [EDX], AL; SUB AL, [EAX]}
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2116] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2116] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2116] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 2A, 00]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2116] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2116] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0095200C
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2116] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 0095300C
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2116] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 0095700C
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2116] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 0095500C
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2116] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 0095600C
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2116] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0095800C
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2116] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 0095400C
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2116] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 0095900C
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 52, 00]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00AC000C
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00AC100C
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 52, 00]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 52, 00]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 52, 00]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91281A
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 52, 00]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 52, 00]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 52, 00]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91288B
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 52, 00]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B9129B9
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 52, 00]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 52, 00]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 52, 00]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2128] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2128] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00AC200C
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2128] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 00AC300C
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2128] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 00AC700C
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2128] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 00AC500C
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2128] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 00AC600C
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2128] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00AC800C
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2128] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00AC400C
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2128] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 00AC900C
    .text C:\WINDOWS\system32\tlntsvr.exe[2396] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00A2000C
    .text C:\WINDOWS\system32\tlntsvr.exe[2396] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00A2100C
    .text C:\WINDOWS\system32\tlntsvr.exe[2396] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00A2200C
    .text C:\WINDOWS\system32\tlntsvr.exe[2396] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 00A2300C
    .text C:\WINDOWS\system32\tlntsvr.exe[2396] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 00A2700C
    .text C:\WINDOWS\system32\tlntsvr.exe[2396] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 00A2500C
    .text C:\WINDOWS\system32\tlntsvr.exe[2396] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 00A2600C
    .text C:\WINDOWS\system32\tlntsvr.exe[2396] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00A2800C
    .text C:\WINDOWS\system32\tlntsvr.exe[2396] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00A2400C
    .text C:\WINDOWS\system32\tlntsvr.exe[2396] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 00A2A00C
    .text C:\WINDOWS\system32\tlntsvr.exe[2396] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 00A2900C
    .text C:\Documents and Settings\Administrator\My Documents\Downloads\ks9qelwz.exe[2432] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0038000C
    .text C:\Documents and Settings\Administrator\My Documents\Downloads\ks9qelwz.exe[2432] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0038100C
    .text C:\Documents and Settings\Administrator\My Documents\Downloads\ks9qelwz.exe[2432] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0038200C
    .text C:\Documents and Settings\Administrator\My Documents\Downloads\ks9qelwz.exe[2432] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 0038300C
    .text C:\Documents and Settings\Administrator\My Documents\Downloads\ks9qelwz.exe[2432] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 0038400C
    .text C:\Documents and Settings\Administrator\My Documents\Downloads\ks9qelwz.exe[2432] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 0038900C
    .text C:\Documents and Settings\Administrator\My Documents\Downloads\ks9qelwz.exe[2432] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 0038700C
    .text C:\Documents and Settings\Administrator\My Documents\Downloads\ks9qelwz.exe[2432] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 0038500C
    .text C:\Documents and Settings\Administrator\My Documents\Downloads\ks9qelwz.exe[2432] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 0038600C
    .text C:\Documents and Settings\Administrator\My Documents\Downloads\ks9qelwz.exe[2432] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0038800C
    .text C:\Documents and Settings\Administrator\My Documents\Downloads\ks9qelwz.exe[2432] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 0038A00C
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2528] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00A1000C
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2528] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00A1100C
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2528] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00A1200C
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2528] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 00A1300C
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2528] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 00A1700C
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2528] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 00A1500C
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2528] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 00A1600C
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2528] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00A1800C
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2528] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00A1400C
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2528] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 00A1900C
    .text C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2528] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 00A1A00C
    .text C:\WINDOWS\system32\SearchIndexer.exe[2568] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0D58000C
    .text C:\WINDOWS\system32\SearchIndexer.exe[2568] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0D58100C
    .text C:\WINDOWS\system32\SearchIndexer.exe[2568] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0D58200C
    .text C:\WINDOWS\system32\SearchIndexer.exe[2568] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
    .text C:\WINDOWS\system32\SearchIndexer.exe[2568] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 0D58300C
    .text C:\WINDOWS\system32\SearchIndexer.exe[2568] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 0D58700C
    .text C:\WINDOWS\system32\SearchIndexer.exe[2568] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 0D58500C
    .text C:\WINDOWS\system32\SearchIndexer.exe[2568] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 0D58600C
    .text C:\WINDOWS\system32\SearchIndexer.exe[2568] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0D58800C
    .text C:\WINDOWS\system32\SearchIndexer.exe[2568] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 0D58400C
    .text C:\WINDOWS\system32\SearchIndexer.exe[2568] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 0D58A00C
    .text C:\WINDOWS\system32\SearchIndexer.exe[2568] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 0D58900C
    .text C:\WINDOWS\system32\wuauclt.exe[2720] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 03D9000C
    .text C:\WINDOWS\system32\wuauclt.exe[2720] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 03D9100C
    .text C:\WINDOWS\system32\wuauclt.exe[2720] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 03D9200C
    .text C:\WINDOWS\system32\wuauclt.exe[2720] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 03D9300C
    .text C:\WINDOWS\system32\wuauclt.exe[2720] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 03D9900C
    .text C:\WINDOWS\system32\wuauclt.exe[2720] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 03D9700C
    .text C:\WINDOWS\system32\wuauclt.exe[2720] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 03D9500C
    .text C:\WINDOWS\system32\wuauclt.exe[2720] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 03D9600C
    .text C:\WINDOWS\system32\wuauclt.exe[2720] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 03D9800C
    .text C:\WINDOWS\system32\wuauclt.exe[2720] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 03D9400C
    .text C:\WINDOWS\system32\wuauclt.exe[2720] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 03D9A00C
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3088] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00E1000C
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3088] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00E1100C
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3088] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00E1200C
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3088] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 00E1300C
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3088] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 00E1700C
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3088] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 00E1500C
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3088] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 00E1600C
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3088] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00E1800C
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3088] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00E1400C
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3088] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 00E1A00C
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3088] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 00E1900C
    .text C:\WINDOWS\System32\alg.exe[3960] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00AD000C
    .text C:\WINDOWS\System32\alg.exe[3960] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00AD100C
    .text C:\WINDOWS\System32\alg.exe[3960] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00AD200C
    .text C:\WINDOWS\System32\alg.exe[3960] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 00AD300C
    .text C:\WINDOWS\System32\alg.exe[3960] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00AD400C
    .text C:\WINDOWS\System32\alg.exe[3960] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 00ADA00C
    .text C:\WINDOWS\System32\alg.exe[3960] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 00AD700C
    .text C:\WINDOWS\System32\alg.exe[3960] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 00AD500C
    .text C:\WINDOWS\System32\alg.exe[3960] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 00AD600C
    .text C:\WINDOWS\System32\alg.exe[3960] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00AD800C
    .text C:\WINDOWS\System32\alg.exe[3960] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 00AD900C

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2116] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 003D0010
    IAT C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2128] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00690010

    ---- Devices - GMER 1.0.15 ----

    Device \Driver\Tcpip \Device\Ip fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
    Device \Driver\Tcpip \Device\Tcp fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
    Device \Driver\Tcpip \Device\Udp fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
    Device \Driver\Tcpip \Device\RawIp fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
    Device \Driver\Tcpip \Device\IPMULTICAST fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)

    ---- EOF - GMER 1.0.15 ----
     
  8. sjajdld

    sjajdld Thread Starter

    Joined:
    Jan 24, 2007
    Messages:
    148
    I've tried to add pictures of what the screen looks like when black, but it won't let me add the photos. I tried a zip file as well.... no luck :( So I'm trying a link to my facebook page so you can see them. You can see the desktop underneath the blackness and I still have full function of the laptop... just can't see anything to use it unless I shine a flashlight on it and that is making me go blind :( !!! As I stated above, I can use it if it's not on AC power, but the battery only lasts for an hour, give or take a few minutes. As soon as I plug the AC cord in, boom, the screen goes black within 10-15 seconds.

    https://www.facebook.com/media/set/?set=a.10152056613420562.892459.893150561&type=1

    Hope this works :)

    http://www.facebook.com/media/set/?set=a.10152056613420562.892459.893150561&type=1
     
  9. sjajdld

    sjajdld Thread Starter

    Joined:
    Jan 24, 2007
    Messages:
    148
    No one? Was hoping someone would see this and Be able to help me out... :(
     
  10. sjajdld

    sjajdld Thread Starter

    Joined:
    Jan 24, 2007
    Messages:
    148
    Bump ! and please HELP !!!!!
     
  11. sjajdld

    sjajdld Thread Starter

    Joined:
    Jan 24, 2007
    Messages:
    148
    bumping back up...
     
  12. sjajdld

    sjajdld Thread Starter

    Joined:
    Jan 24, 2007
    Messages:
    148
    Seriously... no one??? :( It's getting worse now... goes black while on battery now too... I'm running out of time. PLEASE HELPPPPPPPPPPPPPPPPPPPPPPPPPPP PLEASE !!!
     
  13. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,645
    Please visit Combofix Guide & Instructions for instructions for installing the Recovery Console and downloading and running ComboFix.

    The only thing different from the instructions there is that when downloading and saving the ComboFix.exe I would like you to rename it to puppy.exe please.

    Post the log from ComboFix when you've accomplished that.

    Important notes regarding ComboFix:

    ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. This can easily be changed once we're finished.

    ComboFix also prevents autorun of ALL CDs, floppies and USB devices (don't worry, the keyboard and mouse will still function) to assist with malware removal & increase security. If this is an issue or makes it difficult for you, please let me know. This can be undone manually when we're finished. Read HERE for an article written by dvk01 on why we disable autoruns.
     
  14. sjajdld

    sjajdld Thread Starter

    Joined:
    Jan 24, 2007
    Messages:
    148
    ComboFix 12-09-01.01 - Administrator 09/02/2012 22:52:37.1.1 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.562 [GMT -4:00]
    Running from: c:\documents and settings\Administrator\My Documents\Downloads\ComboFix.exe
    AV: F-Secure Anti-Virus 9.20.17320 *Disabled/Updated* {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
    AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users\Application Data\100
    c:\documents and settings\All Users\Application Data\Codecv
    c:\documents and settings\All Users\Application Data\Codecv\background.html
    c:\documents and settings\All Users\Application Data\Codecv\content.js
    c:\documents and settings\All Users\Application Data\Codecv\data\content.js
    c:\documents and settings\All Users\Application Data\Codecv\data\jsondb.js
    c:\documents and settings\All Users\Application Data\Codecv\mpkhppmnhgaocboaancgaipdlcifneik.crx
    c:\documents and settings\All Users\Application Data\Codecv\settings.ini
    c:\documents and settings\All Users\Application Data\TEMP
    c:\documents and settings\All Users\Application Data\TEMP\{889C6F39-241F-4119-8026-1B2F4A124839}\PostBuild.exe
    c:\documents and settings\All Users\Application Data\TEMP\{89A43E80-AC6C-4DA8-9800-F4B30ED577C0}\PostBuild.exe
    c:\program files\Shared
    c:\windows\Downloaded Program Files\ODCTOOLS
    c:\windows\EventSystem.log
    c:\windows\system32\AutoRun.inf
    c:\windows\system32\drivers\etc\hosts.ics
    c:\windows\system32\URTTemp
    c:\windows\system32\URTTemp\regtlib.exe
    c:\windows\Tasks\wxiwwczw.job
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_SRVOKO6
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-08-03 to 2012-09-03 )))))))))))))))))))))))))))))))
    .
    .
    2012-09-03 02:32 . 2012-08-23 04:15 7022536 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9157C03B-6555-454F-8E61-F751D4BEE779}\mpengine.dll
    2012-09-01 17:35 . 2012-08-23 04:15 7022536 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-09-01 17:30 . 2012-09-01 17:30 -------- d-----w- c:\program files\Microsoft Security Client
    2012-09-01 15:40 . 2012-09-01 17:07 -------- d-----w- C:\d80e6c2efb9c4c9564
    2012-08-29 17:07 . 2012-08-29 17:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Tarma Installer
    2012-08-26 02:48 . 2012-08-26 02:57 44240 ----a-w- c:\windows\system32\drivers\fsbts.sys
    2012-08-26 02:47 . 2011-09-26 15:52 82160 ----a-w- c:\windows\system32\drivers\fsdfw.sys
    2012-08-26 01:44 . 2012-08-26 01:44 -------- d-----w- c:\windows\system32\wbem\Repository
    2012-08-25 18:29 . 2012-08-25 18:29 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\F-Secure
    2012-08-25 18:27 . 2012-08-25 18:27 -------- d-----w- c:\program files\Frontier
    2012-08-25 18:24 . 2012-08-25 19:09 -------- d-----w- c:\documents and settings\All Users\Application Data\fssg
    2012-08-25 17:26 . 2012-08-25 17:26 388096 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2012-08-25 16:45 . 2012-08-26 02:47 -------- d-----w- c:\documents and settings\All Users\Application Data\f-secure
    2012-08-15 19:36 . 2012-08-15 19:36 -------- d-----w- c:\documents and settings\Administrator\Application Data\Virtual Prophecy
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-07-06 13:58 . 2004-08-04 12:00 78336 ----a-w- c:\windows\system32\browser.dll
    2012-07-06 02:07 . 2011-09-25 01:21 143872 ----a-w- c:\windows\system32\javacpl.cpl
    2012-07-06 02:06 . 2012-07-14 16:35 772544 ----a-w- c:\windows\system32\npDeployJava1.dll
    2012-07-06 02:06 . 2010-12-01 13:40 687544 ----a-w- c:\windows\system32\deployJava1.dll
    2012-07-04 14:05 . 2007-04-12 14:07 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-07-03 13:40 . 2004-08-04 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys
    2012-07-02 17:49 . 2004-08-04 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
    2012-07-02 17:49 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2012-07-02 17:49 . 2004-08-04 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-07-02 12:05 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
    2012-06-05 15:50 . 2007-05-15 19:43 1372672 ----a-w- c:\windows\system32\msxml6.dll
    2012-06-05 15:50 . 2004-08-04 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2010-02-28 519584]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
    backup=c:\windows\pss\Windows Search.lnkCommon Startup
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoneAlarm Client
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
    2011-09-27 11:22 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
    2005-08-06 01:05 344064 -c--a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
    2005-12-19 22:08 1347584 ----a-w- c:\windows\system32\WLTRAY.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
    2010-02-04 04:05 107176 ----a-w- c:\program files\Lexmark 2600 Series\ezprint.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure Manager]
    2011-09-26 15:53 201392 ----a-w- c:\program files\Frontier\Security\Common\FSM32.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure TNB]
    2011-09-26 15:52 1655472 ----a-w- c:\program files\Frontier\Security\FSGUI\tnbutil.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
    2011-09-09 20:33 136176 ----atw- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdnmon.exe]
    2010-02-04 04:05 660136 ----a-w- c:\program files\Lexmark 2600 Series\lxdnmon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]
    2012-03-26 21:08 931200 ----a-w- c:\program files\Microsoft Security Client\msseces.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2011-10-24 18:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2012-01-17 15:07 252296 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Synchronization Manager]
    2008-04-14 00:12 143360 ----a-w- c:\windows\system32\mobsync.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "seclogon"=2 (0x2)
    "mnmsrvc"=3 (0x3)
    "Messenger"=2 (0x2)
    "McComponentHostService"=3 (0x3)
    "FSORSPClient"=3 (0x3)
    "FSMA"=2 (0x2)
    "FSDFWD"=3 (0x3)
    "F-Secure Gatekeeper Handler Starter"=2 (0x2)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "FirewallOverride"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    "DisableNotifications"= 1 (0x1)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\WINDOWS\\system32\\lxdncoms.exe"=
    "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdnpswx.exe"=
    "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdntime.exe"=
    "c:\\Program Files\\Lexmark 2600 Series\\lxdnmon.exe"=
    "c:\\Program Files\\Lexmark 2600 Series\\lxdnlscn.exe"=
    "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdnjswx.exe"=
    "c:\\Program Files\\Lexmark 2600 Series\\Diagnostics\\LXDNdiag.exe"=
    "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "8085:TCP"= 8085:TCP:GateOKO
    "3389:TCP"= 3389:TCP:*:Disabled:mad:xpsp2res.dll,-22009
    .
    R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [8/25/2012 10:48 PM 44240]
    R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [8/25/2012 10:47 PM 82160]
    R2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/11/2010 9:53 PM 135664]
    S2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdnserv.exe [1/14/2012 8:44 PM 94208]
    S3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\Frontier\Security\Anti-Virus\minifilter\fsgk.sys [8/25/2012 10:46 PM 149672]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [3/11/2010 9:53 PM 135664]
    S4 FSORSPClient;F-Secure ORSP Client;c:\program files\Frontier\Security\ORSP Client\fsorsp.exe [8/25/2012 10:47 PM 61088]
    S4 McComponentHostService;McAfee Security Scan Component Host Service;"c:\program files\McAfee Security Scan\2.1.121\McCHSvc.exe" --> c:\program files\McAfee Security Scan\2.1.121\McCHSvc.exe [?]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-08-15 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
    .
    2012-09-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-12 01:53]
    .
    2012-09-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-12 01:53]
    .
    2012-09-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-963248029-2652404320-3942384350-500Core1cc902a60d0ab00.job
    - c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-09-10 20:33]
    .
    2012-09-03 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
    - c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 21:03]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = https://www.google.com/
    mStart Page = hxxp://search.searchonme.com/
    uInternet Settings,ProxyServer = 127.0.0.1:5555
    uInternet Settings,ProxyOverride = <local>
    IE: Google Sidewiki...
    LSP: c:\program files\Frontier\Security\FSPS\program\FSLSP.DLL
    Trusted Zone: mydrivefm.com\rewards
    TCP: DhcpNameServer = 192.168.254.254
    DPF: {0D221D00-A6ED-477C-8A91-41F3B660A832} - hxxps://members.ladiesauxvfw.org/EWEBREPORTSERVER/Reserved.ReportViewerWebControl.axd?ExecutionID=idpqch45rkbyrkfgjvf2rrjo&ControlID=79beb4c6385b404d9f2d7e368b1a9fd6&Culture=1033&UICulture=9&ReportStack=1&OpType=PrintCab
    .
    - - - - ORPHANS REMOVED - - - -
    .
    URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
    Toolbar-Locked - (no file)
    ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
    Notify-NavLogon - (no file)
    SafeBoot-klmdb.sys
    MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
    MSConfigStartUp-DivXUpdate - c:\program files\DivX\DivX Update\DivXUpdate.exe
    MSConfigStartUp-DW6 - c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe
    MSConfigStartUp-lxdnamon - c:\program files\Lexmark 2600 Series\lxdnamon.exe
    MSConfigStartUp-Spotify - c:\documents and settings\Administrator\Application Data\Spotify\Spotify.exe
    AddRemove-CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1 - c:\program files\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1\HXFSETUP.EXE
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-09-02 23:21
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-963248029-2652404320-3942384350-500\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (Administrator)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d8,46,9b,77,1c,6d,83,42,8f,1b,06,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,45,36,bc,8d,8b,90,21,43,88,81,b2,\
    "6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d8,46,9b,77,1c,6d,83,42,8f,1b,06,\
    .
    [HKEY_USERS\S-1-5-21-963248029-2652404320-3942384350-500\Software\Microsoft\SystemCertificates\AddressBook*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (Administrator)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,45,36,bc,8d,8b,90,21,43,88,81,b2,\
    "6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,45,36,bc,8d,8b,90,21,43,88,81,b2,\
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(856)
    c:\windows\system32\Ati2evxx.dll
    .
    - - - - - - - > 'lsass.exe'(916)
    c:\program files\Frontier\Security\FSPS\program\FSLSP.DLL
    .
    - - - - - - - > 'explorer.exe'(2456)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\program files\Frontier\Security\FSPS\program\FSLSP.DLL
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    c:\program files\frontier\security\scanner-interface\fsgkiapi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\Ati2evxx.exe
    c:\program files\Microsoft Security Client\MsMpEng.exe
    c:\windows\System32\WLTRYSVC.EXE
    c:\windows\System32\bcmwltry.exe
    c:\program files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
    c:\windows\system32\lxdncoms.exe
    c:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    c:\windows\system32\SearchIndexer.exe
    c:\windows\system32\Ati2evxx.exe
    c:\windows\system32\wscntfy.exe
    .
    **************************************************************************
    .
    Completion time: 2012-09-02 23:27:17 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-09-03 03:27
    .
    Pre-Run: 1,621,151,744 bytes free
    Post-Run: 3,374,657,536 bytes free
    .
    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
    .
    - - End Of File - - 634D80E040BBBAABE211330C83A1D205


    thank you very much !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
     
  15. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,645
    You have both F-Secure Anti-virus and Microsoft Security Essentials. You need to uninstall one of them as it's not good to have two on the machine at the same time because they will conflict and cause problems.

    Open Notepad and copy and paste the text in the code box below into it:

    Code:
    Registry::
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "8085:TCP"=-
    
    DDS::
    uInternet Settings,ProxyServer = 127.0.0.1:5555
     
    Save the file to your desktop and name it CFScript.txt

    Referring to the picture below, drag CFScript.txt into ComboFix.exe

    [​IMG]


    This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply.

    Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1066447