1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Unable to access facebook.com after backdoor virus removal

Discussion in 'Virus & Other Malware Removal' started by faathihz, Aug 27, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. faathihz

    faathihz Thread Starter

    Joined:
    Aug 27, 2011
    Messages:
    5
    Hi

    I cant access facebook.com from any browser (internet explorer, chrome or firefox) after i managed to clean a backdoor virus my laptop caught from what seemed like a virus from facebook. I accidentally ran a flashplayer.exe file which was required to view the facebook video. I used spyware doctor and kaspersky to clean the virus and have managed to use my laptop normally but i cant access facebook.com,

    I tried to scan my laptop for more viruses but both programs say that i dun have any.

    Please help!!!

    Thanks
     
  2. faathihz

    faathihz Thread Starter

    Joined:
    Aug 27, 2011
    Messages:
    5
    just thought anyone who wants to help might need this info.

    this is what i got after i run command :

    Ping facebook.com

    Pinging facebook.com [127.0.0.1] with 32 bytes of data:

    Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
    Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
    Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
    Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

    Ping statistics for 127.0.0.1:

    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

    Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms


    NOTEPAD c:\Windows\system32\drivers\etc\HOSTS.

    # Copyright (c) 1993-1999 Microsoft Corp.
    #
    # This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
    #
    # This file contains the mappings of IP addresses to host names. Each
    # entry should be kept on an individual line. The IP address should
    # be placed in the first column followed by the corresponding host name.
    # The IP address and the host name should be separated by at least one
    # space.
    #
    # Additionally, comments (such as these) may be inserted on individual
    # lines or following the machine name denoted by a '#' symbol.
    #
    # For example:
    #
    # 102.54.94.97 rhino.acme.com # source server
    # 38.25.63.10 x.acme.com # x client host

    127.0.0.1 localhost
     
  3. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,852
    follow advice here and post the logs those programs make
     
  4. faathihz

    faathihz Thread Starter

    Joined:
    Aug 27, 2011
    Messages:
    5
    sorry about that. please see below.

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 12:33:35 AM, on 8/30/2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\ChgService.exe
    C:\Program Files\Common Files\Sony Ericsson\Emma Core\Services\EmmaDeviceMgmt.exe
    C:\Program Files\Common Files\Sony Ericsson\Emma Core\Services\EmmaUpdateMgmt.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\NCLAUNCH.EXe
    C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\1.3.21.65\GoogleCrashHandler.exe
    C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
    C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
    C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\VideoLAN\VLC\vlc.exe
    C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\user\My Documents\Downloads\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://jookz.toolbaroptions.com/?tmp=toolbar_results_jookz_v2_homepage&prt=jkwbtb04ie&v=15
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://jookz.toolbaroptions.com/?tmp=toolbar_results_jookz_v2_homepage&prt=jkwbtb04ie&v=15
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
    R3 - URLSearchHook: Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSoft.dll (file missing)
    R3 - URLSearchHook: (no name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - (no file)
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
    O2 - BHO: Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSoft.dll (file missing)
    O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll
    O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
    O3 - Toolbar: Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSoft.dll (file missing)
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Global Startup: Microsoft Firewall Client Management.lnk = C:\Program Files\Microsoft Firewall Client 2004\FwcMgmt.exe
    O4 - Global Startup: WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
    O9 - Extra button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra 'Tools' menuitem: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1261241121123
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Change Modem Device Service - Unknown owner - C:\WINDOWS\system32\ChgService.exe
    O23 - Service: ddservice - Unknown owner - C:\WINDOWS\update.7.1\svchostdriver.exe (file missing)
    O23 - Service: Emma Device Management (EmmaDevMgmtSvc) - Sony Ericsson Mobile Communications - C:\Program Files\Common Files\Sony Ericsson\Emma Core\Services\EmmaDeviceMgmt.exe
    O23 - Service: Emma Update Management (EmmaUpdMgmtSvc) - Sony Ericsson Mobile Communications - C:\Program Files\Common Files\Sony Ericsson\Emma Core\Services\EmmaUpdateMgmt.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Jookz Toolbar Helper - Unknown owner - C:\Program Files\Jookz Toolbar\tbsvc.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\PC Tools Security\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\PC Tools Security\pctsSvc.exe
    O23 - Service: srviecheck - Unknown owner - C:\WINDOWS\update.2\svchost.exe (file missing)
    O23 - Service: ThreatFire - PC Tools - C:\Program Files\PC Tools Security\TFEngine\TFService.exe
    O23 - Service: WDDMService - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
    O23 - Service: WD File Management Engine (WDFME) - Unknown owner - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
    O23 - Service: WD File Management Shadow Engine (WDSC) - Unknown owner - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
    O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    O23 - Service: Zwangie Service - Unknown owner - C:\Documents and Settings\All Users\Application Data\Zwangie\zwangie159.exe (file missing)

    --
    End of file - 12691 bytes




    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702
    Run by user at 0:58:40 on 2011-08-30
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.361 [GMT 5:00]
    .
    AV: Kaspersky Anti-Virus *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    svchost.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    svchost.exe
    C:\WINDOWS\system32\ChgService.exe
    C:\Program Files\Common Files\Sony Ericsson\Emma Core\Services\EmmaDeviceMgmt.exe
    C:\Program Files\Common Files\Sony Ericsson\Emma Core\Services\EmmaUpdateMgmt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\NCLAUNCH.EXe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\1.3.21.65\GoogleCrashHandler.exe
    C:\Program Files\Microsoft Firewall Client 2004\FwcMgmt.exe
    C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
    C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
    C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
    C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uLocal Page = hxxp://jookz.toolbaroptions.com/?tmp=toolbar_results_jookz_v2_homepage&prt=jkwbtb04ie&v=15
    mLocal Page = hxxp://jookz.toolbaroptions.com/?tmp=toolbar_results_jookz_v2_homepage&prt=jkwbtb04ie&v=15
    uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
    uInternet Settings,ProxyOverride = <local>
    uURLSearchHooks: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - c:\program files\softonic-eng7\tbSoft.dll
    uURLSearchHooks: H - No File
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
    BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
    BHO: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - c:\program files\softonic-eng7\tbSoft.dll
    BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky anti-virus 2011\ievkbd.dll
    BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky anti-virus 2011\klwtbbho.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
    TB: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - c:\program files\softonic-eng7\tbSoft.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
    TB: {4C350B19-6CA1-4569-B14C-296D8D6535B2} - No File
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [Google Update] "c:\documents and settings\user\local settings\application data\google\update\GoogleUpdate.exe" /c
    uRun: [NCLaunch] c:\windows\NCLAUNCH.EXe
    uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
    mRun: [tray_ico]
    mRun: [tray_ico3]
    mRun: [tray_ico4]
    mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
    mRun: [AVP] "c:\program files\kaspersky lab\kaspersky anti-virus 2011\avp.exe"
    StartupFolder: c:\docume~1\user\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft firewall client 2004\FwcMgmt.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wddmst~1.lnk - c:\program files\western digital\wd smartware\wd drive manager\WDDMStatus.exe
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableSecureUIAPaths = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky anti-virus 2011\klwtbbho.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky anti-virus 2011\klwtbbho.dll
    LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
    LSP: c:\program files\microsoft firewall client 2004\FwcWsp.dll
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1261241121123
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 192.168.2.1 192.168.1.1 202.1.192.196 202.1.201.201
    TCP: Interfaces\{961790E2-32EB-4B0A-99CE-89582CA05182} : DhcpNameServer = 192.168.2.1 192.168.1.1 202.1.192.196 202.1.201.201
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Notify: igfxcui - igfxdev.dll
    Notify: klogon - c:\windows\system32\klogon.dll
    AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\user\application data\mozilla\firefox\profiles\dh0zp2zd.default\
    FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
    FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
    FF - plugin: c:\documents and settings\user\local settings\application data\google\update\1.3.21.65\npGoogleUpdate3.dll
    FF - plugin: c:\documents and settings\user\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
    FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
    FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
    FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 KL1;kl1;c:\windows\system32\drivers\kl1.sys [2010-6-9 132184]
    R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2011-8-25 263888]
    R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2011-8-25 338880]
    R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2011-8-25 656320]
    R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2011-8-25 51984]
    R0 TFSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2011-8-25 69392]
    R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2010-6-9 11352]
    R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2011-8-26 475736]
    R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2011-8-25 253096]
    R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [2011-8-25 233976]
    R2 Change Modem Device Service;Change Modem Device Service;c:\windows\system32\ChgService.exe [2010-6-27 135168]
    R2 EmmaDevMgmtSvc;Emma Device Management;c:\program files\common files\sony ericsson\emma core\services\EmmaDeviceMgmt.exe [2010-7-1 306296]
    R2 EmmaUpdMgmtSvc;Emma Update Management;c:\program files\common files\sony ericsson\emma core\services\EmmaUpdateMgmt.exe [2010-7-1 162936]
    R2 FwcAgent;Firewall Client Agent;c:\program files\microsoft firewall client 2004\FwcAgent.exe [2006-12-9 128832]
    R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\sony ericsson\sony ericsson pc suite\SupServ.exe [2010-7-20 90112]
    R2 WDDMService;WDDMService;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2011-3-9 238592]
    R2 WDFME;WD File Management Engine;c:\program files\western digital\wd smartware\front parlor\wdfme\WDFME.exe [2011-3-9 1060864]
    R2 WDSC;WD File Management Shadow Engine;c:\program files\western digital\wd smartware\front parlor\WDSC.exe [2011-3-9 484352]
    R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2010-5-7 32856]
    R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-11-2 19472]
    R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2010-7-20 27632]
    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2011-7-28 11520]
    S1 SBRE;SBRE;\??\c:\windows\system32\drivers\sbredrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
    S2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky anti-virus 2011\avp.exe [2010-7-1 352976]
    S2 ddservice;ddservice;c:\windows\update.7.1\svchostdriver.exe srv --> c:\windows\update.7.1\svchostdriver.exe srv [?]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-14 136176]
    S2 Jookz Toolbar Helper;Jookz Toolbar Helper;c:\program files\jookz toolbar\tbsvc.exe --> c:\program files\jookz toolbar\tbsvc.exe [?]
    S2 srviecheck;srviecheck;c:\windows\update.2\svchost.exe srv --> c:\windows\update.2\svchost.exe srv [?]
    S2 Zwangie Service;Zwangie Service;"c:\documents and settings\all users\application data\zwangie\zwangie159.exe" "c:\program files\zwangie\zwangie.dll" bputqxbwqq --> c:\documents and settings\all users\application data\zwangie\zwangie159.exe [?]
    S3 cmnsusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2053s;c:\windows\system32\drivers\cmnsusbser.sys [2010-6-27 103424]
    S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2010-7-20 13224]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-5-14 136176]
    S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2004-8-3 14336]
    S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2011-8-25 70664]
    S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools security\pctsAuxs.exe [2011-8-25 371472]
    S3 sdCoreService;PC Tools Security Service;c:\program files\pc tools security\pctsSvc.exe [2011-8-25 1117144]
    S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2011-8-25 33552]
    S3 ThreatFire;ThreatFire;c:\program files\pc tools security\tfengine\tfservice.exe service --> c:\program files\pc tools security\tfengine\TFService.exe service [?]
    .
    =============== Created Last 30 ================
    .
    2011-08-29 19:54:48 150200 ----a-w- c:\program files\mozilla firefox\extensions\[email protected]\components\kavlinkfilter.dll
    2011-08-26 16:04:11 -------- d-----w- c:\program files\Microsoft Firewall Client 2004
    2011-08-26 12:12:21 115369 ----a-w- c:\windows\system32\drivers\klin.dat
    2011-08-26 12:12:20 97859 ----a-w- c:\windows\system32\drivers\klick.dat
    2011-08-26 11:47:49 -------- d-----w- c:\program files\Kaspersky Lab
    2011-08-26 11:47:49 -------- d-----w- c:\documents and settings\all users\application data\Kaspersky Lab
    2011-08-26 11:30:05 -------- d--h--w- C:\kleaner.tmp
    2011-08-25 16:40:03 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
    2011-08-25 16:28:28 69392 --s---w- c:\windows\system32\drivers\TfSysMon.sys
    2011-08-25 16:28:28 51984 --s---w- c:\windows\system32\drivers\TfFsMon.sys
    2011-08-25 16:28:28 33552 --s---w- c:\windows\system32\drivers\TfNetMon.sys
    2011-08-25 16:23:27 -------- d--h--w- c:\windows\update.8.1
    2011-08-25 15:39:07 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys
    2011-08-25 15:39:07 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys
    2011-08-25 15:39:06 253096 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
    2011-08-25 15:38:51 263888 ----a-w- c:\windows\system32\drivers\PCTCore.sys
    2011-08-25 15:38:50 160576 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
    2011-08-25 15:38:45 233976 ----a-w- c:\windows\system32\drivers\PCTSD.sys
    2011-08-25 15:38:31 70664 ----a-w- c:\windows\system32\drivers\pctplsg.sys
    2011-08-25 15:38:08 -------- d-----w- c:\program files\PC Tools Security
    2011-08-25 15:38:08 -------- d-----w- c:\program files\common files\PC Tools
    2011-08-25 15:36:37 -------- d-----w- c:\documents and settings\all users\application data\PC Tools
    2011-08-25 12:06:18 -------- d--h--w- c:\windows\update.tray-0-0-lnk
    2011-08-25 12:06:18 -------- d--h--w- c:\windows\update.tray-0-0
    2011-08-25 11:32:20 -------- d-----w- c:\program files\common files\SYMANT~1
    2011-08-25 00:18:08 -------- d--h--w- c:\windows\update.tray-12-0-lnk
    2011-08-25 00:18:08 -------- d--h--w- c:\windows\update.tray-12-0
    2011-08-24 23:52:13 -------- d--h--w- c:\documents and settings\all users\application data\Common Files
    2011-08-24 23:51:06 -------- d-----w- c:\documents and settings\all users\application data\MFAData
    2011-08-24 22:58:21 -------- d-----w- c:\documents and settings\user\application data\Sammsoft
    2011-08-24 20:56:41 -------- d-----w- c:\windows\system32\wbem\repository\FS
    2011-08-24 20:56:41 -------- d-----w- c:\windows\system32\wbem\Repository
    2011-08-24 20:37:22 16342528 ----a-w- c:\windows\SETAF.tmp
    2011-08-21 14:17:35 -------- d-----w- c:\windows\av_ico
    2011-08-21 12:43:18 -------- d--h--w- c:\windows\update.7.1
    2011-08-21 12:41:50 246272 ----a-w- c:\windows\unrar.exe
    2011-08-21 12:37:10 -------- d--h--w- c:\windows\update.tray-10-0-lnk
    2011-08-21 12:37:10 -------- d--h--w- c:\windows\update.tray-10-0
    2011-08-21 11:03:47 -------- d-----w- c:\documents and settings\user\local settings\application data\Help
    2011-08-11 03:22:43 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
    2011-08-11 03:21:48 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
    .
    ==================== Find3M ====================
    .
    2011-08-20 19:38:21 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
    2011-06-24 14:10:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2011-06-23 18:36:30 916480 ----a-w- c:\windows\system32\wininet.dll
    2011-06-23 18:36:30 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-06-23 18:36:30 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2011-06-23 12:05:13 385024 ----a-w- c:\windows\system32\html.iec
    2011-06-20 17:44:52 293376 ----a-w- c:\windows\system32\winsrv.dll
    2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys
    .
    ============= FINISH: 1:02:25.76 ===============






    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 1/3/2008 1:38:29 PM
    System Uptime: 8/30/2011 12:52:53 AM (1 hours ago)
    .
    Motherboard: NEC | | VERSA E6300
    Processor: Intel(R) Pentium(R) Dual CPU T2330 @ 1.60GHz | U2E1 | 1994/mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 39 GiB total, 13.063 GiB free.
    D: is FIXED (NTFS) - 68 GiB total, 49.788 GiB free.
    E: is CDROM ()
    F: is CDROM (UDF)
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP585: 8/22/2011 7:22:30 PM - System Checkpoint
    RP586: 8/24/2011 6:16:38 PM - System Checkpoint
    RP587: 8/25/2011 1:46:32 AM - Restore Operation
    RP588: 8/25/2011 1:50:07 AM - Restore Operation
    RP589: 8/25/2011 2:01:26 AM - Software Distribution Service 3.0
    RP590: 8/25/2011 3:57:56 AM - ARO 2011 - Before Installation
    RP591: 8/25/2011 3:58:55 AM - ARO 2011 - FIRST RUN
    RP592: 8/25/2011 4:08:31 AM - ARO 2011 Thu, Aug 25, 11 04:08
    RP593: 8/25/2011 4:31:09 AM - ARO 2011 - Before Optimize
    RP594: 8/25/2011 5:06:45 AM - Installed AVG 2011
    RP595: 8/25/2011 5:08:46 AM - Installed AVG 2011
    RP596: 8/25/2011 8:53:13 AM - Installed AVG 2011
    RP597: 8/25/2011 9:16:08 AM - Removed AVG 2011
    RP598: 8/25/2011 4:31:25 PM - Removed Symantec AntiVirus
    RP599: 8/25/2011 4:55:36 PM - Installed Kaspersky Anti-Virus 2011.
    RP600: 8/25/2011 8:46:46 PM - Removed Kaspersky Anti-Virus 2011.
    RP601: 8/25/2011 9:27:27 PM - Removed Kaspersky Anti-Virus 2011.
    RP602: 8/25/2011 10:11:32 PM - Removed Kaspersky Anti-Virus 2011.
    RP603: 8/26/2011 1:09:34 AM - Removed Skype™ 5.5
    RP604: 8/26/2011 3:50:23 PM - Removed Kaspersky Anti-Virus 2011.
    RP605: 8/26/2011 4:15:33 PM - Removed Kaspersky Anti-Virus 2011.
    RP606: 8/26/2011 4:46:16 PM - Installed Kaspersky Anti-Virus 2011.
    RP607: 8/26/2011 9:04:06 PM - Installed Microsoft Firewall Client
    RP608: 8/28/2011 6:13:48 AM - System Checkpoint
    RP609: 8/29/2011 6:22:07 AM - System Checkpoint
    .
    ==== Installed Programs ======================
    .
    Adobe AIR
    Adobe Anchor Service CS3
    Adobe Asset Services CS3
    Adobe Bridge CS4
    Adobe Bridge Start Meeting
    Adobe CMaps
    Adobe Color - Photoshop Specific
    Adobe Color Common Settings
    Adobe Color EU Extra Settings
    Adobe Color JA Extra Settings
    Adobe Color NA Recommended Settings
    Adobe Default Language CS3
    Adobe Device Central CS3
    Adobe ExtendScript Toolkit 2
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Fonts All
    Adobe Help Viewer CS3
    Adobe Linguistics CS3
    Adobe PDF Library Files
    Adobe Photoshop CS4
    Adobe Reader X (10.1.0)
    Adobe Setup
    Adobe Shockwave Player 11.5
    Adobe Type Support
    Adobe Update Manager CS3
    Adobe Version Cue CS3 Client
    Adobe WinSoft Linguistics Plugin
    Adobe XMP Panels CS3
    Agere Systems HDA Modem
    Ahead Nero Burning ROM
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Avanquest update
    AVG 2011
    BitTorrent
    CAS Lite for NEC
    Click to Call with Skype
    Content Transfer
    Convert DOC to PDF For Word 3.50
    Convert Image To PDF
    Dhiraagu Mobile Broadband USB Modem version 5.014
    DivX Setup
    Emma Core
    Google Chrome
    Google Update Helper
    High Definition Audio Driver Package - KB888111
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB2570791)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB976002-v5)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    Intel(R) Graphics Media Accelerator Driver
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 26
    Junk Mail filter update
    Kaspersky Anti-Virus 2011
    Marvell Miniport Driver
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Firewall Client
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Software Update for Web Folders (English) 12
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Mozilla Firefox 6.0 (x86 en-US)
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    MSXML 6.0 Parser (KB933579)
    NVIDIA Drivers
    NWZ-W250 WALKMAN Guide
    PDF Settings
    Photoshop Camera Raw
    PowerDVD
    QuickTime
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealPlayer
    Realtek High Definition Audio Driver
    RealUpgrade 1.1
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB2509488)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft Office 2007 System (KB2541012)
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Excel 2007 (KB2541007)
    Security Update for Microsoft Office Groove 2007 (KB2494047)
    Security Update for Microsoft Office InfoPath 2007 (KB2510061)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
    Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
    Security Update for Microsoft Office Publisher 2007 (KB2284697)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB2482017)
    Security Update for Windows Internet Explorer 8 (KB2497640)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2530548)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2559049)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player (KB979402)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2536276)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2555917)
    Security Update for Windows XP (KB2562937)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371-v2)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB976325)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    Segoe UI
    SEMC OMSI Module
    Skype™ 5.5
    Sony Ericsson PC Suite 6.012.00
    Spelling Dictionaries Support For Adobe Reader 8
    Spyware Doctor
    Synaptics Pointing Device Driver
    Unity Web Player
    UnRAR for Windows
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2007 System (KB2539530)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office Outlook 2007 (KB2509470)
    Update for Outlook 2007 Junk Email Filter (KB2586924)
    Update for Windows Internet Explorer 8 (KB975364)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows Internet Explorer 8 (KB982632)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB961503)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    VC80CRTRedist - 8.0.50727.4053
    VLC media player 1.1.4
    WD SmartWare
    WebFldrs XP
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Imaging Component
    Windows Internet Explorer 8
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Messenger
    Windows Live Sign-in Assistant
    Windows Live Upload Tool
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Rights Management Client Backwards Compatibility SP2
    Windows Rights Management Client with Service Pack 2
    Windows XP Service Pack 3
    WinRAR archiver
    WinZip 15.0
    WinZip Self-Extractor
    xpot
    Yahoo! Messenger
    Yahoo! Software Update
    Yahoo! Toolbar
    .
    ==== Event Viewer Messages From Past Week ========
    .
    8/26/2011 5:09:02 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the WDFME service.
    8/26/2011 4:27:28 PM, error: Service Control Manager [7000] - The KLIF service failed to start due to the following error: The system cannot find the file specified.
    8/26/2011 12:23:58 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
    8/26/2011 12:10:30 PM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
    8/26/2011 12:09:52 PM, error: Service Control Manager [7034] - The Workstation service terminated unexpectedly. It has done this 1 time(s).
    8/26/2011 12:09:52 PM, error: Service Control Manager [7034] - The Wireless Zero Configuration service terminated unexpectedly. It has done this 1 time(s).
    8/26/2011 12:09:52 PM, error: Service Control Manager [7034] - The Windows Firewall/Internet Connection Sharing (ICS) service terminated unexpectedly. It has done this 1 time(s).
    8/26/2011 12:09:52 PM, error: Service Control Manager [7034] - The Windows Audio service terminated unexpectedly. It has done this 1 time(s).
    8/26/2011 12:09:52 PM, error: Service Control Manager [7034] - The Telephony service terminated unexpectedly. It has done this 1 time(s).
    8/26/2011 12:09:52 PM, error: Service Control Manager [7034] - The System Restore Service service terminated unexpectedly. It has done this 1 time(s).
    8/26/2011 12:09:52 PM, error: Service Control Manager [7034] - The System Event Notification service terminated unexpectedly. It has done this 1 time(s).
    8/26/2011 12:09:52 PM, error: Service Control Manager [7034] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s).
    8/26/2011 12:09:52 PM, error: Service Control Manager [7034] - The Server service terminated unexpectedly. It has done this 1 time(s).
    8/26/2011 12:09:52 PM, error: Service Control Manager [7034] - The Security Center service terminated unexpectedly. It has done this 1 time(s).
    8/26/2011 12:09:52 PM, error: Service Control Manager [7034] - The Secondary Logon service terminated unexpectedly. It has done this 1 time(s).
    8/26/2011 12:09:52 PM, error: Service Control Manager [7034] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 1 time(s).
    8/26/2011 12:09:52 PM, error: Service Control Manager [7034] - The Network Location Awareness (NLA) service terminated unexpectedly. It has done this 1 time(s).
    8/26/2011 12:09:52 PM, error: Service Control Manager [7034] - The Network Connections service terminated unexpectedly. It has done this 1 time(s).
    8/26/2011 12:09:52 PM, error: Service Control Manager [7034] - The Logical Disk Manager service terminated unexpectedly. It has done this 1 time(s).
    8/26/2011 12:09:52 PM, error: Service Control Manager [7034] - The HID Input Service service terminated unexpectedly. It has done this 1 time(s).
    8/26/2011 12:09:52 PM, error: Service Control Manager [7034] - The Fast User Switching Compatibility service terminated unexpectedly. It has done this 1 time(s).
    8/26/2011 12:09:52 PM, error: Service Control Manager [7034] - The Error Reporting Service service terminated unexpectedly. It has done this 1 time(s).
    8/26/2011 12:09:52 PM, error: Service Control Manager [7034] - The Distributed Link Tracking Client service terminated unexpectedly. It has done this 1 time(s).
    8/26/2011 12:09:52 PM, error: Service Control Manager [7034] - The DHCP Client service terminated unexpectedly. It has done this 1 time(s).
    8/26/2011 12:09:52 PM, error: Service Control Manager [7034] - The Cryptographic Services service terminated unexpectedly. It has done this 1 time(s).
    8/26/2011 12:09:52 PM, error: Service Control Manager [7034] - The COM+ Event System service terminated unexpectedly. It has done this 1 time(s).
    8/26/2011 12:09:52 PM, error: Service Control Manager [7034] - The Automatic Updates service terminated unexpectedly. It has done this 1 time(s).
    8/26/2011 12:09:52 PM, error: Service Control Manager [7034] - The Application Management service terminated unexpectedly. It has done this 1 time(s).
    8/26/2011 12:09:52 PM, error: Service Control Manager [7031] - The Windows Time service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    8/26/2011 12:09:52 PM, error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    8/26/2011 12:09:52 PM, error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    8/26/2011 12:09:52 PM, error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 6000 milliseconds: Restart the service.
    8/26/2011 12:09:52 PM, error: Service Control Manager [7031] - The Help and Support service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
    8/26/2011 12:09:52 PM, error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    8/26/2011 1:46:17 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
    8/26/2011 1:37:05 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: eeCtrl Fips intelppm PCTSD SBRE TfFsMon TFSysMon
    8/25/2011 9:00:56 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgldx86 Avgmfx86 Avgtdix eeCtrl Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SAVRT SAVRTPEL SBRE SYMTDI Tcpip
    8/25/2011 8:35:28 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    8/25/2011 8:32:06 PM, error: Service Control Manager [7034] - The Yahoo! Updater service terminated unexpectedly. It has done this 1 time(s).
    8/25/2011 8:32:06 PM, error: Service Control Manager [7034] - The wxpdrivers service terminated unexpectedly. It has done this 1 time(s).
    8/25/2011 8:32:06 PM, error: Service Control Manager [7034] - The WDDMService service terminated unexpectedly. It has done this 1 time(s).
    8/25/2011 8:32:06 PM, error: Service Control Manager [7034] - The WD File Management Shadow Engine service terminated unexpectedly. It has done this 1 time(s).
    8/25/2011 8:32:06 PM, error: Service Control Manager [7034] - The WD File Management Engine service terminated unexpectedly. It has done this 1 time(s).
    8/25/2011 8:32:06 PM, error: Service Control Manager [7034] - The srviecheck service terminated unexpectedly. It has done this 1 time(s).
    8/25/2011 8:32:06 PM, error: Service Control Manager [7034] - The Sony Ericsson OMSI download service service terminated unexpectedly. It has done this 1 time(s).
    8/25/2011 8:32:06 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
    8/25/2011 8:32:06 PM, error: Service Control Manager [7034] - The Emma Update Management service terminated unexpectedly. It has done this 1 time(s).
    8/25/2011 8:32:06 PM, error: Service Control Manager [7034] - The Emma Device Management service terminated unexpectedly. It has done this 1 time(s).
    8/25/2011 8:32:06 PM, error: Service Control Manager [7034] - The ddservice service terminated unexpectedly. It has done this 1 time(s).
    8/25/2011 8:32:06 PM, error: Service Control Manager [7034] - The Change Modem Device Service service terminated unexpectedly. It has done this 1 time(s).
    8/25/2011 8:32:06 PM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
    8/25/2011 8:32:06 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    8/25/2011 5:13:01 PM, error: Service Control Manager [7000] - The Kaspersky Anti-Virus Service service failed to start due to the following error: The system cannot find the path specified.
    8/25/2011 5:05:55 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD eeCtrl Fips intelppm IPSec kl2 KLIF MRxSmb NetBIOS NetBT RasAcd Rdbss SBRE Tcpip
    8/25/2011 4:49:34 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: eeCtrl SBRE
    8/25/2011 4:32:08 PM, error: DCOM [10000] - Unable to start a DCOM Server: {DBA28A20-5CE1-4E8D-AD35-418B62269E54}. The error: "%3" Happened while starting this command: C:\PROGRA~1\COMMON~1\SYMANT~1\ccPwdSvc.exe -Embedding
    8/25/2011 2:40:31 AM, error: Service Control Manager [7000] - The srvsysdriver32 service failed to start due to the following error: The system cannot find the file specified.
    8/25/2011 2:30:51 AM, error: Service Control Manager [7034] - The srvsysdriver32 service terminated unexpectedly. It has done this 1 time(s).
    8/25/2011 1:48:45 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: eeCtrl SAVRT SAVRTPEL SBRE
    8/25/2011 1:48:45 AM, error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    8/25/2011 1:48:45 AM, error: Service Control Manager [7000] - The Jookz Toolbar Helper service failed to start due to the following error: The system cannot find the file specified.
    8/25/2011 1:45:27 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    8/25/2011 1:45:12 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD eeCtrl Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SAVRT SAVRTPEL SBRE SYMTDI Tcpip
    8/25/2011 1:45:12 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
    8/25/2011 1:45:12 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
    8/25/2011 1:45:12 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    8/25/2011 1:45:12 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
    8/25/2011 1:45:12 AM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    8/25/2011 1:45:12 AM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    8/25/2011 1:44:51 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
    8/24/2011 9:00:00 AM, error: Schedule [7901] - The At1.job command failed to start due to the following error: %%2147942402
    .
    ==== End Of File ===========================





    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2011-08-30 08:55:39
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e FUJITSU_MHW2120BH rev.00000012
    Running: 7ozgxd0z.exe; Driver: C:\DOCUME~1\user\LOCALS~1\Temp\kxliifog.sys


    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0xAA127558]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwClose [0xAA127E5C]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwConnectPort [0xAA128C90]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateEvent [0xAA1291DA]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateFile [0xAA128138]
    SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwCreateKey [0xF6E84C30]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateMutant [0xAA1290C0]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateNamedPipeFile [0xAA127146]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreatePort [0xAA128F94]
    SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xF6F9B0CC]
    SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xF6F9B394]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSection [0xAA1272EE]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSemaphore [0xAA1292FA]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateThread [0xAA127AE4]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateWaitablePort [0xAA12902A]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDebugActiveProcess [0xAA12A9E2]
    SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwDeleteKey [0xF6E84E90]
    SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwDeleteValueKey [0xF6E84F50]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeviceIoControlFile [0xAA1285BA]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDuplicateObject [0xAA12BBEE]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateKey [0xAA126ED2]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateValueKey [0xAA126F6A]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwFsControlFile [0xAA1283C8]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadDriver [0xAA12AAD4]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadKey [0xAA1263A4]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadKey2 [0xAA1263B6]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwMapViewOfSection [0xAA12B23C]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwNotifyChangeKey [0xAA127096]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenEvent [0xAA129270]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenFile [0xAA127EDE]
    SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwOpenKey [0xF6E84AD0]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenMutant [0xAA129150]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenProcess [0xAA127794]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenSection [0xAA12AFD6]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenSemaphore [0xAA129390]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenThread [0xAA127686]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryKey [0xAA127002]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryMultipleValueKey [0xAA126C3A]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQuerySection [0xAA12B576]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryValueKey [0xAA126864]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueueApcThread [0xAA12AE68]
    SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xF6FC2BC6]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplaceKey [0xAA125DDE]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplyPort [0xAA1296F4]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0xAA1295BA]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRequestWaitReplyPort [0xAA12A77C]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRestoreKey [0xAA126156]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwResumeThread [0xAA12BA90]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSaveKey [0xAA125D76]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSecureConnectPort [0xAA1289D6]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetContextThread [0xAA127D00]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetInformationToken [0xAA12A01C]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetSecurityObject [0xAA12AC72]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetSystemInformation [0xAA12B6C6]
    SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwSetValueKey [0xF6E85150]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSuspendProcess [0xAA12B7B8]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSuspendThread [0xAA12B8F2]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSystemDebugControl [0xAA12A906]
    SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwTerminateProcess [0xF6E87300]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwTerminateThread [0xAA127890]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwUnmapViewOfSection [0xAA12B41A]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwWriteVirtualMemory [0xAA127A1A]

    Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) FsRtlCheckLockForReadAccess
    Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) IoIsOperationSynchronous

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntoskrnl.exe!ZwYieldExecution + 12E 804E4988 12 Bytes [94, 8F, 12, AA, CC, B0, F9, ...]
    .text ntoskrnl.exe!ZwYieldExecution + 17A 804E49D4 8 Bytes CALL 92D404CF
    .text ntoskrnl.exe!ZwYieldExecution + 1FA 804E4A54 12 Bytes [D4, AA, 12, AA, A4, 63, 12, ...]
    .text ntoskrnl.exe!ZwYieldExecution + 252 804E4AAC 8 Bytes CALL 92DF9BA7
    .text ntoskrnl.exe!ZwYieldExecution + 2F7 804E4B51 7 Bytes [70, 12, AA, 3A, 6C, 12, AA] {JO 0x14; STOSB ; CMP CH, [EDX+EDX-0x56]}
    .text ...
    .text ntoskrnl.exe!IoIsOperationSynchronous 804EAFCE 5 Bytes JMP AA11A3C2 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)
    .text ntoskrnl.exe!FsRtlCheckLockForReadAccess 804F45B3 5 Bytes JMP AA119FE6 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)
    ? C:\DOCUME~1\user\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[680] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 17, 00]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[680] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[680] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[680] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 17, 00]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[680] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[680] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 17, 00]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[680] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[680] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 17, 00]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[680] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[680] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED1A
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[680] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[680] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 17, 00]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[680] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[680] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 17, 00]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[680] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[680] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 17, 00]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[680] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[680] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED8B
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[680] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[680] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 17, 00]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[680] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[680] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EEB9
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[680] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[680] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 17, 00]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[680] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[680] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 17, 00]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[680] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[680] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[680] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 17, 00]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[680] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1068] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 17, 00]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1068] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1068] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1068] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 17, 00]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1068] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1068] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 17, 00]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1068] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1068] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 17, 00]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1068] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1068] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED1A
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1068] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1068] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 17, 00]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1068] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1068] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 17, 00]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1068] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1068] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 17, 00]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1068] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1068] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED8B
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1068] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1068] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 17, 00]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1068] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1068] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EEB9
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1068] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1068] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 17, 00]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1068] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1068] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 17, 00]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1068] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1068] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1068] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 17, 00]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1068] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1128] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 17, 00]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1128] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1128] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1128] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 17, 00]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1128] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1128] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 17, 00]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1128] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1128] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 17, 00]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1128] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1128] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED1A
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1128] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1128] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 17, 00]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1128] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1128] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 17, 00]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1128] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1128] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 17, 00]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1128] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1128] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED8B
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1128] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1128] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 17, 00]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1128] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1128] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EEB9
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1128] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1128] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 17, 00]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1128] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1128] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 17, 00]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1128] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1128] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1128] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 17, 00]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1128] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1220] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 17, 00]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1220] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1220] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1220] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 17, 00]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1220] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1220] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 17, 00]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1220] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1220] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 17, 00]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1220] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1220] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED1A
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1220] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1220] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 17, 00]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1220] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1220] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 17, 00]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1220] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1220] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 17, 00]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1220] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1220] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED8B
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1220] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1220] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 17, 00]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1220] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1220] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EEB9
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1220] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1220] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 17, 00]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1220] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1220] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 17, 00]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1220] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1220] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1220] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 17, 00]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1220] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1804] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 17, 00]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1804] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1804] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1804] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 17, 00]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1804] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1804] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 17, 00]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1804] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1804] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 17, 00]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1804] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1804] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED1A
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1804] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1804] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 17, 00]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1804] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1804] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 17, 00]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1804] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1804] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 17, 00]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1804] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1804] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED8B
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1804] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1804] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 17, 00]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1804] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1804] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EEB9
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1804] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1804] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 17, 00]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1804] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1804] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 17, 00]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1804] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1804] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1804] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 17, 00]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1804] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2388] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 17, 00]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2388] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2388] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2388] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 17, 00]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2388] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2388] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 17, 00]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2388] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2388] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 17, 00]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2388] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2388] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED1A
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2388] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2388] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 17, 00]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2388] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2388] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 17, 00]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2388] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2388] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 17, 00]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2388] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2388] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED8B
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2388] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2388] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 17, 00]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2388] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2388] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EEB9
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2388] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2388] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 17, 00]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2388] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2388] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 17, 00]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2388] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2388] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2388] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 17, 00]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2388] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 17, 00]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 17, 00]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 17, 00]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 17, 00]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED1A
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 17, 00]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 17, 00]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 17, 00]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED8B
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 17, 00]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EEB9
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 17, 00]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 17, 00]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 17, 00]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3224] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 17, 00]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3224] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3224] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3224] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 17, 00]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3224] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3224] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 17, 00]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3224] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3224] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 17, 00]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3224] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3224] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED1A
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3224] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3224] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 17, 00]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3224] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3224] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 17, 00]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3224] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3224] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 17, 00]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3224] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3224] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED8B
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3224] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3224] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 17, 00]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3224] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3224] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EEB9
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3224] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3224] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 17, 00]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3224] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3224] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 17, 00]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3224] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3224] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3224] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 17, 00]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3224] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3464] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 17, 00]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3464] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3464] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3464] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 17, 00]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3464] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3464] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 17, 00]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3464] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3464] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 17, 00]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3464] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3464] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED1A
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3464] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3464] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 17, 00]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3464] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3464] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 17, 00]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3464] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3464] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 17, 00]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3464] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3464] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED8B
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3464] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3464] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 17, 00]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3464] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3464] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EEB9
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3464] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3464] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 17, 00]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3464] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3464] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 17, 00]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3464] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3464] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3464] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 17, 00]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3464] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 17, 00]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 17, 00]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 17, 00]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 17, 00]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED1A
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 17, 00]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 17, 00]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 17, 00]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED8B
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 17, 00]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EEB9
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 17, 00]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 17, 00]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 17, 00]
    .text C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs TfFsMon.sys (ThreatFire Filesystem Monitor/PC Tools)

    Device \Driver\Tcpip \Device\Ip pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)

    AttachedDevice \Driver\Tcpip \Device\Ip kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

    Device \Driver\Tcpip \Device\Tcp pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)

    AttachedDevice \Driver\Tcpip \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)

    Device \Driver\Tcpip \Device\Udp pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)

    AttachedDevice \Driver\Tcpip \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)

    Device \Driver\Tcpip \Device\RawIp pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)

    AttachedDevice \Driver\Tcpip \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)

    Device \Driver\Tcpip \Device\IPMULTICAST pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)

    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\Fastfat \Fat TfFsMon.sys (ThreatFire Filesystem Monitor/PC Tools)

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\001dd9f6d365 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\001dd9f6d57d (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001dd9f6d365 (not active ControlSet)
    Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001dd9f6d365
    Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001dd9f6d57d

    ---- EOF - GMER 1.0.15 ----
     
  5. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,852
    nothing showing wrong there, except that facebook is listed as being on your local machine & not the internetfor DNS to look it up
    normally that is done by the hosts file but that all looks clear


    Is it possible that someone has set Kaspersky parental controls to block facebook
     
  6. faathihz

    faathihz Thread Starter

    Joined:
    Aug 27, 2011
    Messages:
    5
    unlikely.. i'm the only one using this laptop and i installed kaspersky about a week ago only.

    what do think i should do??
     
  7. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,852
    lets reset hosts to default just in case but as DDS isn't showing any hosts divert, iyt is unlikely to be responsible

    use the Microsoft fixit tool on http://support.microsoft.com/kb/972034 to reset hosts to default
    then

    Delete any existing version of ComboFix you have sitting on your desktop
    Please read and follow all these instructions very carefully
    Do not edit or remove any information or user names etc, otherwise we cannot fix the problem. If you insist on editing out anything then I will close the topic & refuse to offer any help.

    Download ComboFix from Here or Hereto your Desktop.
    As you download it rename it to username123.exe


    **Note: It is important that it is saved directly to your desktop and run from the desktop and not any other folder on your computer**
    --------------------------------------------------------------------
    1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    • Very Important! Temporarily disable your anti-virus and anti-malware real-time protection and any script blocking components of them or your firewall before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results" or stop combofix running at all
    • Click on THIS LINK to see instructions on how to temporarily disable many security programs while running combofix. The list does not cover every program. If yours is not listed and you don't know how to disable it, please ask.
    • Remember to re enable the protection again after combofix has finished
    --------------------------------------------------------------------
    2. Close any open browsers and any other programs you might have running
    Double click on renamed combofix.exe & follow the prompts.​
    If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?"
    Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
    When finished, it will produce a report for you.
    Please post the "C:\ComboFix.txt" for further review


    ****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

    Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
    Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read HERE why we disable autoruns

    Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

    Please tell us if it has cured the problems or if there are any outstanding issues
     
  8. faathihz

    faathihz Thread Starter

    Joined:
    Aug 27, 2011
    Messages:
    5
    IT WORKED... I WORKED :D:D.. thank u soo much dude

    just to be sure am free of all malware i'm posting the log file too.. but thanks man.. YOU ROCK!!!


    ComboFix 11-08-31.02 - user 08/31/2011 18:41:14.1.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.605 [GMT 5:00]
    Running from: c:\documents and settings\user\Desktop\username123.exe
    AV: Kaspersky Anti-Virus *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users\Application Data\hpeDBA.dll
    c:\windows\w_distrib_iplist.txt
    c:\windows\winlog-dirs.txt
    c:\windows\winlog-ids.txt
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_DDSERVICE
    -------\Legacy_SRVIECHECK
    -------\Service_ddservice
    -------\Service_srviecheck
    -------\Legacy_Jookz_Toolbar_Helper
    -------\Legacy_Zwangie_Service
    -------\Service_Jookz Toolbar Helper
    -------\Service_Zwangie Service
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-07-28 to 2011-08-31 )))))))))))))))))))))))))))))))
    .
    .
    2011-08-26 16:04 . 2011-08-26 16:04 -------- d-----w- c:\program files\Microsoft Firewall Client 2004
    2011-08-26 12:12 . 2011-08-26 13:36 115369 ----a-w- c:\windows\system32\drivers\klin.dat
    2011-08-26 12:12 . 2011-08-26 13:36 97859 ----a-w- c:\windows\system32\drivers\klick.dat
    2011-08-26 11:47 . 2011-08-31 15:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
    2011-08-26 11:47 . 2011-08-26 11:47 -------- d-----w- c:\program files\Kaspersky Lab
    2011-08-26 11:30 . 2011-08-26 11:30 -------- d-----w- C:\kleaner.tmp
    2011-08-25 16:40 . 2011-08-26 15:20 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
    2011-08-25 16:28 . 2011-01-20 08:27 69392 --s---w- c:\windows\system32\drivers\TfSysMon.sys
    2011-08-25 12:06 . 2011-08-26 07:23 -------- d--h--w- c:\windows\update.tray-0-0-lnk
    2011-08-25 12:06 . 2011-08-25 16:10 -------- d--h--w- c:\windows\update.tray-0-0
    2011-08-25 11:32 . 2011-08-25 11:32 -------- d-----w- c:\program files\Common Files\SYMANT~1
    2011-08-25 00:18 . 2011-08-26 18:50 -------- d--h--w- c:\windows\update.tray-12-0-lnk
    2011-08-25 00:18 . 2011-08-25 16:10 -------- d--h--w- c:\windows\update.tray-12-0
    2011-08-24 23:52 . 2011-08-24 23:52 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
    2011-08-24 23:51 . 2011-08-25 04:16 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
    2011-08-24 22:58 . 2011-08-25 16:15 -------- d-----w- c:\documents and settings\user\Application Data\Sammsoft
    2011-08-24 20:56 . 2011-08-24 20:56 -------- d-----w- c:\windows\system32\wbem\Repository
    2011-08-24 20:37 . 2011-08-24 20:37 16342528 ----a-w- c:\windows\SETAF.tmp
    2011-08-24 20:32 . 2011-08-24 20:52 -------- d-s---w- c:\documents and settings\Administrator
    2011-08-21 14:17 . 2011-08-25 12:12 -------- d-----w- c:\windows\av_ico
    2011-08-21 12:43 . 2011-08-25 16:40 -------- d--h--w- c:\windows\update.7.1
    2011-08-21 12:41 . 2011-08-25 16:20 246272 ----a-w- c:\windows\unrar.exe
    2011-08-21 12:37 . 2011-08-26 18:50 -------- d--h--w- c:\windows\update.tray-10-0-lnk
    2011-08-21 12:37 . 2011-08-25 16:10 -------- d--h--w- c:\windows\update.tray-10-0
    2011-08-21 11:03 . 2011-08-21 11:03 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Help
    2011-08-11 03:22 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
    2011-08-11 03:21 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-08-20 19:38 . 2011-06-10 04:23 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-07-15 13:29 . 2004-08-03 15:15 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-07-08 14:02 . 2001-08-23 12:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
    2011-06-24 14:10 . 2008-01-03 08:30 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2011-06-23 18:36 . 2004-08-03 16:56 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2011-06-23 18:36 . 2004-08-03 16:56 916480 ----a-w- c:\windows\system32\wininet.dll
    2011-06-23 18:36 . 2004-08-03 16:56 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-06-23 12:05 . 2004-08-03 14:59 385024 ----a-w- c:\windows\system32\html.iec
    2011-06-20 17:44 . 2004-08-03 16:56 293376 ----a-w- c:\windows\system32\winsrv.dll
    2011-08-12 05:57 . 2011-08-26 20:22 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NCLaunch"="c:\windows\NCLAUNCH.EXe" [2010-08-28 40960]
    "Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-08-18 17360520]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe" [2011-08-26 352976]
    .
    c:\documents and settings\user\Start Menu\Programs\Startup\
    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Microsoft Firewall Client Management.lnk - c:\program files\Microsoft Firewall Client 2004\FwcMgmt.exe [2006-12-9 117568]
    WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2011-3-9 3986944]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableSecureUIAPaths"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "2865827.exe"="c:\windows\TEMP\2865827.exe"
    "wxpdrv"=c:\windows\services32.exe
    "vptray"=c:\progra~1\SYMANT~1\\vptray.exe
    "tray_ico4"=
    "tray_ico3"=
    "tray_ico2"=
    "tray_ico1"=
    "tray_ico0"=c:\windows\update.tray-10-0\svchost.exe
    "tray_ico"=
    "TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" -osboot
    "SynTPEnh"=c:\program files\Synaptics\SynTP\SynTPEnh.exe
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
    "SoundMan"=SOUNDMAN.EXE
    "SkyTel"=SkyTel.EXE
    "Rtlupd"=c:\program files\Realtek\InstallShield\RtlUpd.exe -u -s -fi
    "RTHDCPL"=RTHDCPL.EXE
    "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe"
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
    "Persistence"=c:\windows\system32\igfxpers.exe
    "nwiz"=nwiz.exe /install
    "NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    "NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    "NeroCheck"=c:\windows\system32\NeroCheck.exe
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
    "IgfxTray"=c:\windows\system32\igfxtray.exe
    "HotKeysCmds"=c:\windows\system32\hkcmd.exe
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
    "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    "ContentTransferWMDetector.exe"=c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe
    "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe"
    "BluetoothAuthenticationAgent"=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    "AlcWzrd"=ALCWZRD.EXE
    "Alcmtr"=ALCMTR.EXE
    "AGRSMMSG"=AGRSMMSG.exe
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    "DisableThumbnailCache"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
    "c:\\Program Files\\BitTorrent\\bittorrent.exe"=
    "c:\\Program Files\\Sony Ericsson\\SEMC OMSI Module\\SEMC OMSI Module.exe"=
    "c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "c:\\WINDOWS\\system32\\dpvsetup.exe"=
    "c:\\Program Files\\Real\\realplayer\\realplay.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Documents and Settings\\user\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
    .
    R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [8/25/2011 8:38 PM 263888]
    R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [8/25/2011 8:39 PM 338880]
    R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [8/25/2011 8:39 PM 656320]
    R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [8/25/2011 9:28 PM 51984]
    R0 TFSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [8/25/2011 9:28 PM 69392]
    R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [6/9/2010 5:43 PM 11352]
    R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [8/25/2011 8:39 PM 253096]
    R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [8/25/2011 8:38 PM 233976]
    R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [5/7/2010 12:06 PM 32856]
    R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [11/2/2009 8:27 PM 19472]
    R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [7/20/2010 11:28 PM 27632]
    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [7/28/2011 12:12 AM 11520]
    S1 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
    S3 cmnsusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2053s;c:\windows\system32\drivers\cmnsusbser.sys [6/27/2010 1:09 AM 103424]
    S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [7/20/2010 11:42 PM 13224]
    S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [8/25/2011 8:38 PM 70664]
    S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [8/25/2011 9:28 PM 33552]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-08-26 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 07:34]
    .
    2011-08-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-05-14 08:48]
    .
    2011-08-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-05-14 08:48]
    .
    2011-08-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1390067357-1417001333-725345543-1003Core.job
    - c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-28 14:15]
    .
    2011-08-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1390067357-1417001333-725345543-1003UA.job
    - c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-28 14:15]
    .
    2011-08-31 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1390067357-1417001333-725345543-1003.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 05:47]
    .
    2011-08-26 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1390067357-1417001333-725345543-1003.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 05:47]
    .
    2011-08-31 c:\windows\Tasks\User_Feed_Synchronization-{3BFE773E-1E44-4180-8309-E0B0F72926AA}.job
    - c:\windows\system32\msfeedssync.exe [2009-03-07 20:31]
    .
    2011-08-31 c:\windows\Tasks\WGASetup.job
    - c:\windows\system32\KB905474\wgasetup.exe [2009-12-22 14:18]
    .
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = hxxp://jookz.toolbaroptions.com/?tmp=toolbar_results_jookz_v2_homepage&prt=jkwbtb04ie&v=15
    mLocal Page = hxxp://jookz.toolbaroptions.com/?tmp=toolbar_results_jookz_v2_homepage&prt=jkwbtb04ie&v=15
    uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
    uInternet Settings,ProxyOverride = <local>
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
    LSP: c:\program files\Microsoft Firewall Client 2004\FwcWsp.dll
    TCP: DhcpNameServer = 192.168.2.1 192.168.1.1 202.1.192.196 202.1.201.201
    FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\dh0zp2zd.default\
    .
    - - - - ORPHANS REMOVED - - - -
    .
    URLSearchHooks-{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - c:\program files\Softonic-Eng7\tbSoft.dll
    BHO-{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - c:\program files\Softonic-Eng7\tbSoft.dll
    Toolbar-{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - c:\program files\Softonic-Eng7\tbSoft.dll
    WebBrowser-{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} - c:\program files\Softonic-Eng7\tbSoft.dll
    HKLM-Run-tray_ico - (no file)
    HKLM-Run-tray_ico3 - (no file)
    HKLM-Run-tray_ico4 - (no file)
    HKLM-Run-AVG_TRAY - c:\program files\AVG\AVG10\avgtray.exe
    Notify-NavLogon - (no file)
    AddRemove-AVG - c:\program files\AVG\AVG10\avgmfapx.exe
    AddRemove-Convert Image To PDF_is1 - c:\program files\Softinterface
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-08-31 20:04
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-1390067357-1417001333-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
    @Denied: (Full) (LocalSystem)
    "{20D04FE0-3AEA-1069-A2D8-08002B30309D}"="c:\\WINDOWS\\System32\\shell32.dll,15"
    "{992CFFA0-F557-101A-88EC-00DD010CCC48}"="c:\\WINDOWS\\system32\\SHELL32.dll,17"
    "{208D2C60-3AEA-1069-A2D7-08002B30309D}"="c:\\WINDOWS\\system32\\SHELL32.dll,17"
    "{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="c:\\WINDOWS\\system32\\shell32.dll,22"
    "{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="c:\\WINDOWS\\system32\\shell32.dll,23"
    "{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="c:\\WINDOWS\\system32\\shell32.dll,24"
    "{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="c:\\WINDOWS\\system32\\shell32.dll,-175"
    "{21EC2020-3AEA-1069-A2DD-08002B30309D}"="c:\\WINDOWS\\System32\\shell32.dll,-137"
    "{2227A280-3AEA-1069-A2DE-08002B30309D}"="c:\\WINDOWS\\System32\\shell32.dll,-138"
    "{D20EA4E1-3957-11d2-A40B-0C5020524152}"="c:\\WINDOWS\\system32\\shell32.dll,38"
    "AudioCD"="c:\\WINDOWS\\System32\\shell32.dll,40"
    "{FBF23B42-E3F0-101B-8488-00AA003E56F8}"="c:\\WINDOWS\\system32\\shell32.dll,220"
    "{450D8FBA-AD25-11D0-98A8-0800361B1103}"="c:\\WINDOWS\\system32\\mydocs.dll,0"
    "{D20EA4E1-3957-11d2-A40B-0C5020524153}"="c:\\WINDOWS\\system32\\main.cpl,10"
    "{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="c:\\WINDOWS\\system32\\wiashext.dll,0"
    "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="c:\\WINDOWS\\system32\\mstask.dll,-100"
    "{88C6C381-2E85-11D0-94DE-444553540000}"="c:\\WINDOWS\\System32\\occache.dll,0"
    "{BDEADF00-C265-11d0-BCED-00A0C90AB50F}"="c:\\Program Files\\COMMON~1\\MICROS~1\\WEBFOL~1\\MSONSEXT.DLL,0"
    "{FF393560-C2A7-11CF-BFF4-444553540000}"="c:\\WINDOWS\\System32\\shdocvw.dll,-20785"
    "{F5175861-2688-11d0-9C5E-00AA00A45957}"="c:\\WINDOWS\\System32\\webcheck.dll,0"
    "{85BBD920-42A0-1069-A2E4-08002B30309D}"="c:\\WINDOWS\\system32\\syncui.dll,0"
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\&#8364;&#8211;&#8364;|ÿÿÿÿÀ&#8226;&#8364;|ù&#8226;A~*]
    "AB141C35E9F4BF344B9FC010BB17F68A"=""
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'lsass.exe'(1420)
    c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
    .
    - - - - - - - > 'explorer.exe'(328)
    c:\windows\system32\WININET.dll
    c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\windows\system32\ChgService.exe
    c:\program files\Common Files\Sony Ericsson\Emma Core\Services\EmmaDeviceMgmt.exe
    c:\program files\Common Files\Sony Ericsson\Emma Core\Services\EmmaUpdateMgmt.exe
    c:\program files\Microsoft Firewall Client 2004\FwcAgent.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
    c:\program files\PC Tools Security\pctsAuxs.exe
    c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
    c:\program files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
    c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
    c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    c:\windows\system32\wscntfy.exe
    .
    **************************************************************************
    .
    Completion time: 2011-08-31 20:24:47 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-08-31 15:24
    .
    Pre-Run: 18,608,365,568 bytes free
    Post-Run: 18,602,381,312 bytes free
    .
    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=AlwaysOff /fastdetect
    .
    - - End Of File - - F4B7B2E27F4ACBA9B636FD537EC4C52E
     
  9. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,852
    looks like a bit more to do and some files & folders, I want to look at

    Download the attached CFScript.txt and save it to your desktop ( click on the link underneath this post & if you are using internet explorer when the "File download" pop up comes press SAVE and choose desktop in the list of selections in that window & press save)
    Disable any antivirus/antimalware/firewall realtime protection or script blocking in the same way you did previously before running combofix & remember to re-enable it when it has finished
    Close any open browsers
    Then drag the CFScript.txt into the ComboFix.exe or renamed combofix icon as shown in the screenshot below.



    [​IMG]



    This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply


    Note: these instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system and will not fix your problem. If you have a similar problem start your own topic in the malware fixing forum

    This will create a zip file inside C:\QooBox\quarantine named something like [38][email protected]

    at the end it will pop up an alert & open your browser and ask you to send the zip file

    please follow those instructions. We need to see the zip file before we can carry on with the fix

    If there is no pop up alert or open browser then

    please go to http://www.thespykiller.co.uk/index.php?board=1.0 and upload these files so I can examine them and if needed distribute them to antivirus companies.
    Just press new topic, fill in the needed details and just give a link to your post here & then press the browse button and then navigate to & select the files on your computer, If there is more than 1 file then press the more attachments button for each extra file and browse and select etc and then when all the files are listed in the windows press send to upload the files ( do not post HJT logs there as they will not get dealt with)

    Files to submit:
    the zip file inside C:\QooBox\quarantine created by combofix named something like [38][email protected]

    or to
    http://www.bleepingcomputer.com/submit-malware.php?channel=38
     

    Attached Files:

  10. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1014735