win 32 reveton ink

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

rem_2007

Thread Starter
Joined
Nov 21, 2007
Messages
63
Hello again friends, I got a virus that keeps appearing on my desktop similar to a web page, like a police warning asking for money.
I tried to scan the computer with a kaspersky, avast and a specific BD removal trojan ransom ice pol and no luck.
The virus deactivated my wireless connection also and now I connected my laptop to the internet through a vodafone stick in order to contact you.
Please help me, what should I do:(
Thank you very much.
( Microsoft essentials said that the trojan is win 32 reveton ink)
OS= Microsoft Profesional XP 2002, service pack 3

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:59:01 PM, on 12/29/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\idt\wdm\STacSV.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Atheros\ACU.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Alma\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?ilc=8
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=8
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
R3 - URLSearchHook: Ad-Aware Security Toolbar - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Ad-Aware Security Toolbar - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Ad-Aware Security Toolbar - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Ad-Aware Browsing Protection] "C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [MobileConnect] %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [COMODO] C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe
O4 - HKLM\..\Run: [CPA] C:\Program Files\COMODO\COMODO GeekBuddy\VALA.exe
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Facebook Update] "C:\Documents and Settings\Alma\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKUS\S-1-5-21-1275210071-630328440-1801674531-1003\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1275210071-630328440-1801674531-1003\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" (User '?')
O4 - HKUS\S-1-5-21-1275210071-630328440-1801674531-1003\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet (User '?')
O4 - HKUS\S-1-5-21-1275210071-630328440-1801674531-1003\..\Run: [Facebook Update] "C:\Documents and Settings\Alma\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver (User '?')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User '?')
O4 - HKUS\S-1-5-18\..\RunOnce: [adaware] reg.exe delete "HKCU\Software\AppDataLow\Software\adaware" /f (User '?')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [adaware] reg.exe delete "HKCU\Software\AppDataLow\Software\adaware" /f (User 'Default user')
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1287577797984
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO livePCsupport Service (CLPSLS) - COMODO - C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\program files\idt\wdm\STacSV.exe
O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 11980 bytes

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.9.2
Run by Alma at 17:22:24 on 2012-12-29
.
============== Running Processes ================
.
C:\Program Files\Atheros\ACU.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.facebook.com/
mStart Page = hxxp://www.yahoo.com/?ilc=8
mDefault_Page_URL = hxxp://www.yahoo.com/?ilc=8
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
uURLSearchHooks: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - <orphaned>
uURLSearchHooks: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll
mWinlogon: Userinit = c:\windows\system32\userinit.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.7529.1424\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YAHOOM~1.EXE" -quiet
uRun: [Facebook Update] "c:\documents and settings\alma\local settings\application data\facebook\update\FacebookUpdate.exe" /c /nocrashserver
mRun: [IAStorIcon] c:\program files\intel\intel(r) rapid storage technology\IAStorIcon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [WirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [ACU] "c:\program files\atheros\ACU.exe" -nogui
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Ad-Aware Browsing Protection] "c:\documents and settings\all users\application data\ad-aware browsing protection\adawarebp.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [MobileConnect] c:\program files\vodafone\vodafone mobile connect\bin\MobileConnect.exe /silent
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [COMODO] c:\program files\comodo\comodo geekbuddy\CLPSLA.exe
mRun: [CPA] c:\program files\comodo\comodo geekbuddy\VALA.exe
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRunOnce: [adaware] reg.exe delete "HKCU\Software\AppDataLow\Software\adaware" /f
dRunOnce: [adaware_XP] reg.exe delete "HKCU\Software\adaware" /f
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.0.207\SSScheduler.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1287577797984
TCP: NameServer = 81.12.128.206 81.12.132.206
TCP: Interfaces\{F8370354-2DFF-455D-BBF7-E2F29B234C27} : DHCPNameServer = 81.12.128.206 81.12.132.206
Notify: crypt32chain - crypt32.dll
Notify: cryptnet - cryptnet.dll
Notify: cscdll - cscdll.dll
Notify: dimsntfy - c:\windows\system32\dimsntfy.dll
Notify: igfxcui - igfxdev.dll
Notify: ScCertProp - wlnotify.dll
Notify: Schedule - wlnotify.dll
Notify: sclgntfy - sclgntfy.dll
Notify: SensLogn - WlNotify.dll
Notify: termsrv - wlnotify.dll
Notify: WgaLogon - WgaLogon.dll
Notify: wlballoon - wlnotify.dll
AppInit_DLLs= c:\windows\system32\guard32.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\alma\application data\mozilla\firefox\profiles\46bdjjcf.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxps://www.facebook.com/
FF - plugin: c:\documents and settings\alma\application data\mozilla\firefox\profiles\46bdjjcf.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\documents and settings\alma\local settings\application data\facebook\messenger\2.1.4651.0\npFbDesktopPlugin.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_135.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - ExtSQL: 2012-12-29 16:43; {e001c731-5e37-4538-a5cb-8168736a2360}; c:\documents and settings\alma\application data\mozilla\firefox\profiles\46bdjjcf.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
.
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
2012-12-29 14:43:31 -------- d-----w- c:\documents and settings\alma\application data\QuickScan
2012-12-29 07:31:57 -------- d--h--w- C:\VritualRoot
2012-12-29 07:31:30 60872 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b6ae9302-b038-472b-a4c6-d9dccd9e3372}\offreg.dll
2012-12-29 07:30:58 428096 ----a-w- c:\windows\system32\drivers\sfi.dat
2012-12-29 07:26:27 -------- d-----w- c:\documents and settings\all users\application data\Comodo
2012-12-29 07:26:22 -------- d-----w- c:\program files\COMODO
2012-12-29 07:26:21 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2012-12-29 07:26:21 1060864 ----a-w- c:\windows\system32\mfc71.dll
2012-12-29 07:15:23 -------- d-----w- c:\documents and settings\all users\application data\Comodo Downloader
2012-12-29 07:14:38 6812136 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b6ae9302-b038-472b-a4c6-d9dccd9e3372}\mpengine.dll
2012-12-28 19:14:14 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2012-12-27 08:04:05 6812136 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-12-24 13:55:36 -------- d-----w- c:\documents and settings\alma\local settings\application data\Facebook
2012-12-20 22:56:33 -------- d-----w- c:\documents and settings\alma\local settings\application data\Apple Computer
2012-12-20 22:56:11 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-12-20 22:55:12 -------- d-----w- c:\program files\iPod
2012-12-20 22:55:02 -------- d-----w- c:\program files\iTunes
2012-12-20 22:55:02 -------- d-----w- c:\documents and settings\all users\application data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2012-12-20 22:54:36 -------- d-----w- c:\documents and settings\alma\local settings\application data\Apple
2012-12-20 22:53:41 -------- d-----w- c:\program files\Bonjour
2012-12-16 13:34:06 -------- d-----w- c:\program files\SopCast
2012-12-05 20:52:59 15840 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2012-12-05 20:15:29 -------- d-----w- c:\documents and settings\alma\local settings\application data\adawarebp
2012-12-05 19:37:16 -------- d-----w- c:\documents and settings\alma\local settings\application data\adaware
2012-12-05 19:32:53 -------- d-----w- c:\documents and settings\alma\application data\adawaretb
2012-12-05 19:32:48 -------- d-----w- c:\program files\adawaretb
2012-12-05 19:31:52 -------- d-----w- c:\documents and settings\alma\application data\Ad-Aware Antivirus
.
==================== Find3M ====================
.
2012-12-16 12:23:59 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-12-11 18:45:00 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-11 18:45:00 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-13 01:25:12 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-02 02:02:42 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 12:17:54 916992 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 12:17:54 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-11-01 12:17:54 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-01 00:35:34 385024 ----a-w- c:\windows\system32\html.iec
2012-10-02 18:04:21 58368 ----a-w- c:\windows\system32\synceng.dll
.
============= FINISH: 17:24:21.98 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
.
==== Disk Partitions =========================
.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
7-Zip 4.62
Ad-Aware Browsing Protection
Ad-Aware Security Toolbar
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.2
Adobe Shockwave Player 11.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Arcade Classic Pack 5.10
Atheros Client Installation Program
Bonjour
COMODO GeekBuddy
COMODO Internet Security
Compatibility Pack for the 2007 Office system
DivX Setup
EasyCleaner
Facebook Messenger 2.1.4651.0
Google Toolbar for Firefox
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB969084)
HP Quick Launch Buttons
HP Wireless Assistant
IDT Audio
InstallIQ Updater
Intel(R) Graphics Media Accelerator Driver
Intel(R) Rapid Storage Technology
iTunes
Java 7 Update 9
Java Auto Updater
McAfee Security Scan Plus
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office File Validation Add-In
Microsoft Office Professional Edition 2003
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 17.0.1 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB973685)
QLBCASL
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek USB 2.0 Card Reader
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2124261)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2183461)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2290570)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2483614)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB970483)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975254)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SopCast 3.5.0
Synaptics Pointing Device Driver
TeamViewer 7
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB2362765)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB958752)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.6195
VLC media player 1.1.7
Vodafone Mobile Connect Lite
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Yahoo! Messenger
Yahoo! Software Update
.
==== End Of File ===========================

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-12-29 18:44:44
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST916031 rev.HP07
Running: 2v08j6i6.exe; Driver: C:\DOCUME~1\Alma\LOCALS~1\Temp\ufldqpoc.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwAdjustPrivilegesToken [0xA78088B2]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwConnectPort [0xA7807E48]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwCreateFile [0xA7808518]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwCreateKey [0xA7809126]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwCreatePort [0xA7807D28]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwCreateSection [0xA780B1E0]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwCreateSymbolicLinkObject [0xA780B568]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwCreateThread [0xA7807714]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwDeleteKey [0xA7808A9E]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwDeleteValueKey [0xA7808C9E]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwDuplicateObject [0xA780751A]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwEnumerateKey [0xA7809864]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwEnumerateValueKey [0xA7809ABA]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwLoadDriver [0xA780ABF0]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwMakeTemporaryObject [0xA7808110]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwOpenFile [0xA78086F4]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwOpenKey [0xA7809116]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwOpenProcess [0xA7807148]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwOpenSection [0xA78083B4]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwOpenThread [0xA780734C]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwQueryKey [0xA7809CC8]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwQueryMultipleValueKey [0xA780A11C]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwQueryValueKey [0xA7809EDA]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwRenameKey [0xA780967C]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwRequestWaitReplyPort [0xA780A68C]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwSecureConnectPort [0xA780A940]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwSetSecurityObject [0xA7808EEE]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwSetSystemInformation [0xA780AEE8]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwSetValueKey [0xA78093F4]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwShutdownSystem [0xA780807A]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwSystemDebugControl [0xA78082A0]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwTerminateProcess [0xA7807B2A]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwTerminateThread [0xA7807918]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2F9C 80504894 4 Bytes CALL 98F7C947
? System32\DRIVERS\cmderd.sys The system cannot find the path specified. !
? System32\DRIVERS\cmdguard.sys The system cannot find the path specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\Explorer.EXE[236] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[236] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[236] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[236] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[236] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[236] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[236] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[236] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[236] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[236] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[252] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[252] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[252] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[252] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[252] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[252] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[252] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[252] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[252] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[252] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[380] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[380] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[380] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[380] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[380] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[380] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[380] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[380] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[380] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[380] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[452] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[452] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[452] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[452] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[452] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[452] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[452] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[452] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Java\jre7\bin\jqs.exe[556] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Java\jre7\bin\jqs.exe[556] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Java\jre7\bin\jqs.exe[556] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Java\jre7\bin\jqs.exe[556] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Java\jre7\bin\jqs.exe[556] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Java\jre7\bin\jqs.exe[556] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Java\jre7\bin\jqs.exe[556] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Java\jre7\bin\jqs.exe[556] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[572] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[572] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[572] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[572] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[572] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[572] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[572] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[572] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[572] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[572] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[668] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[668] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[668] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[668] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[668] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[668] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[668] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[668] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[668] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[668] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll
.text c:\program files\idt\wdm\STacSV.exe[708] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll
.text c:\program files\idt\wdm\STacSV.exe[708] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll
.text c:\program files\idt\wdm\STacSV.exe[708] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll
.text c:\program files\idt\wdm\STacSV.exe[708] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll
.text c:\program files\idt\wdm\STacSV.exe[708] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll
.text c:\program files\idt\wdm\STacSV.exe[708] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll
.text c:\program files\idt\wdm\STacSV.exe[708] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll
.text c:\program files\idt\wdm\STacSV.exe[708] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll
.text c:\program files\idt\wdm\STacSV.exe[708] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll
.text c:\program files\idt\wdm\STacSV.exe[708] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\acs.exe[812] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 003CCE40 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\acs.exe[812] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003D5680 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\acs.exe[812] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003CCF60 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\acs.exe[812] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 003D26F0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\acs.exe[812] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 003D3280 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\acs.exe[812] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 003D1220 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\acs.exe[812] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 003D1B50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\acs.exe[812] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 003DDF90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\acs.exe[812] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 003DE410 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\acs.exe[812] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 003DE1D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[840] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[840] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[840] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[840] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[840] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[840] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[840] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[840] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[840] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[840] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1136] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1136] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1136] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1136] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1136] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1136] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1136] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1136] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1412] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1412] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1412] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1412] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1412] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1412] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1412] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1412] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1412] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1412] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[1504] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[1504] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 10028AC0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[1504] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 10028860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[1504] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[1504] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[1504] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[1504] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[1504] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[1504] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[1504] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[1516] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[1516] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[1516] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[1516] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[1516] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[1516] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[1516] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[1516] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[1516] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[1516] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1692] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1692] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1692] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1692] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1692] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1692] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1692] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1692] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1692] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1692] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1700] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1700] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1700] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1700] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1700] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1700] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1700] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1700] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1700] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1700] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1740] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1740] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1740] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1740] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1740] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1740] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1740] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1740] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1740] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1740] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program[1780] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0061DD20 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
.text C:\Program[1780] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00635CB0 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
.text C:\WINDOWS\system32\svchost.exe[1852] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1852] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1852] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1852] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1852] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1852] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1852] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1852] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1852] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1852] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Microsoft Security Client\MsMpEng.exe[1872] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Microsoft Security Client\MsMpEng.exe[1872] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Microsoft Security Client\MsMpEng.exe[1872] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Microsoft Security Client\MsMpEng.exe[1872] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Microsoft Security Client\MsMpEng.exe[1872] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Microsoft Security Client\MsMpEng.exe[1872] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Microsoft Security Client\MsMpEng.exe[1872] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Microsoft Security Client\MsMpEng.exe[1872] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Microsoft Security Client\MsMpEng.exe[1872] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Microsoft Security Client\MsMpEng.exe[1872] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2100] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2100] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2100] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2100] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2100] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2100] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2100] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2100] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2100] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2100] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2336] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2336] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2336] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2336] KERNEL32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2336] KERNEL32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2336] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2336] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2336] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2336] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2336] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\igfxtray.exe[2348] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 0038CE40 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\igfxtray.exe[2348] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00395680 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\igfxtray.exe[2348] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0038CF60 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\igfxtray.exe[2348] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 003926F0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\igfxtray.exe[2348] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00393280 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\igfxtray.exe[2348] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 0039DF90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\igfxtray.exe[2348] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 00391220 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\igfxtray.exe[2348] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 00391B50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\igfxtray.exe[2348] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 0039E410 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\igfxtray.exe[2348] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 0039E1D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\hkcmd.exe[2388] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 0038CE40 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\hkcmd.exe[2388] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00395680 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\hkcmd.exe[2388] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0038CF60 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\hkcmd.exe[2388] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 003926F0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\hkcmd.exe[2388] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00393280 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\hkcmd.exe[2388] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 0039DF90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\hkcmd.exe[2388] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 00391220 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\hkcmd.exe[2388] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 00391B50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\hkcmd.exe[2388] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 0039E410 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\hkcmd.exe[2388] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 0039E1D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\igfxpers.exe[2396] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\igfxpers.exe[2396] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\igfxpers.exe[2396] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\igfxpers.exe[2396] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\igfxpers.exe[2396] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\igfxpers.exe[2396] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\igfxpers.exe[2396] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\igfxpers.exe[2396] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\igfxpers.exe[2396] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\igfxpers.exe[2396] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[2696] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[2696] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[2696] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[2696] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[2696] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[2696] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[2696] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[2696] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[2696] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[2696] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\IDT\WDM\sttray.exe[3008] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 0039CE40 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\IDT\WDM\sttray.exe[3008] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003A5680 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\IDT\WDM\sttray.exe[3008] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0039CF60 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\IDT\WDM\sttray.exe[3008] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 003A26F0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\IDT\WDM\sttray.exe[3008] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 003A3280 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\IDT\WDM\sttray.exe[3008] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 003ADF90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\IDT\WDM\sttray.exe[3008] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 003A1220 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\IDT\WDM\sttray.exe[3008] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 003A1B50 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\IDT\WDM\sttray.exe[3008] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 003AE410 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\IDT\WDM\sttray.exe[3008] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 003AE1D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3016] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3016] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3016] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3016] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3016] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3016] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3016] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3016] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3016] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3016] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3024] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3024] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3024] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3024] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3024] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3024] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3024] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3024] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3024] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3024] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Atheros\ACU.exe[3144] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 009FCE40 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Atheros\ACU.exe[3144] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00A05680 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Atheros\ACU.exe[3144] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 009FCF60 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Atheros\ACU.exe[3144] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00A026F0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Atheros\ACU.exe[3144] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00A03280 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Atheros\ACU.exe[3144] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 00A01220 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Atheros\ACU.exe[3144] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 00A01B50 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Atheros\ACU.exe[3144] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 00A0DF90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Atheros\ACU.exe[3144] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 00A0E410 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Atheros\ACU.exe[3144] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 00A0E1D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3184] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3184] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3184] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3184] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3184] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3184] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3184] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3184] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3184] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3184] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[3332] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[3332] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[3332] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[3332] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[3332] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[3332] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[3332] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[3332] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[3332] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[3332] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe[3492] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe[3492] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe[3492] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe[3492] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe[3492] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe[3492] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe[3492] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe[3492] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe[3492] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe[3492] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3504] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3504] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3504] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3504] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3504] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3504] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3504] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3504] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3504] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3504] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Microsoft Security Client\msseces.exe[3572] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Microsoft Security Client\msseces.exe[3572] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Microsoft Security Client\msseces.exe[3572] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Microsoft Security Client\msseces.exe[3572] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Microsoft Security Client\msseces.exe[3572] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Microsoft Security Client\msseces.exe[3572] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Microsoft Security Client\msseces.exe[3572] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Microsoft Security Client\msseces.exe[3572] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Microsoft Security Client\msseces.exe[3572] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Microsoft Security Client\msseces.exe[3572] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3588] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3588] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3588] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3588] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3588] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3588] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3588] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3588] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3588] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3588] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[3624] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[3624] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[3624] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[3624] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[3624] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[3624] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[3624] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[3624] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3748] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3748] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3748] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3748] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3748] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3748] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3748] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3748] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\iPod\bin\iPodService.exe[3980] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\iPod\bin\iPodService.exe[3980] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\iPod\bin\iPodService.exe[3980] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\iPod\bin\iPodService.exe[3980] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\iPod\bin\iPodService.exe[3980] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\iPod\bin\iPodService.exe[3980] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\iPod\bin\iPodService.exe[3980] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\iPod\bin\iPodService.exe[3980] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\iPod\bin\iPodService.exe[3980] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\iPod\bin\iPodService.exe[3980] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe[3988] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe[3988] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe[3988] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe[3988] KERNEL32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe[3988] KERNEL32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe[3988] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe[3988] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe[3988] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe[3988] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe[3988] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe[4000] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe[4000] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe[4000] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe[4000] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe[4000] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe[4000] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe[4000] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe[4000] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe[4000] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe[4000] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll

---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device Cdfs.SYS (CD-ROM File System Driver/Microsoft Corporation)
---- Processes - GMER 1.0.15 ----

Library C:\WINDOWS\system32\guard32.dll (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE [236] 0x10000000
Library C:\Program (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE [236] 0x044E0000
Library C:\WINDOWS\system32\guard32.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [252] 0x10000000
Library C:\WINDOWS\system32\guard32.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [380] 0x10000000
Library C:\WINDOWS\system32\guard32.dll (*** hidden *** ) @ C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [452] 0x10000000
Library C:\WINDOWS\system32\guard32.dll (*** hidden *** ) @ C:\Program Files\Java\jre7\bin\jqs.exe [556] 0x10000000
Library C:\WINDOWS\system32\guard32.dll (*** hidden *** ) @ C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe [572] 0x10000000
Library C:\WINDOWS\system32\guard32.dll (*** hidden *** ) @ C:\WINDOWS\system32\spoolsv.exe [668] 0x10000000
Library C:\WINDOWS\system32\guard32.dll (*** hidden *** ) @ c:\program files\idt\wdm\STacSV.exe [708] 0x10000000
Library C:\WINDOWS\system32\guard32.dll (*** hidden *** ) @ C:\WINDOWS\system32\acs.exe [812] 0x003B0000
Library C:\WINDOWS\system32\guard32.dll (*** hidden *** ) @ C:\Program Files\Bonjour\mDNSResponder.exe [840] 0x10000000
Library C:\WINDOWS\system32\guard32.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1136] 0x10000000
Library C:\WINDOWS\system32\guard32.dll (*** hidden *** ) @ C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [1412] 0x10000000
Library C:\WINDOWS\system32\guard32.dll (*** hidden *** ) @ C:\WINDOWS\system32\winlogon.exe [1460] 0x10000000
Library C:\WINDOWS\system32\guard32.dll (*** hidden *** ) @ C:\WINDOWS\system32\services.exe [1504] 0x10000000
Library C:\WINDOWS\system32\guard32.dll (*** hidden *** ) @ C:\WINDOWS\system32\lsass.exe [1516] 0x10000000
Library C:\WINDOWS\system32\guard32.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1692] 0x10000000
Library C:\WINDOWS\system32\guard32.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1700] 0x10000000
Library C:\WINDOWS\system32\guard32.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1740] 0x10000000
Library C:\Program (*** hidden *** ) @ C:\Program [1780] 0x00400000
Library C:\WINDOWS\system32\guard32.dll (*** hidden *** ) @ C:\Program [1780] 0x10000000
Library C:\Program (*** hidden *** ) @ C:\Program [1780] 0x01410000
Library C:\Program (*** hidden *** ) @ C:\Program [1780] 0x01460000
Library C:\Program (*** hidden *** ) @ C:\Program [1780] 0x02360000
Library C:\Program (*** hidden *** ) @ C:\Program [1780] 0x023C0000
Library C:\Program (*** hidden *** ) @ C:\Program [1780] 0x01F60000
Library C:\Program (*** hidden *** ) @ C:\Program [1780] 0x02570000
Library C:\Program (*** hidden *** ) @ C:\Program [1780] 0x025D0000
Library C:\Program (*** hidden *** ) @ C:\Program [1780] 0x02650000
Library C:\Program (*** hidden *** ) @ C:\Program [1780] 0x02FC0000
Library C:\Program (*** hidden *** ) @ C:\Program [1780] 0x03000000
Library C:\Program (*** hidden *** ) @ C:\Program [1780] 0x03040000
Library C:\Program (*** hidden *** ) @ C:\Program [1780] 0x03080000
Library C:\Program (*** hidden *** ) @ C:\Program [1780] 0x030E0000
Library C:\Program (*** hidden *** ) @ C:\Program [1780] 0x03150000
Library C:\Program (*** hidden *** ) @ C:\Program [1780] 0x03190000
Library C:\Program (*** hidden *** ) @ C:\Program [1780] 0x031D0000
Library C:\Program (*** hidden *** ) @ C:\Program [1780] 0x03210000
Library C:\Program (*** hidden *** ) @ C:\Program [1780] 0x03480000
Library C:\Program (*** hidden *** ) @ C:\Program [1780] 0x03500000
Library C:\Program (*** hidden *** ) @ C:\Program [1780] 0x035D0000
Library C:\Program (*** hidden *** ) @ C:\Program [1780] 0x03620000
Library C:\Program (*** hidden *** ) @ C:\Program [1780] 0x03680000
Library C:\Program (*** hidden *** ) @ C:\Program [1780] 0x03790000
Library C:\Program (*** hidden *** ) @ C:\Program [1780] 0x70A40000
Library C:\Program (*** hidden *** ) @ C:\Program [1780] 0x64980000
Library C:\WINDOWS\system32\guard32.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1852] 0x10000000
Library C:\WINDOWS\system32\guard32.dll (*** hidden *** ) @ C:\Program Files\Microsoft Security Client\MsMpEng.exe [1872] 0x10000000
Library C:\WINDOWS\system32\guard32.dll (*** hidden *** ) @ C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2100] 0x10000000
Library C:\WINDOWS\system32\guard32.dll (*** hidden *** ) @ C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [2336] 0x10000000
Library C:\WINDOWS\system32\guard32.dll (*** hidden *** ) @ C:\WINDOWS\system32\igfxtray.exe [2348] 0x00370000
Library C:\WINDOWS\system32\guard32.dll (*** hidden *** ) @ C:\WINDOWS\system32\hkcmd.exe [2388] 0x00370000
Library C:\WINDOWS\system32\guard32.dll (*** hidden *** ) @ C:\WINDOWS\system32\igfxpers.exe [2396] 0x10000000
Library C:\WINDOWS\system32\guard32.dll (*** hidden *** ) @ C:\WINDOWS\system32\ctfmon.exe [2696] 0x10000000
Library C:\WINDOWS\system32\guard32.dll (*** hidden *** ) @ C:\Program Files\IDT\WDM\sttray.exe [3008] 0x00380000
Library C:\WINDOWS\system32\guard32.dll (*** hidden *** ) @ C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [3016] 0x10000000
Library C:\WINDOWS\system32\guard32.dll (*** hidden *** ) @ C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3024] 0x10000000
Library C:\WINDOWS\system32\guard32.dll (*** hidden *** ) @ C:\Program Files\Atheros\ACU.exe [3144] 0x009E0000
Library C:\WINDOWS\system32\guard32.dll (*** hidden *** ) @ C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [3184] 0x10000000
Library C:\WINDOWS\system32\guard32.dll (*** hidden *** ) @ C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [3332] 0x10000000
Library C:\WINDOWS\system32\guard32.dll (*** hidden *** ) @ C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe [3492] 0x10000000
Library C:\WINDOWS\system32\guard32.dll (*** hidden *** ) @ C:\Program Files\DivX\DivX Update\DivXUpdate.exe [3504] 0x10000000
Library C:\WINDOWS\system32\guard32.dll (*** hidden *** ) @ C:\Program Files\Microsoft Security Client\msseces.exe [3572] 0x10000000
Library C:\WINDOWS\system32\guard32.dll (*** hidden *** ) @ C:\Program Files\Common Files\Java\Java Update\jusched.exe [3588] 0x10000000
Library C:\WINDOWS\system32\guard32.dll (*** hidden *** ) @ C:\Program Files\iTunes\iTunesHelper.exe [3624] 0x10000000
Library C:\WINDOWS\system32\guard32.dll (*** hidden *** ) @ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [3748] 0x10000000
Library C:\WINDOWS\system32\guard32.dll (*** hidden *** ) @ C:\Program Files\iPod\bin\iPodService.exe [3980] 0x10000000
Library C:\WINDOWS\system32\guard32.dll (*** hidden *** ) @ C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe [3988] 0x10000000
Library C:\WINDOWS\system32\guard32.dll (*** hidden *** ) @ C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe [4000] 0x10000000

---- Files - GMER 1.0.15 ----

File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Temp 0 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Temp\baseupd 0 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Temp\baseupd\BASE_END_USER_v14713.cav 133419008 bytes

---- EOF - GMER 1.0.15 ----
 

rem_2007

Thread Starter
Joined
Nov 21, 2007
Messages
63
I dear to bring my problem to your attention. Thank you and happy new year!
 
Joined
May 7, 2011
Messages
14,142
Hi re_2007, please run the following scans and post the logs.

You have two Anti Virus programs which needs to be dealt with. Ad-Aware is no longer recommended so you will need to uninstall it after we have cleaned up the system of the infection. More than one Anti Virus can cause conflicts, reduce system performance and reduce the systems security level even if there is only one active.

SCAN 1
1. Download Malwarebytes Anti-Rootkit from this link mbar
2. Unzip the File to a convenient location. (Recommend the Desktop)
3. Open the folder where the contents were unzipped to run mbar.exe



4. Double-click on the mbar.exe file, you may receive a User Account Control prompt asking if you are sure you wish to allow the program to run. Please allow the program to run and MBAR will now start to install any necessary drivers that are required for the program to operate correctly. If a rootkit is interfering with the installation of the drivers you will see a message that states that the DDA driver was not installed and that you should reboot your computer to install it. You will see this image:



5. If you receive this message, please click on the Yes button and Malwarebytes Anti-Rootkit will now restart your computer. Once the computer is rebooted and you login, MBAR will automatically start and you will now be at the start screen. (If no Rootkit warning you will go from step 4 to 6.)

6. The following image opens, select Next.



7. The following image opens, select Update



8. When the Update completes, select Next



9. In the following window ensure "Targets" are ticked. Then select "Scan"



10. If an infection/s is found the "Cleanup Button" to remove threats will be available. A list of infected files will be listed like the following example:



11. Do not select the "Clean up Button" select the "Exit" button, there will be a warning as follows:



12. Select "Yes" to close down the program. If NO infections were found you will see the following image:



13. Select "Exit" to close down.
14. Copy and paste the two following logs from the mbar folder:

System - log
Mbar - log Date and time of scan will also be shown




=======================================================================

SCAN 2
Please download Farbar Service Scanner and run it on the computer with the issue.

  • Put a check mark in all the boxes.
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.
 

rem_2007

Thread Starter
Joined
Nov 21, 2007
Messages
63
Hello and thank you! Here are the results:

Malwarebytes Anti-Rootkit 1.01.0.1011
www.malwarebytes.org

Database version: v2013.01.02.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Alma :: COMPAQ [administrator]

1/2/2013 8:55:32 PM
mbar-log-2013-01-02 (20-55-32).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 27083
Time elapsed: 20 minute(s), 29 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Documents and Settings\All Users\Application Data\dsgsdgdsgdsgw.pad (Exploit.Drop.GSA) -> Delete on reboot.

(end)

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1011

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 1.662000 GHz
Memory total: 2074976256, free: 1276502016

------------ Kernel report ------------
01/02/2013 20:33:40
------------ Loaded modules -----------
\WINDOWS\system32\ntkrnlpa.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
compbatt.sys
\WINDOWS\system32\DRIVERS\BATTC.SYS
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
ACPIEC.sys
\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
VolSnap.sys
iaStor.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltMgr.sys
sr.sys
MpFilter.sys
PxHelp20.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
Mup.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\igxpmp32.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\athw.sys
\SystemRoot\system32\DRIVERS\Rtenicxp.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
\SystemRoot\system32\DRIVERS\WDFLDR.SYS
\SystemRoot\system32\DRIVERS\Wdf01000.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\rdpdr.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\ew_jubusenum.sys
\SystemRoot\system32\DRIVERS\wsimd.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\drivers\sthda.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\AESTAud.sys
\SystemRoot\system32\drivers\IntcHdmi.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\Drivers\aswKbd.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\igxpgd32.dll
\SystemRoot\System32\igxprd32.dll
\SystemRoot\System32\igxpdv32.DLL
\SystemRoot\System32\igxpdx32.DLL
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\ewusbmdm.sys
\SystemRoot\system32\DRIVERS\mrxdav.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\System32\Drivers\Modem.SYS
\SystemRoot\system32\DRIVERS\ewusbnet.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR5
Upper Device Object: 0xffffffff87265900
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000009a\
Lower Device Object: 0xffffffff86f64490
Lower Device Driver Name: \Driver\usbstor\
Driver name found: usbstor
DriverEntry returned 0x0
Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8a56b868
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xffffffff8a55c028
Lower Device Driver Name: \Driver\iaStor\
Driver name found: iaStor
DriverEntry returned 0x0
Function returned 0x0
Downloaded database version: v2013.01.02.07
Downloaded database version: v2012.12.27.02
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 1
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8a56b868, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a55fe08, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a56b868, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a55c028, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Upper DeviceData: 0xffffffffe2d81b20, 0xffffffff8a56b868, 0xffffffff86d37040
Lower DeviceData: 0xffffffffe35d7d88, 0xffffffff8a55c028, 0xffffffff878ca040
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\WINDOWS\system32\drivers...
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 92398F54

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 134223012
Partition file system is NTFS
Partition is bootable

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 134223075 Numsec = 178353630

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 160041885696 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-312561808-312581808)...
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xffffffff87265900, DeviceName: \Device\Harddisk1\DR5\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff86ef2020, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff87265900, DeviceName: \Device\Harddisk1\DR5\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff86f64490, DeviceName: \Device\0000009a\, DriverName: \Driver\usbstor\
------------ End ----------
Done!
Performing system, memory and registry scan...
Read File: File "C:\Documents and Settings\All Users\Application Data\Lavasoft\AntiMalware\context-menu-settings.xml" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\All Users\Application Data\Lavasoft\AntiMalware\WSCConfig.xml" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\guid.dat" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\All Users\Application Data\Adobe\AIR\eulaAccepted" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\All Users\Application Data\Adobe\Updater6\AdobeESDGlobalApps.xml" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\All Users\Application Data\Mozilla\logs\maintenanceservice-install.log" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\All Users\Application Data\Norton\{086A63F0-6B13-4F29-9695-134E7A01E963}\LC.INI" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\All Users\Application Data\Vodafone\Log\L20120422-165733-2328-VmbService.txt" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\All Users\Application Data\Vodafone\Log\L20120422-170240-2372-VmbService.txt" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Alma\Application Data\Ad-Aware Antivirus\application-settings.xml" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Alma\Application Data\Ad-Aware Antivirus\definitions-date.xml" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Alma\Application Data\Ad-Aware Antivirus\gaming-mode.xml" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Alma\Application Data\Ad-Aware Antivirus\language.xml" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Alma\Application Data\Ad-Aware Antivirus\protection-status.xml" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Alma\Application Data\Ad-Aware Antivirus\update-parameters.xml" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Alma\Application Data\DDMSettings\settings.ddi" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Alma\Application Data\Google\Local Search History\google%2Eimages.w" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Alma\Application Data\Google\Local Search History\google%2Emaps.w" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Alma\Application Data\Google\Local Search History\U%5Fs94057670%2Eonlinehome%2Eus%5F8N139WOUD2F2D9ZG2ZE2%2Exml.w" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Alma\Application Data\Google\Local Search History\U%5Ftoolbar%2Egoogle%2Ecom%5FCHW6HL2ILDOMNY4CTR3Q%2Exml.w" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Alma\Application Data\Microsoft\Office\MSO1046.acl" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Alma\Application Data\Microsoft\Office\MSO1048.acl" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Alma\Application Data\Microsoft\Office\Word12.pip" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Alma\Application Data\Microsoft\Proof\CUSTOM.DIC" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Alma\Application Data\Microsoft\Protect\CREDHIST" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Alma\Application Data\Stellarium\data\user_locations.txt" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Alma\Application Data\vlc\ml.xspf" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Default User\Application Data\desktop.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\brndlog.txt" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Guest\Application Data\desktop.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Guest\Application Data\Microsoft\Internet Explorer\brndlog.txt" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Guest\Application Data\Microsoft\Protect\CREDHIST" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\config\systemprofile\Application Data\desktop.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\brndlog.txt" is compressed (flags = 1)
Read File: File "C:\Program Files\Outlook Express\msoe.txt" is compressed (flags = 1)
Read File: File "C:\Program Files\Windows Media Player\npdrmv2.zip" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Default User\Start Menu\Programs\Startup\desktop.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\desktop.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\login.cmd" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\l_except.nls" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\rp_rules.dat" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\rp_stats.dat" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\View Channels.scf" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\dsound.vxd" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\pcl.sep" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\perfci.h" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\perffilt.h" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\perfwci.h" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\prodspec.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\pscript.sep" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\cmos.ram" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\config\systemprofile\Application Data\desktop.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\etc\networks" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\oobe\migip.dun" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\oobe\migrate.isp" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\oobe\msobe.isp" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\oobe\obeip.dun" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\oobe\oobeinfo.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\oobe\reg.isp" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\wbem\wmiclivalueformat.xsl" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Alma\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Guest\ntuser.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Default User\Local Settings\desktop.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Guest\Local Settings\desktop.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\config\systemprofile\Local Settings\desktop.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\ODBC.INI" is compressed (flags = 1)
Read File: File "C:\WINDOWS\vb.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\vbaddin.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\_delis43.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\desktop.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\DtcInstall.log" is compressed (flags = 1)
Read File: File "C:\WINDOWS\explorer.scf" is compressed (flags = 1)
Read File: File "C:\WINDOWS\cmsetacl.log" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Vbe.Interop.Forms\11.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\dao\10.0.4504.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Access\11.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Excel\11.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Graph\11.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.InfoPath\11.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.InfoPath.Xml\11.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Outlook\11.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.OutlookViewCtl\11.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Owc11\11.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.PowerPoint\11.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Publisher\11.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.SmartTag\11.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Word\11.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Vbe.Interop\11.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\mscomctl\10.0.4504.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\office\11.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Debug\blastcln.log" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Downloaded Program Files\desktop.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Downloaded Program Files\muweb.inf" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Fonts\desktop.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Help\ciadmin.htm" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Help\conf.cnt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Help\connect.cnt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Help\mshearts.cnt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Help\msnauth.cnt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Help\nocontnt.cnt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Help\ratings.cnt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Help\update.cnt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Help\windows.cnt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Help\winhlp32.cnt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\installutil.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\regsvcs.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\gacutil.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\regsvcs.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Aspnet.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet.mof.uninstall" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Aspnet_regsql.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state_perf.h" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\vbc.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\jsc.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\caspol.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\XPThemes.manifest" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\_DataOracleClientPerfCounters_shared12_neutral.h" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\_dataperfcounters_shared12_neutral.h" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\regasm.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ieexec.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ilasm.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\webAdminNoNavBar.master" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\AddInProcess.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\AddInProcess32.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\AddInUtil.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\csc.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\DataSvcUtil.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\default.win32manifest" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\EdmGen.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\vbc.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Web\bullet.gif" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Alma\Local Settings\Application Data\Google\firefox-toolbar.xml" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Alma\Local Settings\History\History.IE5\index.dat" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Default User\Local Settings\desktop.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Default User\Local Settings\History\desktop.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Default User\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Guest\Local Settings\desktop.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Guest\Local Settings\History\desktop.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Guest\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\LocalService\Local Settings\History\desktop.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NetworkService\Local Settings\History\desktop.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\config\systemprofile\Local Settings\desktop.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\config\systemprofile\Local Settings\History\desktop.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Alma\Local Settings\Application Data\Microsoft\Feeds Cache\desktop.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Alma\Local Settings\Application Data\Microsoft\Media Player\wmpfolders.wmdb" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Alma\Local Settings\Application Data\Google\firefox-toolbar.xml" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Alma\Local Settings\Application Data\Yahoo\Y!Msgr\merlin.log" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Guest\Local Settings\Application Data\Microsoft\Feeds Cache\desktop.ini" is compressed (flags = 1)
Infected: C:\Documents and Settings\All Users\Application Data\dsgsdgdsgdsgw.pad --> [Exploit.Drop.GSA]
Done!
Scan finished
=======================================


Farbar Service Scanner Version: 23-12-2012
Ran by Alma (administrator) on 02-01-2013 at 20:57:51
Running from "C:\Documents and Settings\Alma\Desktop"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is OK.
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.

winmgmt Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open winmgmt registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open winmgmt registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open winmgmt registry key. The service key does not exist.
Checking LEGACY_winmgmt: ATTENTION!=====> Unable to open LEGACY_winmgmt\0000 registry key. The key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.

winmgmt Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open winmgmt registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open winmgmt registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open winmgmt registry key. The service key does not exist.
Checking LEGACY_winmgmt: ATTENTION!=====> Unable to open LEGACY_winmgmt\0000 registry key. The key does not exist.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4) WSIMD(8)
0x0900000005000000010000000200000003000000040000000A00000007000000080000000C000000
IpSec Tag value is correct.

**** End of log ****

PS. I apologize for telling you that the virus blocked my wireless connection, I think i turn'it off myself by mistake, today I connected myself through wireless.
 
Joined
May 7, 2011
Messages
14,142
We have a few things to deal with, first do another scan with Mbar and when you see the Clean Up button as shown above at instruction 10 select it to remove the threats. Post the logs when done.

Please tell me when that is complete if the initial problem has gone. We will then need to run some repairs to fix some missing registry keys.
 

rem_2007

Thread Starter
Joined
Nov 21, 2007
Messages
63
Dear Mark,

I did the "clean up" with Mbar, restart computer and another shut down/restart and the virus has not appeared. I think is gone..
Here are the logs:

Malwarebytes Anti-Rootkit 1.01.0.1011
www.malwarebytes.org

Database version: v2013.01.02.10

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Alma :: COMPAQ [administrator]

1/3/2013 10:06:47 AM
mbar-log-2013-01-03 (10-06-47).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 27106
Time elapsed: 20 minute(s), 38 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Documents and Settings\All Users\Application Data\dsgsdgdsgdsgw.pad (Exploit.Drop.GSA) -> Delete on reboot.

(end)


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1011

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 1.662000 GHz
Memory total: 2074976256, free: 1276502016

------------ Kernel report ------------
01/02/2013 20:33:40
------------ Loaded modules -----------
\WINDOWS\system32\ntkrnlpa.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
compbatt.sys
\WINDOWS\system32\DRIVERS\BATTC.SYS
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
ACPIEC.sys
\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
VolSnap.sys
iaStor.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltMgr.sys
sr.sys
MpFilter.sys
PxHelp20.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
Mup.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\igxpmp32.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\athw.sys
\SystemRoot\system32\DRIVERS\Rtenicxp.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
\SystemRoot\system32\DRIVERS\WDFLDR.SYS
\SystemRoot\system32\DRIVERS\Wdf01000.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\rdpdr.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\ew_jubusenum.sys
\SystemRoot\system32\DRIVERS\wsimd.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\drivers\sthda.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\AESTAud.sys
\SystemRoot\system32\drivers\IntcHdmi.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\Drivers\aswKbd.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\igxpgd32.dll
\SystemRoot\System32\igxprd32.dll
\SystemRoot\System32\igxpdv32.DLL
\SystemRoot\System32\igxpdx32.DLL
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\ewusbmdm.sys
\SystemRoot\system32\DRIVERS\mrxdav.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\System32\Drivers\Modem.SYS
\SystemRoot\system32\DRIVERS\ewusbnet.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR5
Upper Device Object: 0xffffffff87265900
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000009a\
Lower Device Object: 0xffffffff86f64490
Lower Device Driver Name: \Driver\usbstor\
Driver name found: usbstor
DriverEntry returned 0x0
Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8a56b868
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xffffffff8a55c028
Lower Device Driver Name: \Driver\iaStor\
Driver name found: iaStor
DriverEntry returned 0x0
Function returned 0x0
Downloaded database version: v2013.01.02.07
Downloaded database version: v2012.12.27.02
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 1
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8a56b868, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a55fe08, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a56b868, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a55c028, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Upper DeviceData: 0xffffffffe2d81b20, 0xffffffff8a56b868, 0xffffffff86d37040
Lower DeviceData: 0xffffffffe35d7d88, 0xffffffff8a55c028, 0xffffffff878ca040
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\WINDOWS\system32\drivers...
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 92398F54

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 134223012
Partition file system is NTFS
Partition is bootable

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 134223075 Numsec = 178353630

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 160041885696 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-312561808-312581808)...
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xffffffff87265900, DeviceName: \Device\Harddisk1\DR5\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff86ef2020, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff87265900, DeviceName: \Device\Harddisk1\DR5\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff86f64490, DeviceName: \Device\0000009a\, DriverName: \Driver\usbstor\
------------ End ----------
Done!
Performing system, memory and registry scan...
Read File: File "C:\Documents and Settings\All Users\Application Data\Lavasoft\AntiMalware\context-menu-settings.xml" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\All Users\Application Data\Lavasoft\AntiMalware\WSCConfig.xml" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\guid.dat" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\All Users\Application Data\Adobe\AIR\eulaAccepted" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\All Users\Application Data\Adobe\Updater6\AdobeESDGlobalApps.xml" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\All Users\Application Data\Mozilla\logs\maintenanceservice-install.log" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\All Users\Application Data\Norton\{086A63F0-6B13-4F29-9695-134E7A01E963}\LC.INI" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\All Users\Application Data\Vodafone\Log\L20120422-165733-2328-VmbService.txt" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\All Users\Application Data\Vodafone\Log\L20120422-170240-2372-VmbService.txt" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Alma\Application Data\Ad-Aware Antivirus\application-settings.xml" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Alma\Application Data\Ad-Aware Antivirus\definitions-date.xml" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Alma\Application Data\Ad-Aware Antivirus\gaming-mode.xml" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Alma\Application Data\Ad-Aware Antivirus\language.xml" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Alma\Application Data\Ad-Aware Antivirus\protection-status.xml" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Alma\Application Data\Ad-Aware Antivirus\update-parameters.xml" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Alma\Application Data\DDMSettings\settings.ddi" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Alma\Application Data\Google\Local Search History\google%2Eimages.w" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Alma\Application Data\Google\Local Search History\google%2Emaps.w" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Alma\Application Data\Google\Local Search History\U%5Fs94057670%2Eonlinehome%2Eus%5F8N139WOUD2F2D9ZG2ZE2%2Exml.w" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Alma\Application Data\Google\Local Search History\U%5Ftoolbar%2Egoogle%2Ecom%5FCHW6HL2ILDOMNY4CTR3Q%2Exml.w" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Alma\Application Data\Microsoft\Office\MSO1046.acl" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Alma\Application Data\Microsoft\Office\MSO1048.acl" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Alma\Application Data\Microsoft\Office\Word12.pip" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Alma\Application Data\Microsoft\Proof\CUSTOM.DIC" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Alma\Application Data\Microsoft\Protect\CREDHIST" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Alma\Application Data\Stellarium\data\user_locations.txt" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Alma\Application Data\vlc\ml.xspf" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Default User\Application Data\desktop.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\brndlog.txt" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Guest\Application Data\desktop.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Guest\Application Data\Microsoft\Internet Explorer\brndlog.txt" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Guest\Application Data\Microsoft\Protect\CREDHIST" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\config\systemprofile\Application Data\desktop.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\brndlog.txt" is compressed (flags = 1)
Read File: File "C:\Program Files\Outlook Express\msoe.txt" is compressed (flags = 1)
Read File: File "C:\Program Files\Windows Media Player\npdrmv2.zip" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Default User\Start Menu\Programs\Startup\desktop.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\desktop.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\login.cmd" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\l_except.nls" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\rp_rules.dat" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\rp_stats.dat" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\View Channels.scf" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\dsound.vxd" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\pcl.sep" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\perfci.h" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\perffilt.h" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\perfwci.h" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\prodspec.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\pscript.sep" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\cmos.ram" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\config\systemprofile\Application Data\desktop.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\etc\networks" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\oobe\migip.dun" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\oobe\migrate.isp" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\oobe\msobe.isp" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\oobe\obeip.dun" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\oobe\oobeinfo.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\oobe\reg.isp" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\wbem\wmiclivalueformat.xsl" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Alma\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Guest\ntuser.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Default User\Local Settings\desktop.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Guest\Local Settings\desktop.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\config\systemprofile\Local Settings\desktop.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\ODBC.INI" is compressed (flags = 1)
Read File: File "C:\WINDOWS\vb.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\vbaddin.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\_delis43.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\desktop.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\DtcInstall.log" is compressed (flags = 1)
Read File: File "C:\WINDOWS\explorer.scf" is compressed (flags = 1)
Read File: File "C:\WINDOWS\cmsetacl.log" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Vbe.Interop.Forms\11.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\dao\10.0.4504.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Access\11.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Excel\11.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Graph\11.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.InfoPath\11.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.InfoPath.Xml\11.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Outlook\11.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.OutlookViewCtl\11.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Owc11\11.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.PowerPoint\11.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Publisher\11.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.SmartTag\11.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Word\11.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Vbe.Interop\11.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\mscomctl\10.0.4504.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\office\11.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Debug\blastcln.log" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Downloaded Program Files\desktop.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Downloaded Program Files\muweb.inf" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Fonts\desktop.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Help\ciadmin.htm" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Help\conf.cnt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Help\connect.cnt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Help\mshearts.cnt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Help\msnauth.cnt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Help\nocontnt.cnt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Help\ratings.cnt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Help\update.cnt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Help\windows.cnt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Help\winhlp32.cnt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\installutil.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\regsvcs.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\gacutil.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\regsvcs.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Aspnet.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet.mof.uninstall" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Aspnet_regsql.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state_perf.h" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\vbc.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\jsc.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\caspol.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\XPThemes.manifest" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\_DataOracleClientPerfCounters_shared12_neutral.h" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\_dataperfcounters_shared12_neutral.h" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\regasm.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ieexec.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ilasm.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\webAdminNoNavBar.master" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\AddInProcess.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\AddInProcess32.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\AddInUtil.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\csc.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\DataSvcUtil.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\default.win32manifest" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\EdmGen.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\vbc.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Web\bullet.gif" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Alma\Local Settings\Application Data\Google\firefox-toolbar.xml" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Alma\Local Settings\History\History.IE5\index.dat" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Default User\Local Settings\desktop.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Default User\Local Settings\History\desktop.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Default User\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Guest\Local Settings\desktop.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Guest\Local Settings\History\desktop.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Guest\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\LocalService\Local Settings\History\desktop.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NetworkService\Local Settings\History\desktop.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\config\systemprofile\Local Settings\desktop.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\config\systemprofile\Local Settings\History\desktop.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Alma\Local Settings\Application Data\Microsoft\Feeds Cache\desktop.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Alma\Local Settings\Application Data\Microsoft\Media Player\wmpfolders.wmdb" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Alma\Local Settings\Application Data\Google\firefox-toolbar.xml" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Alma\Local Settings\Application Data\Yahoo\Y!Msgr\merlin.log" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Guest\Local Settings\Application Data\Microsoft\Feeds Cache\desktop.ini" is compressed (flags = 1)
Infected: C:\Documents and Settings\All Users\Application Data\dsgsdgdsgdsgw.pad --> [Exploit.Drop.GSA]
Done!
Scan finished
=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1011

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 1.662000 GHz
Memory total: 2074976256, free: 1170939904

------------ Kernel report ------------
01/03/2013 09:45:24
------------ Loaded modules -----------
\WINDOWS\system32\ntkrnlpa.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
compbatt.sys
\WINDOWS\system32\DRIVERS\BATTC.SYS
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
ACPIEC.sys
\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
VolSnap.sys
iaStor.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltMgr.sys
sr.sys
MpFilter.sys
PxHelp20.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
Mup.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\igxpmp32.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\athw.sys
\SystemRoot\system32\DRIVERS\Rtenicxp.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
\SystemRoot\system32\DRIVERS\WDFLDR.SYS
\SystemRoot\system32\DRIVERS\Wdf01000.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\rdpdr.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\ew_jubusenum.sys
\SystemRoot\system32\DRIVERS\wsimd.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\drivers\sthda.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\AESTAud.sys
\SystemRoot\system32\drivers\IntcHdmi.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\Drivers\aswKbd.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\igxpgd32.dll
\SystemRoot\System32\igxprd32.dll
\SystemRoot\System32\igxpdv32.DLL
\SystemRoot\System32\igxpdx32.DLL
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\ewusbmdm.sys
\SystemRoot\system32\DRIVERS\mrxdav.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\System32\Drivers\Modem.SYS
\SystemRoot\system32\DRIVERS\ewusbnet.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8a56b868
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xffffffff8a55c028
Lower Device Driver Name: \Driver\iaStor\
Device already Exists: 0xffffffff878ca040
Downloaded database version: v2013.01.02.08
Downloaded database version: v2013.01.02.09
Downloaded database version: v2013.01.02.10
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 1
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8a56b868, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a55fe08, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a56b868, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a55c028, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Upper DeviceData: 0xffffffffe2d5f650, 0xffffffff8a56b868, 0xffffffff86d37040
Lower DeviceData: 0xffffffffe19352a0, 0xffffffff8a55c028, 0xffffffff878ca040
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\WINDOWS\system32\drivers...
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 92398F54

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 134223012
Partition file system is NTFS
Partition is bootable

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 134223075 Numsec = 178353630

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 160041885696 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-312561808-312581808)...
Done!
Performing system, memory and registry scan...
Read File: File "C:\Documents and Settings\All Users\Application Data\Lavasoft\AntiMalware\context-menu-settings.xml" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\All Users\Application Data\Lavasoft\AntiMalware\WSCConfig.xml" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\guid.dat" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\All Users\Application Data\Adobe\AIR\eulaAccepted" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\All Users\Application Data\Adobe\Updater6\AdobeESDGlobalApps.xml" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\All Users\Application Data\Mozilla\logs\maintenanceservice-install.log" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\All Users\Application Data\Norton\{086A63F0-6B13-4F29-9695-134E7A01E963}\LC.INI" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\All Users\Application Data\Vodafone\Log\L20120422-165733-2328-VmbService.txt" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\All Users\Application Data\Vodafone\Log\L20120422-170240-2372-VmbService.txt" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Alma\Application Data\Ad-Aware Antivirus\application-settings.xml" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Alma\Application Data\Ad-Aware Antivirus\definitions-date.xml" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Alma\Application Data\Ad-Aware Antivirus\gaming-mode.xml" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Alma\Application Data\Ad-Aware Antivirus\language.xml" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Alma\Application Data\Ad-Aware Antivirus\protection-status.xml" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Alma\Application Data\Ad-Aware Antivirus\update-parameters.xml" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Alma\Application Data\DDMSettings\settings.ddi" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Alma\Application Data\Google\Local Search History\google%2Eimages.w" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Alma\Application Data\Google\Local Search History\google%2Emaps.w" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Alma\Application Data\Google\Local Search History\U%5Fs94057670%2Eonlinehome%2Eus%5F8N139WOUD2F2D9ZG2ZE2%2Exml.w" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Alma\Application Data\Google\Local Search History\U%5Ftoolbar%2Egoogle%2Ecom%5FCHW6HL2ILDOMNY4CTR3Q%2Exml.w" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Alma\Application Data\Microsoft\Office\MSO1046.acl" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Alma\Application Data\Microsoft\Office\MSO1048.acl" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Alma\Application Data\Microsoft\Office\Word12.pip" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Alma\Application Data\Microsoft\Proof\CUSTOM.DIC" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Alma\Application Data\Microsoft\Protect\CREDHIST" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Alma\Application Data\Stellarium\data\user_locations.txt" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Alma\Application Data\vlc\ml.xspf" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Default User\Application Data\desktop.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\brndlog.txt" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Guest\Application Data\desktop.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Guest\Application Data\Microsoft\Internet Explorer\brndlog.txt" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Guest\Application Data\Microsoft\Protect\CREDHIST" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\config\systemprofile\Application Data\desktop.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\brndlog.txt" is compressed (flags = 1)
Read File: File "C:\Program Files\Outlook Express\msoe.txt" is compressed (flags = 1)
Read File: File "C:\Program Files\Windows Media Player\npdrmv2.zip" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Default User\Start Menu\Programs\Startup\desktop.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\desktop.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\login.cmd" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\l_except.nls" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\rp_rules.dat" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\rp_stats.dat" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\View Channels.scf" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\dsound.vxd" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\pcl.sep" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\perfci.h" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\perffilt.h" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\perfwci.h" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\prodspec.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\pscript.sep" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\cmos.ram" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\config\systemprofile\Application Data\desktop.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\etc\networks" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\oobe\migip.dun" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\oobe\migrate.isp" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\oobe\msobe.isp" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\oobe\obeip.dun" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\oobe\oobeinfo.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\oobe\reg.isp" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\wbem\wmiclivalueformat.xsl" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Alma\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Guest\ntuser.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Default User\Local Settings\desktop.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Guest\Local Settings\desktop.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\config\systemprofile\Local Settings\desktop.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\ODBC.INI" is compressed (flags = 1)
Read File: File "C:\WINDOWS\vb.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\vbaddin.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\_delis43.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\desktop.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\DtcInstall.log" is compressed (flags = 1)
Read File: File "C:\WINDOWS\explorer.scf" is compressed (flags = 1)
Read File: File "C:\WINDOWS\cmsetacl.log" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Vbe.Interop.Forms\11.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\dao\10.0.4504.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Access\11.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Excel\11.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Graph\11.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.InfoPath\11.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.InfoPath.Xml\11.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Outlook\11.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.OutlookViewCtl\11.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Owc11\11.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.PowerPoint\11.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Publisher\11.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.SmartTag\11.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Word\11.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Vbe.Interop\11.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\mscomctl\10.0.4504.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\office\11.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Debug\blastcln.log" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Downloaded Program Files\desktop.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Downloaded Program Files\muweb.inf" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Fonts\desktop.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Help\ciadmin.htm" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Help\conf.cnt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Help\connect.cnt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Help\mshearts.cnt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Help\msnauth.cnt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Help\nocontnt.cnt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Help\ratings.cnt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Help\update.cnt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Help\windows.cnt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Help\winhlp32.cnt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\installutil.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\regsvcs.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\gacutil.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\regsvcs.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Aspnet.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet.mof.uninstall" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Aspnet_regsql.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state_perf.h" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\vbc.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\jsc.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\caspol.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\XPThemes.manifest" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\_DataOracleClientPerfCounters_shared12_neutral.h" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\_dataperfcounters_shared12_neutral.h" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\regasm.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ieexec.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ilasm.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\webAdminNoNavBar.master" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\AddInProcess.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\AddInProcess32.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\AddInUtil.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\csc.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\DataSvcUtil.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\default.win32manifest" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\EdmGen.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\vbc.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Web\bullet.gif" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Alma\Local Settings\Application Data\Google\firefox-toolbar.xml" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Alma\Local Settings\History\History.IE5\index.dat" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Default User\Local Settings\desktop.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Default User\Local Settings\History\desktop.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Default User\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Guest\Local Settings\desktop.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Guest\Local Settings\History\desktop.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Guest\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\LocalService\Local Settings\History\desktop.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NetworkService\Local Settings\History\desktop.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\config\systemprofile\Local Settings\desktop.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\config\systemprofile\Local Settings\History\desktop.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Alma\Local Settings\Application Data\Microsoft\Feeds Cache\desktop.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Alma\Local Settings\Application Data\Microsoft\Media Player\wmpfolders.wmdb" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Alma\Local Settings\Application Data\Google\firefox-toolbar.xml" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Alma\Local Settings\Application Data\Yahoo\Y!Msgr\merlin.log" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Guest\Local Settings\Application Data\Microsoft\Feeds Cache\desktop.ini" is compressed (flags = 1)
Infected: C:\Documents and Settings\All Users\Application Data\dsgsdgdsgdsgw.pad --> [Exploit.Drop.GSA]
Done!
Scan finished
Creating System Restore point...
Scheduling clean up...
<<<2>>>
Device number: 0, partition: 1
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Removal successful. No system shutdown is required.
=======================================
 
Joined
May 7, 2011
Messages
14,142
Please now run this and post the log, then run FSS again which you used earlier and post the new log from it.


  • Click on this link Services Repair and save it to your desktop.
  • Close your browser and double click on the Services Repair icon on you desktop.
  • Accept any confirmation pop ups that may appear to allow the tool to run.
  • A box will pop up showing it has completed, if asked if you want to reboot select yes.
  • After the reboot you will see a new folder created on the desktop called CCSupport. Double click on it, then double click on Logs and then double click on SvcRepair.
  • You will see a log open up, Copy the entire log and Paste it into your next reply.
  • Then run FSS again with all the boxes checked and post the log.
 
Joined
May 7, 2011
Messages
14,142
Double click on the attachment and save it to your desktop. Extract the contents of the zip file and then double click on the .reg file, accept all the prompts to allow it to run.

Please then reboot the PC and run the Farbar Service Scanner you used earlier and post the new log.
 

Attachments

rem_2007

Thread Starter
Joined
Nov 21, 2007
Messages
63
Hi, here are the logs :
Log Opened: 2013-01-03 @ 22:55:19
22:55:19 - -----------------
22:55:19 - | Begin Logging |
22:55:19 - -----------------
22:55:19 - Fix started on a WIN_XP X86 computer
22:55:19 - Prep in progress. Please Wait.
22:55:23 - Prep complete
22:55:23 - Repairing Services Now. Please wait...

The operation completed successfully
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\XP\BITS.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Enum>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS>

SetACL finished successfully.

The operation completed successfully
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\XP\SharedAccess.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Enum>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Setup>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Epoch>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess>

SetACL finished successfully.

The operation completed successfully
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\XP\wscsvc.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Enum>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc>

SetACL finished successfully.

The operation completed successfully
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\XP\wuauserv.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Enum>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv>

SetACL finished successfully.
22:55:26 - Services Repair Complete.
22:55:45 - Reboot Initiated

Farbar Service Scanner Version: 23-12-2012
Ran by Alma (administrator) on 03-01-2013 at 23:02:03
Running from "C:\Documents and Settings\Alma\Desktop"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is OK.
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.

winmgmt Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open winmgmt registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open winmgmt registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open winmgmt registry key. The service key does not exist.
Checking LEGACY_winmgmt: ATTENTION!=====> Unable to open LEGACY_winmgmt\0000 registry key. The key does not exist.


Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.

winmgmt Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open winmgmt registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open winmgmt registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open winmgmt registry key. The service key does not exist.
Checking LEGACY_winmgmt: ATTENTION!=====> Unable to open LEGACY_winmgmt\0000 registry key. The key does not exist.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4) WSIMD(8)
0x0900000005000000010000000200000003000000040000000A00000007000000080000000C000000
IpSec Tag value is correct.

**** End of log ****


the last log after running winmgmt:

Farbar Service Scanner Version: 23-12-2012
Ran by Alma (administrator) on 03-01-2013 at 23:12:23
Running from "C:\Documents and Settings\Alma\Desktop"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is OK.
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.

winmgmt Service is not running. Checking service configuration:
The start type of winmgmt service is OK.
The ImagePath of winmgmt service is OK.
The ServiceDll of winmgmt service is OK.
Checking LEGACY_winmgmt: ATTENTION!=====> Unable to open LEGACY_winmgmt\0000 registry key. The key does not exist.


Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.

winmgmt Service is not running. Checking service configuration:
The start type of winmgmt service is OK.
The ImagePath of winmgmt service is OK.
The ServiceDll of winmgmt service is OK.
Checking LEGACY_winmgmt: ATTENTION!=====> Unable to open LEGACY_winmgmt\0000 registry key. The key does not exist.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4) WSIMD(8)
0x0900000005000000010000000200000003000000040000000A00000007000000080000000C000000
IpSec Tag value is correct.

**** End of log ****
 
Joined
May 7, 2011
Messages
14,142
That's weird, I edited post 7 to read as post 8 does as I realized just after posting it that the Services Repair did not repair the missing key, no harm done though.

There is another related key to replace, do the same again with the attachment, reboot and do another scan with FSS and post the log.
 

Attachments

rem_2007

Thread Starter
Joined
Nov 21, 2007
Messages
63
Hi Mark, no problem, weird things are happening to me all the time.
Here is the last scan:
Farbar Service Scanner Version: 23-12-2012
Ran by Alma (administrator) on 04-01-2013 at 08:40:03
Running from "C:\Documents and Settings\Alma\Desktop"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is OK.
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.

winmgmt Service is not running. Checking service configuration:
The start type of winmgmt service is OK.
The ImagePath of winmgmt service is OK.
The ServiceDll of winmgmt service is OK.


Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.

winmgmt Service is not running. Checking service configuration:
The start type of winmgmt service is OK.
The ImagePath of winmgmt service is OK.
The ServiceDll of winmgmt service is OK.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4) WSIMD(8)
0x0900000005000000010000000200000003000000040000000A00000007000000080000000C000000
IpSec Tag value is correct.

**** End of log ****
 
Joined
May 7, 2011
Messages
14,142
The services are now repaired, but not running.

Download this and save it to the desktop: Windows Repair

Close your browser and any running programs, double click on the Tweaking icon to run the tool. When the program opens click on the Step 4 tab. Under System Restore click on Create and wait for the confirmation to appear just below the button.

When complete click on the tab Start Repairs, click on the Start button. Then click on Unselect All and tick the boxes next to the following items only.

Set Windows Services To Default Startup

When done click on the Start button and leave it undisturbed until complete.

Once done, reboot the system and run FSS again and post the new log.
 

rem_2007

Thread Starter
Joined
Nov 21, 2007
Messages
63
Hi, better to ask you:
I went to the link you sent me and i downloaded: tweaking.com_windows_repair_aio_setup
This program wants an installation and I am having trouble finding step 4 tab.
should I install first?
Thank you.
 
Joined
May 7, 2011
Messages
14,142
Not quite sure where you have a problem with this, when you run the program you should see a welcome message, a row of tabs 1 to 4 and Startup Repair.
 

rem_2007

Thread Starter
Joined
Nov 21, 2007
Messages
63
Ok now, I installed it and I have the tabs
here is the log:
Farbar Service Scanner Version: 23-12-2012
Ran by Alma (administrator) on 04-01-2013 at 12:33:24
Running from "C:\Documents and Settings\Alma\Desktop"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is OK.
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.

winmgmt Service is not running. Checking service configuration:
The start type of winmgmt service is OK.
The ImagePath of winmgmt service is OK.
The ServiceDll of winmgmt service is OK.


Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.

winmgmt Service is not running. Checking service configuration:
The start type of winmgmt service is OK.
The ImagePath of winmgmt service is OK.
The ServiceDll of winmgmt service is OK.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4) WSIMD(8)
0x0900000005000000010000000200000003000000040000000A00000007000000080000000C000000
IpSec Tag value is correct.

**** End of log ****
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Top