Solved Beat Window Repair! Stuck with Random Sound, Google Redirect virus & script errors

Status
Not open for further replies.
C

carlsbad

Posts: 24   +0
Computer running xp was able to shut down Windows Repair Virus, but was let with several other problems. Now I have a Random Sound Virus, a Google Redirect Virus and Internet Explorer script errors. Malwarebites shut down the Windows Repair Virus, but doesn't stop the others. Also tried Ad Adware and Microsoft Security Essentials. Looks like it keeps disabling MS Essesntials. Hijack this sees nothing. What can I do?
 
Welcome aboard
yahooo.gif


Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 
requested logs...

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6364

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

4/14/2011 4:53:02 PM
mbam-log-2011-04-14 (16-53-02).txt

Scan type: Full scan (C:\|)
Objects scanned: 204851
Time elapsed: 29 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 
logs

GMER 1.0.15.15570 - http://www.gmer.net
Rootkit scan 2011-04-14 21:18:19
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD800AAJS-60WAA0 rev.58.01D58
Running: 3235yf8f.exe; Driver: C:\DOCUME~1\Parent\LOCALS~1\Temp\awkyykoc.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xEEC4E9CA]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xEECA3A68]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xEEC6EAF5]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xEEC50EAC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xEEC50F04]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xEEC5101A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xEEC6E4A9]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xEEC50E02]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xEEC50F54]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xEEC50E56]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xEEC50FC8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xEEC4E9EE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xEEC6F1BB]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xEEC6F471]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xEEC5129E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xEEC6F026]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xEEC6EE91]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xEECA3B18]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xEEC4E7B8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xEEC4EA12]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xEEC51412]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xEEC4F4AA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xEEC50EDC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xEEC50F2C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xEEC51044]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xEEC6E805]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xEEC50E2E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xEEC510D6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xEEC50F94]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xEEC50E84]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xEEC511BA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xEEC50FF2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xEECA3BB0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xEEC6ED0C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xEEC4F370]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xEEC6EB5E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xEECABE26]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xEEC6DB1C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xEEC4EA36]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xEEC4EA5A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xEEC4E812]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xEEC4E94E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xEEC6F2C2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xEEC4E92A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xEEC4E972]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xEEC4EA7E]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xEECB88DE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2390 80501BC8 4 Bytes JMP A2850A91
.text ntkrnlpa.exe!ZwCallbackReturn + 23D0 80501C08 4 Bytes JMP ABCEEEC6
.text ntkrnlpa.exe!ZwCallbackReturn + 2460 80501C98 4 Bytes JMP 3EDF0B61
.text ntkrnlpa.exe!ZwCallbackReturn + 2520 80501D58 4 Bytes JMP F14CEEC4
.text ntkrnlpa.exe!ZwCallbackReturn + 2548 80501D80 8 Bytes CALL 8E7F0C4B
.text ...
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 8059B832 4 Bytes CALL EEC4FE25 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805B1CE0 5 Bytes JMP EECB429E \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 805B8B58 5 Bytes JMP EECB5D38 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805C73EA 7 Bytes JMP EECB88E2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
INITc VolSnap.sys F7689BD1 3 Bytes [69, 53, 80]
INITc VolSnap.sys F7689BF8 4 Bytes [32, 8F, 4F, 80]
INITc VolSnap.sys F7689C20 4 Bytes [B0, 9B, 4F, 80]
INITc VolSnap.sys F7689C48 4 Bytes [9C, DF, 4F, 80] {PUSHF ; FISTTP WORD [EDI-0x80]}
INITc VolSnap.sys F7689C70 4 Bytes [E6, 95, 4F, 80]
INITc ...
? c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{807DAD6B-20F4-490D-8D24-D045AC1C9AC8}\MpKsla456af21.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[272] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe[492] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00090030
.text C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe[492] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0009006C
.text C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe[492] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002D01D4
.text C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe[492] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002D00E4
.text C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe[492] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002D0120
.text C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe[492] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002D015C
.text C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe[492] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002D0198
.text C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe[492] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002D0030
.text C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe[492] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002D006C
.text C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe[492] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002D00A8
.text C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe[492] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002E00E4
.text C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe[492] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002E0120
.text C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe[492] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002E00A8
.text C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe[492] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002E0030
.text C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe[492] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002E006C
.text C:\WINDOWS\system32\winlogon.exe[976] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00070030
.text C:\WINDOWS\system32\winlogon.exe[976] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0007006C
.text C:\WINDOWS\system32\winlogon.exe[976] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B01D4
.text C:\WINDOWS\system32\winlogon.exe[976] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B00E4
.text C:\WINDOWS\system32\winlogon.exe[976] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0120
.text C:\WINDOWS\system32\winlogon.exe[976] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B015C
.text C:\WINDOWS\system32\winlogon.exe[976] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0198
.text C:\WINDOWS\system32\winlogon.exe[976] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B0030
.text C:\WINDOWS\system32\winlogon.exe[976] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B006C
.text C:\WINDOWS\system32\winlogon.exe[976] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B00A8
.text C:\WINDOWS\system32\winlogon.exe[976] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C00E4
.text C:\WINDOWS\system32\winlogon.exe[976] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0120
.text C:\WINDOWS\system32\winlogon.exe[976] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C00A8
.text C:\WINDOWS\system32\winlogon.exe[976] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C0030
.text C:\WINDOWS\system32\winlogon.exe[976] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C006C
.text C:\WINDOWS\system32\services.exe[1020] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00090030
.text C:\WINDOWS\system32\services.exe[1020] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\services.exe[1020] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003201D4
.text C:\WINDOWS\system32\services.exe[1020] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003200E4
.text C:\WINDOWS\system32\services.exe[1020] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00320120
.text C:\WINDOWS\system32\services.exe[1020] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 0032015C
.text C:\WINDOWS\system32\services.exe[1020] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00320198
.text C:\WINDOWS\system32\services.exe[1020] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00320030
.text C:\WINDOWS\system32\services.exe[1020] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0032006C
.text C:\WINDOWS\system32\services.exe[1020] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003200A8
.text C:\WINDOWS\system32\services.exe[1020] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003300E4
.text C:\WINDOWS\system32\services.exe[1020] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00330120
.text C:\WINDOWS\system32\services.exe[1020] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003300A8
.text C:\WINDOWS\system32\services.exe[1020] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00330030
.text C:\WINDOWS\system32\services.exe[1020] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 0033006C
.text C:\WINDOWS\system32\lsass.exe[1032] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00090030
.text C:\WINDOWS\system32\lsass.exe[1032] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\lsass.exe[1032] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B01D4
.text C:\WINDOWS\system32\lsass.exe[1032] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B00E4
.text C:\WINDOWS\system32\lsass.exe[1032] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0120
.text C:\WINDOWS\system32\lsass.exe[1032] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B015C
.text C:\WINDOWS\system32\lsass.exe[1032] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0198
.text C:\WINDOWS\system32\lsass.exe[1032] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B0030
.text C:\WINDOWS\system32\lsass.exe[1032] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B006C
.text C:\WINDOWS\system32\lsass.exe[1032] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B00A8
.text C:\WINDOWS\system32\lsass.exe[1032] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C00E4
.text C:\WINDOWS\system32\lsass.exe[1032] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0120
.text C:\WINDOWS\system32\lsass.exe[1032] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C00A8
.text C:\WINDOWS\system32\lsass.exe[1032] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C0030
.text C:\WINDOWS\system32\lsass.exe[1032] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C006C
.text C:\WINDOWS\system32\spoolsv.exe[1096] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00090030
.text C:\WINDOWS\system32\spoolsv.exe[1096] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\spoolsv.exe[1096] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B01D4
.text C:\WINDOWS\system32\spoolsv.exe[1096] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B00E4
.text C:\WINDOWS\system32\spoolsv.exe[1096] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0120
.text C:\WINDOWS\system32\spoolsv.exe[1096] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B015C
.text C:\WINDOWS\system32\spoolsv.exe[1096] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0198
.text C:\WINDOWS\system32\spoolsv.exe[1096] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B0030
.text C:\WINDOWS\system32\spoolsv.exe[1096] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B006C
.text C:\WINDOWS\system32\spoolsv.exe[1096] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B00A8
.text C:\WINDOWS\system32\spoolsv.exe[1096] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C00E4
.text C:\WINDOWS\system32\spoolsv.exe[1096] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0120
.text C:\WINDOWS\system32\spoolsv.exe[1096] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C00A8
.text C:\WINDOWS\system32\spoolsv.exe[1096] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C0030
.text C:\WINDOWS\system32\spoolsv.exe[1096] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C006C
.text C:\WINDOWS\system32\Ati2evxx.exe[1200] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00140030
.text C:\WINDOWS\system32\Ati2evxx.exe[1200] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0014006C
.text C:\WINDOWS\system32\Ati2evxx.exe[1200] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003800E4
.text C:\WINDOWS\system32\Ati2evxx.exe[1200] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380120
.text C:\WINDOWS\system32\Ati2evxx.exe[1200] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003800A8
.text C:\WINDOWS\system32\Ati2evxx.exe[1200] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00380030
.text C:\WINDOWS\system32\Ati2evxx.exe[1200] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 0038006C
.text C:\WINDOWS\system32\Ati2evxx.exe[1200] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003901D4
.text C:\WINDOWS\system32\Ati2evxx.exe[1200] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003900E4
.text C:\WINDOWS\system32\Ati2evxx.exe[1200] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390120
.text C:\WINDOWS\system32\Ati2evxx.exe[1200] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 0039015C
.text C:\WINDOWS\system32\Ati2evxx.exe[1200] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390198
.text C:\WINDOWS\system32\Ati2evxx.exe[1200] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00390030
.text C:\WINDOWS\system32\Ati2evxx.exe[1200] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0039006C
.text C:\WINDOWS\system32\Ati2evxx.exe[1200] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003900A8
.text C:\WINDOWS\system32\svchost.exe[1224] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00090030
.text C:\WINDOWS\system32\svchost.exe[1224] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\svchost.exe[1224] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B01D4
.text C:\WINDOWS\system32\svchost.exe[1224] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B00E4
.text C:\WINDOWS\system32\svchost.exe[1224] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0120
.text C:\WINDOWS\system32\svchost.exe[1224] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B015C
.text C:\WINDOWS\system32\svchost.exe[1224] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0198
.text C:\WINDOWS\system32\svchost.exe[1224] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B0030
.text C:\WINDOWS\system32\svchost.exe[1224] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B006C
.text C:\WINDOWS\system32\svchost.exe[1224] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B00A8
.text C:\WINDOWS\system32\svchost.exe[1224] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C00E4
.text C:\WINDOWS\system32\svchost.exe[1224] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0120
.text C:\WINDOWS\system32\svchost.exe[1224] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C00A8
.text C:\WINDOWS\system32\svchost.exe[1224] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C0030
.text C:\WINDOWS\system32\svchost.exe[1224] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C006C
.text C:\WINDOWS\system32\svchost.exe[1272] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00090030
.text C:\WINDOWS\system32\svchost.exe[1272] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\svchost.exe[1272] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B01D4
.text C:\WINDOWS\system32\svchost.exe[1272] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B00E4
.text C:\WINDOWS\system32\svchost.exe[1272] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0120
.text C:\WINDOWS\system32\svchost.exe[1272] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B015C
.text C:\WINDOWS\system32\svchost.exe[1272] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0198
.text C:\WINDOWS\system32\svchost.exe[1272] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B0030
.text C:\WINDOWS\system32\svchost.exe[1272] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B006C
.text C:\WINDOWS\system32\svchost.exe[1272] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B00A8
.text C:\WINDOWS\system32\svchost.exe[1272] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C00E4
.text C:\WINDOWS\system32\svchost.exe[1272] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0120
.text C:\WINDOWS\system32\svchost.exe[1272] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C00A8
.text C:\WINDOWS\system32\svchost.exe[1272] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C0030
.text C:\WINDOWS\system32\svchost.exe[1272] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C006C
.text c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1308] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00090030
.text c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1308] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0009006C
.text c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1308] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003600E4
.text c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1308] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00360120
.text c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1308] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003600A8
.text c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1308] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00360030
.text c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1308] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 0036006C
.text c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1308] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003701D4
.text c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1308] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003700E4
.text c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1308] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00370120
.text c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1308] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 0037015C
.text c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1308] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00370198
.text c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1308] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00370030
.text c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1308] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0037006C
.text c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1308] ADVAPI32.dll!DeleteService
 
log continued

77E374B1 5 Bytes JMP 003700A8
.text C:\WINDOWS\System32\svchost.exe[1348] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00090030
.text C:\WINDOWS\System32\svchost.exe[1348] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0009006C
.text C:\WINDOWS\System32\svchost.exe[1348] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B01D4
.text C:\WINDOWS\System32\svchost.exe[1348] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B00E4
.text C:\WINDOWS\System32\svchost.exe[1348] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0120
.text C:\WINDOWS\System32\svchost.exe[1348] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B015C
.text C:\WINDOWS\System32\svchost.exe[1348] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0198
.text C:\WINDOWS\System32\svchost.exe[1348] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B0030
.text C:\WINDOWS\System32\svchost.exe[1348] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B006C
.text C:\WINDOWS\System32\svchost.exe[1348] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B00A8
.text C:\WINDOWS\System32\svchost.exe[1348] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C00E4
.text C:\WINDOWS\System32\svchost.exe[1348] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0120
.text C:\WINDOWS\System32\svchost.exe[1348] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C00A8
.text C:\WINDOWS\System32\svchost.exe[1348] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C0030
.text C:\WINDOWS\System32\svchost.exe[1348] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C006C
.text C:\WINDOWS\system32\svchost.exe[1468] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00090030
.text C:\WINDOWS\system32\svchost.exe[1468] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\svchost.exe[1468] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B01D4
.text C:\WINDOWS\system32\svchost.exe[1468] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B00E4
.text C:\WINDOWS\system32\svchost.exe[1468] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0120
.text C:\WINDOWS\system32\svchost.exe[1468] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B015C
.text C:\WINDOWS\system32\svchost.exe[1468] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0198
.text C:\WINDOWS\system32\svchost.exe[1468] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B0030
.text C:\WINDOWS\system32\svchost.exe[1468] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B006C
.text C:\WINDOWS\system32\svchost.exe[1468] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B00A8
.text C:\WINDOWS\system32\svchost.exe[1468] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C00E4
.text C:\WINDOWS\system32\svchost.exe[1468] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0120
.text C:\WINDOWS\system32\svchost.exe[1468] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C00A8
.text C:\WINDOWS\system32\svchost.exe[1468] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C0030
.text C:\WINDOWS\system32\svchost.exe[1468] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C006C
.text C:\WINDOWS\system32\svchost.exe[1592] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00090030
.text C:\WINDOWS\system32\svchost.exe[1592] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\svchost.exe[1592] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B01D4
.text C:\WINDOWS\system32\svchost.exe[1592] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B00E4
.text C:\WINDOWS\system32\svchost.exe[1592] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0120
.text C:\WINDOWS\system32\svchost.exe[1592] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B015C
.text C:\WINDOWS\system32\svchost.exe[1592] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0198
.text C:\WINDOWS\system32\svchost.exe[1592] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B0030
.text C:\WINDOWS\system32\svchost.exe[1592] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B006C
.text C:\WINDOWS\system32\svchost.exe[1592] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B00A8
.text C:\WINDOWS\system32\svchost.exe[1592] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C00E4
.text C:\WINDOWS\system32\svchost.exe[1592] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0120
.text C:\WINDOWS\system32\svchost.exe[1592] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C00A8
.text C:\WINDOWS\system32\svchost.exe[1592] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C0030
.text C:\WINDOWS\system32\svchost.exe[1592] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C006C
.text C:\WINDOWS\system32\Ati2evxx.exe[1696] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00140030
.text C:\WINDOWS\system32\Ati2evxx.exe[1696] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0014006C
.text C:\WINDOWS\system32\Ati2evxx.exe[1696] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003800E4
.text C:\WINDOWS\system32\Ati2evxx.exe[1696] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380120
.text C:\WINDOWS\system32\Ati2evxx.exe[1696] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003800A8
.text C:\WINDOWS\system32\Ati2evxx.exe[1696] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00380030
.text C:\WINDOWS\system32\Ati2evxx.exe[1696] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 0038006C
.text C:\WINDOWS\system32\Ati2evxx.exe[1696] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003901D4
.text C:\WINDOWS\system32\Ati2evxx.exe[1696] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003900E4
.text C:\WINDOWS\system32\Ati2evxx.exe[1696] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390120
.text C:\WINDOWS\system32\Ati2evxx.exe[1696] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 0039015C
.text C:\WINDOWS\system32\Ati2evxx.exe[1696] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390198
.text C:\WINDOWS\system32\Ati2evxx.exe[1696] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00390030
.text C:\WINDOWS\system32\Ati2evxx.exe[1696] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0039006C
.text C:\WINDOWS\system32\Ati2evxx.exe[1696] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003900A8
.text C:\WINDOWS\Explorer.EXE[1816] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00090030
.text C:\WINDOWS\Explorer.EXE[1816] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0009006C
.text C:\WINDOWS\Explorer.EXE[1816] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003B01D4
.text C:\WINDOWS\Explorer.EXE[1816] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003B00E4
.text C:\WINDOWS\Explorer.EXE[1816] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003B0120
.text C:\WINDOWS\Explorer.EXE[1816] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003B015C
.text C:\WINDOWS\Explorer.EXE[1816] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003B0198
.text C:\WINDOWS\Explorer.EXE[1816] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003B0030
.text C:\WINDOWS\Explorer.EXE[1816] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003B006C
.text C:\WINDOWS\Explorer.EXE[1816] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003B00A8
.text C:\WINDOWS\Explorer.EXE[1816] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003C00E4
.text C:\WINDOWS\Explorer.EXE[1816] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003C0120
.text C:\WINDOWS\Explorer.EXE[1816] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003C00A8
.text C:\WINDOWS\Explorer.EXE[1816] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003C0030
.text C:\WINDOWS\Explorer.EXE[1816] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003C006C
.text C:\WINDOWS\Explorer.EXE[1816] WININET.dll!HttpAddRequestHeadersA 3D94CF46 5 Bytes JMP 009D164F
.text C:\WINDOWS\Explorer.EXE[1816] WININET.dll!HttpAddRequestHeadersW 3D94FE49 5 Bytes JMP 009D1817
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2164] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00150030
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2164] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0015006C
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2164] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003901D4
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2164] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003900E4
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2164] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390120
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2164] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 0039015C
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2164] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390198
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2164] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00390030
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2164] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0039006C
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2164] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003900A8
.text C:\WINDOWS\system32\svchost.exe[2180] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00090030
.text C:\WINDOWS\system32\svchost.exe[2180] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\svchost.exe[2180] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B01D4
.text C:\WINDOWS\system32\svchost.exe[2180] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B00E4
.text C:\WINDOWS\system32\svchost.exe[2180] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0120
.text C:\WINDOWS\system32\svchost.exe[2180] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B015C
.text C:\WINDOWS\system32\svchost.exe[2180] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0198
.text C:\WINDOWS\system32\svchost.exe[2180] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B0030
.text C:\WINDOWS\system32\svchost.exe[2180] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B006C
.text C:\WINDOWS\system32\svchost.exe[2180] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B00A8
.text C:\WINDOWS\system32\svchost.exe[2180] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C00E4
.text C:\WINDOWS\system32\svchost.exe[2180] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0120
.text C:\WINDOWS\system32\svchost.exe[2180] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C00A8
.text C:\WINDOWS\system32\svchost.exe[2180] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C0030
.text C:\WINDOWS\system32\svchost.exe[2180] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C006C
.text C:\WINDOWS\system32\svchost.exe[2340] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00090030
.text C:\WINDOWS\system32\svchost.exe[2340] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\svchost.exe[2340] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B01D4
.text C:\WINDOWS\system32\svchost.exe[2340] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B00E4
.text C:\WINDOWS\system32\svchost.exe[2340] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0120
.text C:\WINDOWS\system32\svchost.exe[2340] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B015C
.text C:\WINDOWS\system32\svchost.exe[2340] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0198
.text C:\WINDOWS\system32\svchost.exe[2340] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B0030
.text C:\WINDOWS\system32\svchost.exe[2340] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B006C
.text C:\WINDOWS\system32\svchost.exe[2340] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B00A8
.text C:\WINDOWS\system32\svchost.exe[2340] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C00E4
.text C:\WINDOWS\system32\svchost.exe[2340] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0120
.text C:\WINDOWS\system32\svchost.exe[2340] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C00A8
.text C:\WINDOWS\system32\svchost.exe[2340] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C0030
.text C:\WINDOWS\system32\svchost.exe[2340] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C006C
.text C:\Program Files\Java\jre6\bin\jqs.exe[2384] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00150030
.text C:\Program Files\Java\jre6\bin\jqs.exe[2384] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0015006C
.text C:\Program Files\Java\jre6\bin\jqs.exe[2384] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003901D4
.text C:\Program Files\Java\jre6\bin\jqs.exe[2384] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003900E4
.text C:\Program Files\Java\jre6\bin\jqs.exe[2384] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390120
.text C:\Program Files\Java\jre6\bin\jqs.exe[2384] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 0039015C
.text C:\Program Files\Java\jre6\bin\jqs.exe[2384] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390198
.text C:\Program Files\Java\jre6\bin\jqs.exe[2384] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00390030
.text C:\Program Files\Java\jre6\bin\jqs.exe[2384] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0039006C
.text C:\Program Files\Java\jre6\bin\jqs.exe[2384] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003900A8
.text C:\Program Files\Java\jre6\bin\jqs.exe[2384] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A00E4
.text C:\Program Files\Java\jre6\bin\jqs.exe[2384] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0120
.text C:\Program Files\Java\jre6\bin\jqs.exe[2384] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A00A8
.text C:\Program Files\Java\jre6\bin\jqs.exe[2384] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A0030
.text C:\Program Files\Java\jre6\bin\jqs.exe[2384] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A006C
.text C:\WINDOWS\system32\wuauclt.exe[2468] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 000A0030
.text C:\WINDOWS\system32\wuauclt.exe[2468] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 000A006C
.text C:\WINDOWS\system32\wuauclt.exe[2468] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C01D4
.text C:\WINDOWS\system32\wuauclt.exe[2468] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C00E4
.text C:\WINDOWS\system32\wuauclt.exe[2468] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0120
.text C:\WINDOWS\system32\wuauclt.exe[2468] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C015C
.text C:\WINDOWS\system32\wuauclt.exe[2468] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0198
.text C:\WINDOWS\system32\wuauclt.exe[2468] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C0030
.text C:\WINDOWS\system32\wuauclt.exe[2468] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C006C
.text C:\WINDOWS\system32\wuauclt.exe[2468] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C00A8
.text C:\WINDOWS\system32\wuauclt.exe[2468] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D00E4
.text C:\WINDOWS\system32\wuauclt.exe[2468] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0120
.text C:\WINDOWS\system32\wuauclt.exe[2468] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D00A8
.text C:\WINDOWS\system32\wuauclt.exe[2468] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D0030
.text C:\WINDOWS\system32\wuauclt.exe[2468] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D006C
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2504] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00090030
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2504] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0009006C
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2504] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002D01D4
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2504] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002D00E4
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2504] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002D0120
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2504] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002D015C
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2504] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002D0198
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2504] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002D0030
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2504] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002D006C
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2504] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002D00A8
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2504] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002E00E4
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2504] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002E0120
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2504] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002E00A8
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2504] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002E0030
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2504] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002E006C
.text C:\WINDOWS\system32\svchost.exe[2692] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00090030
.text C:\WINDOWS\system32\svchost.exe[2692] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\svchost.exe[2692] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B01D4
.text C:\WINDOWS\system32\svchost.exe[2692] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B00E4
.text C:\WINDOWS\system32\svchost.exe[2692] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0120
.text C:\WINDOWS\system32\svchost.exe[2692] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B015C
.text C:\WINDOWS\system32\svchost.exe[2692] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0198
.text C:\WINDOWS\system32\svchost.exe[2692] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B0030
.text C:\WINDOWS\system32\svchost.exe[2692] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B006C
.text C:\WINDOWS\system32\svchost.exe[2692] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B00A8
.text C:\WINDOWS\system32\svchost.exe[2692] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C00E4
.text C:\WINDOWS\system32\svchost.exe[2692] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0120
.text C:\WINDOWS\system32\svchost.exe[2692] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C00A8
.text C:\WINDOWS\system32\svchost.exe[2692] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C0030
.text C:\WINDOWS\system32\svchost.exe[2692] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C006C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2720] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00080030
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2720] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0008006C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2720] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C01D4
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2720] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C00E4
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2720] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0120
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2720] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C015C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2720] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0198
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2720] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C0030
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2720] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C006C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2720] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C00A8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2720] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D00E4
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2720] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0120
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2720] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D00A8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2720] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D0030
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2720] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D006C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3204] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00080030
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3204] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0008006C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3204] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C01D4
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3204] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C00E4
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3204] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0120
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3204] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C015C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3204] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0198
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3204] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C0030
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3204] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C006C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3204] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C00A8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3204] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D00E4
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3204] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0120
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3204] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D00A8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3204] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D0030
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3204] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D006C
.text C:\WINDOWS\System32\alg.exe[3468] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00090030
.text C:\WINDOWS\System32\alg.exe[3468] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0009006C
.text C:\WINDOWS\System32\alg.exe[3468] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002B00E4
.text C:\WINDOWS\System32\alg.exe[3468] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002B0120
.text C:\WINDOWS\System32\alg.exe[3468] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002B00A8
.text C:\WINDOWS\System32\alg.exe[3468] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002B0030
.text C:\WINDOWS\System32\alg.exe[3468] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002B006C
.text C:\WINDOWS\System32\alg.exe[3468] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C01D4
.text C:\WINDOWS\System32\alg.exe[3468] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C00E4
.text C:\WINDOWS\System32\alg.exe[3468] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0120
.text C:\WINDOWS\System32\alg.exe[3468] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C015C
.text C:\WINDOWS\System32\alg.exe[3468] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0198
.text C:\WINDOWS\System32\alg.exe[3468] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C0030
.text C:\WINDOWS\System32\alg.exe[3468] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C006C
.text C:\WINDOWS\System32\alg.exe[3468] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C00A8

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[1020] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00650002
IAT C:\WINDOWS\system32\services.exe[1020] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00650000

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- Threads - GMER 1.0.15 ----

Thread System [4:128] 84CFCE84
Thread System [4:132] 84CFF084

---- EOF - GMER 1.0.15 ----
 
log

.
==== Installed Programs ======================
.
Ad-Aware
Adobe Flash Player 10 ActiveX
Adobe Flash Player Plugin
Adobe Reader 8.2.6
Adobe Shockwave Player 11.5
Agere Systems PCI-SV92PP Soft Modem
ALT Access
Apple Software Update
Arthur's 1st Grade
Arthur's Camping Adventure
Arthur's Kindergarten
Arthur's Math Games
Arthur's Reading Games
Arthur's Reading Race
Arthur's Thinking Games
ATI Display Driver
avast! Free Antivirus
Bots of Fun - 10 Great Robots Games!
BufferChm
CustomerResearchQFolder
D4200
D4200_Help
DeviceDiscovery
DeviceManagementQFolder
dj_sf_ProductContext
dj_sf_software
dj_sf_software_req
Dora's World Adventure
Dora Backpack
eSupportQFolder
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
High Definition Audio Driver Package - KB888111
HiJackThis
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB981793)
HP Customer Participation Program 9.0
HP Deskjet Printer Driver Software 9.0
HP Imaging Device Functions 9.0
HP Photosmart Essential 2.01
HP Photosmart Essential2.01
HP Smart Web Printing
HP Solution Center 9.0
HP Update
HPProductAssistant
HPSSupply
Instant Wireless Compact USB Adapter Configuration Utility
J2SE Runtime Environment 5.0 Update 12
Java 2 Runtime Environment, SE v1.4.2_07
Java Auto Updater
Java(TM) 6 Update 2
Java(TM) 6 Update 23
Julie Saves the Eagles (remove only)
JumpStart Advanced Kindergarten
Local Website Archive 3.1.1
Macromedia Shockwave Player
Malwarebytes' Anti-Malware
MarketResearch
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Default Manager
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Search Enhancement Pack
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
MSN Toolbar
MSN Toolbar Platform
MyDSC2
Norton Security Scan
PanoStandAlone
PSSWCORE
QuickTime
Rainbow Fish
Reader Rabbit Personalized 2nd Grade
RealPlayer
Realtek High Definition Audio Driver
Scooby-Doo(TM), Jinx At The Sphinx(TM)
Scooby-Doo(TM), Phantom of the Knight(TM)
Scooby-Doo(TM), Showdown in Ghost Town(TM)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981349)
Slot Car Racing
SolutionCenter
Status
Toolbox
Toy Story 2 Activity Center
TrayApp
Unity Web Player
UnloadSupport
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VideoToolkit01
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual C++ 8.0 x86 Runtime Setup Package
WebFldrs XP
WebReg
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live ID Sign-in Assistant
Windows Live installer
Windows Live Mail
Windows Live OneCare safety scanner
Windows XP Service Pack 3
.
==== End Of File ===========================
 
log

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Parent at 21:26:13.90 on Thu 04/14/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.5.0_12
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Parent\My Documents\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mSearchAssistant = hxxp://www.google.com/ie
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\smart web printing\hpswp_printenhancer.dll
BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\program files\hp\smart web printing\hpswp_framework.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [MSN Toolbar] "c:\program files\msn toolbar\platform\4.0.0417.0\mswinext.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6886.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1179847293578
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
Notify: AtiExtEvent - Ati2evxx.dll
LSA: Notification Packages = :\WINDOW scecli
.
============= SERVICES / DRIVERS ===============
.
R? gupdate;Google Update Service (gupdate)
R? Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service
R? Lavasoft Kernexplorer;Lavasoft helper driver
R? MfeRKDK;McAfee Inc. MfeRKDK
R? MpKsl0880951c;MpKsl0880951c
R? MpKsl220bf6b1;MpKsl220bf6b1
R? MpKsl410b4a1e;MpKsl410b4a1e
R? MpKsl4ad2c2ce;MpKsl4ad2c2ce
R? MpKsl60c5c3e1;MpKsl60c5c3e1
R? MpKsl8efd0456;MpKsl8efd0456
R? MpKsld1cd1d70;MpKsld1cd1d70
R? WUSB12;Instant Wireless Compact USB Adapter Driver
R? ZULNDSHL;ZULNDSHL
S? aswFsBlk;aswFsBlk
S? aswSnx;aswSnx
S? aswSP;aswSP
S? avast! Antivirus;avast! Antivirus
S? Lbd;Lbd
S? MpFilter;Microsoft Malware Protection Driver
S? MpKsla456af21;MpKsla456af21
S? MpKsle4db42a4;MpKsle4db42a4
.
=============== Created Last 30 ================
.
2011-04-14 23:18:16 28752 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{207f9b5b-0264-4697-9f6a-0ca78606f33a}\MpKsle4db42a4.sys
2011-04-14 23:17:51 6792528 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{207f9b5b-0264-4697-9f6a-0ca78606f33a}\mpengine.dll
2011-04-14 18:52:50 -------- d-----w- c:\program files\common files\Symantec Shared
2011-04-14 16:51:24 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-04-14 16:50:38 40648 ----a-w- c:\windows\avastSS.scr
2011-04-14 16:50:18 -------- d-----w- c:\program files\AVAST Software
2011-04-14 16:50:18 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVAST Software
2011-04-12 21:15:31 388096 ----a-r- c:\docume~1\parent\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-04-04 11:17:25 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-04-04 04:06:55 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-04-04 04:06:42 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-04-04 04:00:07 -------- d-----w- c:\docume~1\parent\locals~1\applic~1\Sunbelt Software
2011-04-04 03:44:38 -------- dc-h--w- c:\docume~1\alluse~1\applic~1\{6A395471-4AA3-4072-AE1B-9B69A97AD164}
2011-04-04 03:42:39 -------- d-----w- c:\program files\Lavasoft
2011-04-03 22:10:54 6792528 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2011-04-03 22:04:29 -------- d-----w- c:\program files\Microsoft Security Client
2011-04-03 03:13:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-03 03:13:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-03 03:05:16 -------- d-----w- c:\documents and settings\all users\Uniblue
2011-04-02 22:03:52 -------- d--h--w- c:\docume~1\parent\locals~1\applic~1\PackageAware
2011-04-01 16:18:12 4224 ---ha-w- c:\windows\system32\beep.sys
2011-04-01 01:30:43 -------- d--h--w- C:\ca7a77c2a8b4afc14cc4c4
2011-04-01 01:19:36 -------- d--h--w- c:\windows\system32\GroupPolicy
2011-03-31 23:34:10 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-03-21 18:49:54 -------- d--h--w- c:\docume~1\parent\applic~1\Unity
2011-03-21 18:39:31 -------- d--h--w- c:\docume~1\parent\locals~1\applic~1\Unity
2011-03-21 18:32:49 1409 ---ha-w- c:\windows\QTFont.for
2011-03-21 18:32:04 -------- d--h--w- c:\program files\Blaster
2011-03-18 17:17:48 -------- d--h--w- c:\program files\Infogrames Interactive
.
==================== Find3M ====================
.
2011-01-23 20:15:47 73728 ---ha-w- c:\windows\system32\javacpl.cpl
2011-01-23 20:15:46 472808 ---ha-w- c:\windows\system32\deployJava1.dll
.
============= FINISH: 21:27:31.28 ===============
 
I can see two AV programs installed, Avast and Microsoft Security Essentials.
One of them has to go.
Your choice.

=================================================================

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

=================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
more logs

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 120):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806D0000 \WINDOWS\system32\hal.dll
0xF7B5E000 \WINDOWS\system32\KDCOM.DLL
0xF7A6E000 \WINDOWS\system32\BOOTVID.dll
0xF752F000 ACPI.sys
0xF7B60000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF751E000 pci.sys
0xF765E000 isapnp.sys
0xF7C26000 pciide.sys
0xF78DE000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF766E000 MountMgr.sys
0xF74FF000 ftdisk.sys
0xF7B62000 dmload.sys
0xF74D9000 dmio.sys
0xF78E6000 PartMgr.sys
0xF767E000 VolSnap.sys
0xF74C1000 atapi.sys
0xF768E000 disk.sys
0xF769E000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF74A1000 fltmgr.sys
0xF748F000 sr.sys
0xF76AE000 Lbd.sys
0xF7478000 KSecDD.sys
0xF73EB000 Ntfs.sys
0xF73BE000 NDIS.sys
0xF73A4000 Mup.sys
0xF6E73000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xF6E5F000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF6E35000 \SystemRoot\system32\DRIVERS\b57xp32.sys
0xF775E000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF776E000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF6E12000 \SystemRoot\system32\DRIVERS\ks.sys
0xF7946000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xF6DEE000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF794E000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF6DC6000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF777E000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF7956000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF795E000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF6DB2000 \SystemRoot\system32\DRIVERS\parport.sys
0xF778E000 \SystemRoot\system32\DRIVERS\serial.sys
0xF7B12000 \SystemRoot\system32\DRIVERS\serenum.sys
0xF7966000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF6C99000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0xF7BB6000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF796E000 \SystemRoot\System32\Drivers\Modem.SYS
0xF779E000 \SystemRoot\system32\DRIVERS\processr.sys
0xF7B1A000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0xF7D83000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF77AE000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7B2E000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF6C82000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF77BE000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF77CE000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF7976000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF6C71000 \SystemRoot\system32\DRIVERS\psched.sys
0xF77DE000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF797E000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7986000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF6C41000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF77EE000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7BC2000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF6BE3000 \SystemRoot\system32\DRIVERS\update.sys
0xF6FE7000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF781E000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF783E000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF1B54000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xF1A1A000 \SystemRoot\system32\drivers\portcls.sys
0xF774E000 \SystemRoot\system32\drivers\drmk.sys
0xED7FD000 \SystemRoot\system32\DRIVERS\LSWLUSB.sys
0xF7B94000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7CA6000 \SystemRoot\System32\Drivers\Null.SYS
0xF7B96000 \SystemRoot\System32\Drivers\Beep.SYS
0xEE2FE000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xEE2F6000 \SystemRoot\System32\drivers\vga.sys
0xED023000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xED021000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xEE2EE000 \SystemRoot\System32\Drivers\Msfs.SYS
0xEE2E6000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF0D4F000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xEC9E4000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xEC98B000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xED7ED000 \SystemRoot\System32\Drivers\aswTdi.SYS
0xEE629000 \SystemRoot\system32\drivers\mfetdik.sys
0xEC965000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xEC93D000 \SystemRoot\system32\DRIVERS\netbt.sys
0xEE2DE000 \SystemRoot\System32\Drivers\aswRdr.SYS
0xEC91B000 \SystemRoot\System32\drivers\afd.sys
0xEE619000 \SystemRoot\system32\DRIVERS\netbios.sys
0xEC8F0000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xEC880000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xEE31E000 \??\c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{207F9B5B-0264-4697-9F6A-0CA78606F33A}\MpKsle4db42a4.sys
0xEE699000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xEE689000 \SystemRoot\System32\Drivers\Fips.SYS
0xEF9E3000 \SystemRoot\System32\Drivers\aswSP.SYS
0xEF985000 \SystemRoot\System32\Drivers\aswSnx.SYS
0xEE41E000 \SystemRoot\System32\Drivers\Aavmker4.SYS
0xEF178000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xEC868000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xEED9C000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xECDD2000 \SystemRoot\System32\drivers\Dxapi.sys
0xEEA17000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7D60000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF054000 \SystemRoot\System32\ati2cqag.dll
0xBF08E000 \SystemRoot\System32\atikvmag.dll
0xBF0C4000 \SystemRoot\System32\ati3duag.dll
0xBF32B000 \SystemRoot\System32\ativvaxx.dll
0xECA23000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0xEE470000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB8799000 \SystemRoot\System32\Drivers\aswMon2.SYS
0xB857C000 \SystemRoot\system32\drivers\wdmaud.sys
0xF76EE000 \SystemRoot\system32\drivers\sysaudio.sys
0xB83BF000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xEF21C000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xB8228000 \SystemRoot\system32\DRIVERS\srv.sys
0xB7915000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 32):
0 System Idle Process
4 System
892 C:\WINDOWS\system32\smss.exe
948 csrss.exe
976 C:\WINDOWS\system32\winlogon.exe
1020 C:\WINDOWS\system32\services.exe
1032 C:\WINDOWS\system32\lsass.exe
1200 C:\WINDOWS\system32\ati2evxx.exe
1224 C:\WINDOWS\system32\svchost.exe
1272 svchost.exe
1348 C:\WINDOWS\system32\svchost.exe
1484 svchost.exe
1580 svchost.exe
1872 C:\WINDOWS\system32\ati2evxx.exe
2000 C:\Program Files\AVAST Software\Avast\AvastSvc.exe
256 C:\WINDOWS\explorer.exe
684 C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe
772 C:\Program Files\AVAST Software\Avast\AvastUI.exe
796 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
328 C:\WINDOWS\system32\spoolsv.exe
1164 svchost.exe
1656 C:\WINDOWS\system32\svchost.exe
1780 C:\Program Files\Java\jre6\bin\jqs.exe
2124 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
2400 C:\WINDOWS\system32\svchost.exe
2516 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2828 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
3368 alg.exe
3736 C:\WINDOWS\system32\wuauclt.exe
1588 C:\Program Files\Internet Explorer\iexplore.exe
2660 C:\Program Files\Internet Explorer\iexplore.exe
1036 C:\Documents and Settings\Parent\My Documents\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: WDCWD800AAJS-60WAA0, Rev: 58.01D58

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!
 
more logs

ComboFix 11-04-14.03 - Parent 04/15/2011 12:14:26.1.1 - x86
Running from: c:\documents and settings\Parent\My Documents\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Parent\Start Menu\Programs\Windows Repair
c:\documents and settings\Parent\Start Menu\Programs\Windows Repair\Uninstall Windows Repair.lnk
c:\documents and settings\Parent\Start Menu\Programs\Windows Repair\Windows Repair.lnk
c:\documents and settings\Parent\WINDOWS
c:\hijackthis\HIJACKTHIS.exe
.
Infected copy of c:\windows\system32\drivers\volsnap.sys was found and disinfected
Restored copy from - Kitty had a snack :p
.
((((((((((((((((((((((((( Files Created from 2011-03-15 to 2011-04-15 )))))))))))))))))))))))))))))))
.
.
2011-04-14 18:52 . 2011-04-14 19:02 -------- d-----w- c:\program files\Common Files\Symantec Shared
2011-04-14 16:51 . 2011-02-23 13:54 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-04-14 16:51 . 2011-02-23 13:56 301528 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-04-14 16:51 . 2011-02-23 13:55 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-04-14 16:51 . 2011-02-23 13:56 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-04-14 16:51 . 2011-02-23 13:55 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-04-14 16:51 . 2011-02-23 13:55 102232 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-04-14 16:51 . 2011-02-23 13:55 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-04-14 16:51 . 2011-02-23 13:54 30680 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-04-14 16:50 . 2011-02-23 14:04 40648 ----a-w- c:\windows\avastSS.scr
2011-04-14 16:50 . 2011-02-23 14:04 190016 ----a-w- c:\windows\system32\aswBoot.exe
2011-04-14 16:50 . 2011-04-14 16:50 -------- d-----w- c:\program files\AVAST Software
2011-04-14 16:50 . 2011-04-14 16:50 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2011-04-12 21:15 . 2011-04-12 21:15 388096 ----a-r- c:\documents and settings\Parent\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-04-04 11:17 . 2011-04-07 07:59 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-04-04 04:06 . 2011-04-01 07:22 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-04-04 04:06 . 2011-04-04 04:06 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-04-04 04:00 . 2011-04-04 04:00 -------- d-----w- c:\documents and settings\Parent\Local Settings\Application Data\Sunbelt Software
2011-04-04 03:44 . 2011-04-04 03:44 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{6A395471-4AA3-4072-AE1B-9B69A97AD164}
2011-04-04 03:42 . 2011-04-04 03:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2011-04-04 03:42 . 2011-04-04 03:42 -------- d-----w- c:\program files\Lavasoft
2011-04-03 03:13 . 2010-12-20 22:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-03 03:13 . 2011-04-03 03:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-03 03:05 . 2011-04-03 03:05 -------- d-----w- c:\documents and settings\All Users\Uniblue
2011-04-02 22:03 . 2011-04-02 22:03 -------- d--h--w- c:\documents and settings\Parent\Local Settings\Application Data\PackageAware
2011-04-01 16:37 . 2011-04-04 16:49 -------- d--h--w- c:\program files\Windows Live Safety Center
2011-04-01 16:18 . 2002-12-31 12:00 4224 ---ha-w- c:\windows\system32\beep.sys
2011-04-01 01:30 . 2011-04-01 01:31 -------- d--h--w- C:\ca7a77c2a8b4afc14cc4c4
2011-04-01 01:19 . 2011-04-01 01:19 -------- d--h--w- c:\windows\system32\GroupPolicy
2011-03-31 23:34 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-03-21 18:49 . 2011-03-21 18:49 -------- d--h--w- c:\documents and settings\Parent\Application Data\Unity
2011-03-21 18:39 . 2011-03-21 18:39 -------- d--h--w- c:\documents and settings\Parent\Local Settings\Application Data\Unity
2011-03-21 18:32 . 2011-03-21 18:32 1409 ---ha-w- c:\windows\QTFont.for
2011-03-21 18:32 . 2011-03-21 18:32 -------- d--h--w- c:\program files\Blaster
2011-03-18 17:17 . 2011-03-18 17:17 -------- d--h--w- c:\program files\Infogrames Interactive
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-23 20:15 . 2008-08-30 15:09 73728 ---ha-w- c:\windows\system32\javacpl.cpl
2011-01-23 20:15 . 2011-01-23 20:16 472808 ---ha-w- c:\windows\system32\deployJava1.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 14:04 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-12 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-04-25 180269]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-29 413696]
"MSN Toolbar"="c:\program files\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe" [2010-07-06 240480]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-01-22 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-02-23 3451496]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Java\\jre1.6.0_02\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:mad:xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:mad:xpsp2res.dll,-22016
"500:UDP"= 500:UDP:mad:xpsp2res.dll,-22017
.
3;2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [x]
R1 MpKsl0880951c;MpKsl0880951c;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DCF2D3AA-02E6-4C66-A278-535556FCAB15}\MpKsl0880951c.sys [x]
R1 MpKsl220bf6b1;MpKsl220bf6b1;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{12E0912F-7805-4375-9D63-66459C119050}\MpKsl220bf6b1.sys [x]
R1 MpKsl410b4a1e;MpKsl410b4a1e;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{12E0912F-7805-4375-9D63-66459C119050}\MpKsl410b4a1e.sys [x]
R1 MpKsl4ad2c2ce;MpKsl4ad2c2ce;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0B11DBB3-7A29-4226-9ACF-0AA015CCE8D3}\MpKsl4ad2c2ce.sys [x]
R1 MpKsl60c5c3e1;MpKsl60c5c3e1;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DCF2D3AA-02E6-4C66-A278-535556FCAB15}\MpKsl60c5c3e1.sys [x]
R1 MpKsl8efd0456;MpKsl8efd0456;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E652C3C9-B2F7-499E-853B-071F3CEAFE66}\MpKsl8efd0456.sys [x]
R1 MpKsla456af21;MpKsla456af21;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{807DAD6B-20F4-490D-8D24-D045AC1C9AC8}\MpKsla456af21.sys [x]
R1 MpKsld1cd1d70;MpKsld1cd1d70;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{12E0912F-7805-4375-9D63-66459C119050}\MpKsld1cd1d70.sys [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 135664]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2011-04-01 15232]
R4 ZULNDSHL;ZULNDSHL;c:\docume~1\Parent\LOCALS~1\Temp\ZULNDSHL.exe [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2011-04-01 64512]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S3 WUSB12;Instant Wireless Compact USB Adapter Driver;c:\windows\system32\DRIVERS\LSWLUSB.sys [2002-06-07 54083]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-15 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-04-01 13:34]
.
2011-04-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 21:57]
.
2011-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 20:45]
.
2011-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 20:45]
.
2011-04-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2322712386-359561344-2389969595-1003Core.job
- c:\documents and settings\Parent\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-19 20:45]
.
2011-04-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2322712386-359561344-2389969595-1003UA.job
- c:\documents and settings\Parent\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-19 20:45]
.
2011-04-14 c:\windows\Tasks\Norton Security Scan for Parent.job
- c:\program files\Norton Security Scan\Norton Security Scan\Engine\3.0.1.8\Nss.exe [2011-01-30 14:06]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
AddRemove-Scooby-Doo(TM), Jinx At The Sphinx(TM) - c:\program files\The Learning Company\Scooby-Doo(TM)
AddRemove-Scooby-Doo(TM), Phantom of the Knight(TM) - c:\program files\The Learning Company\Scooby-Doo(TM)
AddRemove-Scooby-Doo(TM), Showdown in Ghost Town(TM) - c:\program files\The Learning Company\Scooby-Doo(TM)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-15 12:35
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(940)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(3484)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-04-15 12:40:58 - machine was rebooted
ComboFix-quarantined-files.txt 2011-04-15 16:40
.
Pre-Run: 62,721,605,632 bytes free
Post-Run: 62,667,304,960 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 6B121613F47997232D0963455983E512
 
I can see two AV programs installed, Microsoft Security Essentials and Avast.
One of them has to go.
Your choice.

====================================================================

1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code: 
File::
c:\docume~1\Parent\LOCALS~1\Temp\ZULNDSHL.exe

Driver::
ZULNDSHL


3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif



6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
 
New Combofix log...You are awesome!

ComboFix 11-04-14.03 - Parent 04/15/2011 16:04:14.2.1 - x86
Running from: C:\Documents and Settings\Parent\My Documents\ComboFix.exe
Command switches used :: C:\Documents and Settings\Parent\Desktop\CFScript.txt

FILE ::
"c:\docume~1\Parent\LOCALS~1\Temp\ZULNDSHL.exe"


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system\oeminfo.ini
C:\WINDOWS\system32\AutoRun.inf


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ZULNDSHL
-------\Service_ZULNDSHL
 
What do I do?

I don't see any other info on the log. There is a Combofix.txt and a Combofix2.txt. I posted all the info on Combofix.txt. "/
 
I am getting an error message. It reads:
NirCmd.cfxxe - Unable to Locate Compound
This application has failed to start because ScrRun.dll was not found. Re-installing the application may fix this problem.
I clicked okay and program appears to be running. Creating a restore point.

I'll post log when it is finished. Thank you.
 
The program seemed to run, then the same error message popped up three times..it said, "unable ot locate Component" not Compound. This time the it came up while the program was Preparing Log Report.
 
Status
Not open for further replies.

Similar threads

learninmypc
Solved Slow to boot up & shut down
Replies
6
Views
4K
Broni
Broni
D
Solved Very Slow on Startup, Constantly Unresponsive and Script and Plugin Errors
Replies
21
Views
13K
Broni
Broni
H
BSOD, now stuck on startup repair
Replies
1
Views
2K
Tmagic650
Tmagic650

Latest posts

Back