Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Google redirects, Firefox Crashing, Google Chrome issues

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Google redirects, Firefox Crashing, Google Chrome issues

Unread postby Doug_Tilley » May 30th, 2010, 4:37 pm

For the past week using Google in Firefox has led to constant redirects to various advertising sites, and the browser crashes after consistent use. As well, when opening Google Chrome it isn't able to reach its start page, and the browser as a whole isn't able to access any web pages. I also had a hard time actually posting this message, as I was continually given a connection error.

I've run Spyboy, Malware Bytes and Ad-Aware scans that have removed a number of different objects, but the issue remains.

Here is my HJT log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:21:29 PM, on 5/30/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17023)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\LTMSG.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\TheWeatherNetwork\WeatherEye\WeatherEye.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [WeatherEye] C:\Documents and Settings\Owner\Local Settings\Application Data\TheWeatherNetwork\WeatherEye\WeatherEye.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 7980754953
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Themes ThemesERSvc (ThemesERSvc) - Unknown owner - C:\WINDOWS\system32\2052s.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe

--
End of file - 8623 bytes

Uninstall log:

µTorrent
802.11 USB Wireless LAN Adapter
Ad-Aware
Ad-Aware
Ad-Aware Email Scanner for Outlook
Adobe After Effects 7.0
Adobe AIR
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer 1.1
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Photoshop CS3
Adobe Premiere Pro
Adobe Reader 6.0
Adobe Setup
Adobe Stock Photos CS3
Adobe Type Support
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
AIM 7
AnyDVD
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Aspell English Dictionary-0.50-2
Audacity 1.2.6
AVG Free 9.0
BackStreet Browser 3.1
Beyond TV DVD Burning Foundation
Bonjour
Canon Camera Access Library
Canon Camera Support Core Library
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities MyCamera
Canon Utilities MyCamera DC
Canon Utilities PhotoStitch
Canon Utilities RemoteCapture DC
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
CDisplay 1.8
CloneDVD 4.2.5.0
Combined Community Codec Pack 2008-01-24
Creative DVD Audio Plugin for Audigy Series
Critical Update for Windows Media Player 11 (KB959772)
CutePDF Writer 2.7
D-Fend Reloaded 0.8.2 (deinstall)
DFX for Winamp
Digital Clock Screen Saver
DivX Player
DivX Web Player
Download Updater (AOL LLC)
DVD Decrypter (Remove Only)
DVD Shrink 3.2
EmoDio
Final Draft 7
Fox Video Capture 7.0.0.283
Foxit PDF Editor
Foxit Reader
FoxyTunes for Firefox
GIMP 2.4.5
Glary Utilities Pro 2.18.0.786
GNU Aspell 0.50-3
GOM Player
Google Earth
Google Update Helper
Google Updater
GTK+ Runtime 2.12.8 rev a (remove only)
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
HP Deskjet Preloaded Printer Drivers
HP Image Zone 3.5
HP Image Zone Plus 3.5
HP Instant Support
HP Organize
HP Photo & Imaging 3.5 - HP Devices
HP PSC & OfficeJet 3.0
HP Software Update
HPIZ350
InFlac 1.1.1
IntelliMover Data Transfer Demo
InterActual Player
InterVideo WinDVD 7
iTunes
iuVCS Deluxe
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 16
Java(TM) 6 Update 4
Java(TM) 6 Update 5
Joost (tm) Beta 1.1.4
Junk Mail filter update
KBD
KeyHoleTV
K-Lite Codec Pack 3.8.0 Basic
Last.fm 1.5.4.24567
Lexmark Software Uninstall
ljArchive
Malwarebytes' Anti-Malware
Memories Disc Creator 2.0
MemoriesOnTV 4.1.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2004
Microsoft Money 2004 System Pack
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Plus! Digital Media Edition
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works 7.0
MobileMe Control Panel
Mojo
Mozilla Firefox (3.6.3)
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Multimedia Card Reader
MyFreeCodec
NSIS nutsie_uploader
NVIDIA Display Driver
NVIDIA Drivers
OpenOffice.org 2.4
Panda ActiveScan 2.0
Photosmart 140,240,7200,7600,7700,7900 Series
Picasa 2
Project64 1.6
PS2
Python 2.2 combined Win32 extensions
Python 2.2.1
QuickTime
Real Alternative 1.7.5
RecordNow!
River Past Animated GIF Booster Pack
River Past Video Cleaner Pro
Safari
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB978380)
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB978382)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978706)
Segoe UI
SimpleDivX
Skype™ 4.1
SnapStream Firefly Mini 1.0.2
Songbird 1.4.3 (Build 1438)
Sonic Update Manager
SoulSeek Client 156c
SpamSubtract
Spybot - Search & Destroy
SUPER © Version 2009.bld.36 (June 10, 2009)
Switch Uninstall
System Requirements Lab
TMPGEnc Authoring Works 4
Toolkit View(HP)
Total Video Converter 3.11 070908
TVUPlayer 2.3.7.1
Ultra Video Splitter 5.4.0822
Unity Web Player
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Outlook 2007 Junk Email Filter (kb979895)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Updates from HP
VC80CRTRedist - 8.0.50727.4053
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual C++ Runtime for Dragon NaturallySpeaking
VLC media player 0.9.4
WampServer 2.0
Winamp
WinAVI Video Converter
WinAVI Video Converter 9.0
Windows Installer Clean Up
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
Zip Motion Block Video codec (Remove Only)
Doug_Tilley
Active Member
 
Posts: 12
Joined: May 30th, 2010, 4:16 pm
Advertisement
Register to Remove

Re: Google redirects, Firefox Crashing, Google Chrome issues

Unread postby Cypher » May 31st, 2010, 2:47 pm

Hi and welcome to Malware Removal Forums.
My name is Cypher, and I will be helping you with your malware problems.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.
Read Back up your files

please note the following important guidelines.
  • The instructions being given are for YOUR computer and system only!.
    Using these instructions on a different computer, can damage that computer and possibly make it inoperable!
  • If you don't know or understand something, please don't hesitate to ask.
  • Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
  • Only reply to this thread do not start another, Please continue responding until I give you the "All Clean"
    Absence of symptoms does not mean that everything is clear.
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • Please DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
  • Print each set of instructions... if possible...your Internet connection might not be available during some fix processes.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • The logs from the tools we use can take some time to research so please be patient.

  • If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.


Remove P2P Programs

  • I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

    uTorrent

  • Please read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.
  • Note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.
  • Click on start
  • Then Run
  • In the open text entry box please copy/paste appwiz.cpl Then click enter.
  • Press the "Remove" or "Change/Remove"...button to uninstall the programs listed above (in red) and any other P2P you have installed NOW.
  • Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.


Next.

Please post the last Malwarebytes' Anti-Malware scan log where anything was removed.
Launch Malwarebytes' Anti-Malware and click on logs, there are time dated.


Next.

Please post a new Uninstall list.

  • Open HijackThis.
  • Click on the Open the Misc Tools section button.
  • Look under System tools.
  • Click on the Open Uninstall Manager... button.
  • Click on the Save list... button.
  • It will prompt you to save. Save this log in a convenient location. By default it's named uninstall_list.txt.
  • Notepad will open. Please post this log in your next reply.

Next.

Run CKScanner

  • Please download CKScanner from Here
  • Important: - Save it to your desktop.
  • Double-click CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify the file saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.



Logs/Information to Post in your Next Reply

  • Malwarebytes' Anti-Malware log.
  • Uninstall list.
  • CKFiles.txt log.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Google redirects, Firefox Crashing, Google Chrome issues

Unread postby Doug_Tilley » May 31st, 2010, 6:49 pm

Removed UTorrent

Here's the last Malwarebytes scan where something was removed. There has been one scan since then which found nothing.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4144

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

5/26/2010 10:13:48 AM
mbam-log-2010-05-26 (10-13-48).txt

Scan type: Quick scan
Objects scanned: 200057
Time elapsed: 50 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\Documents and Settings\All Users\Documents\Settings\cbss.dll (Trojan.Agent) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cbssreg (Trojan.Agent) -> Delete on reboot.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\All Users\Documents\Settings\cbss.dll (Trojan.Agent) -> Delete on reboot.

Uninstall List:

802.11 USB Wireless LAN Adapter
Ad-Aware
Ad-Aware
Ad-Aware Email Scanner for Outlook
Adobe After Effects 7.0
Adobe AIR
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer 1.1
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Photoshop CS3
Adobe Premiere Pro
Adobe Reader 6.0
Adobe Setup
Adobe Stock Photos CS3
Adobe Type Support
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
AIM 7
AnyDVD
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Aspell English Dictionary-0.50-2
Audacity 1.2.6
AVG Free 9.0
BackStreet Browser 3.1
Beyond TV DVD Burning Foundation
Bonjour
Canon Camera Access Library
Canon Camera Support Core Library
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities MyCamera
Canon Utilities MyCamera DC
Canon Utilities PhotoStitch
Canon Utilities RemoteCapture DC
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
CDisplay 1.8
CloneDVD 4.2.5.0
Combined Community Codec Pack 2008-01-24
Creative DVD Audio Plugin for Audigy Series
Critical Update for Windows Media Player 11 (KB959772)
CutePDF Writer 2.7
D-Fend Reloaded 0.8.2 (deinstall)
DFX for Winamp
Digital Clock Screen Saver
DivX Player
DivX Web Player
Download Updater (AOL LLC)
DVD Decrypter (Remove Only)
DVD Shrink 3.2
EmoDio
Final Draft 7
Fox Video Capture 7.0.0.283
Foxit PDF Editor
Foxit Reader
FoxyTunes for Firefox
GIMP 2.4.5
Glary Utilities Pro 2.18.0.786
GNU Aspell 0.50-3
GOM Player
Google Earth
Google Update Helper
Google Updater
GTK+ Runtime 2.12.8 rev a (remove only)
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
HP Deskjet Preloaded Printer Drivers
HP Image Zone 3.5
HP Image Zone Plus 3.5
HP Instant Support
HP Organize
HP Photo & Imaging 3.5 - HP Devices
HP PSC & OfficeJet 3.0
HP Software Update
HPIZ350
InFlac 1.1.1
IntelliMover Data Transfer Demo
InterActual Player
InterVideo WinDVD 7
iTunes
iuVCS Deluxe
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 16
Java(TM) 6 Update 4
Java(TM) 6 Update 5
Joost (tm) Beta 1.1.4
Junk Mail filter update
KBD
KeyHoleTV
K-Lite Codec Pack 3.8.0 Basic
Last.fm 1.5.4.24567
Lexmark Software Uninstall
ljArchive
Malwarebytes' Anti-Malware
Memories Disc Creator 2.0
MemoriesOnTV 4.1.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2004
Microsoft Money 2004 System Pack
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Plus! Digital Media Edition
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works 7.0
MobileMe Control Panel
Mojo
Mozilla Firefox (3.6.3)
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Multimedia Card Reader
MyFreeCodec
NSIS nutsie_uploader
NVIDIA Display Driver
NVIDIA Drivers
OpenOffice.org 2.4
Panda ActiveScan 2.0
Photosmart 140,240,7200,7600,7700,7900 Series
Picasa 2
Project64 1.6
PS2
Python 2.2 combined Win32 extensions
Python 2.2.1
QuickTime
Real Alternative 1.7.5
RecordNow!
River Past Animated GIF Booster Pack
River Past Video Cleaner Pro
Safari
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB978380)
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB978382)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978706)
Segoe UI
SimpleDivX
Skype™ 4.1
SnapStream Firefly Mini 1.0.2
Songbird 1.4.3 (Build 1438)
Sonic Update Manager
SoulSeek Client 156c
SpamSubtract
Spybot - Search & Destroy
SUPER © Version 2009.bld.36 (June 10, 2009)
SUPERAntiSpyware
Switch Uninstall
System Requirements Lab
TMPGEnc Authoring Works 4
Toolkit View(HP)
Total Video Converter 3.11 070908
TVUPlayer 2.3.7.1
Ultra Video Splitter 5.4.0822
Unity Web Player
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Outlook 2007 Junk Email Filter (kb979895)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Updates from HP
VC80CRTRedist - 8.0.50727.4053
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual C++ Runtime for Dragon NaturallySpeaking
VLC media player 0.9.4
WampServer 2.0
Winamp
WinAVI Video Converter
WinAVI Video Converter 9.0
Windows Installer Clean Up
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
Zip Motion Block Video codec (Remove Only)


CKScanner - Additional Security Risks - These are not necessarily bad
c:\documents and settings\all users\start menu\programs\comicrack\comicrack.lnk
c:\documents and settings\all users\start menu\programs\comicrack\release notes.lnk
c:\documents and settings\all users\start menu\programs\comicrack\version history.lnk
c:\documents and settings\all users\start menu\programs\comicrack\website.lnk
c:\documents and settings\owner\my documents\my music\itunes\itunes music\compilations\mojo presents stoned\08 crackin' up.m4a
c:\program files\gimp-2.0\share\gimp\2.0\patterns\cracked.pat
scanner sequence 3.FN.11
----- EOF -----

Firefox has still been crashing, Google Redirects have been occurring today, and Chrome continues to hang on startup.
Doug_Tilley
Active Member
 
Posts: 12
Joined: May 30th, 2010, 4:16 pm

Re: Google redirects, Firefox Crashing, Google Chrome issues

Unread postby Cypher » June 1st, 2010, 5:34 am

Hi Doug.
Please continue with the instructions below.

Add/Remove programs
  • Click on start
  • Then Run
  • In the open text entry box please copy/paste appwiz.cpl Then click enter.
  • Press the "Remove" or "Change/Remove"...button to uninstall the following.
Ad-Aware
Ad-Aware
Ad-Aware Email Scanner for Outlook
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 4
Java(TM) 6 Update 5
Spybot - Search & Destroy

Spybot - Search & Destroy

Note: "If asked whether you want to remove all settings, answer YES"
(This will remove the immunization and Teatimer settings.)

Now please reboot your system.



Next.

Please download GMER Rootkit Scanner from Here.
  • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All << (don't miss this one)
    See image below, Click the image to enlarge it
    Image
  • Then click the Scan button & wait for it to finish
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
  • Save it where you can easily find it, such as your desktop, and post it in your next reply
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Note: Do not run any programs while Gmer is running.


Next.

RSIT (Random's System Information Tool)

Please download RSIT by random/random... and save it to your desktop.
  • Double click on RSIT.exe to run it.
  • Please read the disclaimer... click on Continue.
  • RSIT will start running. When done... 2 logs files...will be produced.
  • The first one, "log.txt", << will be maximized
  • The second one, "info.txt", << will be minimized.
Please post both... "log.txt" and "info.txt", file contents in your next reply.
(These logs can be lengthy, so post 1 log per reply please.)



Logs/Information to Post in your Next Reply

  • Gmer.txt log.
  • RSIT log.txt and info.txt contents.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Google redirects, Firefox Crashing, Google Chrome issues

Unread postby Doug_Tilley » June 3rd, 2010, 9:44 am

Hi Cypher,

I was able to remove the programs without issue, but when attempting to run the GMER Rootkit Scanner it runs fine for quite a while but eventually freezes before i'm able to save a .log file.

Any suggestions?

Should I run the RSIT scan?

Cheers,

Doug
Doug_Tilley
Active Member
 
Posts: 12
Joined: May 30th, 2010, 4:16 pm

Re: Google redirects, Firefox Crashing, Google Chrome issues

Unread postby Cypher » June 3rd, 2010, 10:40 am

Hi.
when attempting to run the GMER Rootkit Scanner it runs fine for quite a while but eventually freezes before i'm able to save a .log file.
Try Running Gmer in Safe mode, if you still have problems move on to the instructions for running RSIT.

Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Google redirects, Firefox Crashing, Google Chrome issues

Unread postby Doug_Tilley » June 4th, 2010, 12:49 pm

I was able to complete the GMER Rootkit Scanner, but the .log file is actually too long to post in a single message. Should I split it up over several, or attach it to a message.

Meanwhile, here's the RSIT log.txt, to be followed in the next message by info.txt

Logfile of random's system information tool 1.07 (written by random/random)
Run by Owner at 2010-06-04 12:36:00
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 25 GB (17%) free of 148 GB
Total RAM: 703 MB (39% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:36:55 PM, on 6/4/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17023)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\LTMSG.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\TheWeatherNetwork\WeatherEye\WeatherEye.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\My Documents\Downloads\RSIT.exe
C:\Program Files\trend micro\Owner.exe
C:\WINDOWS\system32\NOTEPAD.EXE

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe
O4 - HKCU\..\Run: [WeatherEye] C:\Documents and Settings\Owner\Local Settings\Application Data\TheWeatherNetwork\WeatherEye\WeatherEye.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_16.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_16.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 7980754953
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Themes ThemesERSvc (ThemesERSvc) - Unknown owner - C:\WINDOWS\system32\2052s.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe

--
End of file - 9212 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\GlaryInitialize.job
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cac6348b368ccc.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3659986384-410713596-3707131593-1003Core.job
C:\WINDOWS\tasks\Uniblue SpeedUpMyPC Nag.job
C:\WINDOWS\tasks\Uniblue SpeedUpMyPC.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-05-15 50376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2009-10-15 321312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"=c:\windows\system\hpsysdrv.exe [1998-05-07 52736]
"HPHUPD05"=c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe [2003-08-21 49152]
"HPHmon05"=C:\WINDOWS\System32\hphmon05.exe [2003-08-21 483328]
"KBD"=C:\HP\KBD\KBD.EXE [2003-02-11 61440]
"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2003-11-03 221184]
"LTMSG"=LTMSG.exe 7 []
"PS2"=C:\WINDOWS\system32\ps2.exe [2002-10-16 81920]
"Sunkist2k"=C:\Program Files\Multimedia Card Reader\shwicon2k.exe [2003-10-29 135168]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2003-12-05 3022848]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"AVG9_TRAY"=C:\PROGRA~1\AVG\AVG9\avgtray.exe [2010-06-02 2065248]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [2010-04-13 47392]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2010-04-28 142120]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-15 149280]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"WeatherEye"=C:\Documents and Settings\Owner\Local Settings\Application Data\TheWeatherNetwork\WeatherEye\WeatherEye.exe [2009-10-26 718232]
"Google Update"=C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-17 136176]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2010-05-18 2397424]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\Program Files\AIM7\aim.exe [2009-12-01 3951976]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-17 136176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2009-09-04 25623336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^iWin Desktop Alerts.lnk]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^OpenOffice.org 1.9.125.lnk.disabled]
[]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2009-09-03 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2010-05-05 12464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2003-11-18 323584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{88485281-8b4b-4f8d-9ede-82e29a064277}"=C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL [2004-11-23 192512]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2010-06-04 12:36:00 ----D---- C:\rsit
2010-05-30 18:01:26 ----D---- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2010-05-30 18:01:26 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2010-05-30 18:01:09 ----D---- C:\Program Files\SUPERAntiSpyware
2010-05-28 13:03:52 ----A---- C:\WINDOWS\system32\tmp.txt
2010-05-28 13:03:13 ----A---- C:\WINDOWS\system32\SrchSTS.exe
2010-05-28 13:03:07 ----A---- C:\WINDOWS\system32\Process.exe
2010-05-28 12:56:30 ----D---- C:\Program Files\Panda Security
2010-05-28 12:26:57 ----D---- C:\Program Files\Trend Micro
2010-05-26 19:10:19 ----A---- C:\WINDOWS\resetlog.txt
2010-05-25 11:10:37 ----A---- C:\feed.txt
2010-05-25 11:10:11 ----A---- C:\WINDOWS\system32\wpcap.dll
2010-05-25 11:10:11 ----A---- C:\WINDOWS\system32\Packet.dll
2010-05-23 15:36:38 ----D---- C:\Documents and Settings\Owner\Application Data\Songbird2
2010-05-23 15:29:38 ----D---- C:\Program Files\Songbird
2010-05-19 23:32:06 ----A---- C:\WINDOWS\Midnight Mysteries - The Edgar Allan Poe Conspiracy Uninstall Log.txt
2010-05-18 16:22:45 ----D---- C:\Documents and Settings\Owner\Application Data\Freeze Tag
2010-05-17 00:20:08 ----D---- C:\Documents and Settings\All Users\Application Data\MumboJumbo
2010-05-17 00:04:30 ----A---- C:\WINDOWS\Midnight Mysteries - The Edgar Allan Poe Conspiracy Setup Log.txt
2010-05-16 19:06:09 ----D---- C:\Documents and Settings\Owner\Application Data\Namco
2010-05-16 19:04:21 ----D---- C:\Program Files\Journalist Journey The Eye of Odin
2010-05-15 13:22:02 ----D---- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-05-13 13:48:44 ----D---- C:\Documents and Settings\Owner\Application Data\VendelGAMES
2010-05-12 14:52:38 ----D---- C:\Documents and Settings\Owner\Application Data\HorizonWimba
2010-05-11 15:29:09 ----A---- C:\WINDOWS\The Hidden Prophecies of Nostradamus Uninstall Log.txt
2010-05-11 15:29:01 ----A---- C:\WINDOWS\Sprouts Adventure Uninstall Log.txt
2010-05-11 15:28:24 ----A---- C:\WINDOWS\Mystery Case Files - Dire Grove Collector's Edition Uninstall Log.txt
2010-05-10 19:11:45 ----D---- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2010-05-10 19:11:34 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-05-10 19:11:33 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-05-07 14:42:46 ----D---- C:\Documents and Settings\Owner\Application Data\Lazy Turtle Games
2010-05-05 20:25:57 ----HD---- C:\$AVG
2010-05-05 20:22:06 ----D---- C:\Documents and Settings\All Users\Application Data\avg9

======List of files/folders modified in the last 1 months======

2010-06-04 12:36:23 ----D---- C:\WINDOWS\Prefetch
2010-06-04 09:30:33 ----D---- C:\WINDOWS\Temp
2010-06-04 09:24:44 ----SD---- C:\WINDOWS\Tasks
2010-06-04 04:14:09 ----A---- C:\WINDOWS\ntbtlog.txt
2010-06-04 01:06:48 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-06-03 23:13:57 ----D---- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2010-06-02 23:30:36 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2010-06-02 12:38:13 ----D---- C:\WINDOWS\system32\drivers
2010-06-01 22:34:25 ----D---- C:\Documents and Settings\All Users\Application Data\acccore
2010-06-01 19:28:41 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-06-01 19:28:38 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2010-06-01 19:28:04 ----SHD---- C:\WINDOWS\Installer
2010-06-01 19:27:56 ----SHD---- C:\Config.Msi
2010-06-01 19:27:37 ----D---- C:\WINDOWS\system32
2010-06-01 19:26:44 ----D---- C:\Program Files\Java
2010-06-01 19:18:39 ----D---- C:\WINDOWS\SxsCaPendDel
2010-06-01 19:15:54 ----D---- C:\Program Files\Lavasoft
2010-06-01 19:15:49 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2010-06-01 19:15:44 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-06-01 11:48:38 ----D---- C:\Documents and Settings\Owner\Application Data\Apple Computer
2010-06-01 11:46:24 ----D---- C:\Program Files\uTorrent
2010-05-31 18:43:10 ----D---- C:\Program Files\Final Draft 7
2010-05-31 18:32:00 ----D---- C:\WINDOWS
2010-05-31 18:32:00 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2010-05-31 18:31:44 ----D---- C:\Program Files\Final Draft Tagger
2010-05-31 18:31:43 ----RSD---- C:\WINDOWS\Fonts
2010-05-31 18:21:55 ----D---- C:\Documents and Settings\Owner\Application Data\uTorrent
2010-05-30 18:03:34 ----D---- C:\WINDOWS\system32\CatRoot2
2010-05-30 18:01:09 ----RD---- C:\Program Files
2010-05-29 08:40:41 ----A---- C:\WINDOWS\NeroDigital.ini
2010-05-28 14:02:41 ----HD---- C:\WINDOWS\inf
2010-05-28 13:55:50 ----D---- C:\WINDOWS\WinSxS
2010-05-28 13:02:55 ----D---- C:\Program Files\Mozilla Firefox
2010-05-28 12:49:47 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-05-26 10:15:06 ----D---- C:\WINDOWS\SHELLNEW
2010-05-25 22:16:40 ----HDC---- C:\WINDOWS\$NtUninstallKB914389$
2010-05-25 12:09:51 ----SHD---- C:\System Volume Information
2010-05-25 12:09:51 ----D---- C:\WINDOWS\system32\Restore
2010-05-25 12:07:46 ----D---- C:\WINDOWS\Minidump
2010-05-16 19:05:14 ----D---- C:\Documents and Settings\Owner\Application Data\PlayFirst
2010-05-16 19:05:14 ----D---- C:\Documents and Settings\All Users\Application Data\PlayFirst
2010-05-16 01:29:33 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2010-05-15 13:24:33 ----D---- C:\Program Files\iTunes
2010-05-15 13:22:57 ----D---- C:\Program Files\iPod
2010-05-15 13:22:49 ----D---- C:\Program Files\Common Files\Apple
2010-05-15 13:08:18 ----D---- C:\Program Files\QuickTime
2010-05-15 13:05:15 ----D---- C:\Program Files\Apple Software Update
2010-05-15 12:58:25 ----D---- C:\Program Files\Bonjour
2010-05-13 23:06:39 ----D---- C:\Program Files\Google
2010-05-12 14:35:40 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2010-05-11 15:28:47 ----D---- C:\Program Files\Season of Mystery - The Cherry Blossom Murders
2010-05-11 15:26:15 ----D---- C:\Program Files\Games
2010-05-11 15:24:10 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-05-10 12:45:49 ----D---- C:\Documents and Settings\Owner\Application Data\dvdcss
2010-05-09 21:01:15 ----RD---- C:\Program Files\Skype
2010-05-05 20:24:55 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2010-05-05 20:22:22 ----D---- C:\Program Files\AVG

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2004-10-07 35840]
R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2008-04-13 37760]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2010-05-05 216200]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2010-06-02 29584]
R1 AvgTdiX;AVG Free Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2010-06-02 242896]
R1 cdrbsdrv;cdrbsdrv; C:\WINDOWS\system32\drivers\cdrbsdrv.sys [2009-10-12 13567]
R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2007-08-07 25160]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS []
R1 SiSkp;SiSkp; C:\WINDOWS\System32\DRIVERS\srvkp.sys [2003-12-05 11392]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-08-29 12032]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-10-01 2279424]
R3 AnyDVD;AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [2008-03-19 97600]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-12-23 15664]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ltmodem5;Agere Modem Driver; C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys [2003-07-02 652497]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2003-12-05 1619243]
R3 NVENET;NVIDIA nForce MCP Networking Controller Driver; C:\WINDOWS\System32\DRIVERS\NVENET.sys [2003-04-22 54784]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2006-10-02 10368]
R3 Ps2;PS2; C:\WINDOWS\System32\DRIVERS\PS2.sys [2001-06-04 14112]
R3 SunkFilt;Alcor Micro Corp - 9360; \??\C:\WINDOWS\System32\Drivers\sunkfilt.sys []
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel(R) Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-11-20 122110]
S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel(R) Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-11-20 99002]
S3 61883;61883 Unit Device; C:\WINDOWS\System32\DRIVERS\61883.sys [2008-04-13 48128]
S3 akwrjo10;akwrjo10; C:\WINDOWS\system32\drivers\akwrjo10.sys []
S3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2003-12-12 391424]
S3 Avc;AVC Device; C:\WINDOWS\System32\DRIVERS\avc.sys [2008-04-13 38912]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [2003-05-14 51056]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [2003-05-16 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [2003-05-14 21488]
S3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2003-11-20 95579]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\System32\DRIVERS\msdv.sys [2008-04-13 51200]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NPF;WinPcap Packet Driver (NPF); C:\WINDOWS\system32\drivers\NPF.sys [2010-05-25 50704]
S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-07-28 47360]
S3 rtl8139;Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver; C:\WINDOWS\System32\DRIVERS\R8139n51.SYS [2002-10-04 46976]
S3 SIS163u;SiS163 USB Wireless LAN Adapter Driver; C:\WINDOWS\system32\DRIVERS\sis163u.sys [2006-09-05 217600]
S3 SiS315;SiS315; C:\WINDOWS\System32\DRIVERS\sisgrp.sys [2003-12-06 429440]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 Sunkfiltp;HP && Alcor Micro Corp for Phison; \??\C:\WINDOWS\System32\Drivers\sunkfiltp.sys []
S3 taphss;Anchorfree HSS Adapter; C:\WINDOWS\system32\DRIVERS\taphss.sys [2009-09-15 32768]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 viagfx;viagfx; C:\WINDOWS\System32\DRIVERS\vtmini.sys [2003-10-17 117760]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\System32\DRIVERS\intelide.sys [2008-04-13 5504]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-04-16 144672]
R2 avg9wd;AVG Free WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2010-05-05 308064]
R2 bgsvcgen;B's Recorder GOLD Library General Service; C:\WINDOWS\system32\bgsvcgen.exe [2009-10-12 145504]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-04-08 345376]
R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2007-01-31 96370]
R2 IviRegMgr;IviRegMgr; C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe [2007-01-04 112152]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-15 153376]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-12-14 61440]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\System32\nvsvc32.exe [2003-12-05 77824]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-04-28 545576]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-18 135664]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-23 183280]
S2 ThemesERSvc;Themes ThemesERSvc; C:\WINDOWS\system32\2052s.exe srv []
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2005-08-01 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-04-15 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\HPZipm12.exe [2003-05-16 65795]
S3 wampapache;wampapache; c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe [2008-12-10 24636]
S3 wampmysqld;wampmysqld; c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe [2009-06-17 6582912]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2006-12-23 262144]

-----------------EOF-----------------
Doug_Tilley
Active Member
 
Posts: 12
Joined: May 30th, 2010, 4:16 pm

Re: Google redirects, Firefox Crashing, Google Chrome issues

Unread postby Doug_Tilley » June 4th, 2010, 12:50 pm

info.txt logfile of random's system information tool 1.06 2010-06-04 12:37:02

======Uninstall list======

-->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\System32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
-->c:\WINDOWS\System32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->MsiExec.exe /I{0CDCA5CD-C404-41FD-9216-9B4B3D24A7AA}
-->RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
802.11 USB Wireless LAN Adapter-->C:\WINDOWS\system32\unwlsdrv.exe SiS163u
Adobe After Effects 7.0-->msiexec /I {DD362256-A7A2-4524-9457-213DDC2AFC2A}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Anchor Service CS3-->MsiExec.exe /I{A4464AC3-D85E-4649-8748-706191063DF6}
Adobe Asset Services CS3-->MsiExec.exe /I{7302810D-7ACF-4339-B27B-57016CAADDCD}
Adobe Bridge CS3-->MsiExec.exe /I{FABA59CC-347B-478B-B2A7-37BF0885CACB}
Adobe Bridge Start Meeting-->MsiExec.exe /I{CE52110A-7773-444F-9E5D-4A45E4792DB6}
Adobe Camera Raw 4.0-->MsiExec.exe /I{AED353B9-E6D7-406F-B007-2C55C5265EB3}
Adobe CMaps-->MsiExec.exe /I{D8FC8E35-D397-4C16-87AE-141A625221E4}
Adobe Default Language CS3-->MsiExec.exe /I{D446BA40-1F5F-44EB-A794-0AC14F809C79}
Adobe Device Central CS3-->MsiExec.exe /I{265FCC3B-4814-4B2B-89D6-217DFB8AD886}
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{F36CFE58-47C0-4D75-995B-E0172563FA83}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All-->MsiExec.exe /I{162DDD86-C087-4E59-B7A8-0C1D8F884A9A}
Adobe Help Viewer 1.1-->MsiExec.exe /I{F3697BA5-C8D8-4925-ACCA-F486C76BAD33}
Adobe Linguistics CS3-->MsiExec.exe /I{E5C28906-EC86-404E-BB4F-6AB2590451FF}
Adobe PDF Library Files-->MsiExec.exe /I{91D829E6-F1D1-433F-861F-0552DFED0EAD}
Adobe Photoshop CS3-->C:\Program Files\Common Files\Adobe\Installers\8d0dc9390f2c596455e1446b5918a40\Setup.exe
Adobe Photoshop CS3-->MsiExec.exe /I{F32F1F7C-322D-46B9-B69A-5C3EDC88B74C}
Adobe Premiere Pro-->RunDll32 "C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll",LaunchSetup "C:\Program Files\InstallShield Installation Information\{084709F7-38C5-4609-B55F-2417939315EB}\setup.exe"
Adobe Reader 6.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-000000000001}
Adobe Setup-->MsiExec.exe /I{CBF7A9A4-C0D4-4BA0-8991-C9B7D90A5298}
Adobe Stock Photos CS3-->MsiExec.exe /I{73B79E83-490B-460D-B0D6-2C7B73980325}
Adobe Type Support-->MsiExec.exe /I{A78A65E4-1D88-477A-83B4-3EC540F6A55A}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{BF18C55F-791F-4C17-AB75-E397EE01C14B}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{51DC4D9C-F729-48A7-9CE0-BC77529ECCA2}
Adobe XMP Panels CS3-->MsiExec.exe /I{F0CF6455-EDD8-41C6-A96A-223874E660CC}
AIM 7-->C:\Program Files\AIM7\uninst.exe
AnyDVD-->"C:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Program Files\SlySoft\AnyDVD"
Apple Application Support-->MsiExec.exe /I{553255F3-78FD-40F1-A6F8-6882140265FE}
Apple Mobile Device Support-->MsiExec.exe /I{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}
Apple Software Update-->MsiExec.exe /I{C41300B9-185D-475E-BFEC-39EF732F19B1}
Aspell English Dictionary-0.50-2-->"C:\Program Files\Aspell\unins001.exe"
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
AVG Free 9.0-->C:\Program Files\AVG\AVG9\setup.exe /UNINSTALL
BackStreet Browser 3.1-->"C:\Program Files\BackStreet Browser 3.1\unins000.exe"
Beyond TV DVD Burning Foundation-->MsiExec.exe /I{C29B13CC-F0C5-4973-8980-2BCDC7C44E39}
Bonjour-->MsiExec.exe /X{8A253629-0511-4854-8B4E-46E57E66005C}
Canon Camera Access Library-->"C:\Program Files\Common Files\Canon\UIW\1.3.0.0\Uninst.exe" "C:\Program Files\Canon\CAL\Uninst.ini"
Canon Camera Support Core Library-->"C:\Program Files\Common Files\Canon\UIW\1.3.0.0\Uninst.exe" "C:\Program Files\Canon\CSCLIB\Uninst.ini"
Canon G.726 WMP-Decoder-->"C:\Program Files\Common Files\Canon\UIW\1.3.0.0\Uninst.exe" "C:\Program Files\Canon\G726Decoder\G726DecUnInstall.ini"
Canon MovieEdit Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.3.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\MVWUninst.ini"
Canon RAW Image Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.3.0.0\Uninst.exe" "C:\Program Files\Canon\RAW Image Task\Uninst.ini"
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.3.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC\Uninst.ini"
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.3.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini"
Canon Utilities CameraWindow DC-->"C:\Program Files\Common Files\Canon\UIW\1.3.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDC\Uninst.ini"
Canon Utilities CameraWindow-->"C:\Program Files\Common Files\Canon\UIW\1.3.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowLauncher\Uninst.ini"
Canon Utilities EOS Utility-->"C:\Program Files\Common Files\Canon\UIW\1.3.0.0\Uninst.exe" "C:\Program Files\Canon\EOS Utility\Uninst.ini"
Canon Utilities MyCamera DC-->"C:\Program Files\Common Files\Canon\UIW\1.3.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\MyCameraDC\Uninst.ini"
Canon Utilities MyCamera-->"C:\Program Files\Common Files\Canon\UIW\1.3.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\MyCamera\Uninst.ini"
Canon Utilities PhotoStitch-->"C:\Program Files\Common Files\Canon\UIW\1.3.0.0\Uninst.exe" "C:\Program Files\Canon\PhotoStitch\Uninst.ini"
Canon Utilities RemoteCapture DC-->"C:\Program Files\Common Files\Canon\UIW\1.3.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\RemoteCaptureDC\Uninst.ini"
Canon Utilities RemoteCapture Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.3.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini"
Canon Utilities ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.3.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\Uninst.ini"
Canon ZoomBrowser EX Memory Card Utility-->"C:\Program Files\Common Files\Canon\UIW\1.3.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX MCU\Uninst.ini"
CDisplay 1.8-->"C:\Program Files\CDisplay\unins000.exe"
CloneDVD 4.2.5.0-->"C:\Program Files\CloneDVD\unins000.exe"
Combined Community Codec Pack 2008-01-24-->"C:\Program Files\Combined Community Codec Pack\unins000.exe"
Creative DVD Audio Plugin for Audigy Series-->"C:\Program Files\Creative\CTDPlugin\CTUIDVD.exe " -u
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
CutePDF Writer 2.7-->C:\Program Files\Acro Software\CutePDF Writer\uninscpw.exe /uninstall
D-Fend Reloaded 0.8.2 (deinstall)-->"C:\Program Files\D-Fend Reloaded\Uninstall.exe"
DFX for Winamp-->C:\Program Files\DFX\uninstall_Winamp.exe
Digital Clock Screen Saver-->"C:\WINDOWS\unins001.exe"
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Download Updater (AOL LLC)-->C:\Program Files\Common Files\Software Update Utility\uninstall.exe
DVD Decrypter (Remove Only)-->"C:\Program Files\DVD Decrypter\uninstall.exe"
DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe"
EmoDio-->MsiExec.exe /X{C20CE592-B0F8-4D20-BF31-0151CA6331A6}
Fox Video Capture 7.0.0.283-->"C:\Program Files\Fox Video Capture\unins000.exe"
Foxit PDF Editor-->C:\Program Files\Foxit Software\PDF Editor\uninstall.exe
Foxit Reader-->C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe
FoxyTunes for Firefox-->"C:\Program Files\Mozilla Firefox\firefox.exe" -chrome chrome://foxytunes/content/extras/uninstallExtension.xul
GIMP 2.4.5-->"C:\Program Files\GIMP-2.0\setup\unins000.exe"
Glary Utilities Pro 2.18.0.786-->"C:\Program Files\Glary Utilities\unins000.exe"
GNU Aspell 0.50-3-->"C:\Program Files\Aspell\unins000.exe"
GOM Player-->"C:\Program Files\GRETECH\GomPlayer\Uninstall.exe"
Google Earth-->MsiExec.exe /X{F7B0939E-58DF-11DF-B3A6-005056806466}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
GTK+ Runtime 2.12.8 rev a (remove only)-->C:\Program Files\Common Files\GTK\2.0\uninst.exe
HiJackThis-->MsiExec.exe /X{45A66726-69BC-466B-A7A4-12FCBA4883D7}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915800-v4)-->"C:\WINDOWS\$NtUninstallKB915800-v4$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe"
HP Deskjet Preloaded Printer Drivers-->MsiExec.exe /X{F419D20A-7719-4639-8E30-C073A040D878}
HP Image Zone 3.5-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Image Zone Plus 3.5-->C:\Program Files\HP\Digital Imaging\{C6C44651-7C66-4b11-92E8-17565D3D22DD}\setup\hpzscr01.exe -datfile hpdscr01.dat
HP Instant Support-->C:\PROGRA~1\HPINST~1\UNWISE.EXE C:\PROGRA~1\HPINST~1\INSTALL.LOG
HP Organize-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D0122362-6333-4DE4-93F6-A5A2F3CC101A}\Setup.exe" UNINSTALL
HP Photo & Imaging 3.5 - HP Devices-->C:\Program Files\HP\Digital Imaging\{15B9DC72-73F9-4d99-9E28-848D66DA8D99}\setup\hpzscr01.exe -datfile hpiscr01.dat
HP PSC & OfficeJet 3.0-->"C:\Program Files\HP\Digital Imaging\{F38FA38A-7E5A-4209-88ED-4DE21CD20EEF}\setup\hpzscr01.exe" -datfile hposcr03.dat
HP Software Update-->MsiExec.exe /X{34957B51-9676-41CE-9E52-44AE91B73F1C}
HPIZ350-->MsiExec.exe /X{F247869D-3643-4A9F-821B-3534145928E3}
InFlac 1.1.1-->"C:\Program Files\Winamp\InFlac-Uninstall.exe"
IntelliMover Data Transfer Demo-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{14589F05-C658-4594-9429-D437BA688686}\Setup.exe" -l0x9
InterActual Player-->C:\Program Files\InterActual\InterActual Player\inuninst.exe
InterVideo WinDVD 7-->"C:\Program Files\InstallShield Installation Information\{90885A82-9673-49EA-AB39-AF776639C67C}\setup.exe" REMOVEALL
iTunes-->MsiExec.exe /I{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}
iuVCS Deluxe-->"C:\Program Files\iuLAB\iuVCS Deluxe\unins000.exe"
Java(TM) 6 Update 16-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216016FF}
Joost (tm) Beta 1.1.4-->C:\Program Files\Joost\uninst.exe
Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5}
KBD-->C:\HP\KBD\KBD.EXE uninstalled
KeyHoleTV-->"C:\Program Files\KeyHoleTV\uninstall.exe"
K-Lite Codec Pack 3.8.0 Basic-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Last.fm 1.5.4.24567-->"C:\Program Files\Last.fm\unins000.exe"
Lexmark Software Uninstall-->C:\Program Files\Lexmark_HostCD\Install\Uninstall.exe
ljArchive-->C:\Program Files\ljArchive\uninst.exe
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Memories Disc Creator 2.0-->MsiExec.exe /X{2E132061-C78A-48D4-A899-1D13B9D189FA}
MemoriesOnTV 4.1.0-->"C:\Program Files\MemoriesOnTV4\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Money 2004 System Pack-->MsiExec.exe /I{8C64E145-54BA-11D6-91B1-00500462BE80}
Microsoft Money 2004-->MsiExec.exe /I{1D643CD7-4DD6-11D7-A4E0-000874180BB3}
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Plus! Digital Media Edition-->MsiExec.exe /I{C6A7AF96-4EB1-4AAE-8318-1AB393C64F88}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft VC9 runtime libraries-->MsiExec.exe /I{C4124E95-5061-4776-8D5D-E3D931C778E1}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Works 7.0-->MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}
MobileMe Control Panel-->MsiExec.exe /I{BA165460-FCF7-4D6C-A7A2-F2321700720F}
Mojo-->MsiExec.exe /X{8E40B251-852E-464C-B235-7384A59096E2}
Mozilla Firefox (3.6.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Multimedia Card Reader-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{EF9967D8-1999-4260-ACC2-86901AA36650}
MyFreeCodec-->C:\Program Files\MyFree Codec\09c beta\uninstall.exe
NSIS nutsie_uploader-->"C:\Program Files\nutsie_uploader\uninstall.exe"
NVIDIA Display Driver-->C:\WINDOWS\system32\nvudisp.exe Uninstall C:\WINDOWS\system32\nvdisp.nvu,NVIDIA Display Driver
NVIDIA Drivers-->C:\WINDOWS\System32\nvudisp.exe UninstallGUI
OpenOffice.org 2.4-->MsiExec.exe /I{F87A8E11-02A4-4875-A3A5-5961081B0E4E}
Panda ActiveScan 2.0-->C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
Photosmart 140,240,7200,7600,7700,7900 Series-->C:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\setup\hpzscr01.exe -datfile hphscr01.dat
Picasa 2-->"C:\Program Files\Picasa2\Uninstall.exe"
Project64 1.6-->MsiExec.exe /X{9559F7CA-5E34-4237-A2D9-D856464AD727}
PS2-->C:\WINDOWS\system32\ps2.exe uninstall
Python 2.2 combined Win32 extensions-->C:\Python22\Lib\SITE-P~1\UNWISE~1.EXE C:\Python22\Lib\SITE-P~1\w32inst.log
Python 2.2.1-->C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
QuickTime-->MsiExec.exe /I{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}
Real Alternative 1.7.5-->"C:\Program Files\Real Alternative\unins000.exe"
RecordNow!-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
River Past Animated GIF Booster Pack-->C:\WINDOWS\Animated GIF Booster Pack Uninstaller.exe
River Past Video Cleaner Pro-->C:\WINDOWS\Video Cleaner Pro Uninstaller.exe
Safari-->MsiExec.exe /I{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB978380)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {667A88D1-0369-4070-A62A-70672D68A9BF}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB978382)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6DE3DABF-0203-426B-B330-7287D1003E86}
Security Update for Microsoft Office Outlook 2007 (KB972363)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {120BE9A0-9B09-4855-9E0C-7DEE45CB03C0}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office Publisher 2007 (KB969693)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7BE67088-1EB3-4569-8E75-DDAFBF61BC4E}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB972260)-->"C:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB978207)-->"C:\WINDOWS\ie7updates\KB978207-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977165)-->"C:\WINDOWS\$NtUninstallKB977165$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
SimpleDivX-->"C:\Program Files\SimpleDivX\unins000.exe"
Skype™ 4.1-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
SnapStream Firefly Mini 1.0.2-->"C:\Program Files\SnapStream Media\Firefly Mini\Uninstall.exe"
Songbird 1.4.3 (Build 1438)-->"C:\Program Files\Songbird\Songbird-Uninstall.exe"
Sonic Update Manager-->MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
SoulSeek Client 156c-->"C:\Program Files\Soulseek\uninstall.exe"
SpamSubtract-->C:\PROGRA~1\INTERM~1\SPAMSU~1\UNWISE.EXE /U C:\PROGRA~1\INTERM~1\SPAMSU~1\INSTALL.LOG
SUPER © Version 2009.bld.36 (June 10, 2009)-->C:\PROGRA~1\ERIGHT~1\SUPER\Setup.exe /remove /q0
SUPERAntiSpyware-->"C:\Program Files\SUPERAntiSpyware\SASUNINST.EXE" /NOUI
Switch Uninstall-->C:\Program Files\NCH Swift Sound\Switch\uninst.exe
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
TMPGEnc Authoring Works 4-->MsiExec.exe /I{7448C481-9F9D-4F4F-88DB-FA5C5EA2E800}
Toolkit View(HP)-->c:\Windows\HPTK\unhptkit.exe
Total Video Converter 3.11 070908-->"C:\Program Files\Total Video Converter\unins000.exe"
TVUPlayer 2.3.7.1-->C:\Program Files\TVUPlayer\uninst.exe
Ultra Video Splitter 5.4.0822-->"C:\Program Files\Ultra Video Splitter\unins000.exe"
Unity Web Player-->C:\Program Files\Unity\WebPlayer\Uninstall.exe
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office InfoPath 2007 (KB976416)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {432C5EE4-8096-4FF1-95E1-65219365DFF7}
Update for Outlook 2007 Junk Email Filter (kb979895)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {D45674C6-9127-4C84-8826-93FBC552DF53}
Update for Windows Internet Explorer 7 (KB980182)-->"C:\WINDOWS\ie7updates\KB980182-IE7\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Updates from HP-->C:\WINDOWS\BWUnin-6.2.3.66.exe -AppId 137903
VC80CRTRedist - 8.0.50727.4053-->MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421}
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
Visual C++ Runtime for Dragon NaturallySpeaking-->MsiExec.exe /I{4A5A427F-BA39-4BF0-9A47-9999FBE60C9F}
VLC media player 0.9.4-->C:\Program Files\VideoLAN\VLC\uninstall.exe
WampServer 2.0-->"c:\wamp\unins000.exe"
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
WinAVI Video Converter 9.0-->"C:\WINDOWS\WinAVI Video Converter 9.0\uninstall.exe" "/U:C:\Program Files\WinAVI Video Converter 9.0\Uninstall\uninstall.xml"
WinAVI Video Converter-->"C:\Program Files\WinAVI Video Converter\unins000.exe"
Windows Installer Clean Up-->MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52}
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}
Windows Live Mail-->MsiExec.exe /I{6412CECE-8172-4BE5-935B-6CECACD2CA87}
Windows Live Messenger-->MsiExec.exe /X{A85FD55B-891B-4314-97A5-EA96C0BD80B5}
Windows Live Sign-in Assistant-->MsiExec.exe /I{9422C8EA-B0C6-4197-B8FC-DC797658CA00}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Live Writer-->MsiExec.exe /X{178832DE-9DE0-4C87-9F82-9315A9B03985}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Zip Motion Block Video codec (Remove Only)-->rundll32.exe setupapi,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\ZMBV.INF

======System event log======

Computer Name: YOUR-AT5QGAAC3Z
Event Code: 10005
Message: DCOM got error "%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Record Number: 22953
Source Name: DCOM
Time Written: 20100511161058.000000-240
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: YOUR-AT5QGAAC3Z
Event Code: 7026
Message: The following boot-start or system-start driver(s) failed to load:
AmdK7
AvgLdx86
AvgMfx86
ElbyCDIO
fasttx2k
Fips
ohci1394
SISAGP
viaagp1

Record Number: 22950
Source Name: Service Control Manager
Time Written: 20100511152601.000000-240
Event Type: error
User:

Computer Name: YOUR-AT5QGAAC3Z
Event Code: 10005
Message: DCOM got error "%1084" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Record Number: 22949
Source Name: DCOM
Time Written: 20100511152536.000000-240
Event Type: error
User: YOUR-AT5QGAAC3Z\Administrator

Computer Name: YOUR-AT5QGAAC3Z
Event Code: 10005
Message: DCOM got error "%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Record Number: 22948
Source Name: DCOM
Time Written: 20100511152505.000000-240
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: YOUR-AT5QGAAC3Z
Event Code: 1002
Message: The IP address lease 192.168.1.101 for the Network Card with network address 000EA6D0592D has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Record Number: 22945
Source Name: Dhcp
Time Written: 20100511152432.000000-240
Event Type: error
User:

=====Application event log=====

Computer Name: YOUR-AT5QGAAC3Z
Event Code: 2001
Message: Unable to read the disk performance information from the system.
Disk performance counters must be enabled for at least one
physical disk or logical volume in order for these counters to appear.
Disk performance counters can be enabled by using the Hardware Device Manager property pages.
Status code returned is data DWORD 0.

Record Number: 1564473
Source Name: PerfDisk
Time Written: 20100602062012.000000-240
Event Type: warning
User:

Computer Name: YOUR-AT5QGAAC3Z
Event Code: 2001
Message: Unable to read the disk performance information from the system.
Disk performance counters must be enabled for at least one
physical disk or logical volume in order for these counters to appear.
Disk performance counters can be enabled by using the Hardware Device Manager property pages.
Status code returned is data DWORD 0.

Record Number: 1564472
Source Name: PerfDisk
Time Written: 20100602062006.000000-240
Event Type: warning
User:

Computer Name: YOUR-AT5QGAAC3Z
Event Code: 2001
Message: Unable to read the disk performance information from the system.
Disk performance counters must be enabled for at least one
physical disk or logical volume in order for these counters to appear.
Disk performance counters can be enabled by using the Hardware Device Manager property pages.
Status code returned is data DWORD 0.

Record Number: 1564471
Source Name: PerfDisk
Time Written: 20100602061955.000000-240
Event Type: warning
User:

Computer Name: YOUR-AT5QGAAC3Z
Event Code: 2001
Message: Unable to read the disk performance information from the system.
Disk performance counters must be enabled for at least one
physical disk or logical volume in order for these counters to appear.
Disk performance counters can be enabled by using the Hardware Device Manager property pages.
Status code returned is data DWORD 0.

Record Number: 1564470
Source Name: PerfDisk
Time Written: 20100602061949.000000-240
Event Type: warning
User:

Computer Name: YOUR-AT5QGAAC3Z
Event Code: 2001
Message: Unable to read the disk performance information from the system.
Disk performance counters must be enabled for at least one
physical disk or logical volume in order for these counters to appear.
Disk performance counters can be enabled by using the Hardware Device Manager property pages.
Status code returned is data DWORD 0.

Record Number: 1564469
Source Name: PerfDisk
Time Written: 20100602061938.000000-240
Event Type: warning
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;c:\Python22;C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322;C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
"PROCESSOR_REVISION"=0a00
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"asl.log"=Destination=file;OnFirstLog=command,environment
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------
Doug_Tilley
Active Member
 
Posts: 12
Joined: May 30th, 2010, 4:16 pm

Re: Google redirects, Firefox Crashing, Google Chrome issues

Unread postby Cypher » June 4th, 2010, 12:59 pm

Hi.
I was able to complete the GMER Rootkit Scanner, but the .log file is actually too long to post in a single message. Should I split it up over several, or attach it to a message.
Did you Uncheck Show All as instructed before running the Gmer scan?
If you did the log should fit in one post.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Google redirects, Firefox Crashing, Google Chrome issues

Unread postby Doug_Tilley » June 5th, 2010, 11:49 am

I ran the scan again, just to be completely sure that I had the Show All (as well as solely the main HD and IAT/EAT) function unchecked, and the result is still too large to fit in a single post. It will, however, fit over two posts if that is acceptable.
Doug_Tilley
Active Member
 
Posts: 12
Joined: May 30th, 2010, 4:16 pm

Re: Google redirects, Firefox Crashing, Google Chrome issues

Unread postby Cypher » June 5th, 2010, 12:07 pm

Hi Doug.
Yes please post the Gmer log over two posts.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Google redirects, Firefox Crashing, Google Chrome issues

Unread postby Doug_Tilley » June 5th, 2010, 2:51 pm

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-05 11:40:31
Windows 5.1.2600 Service Pack 3
Running: fz1q073r.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\axlyikow.sys


---- System - GMER 1.0.15 ----

SSDT sppj.sys ZwCreateKey [0xF7BDA0E0]
SSDT sppj.sys ZwEnumerateKey [0xF7BF8CA2]
SSDT sppj.sys ZwEnumerateValueKey [0xF7BF9030]
SSDT sppj.sys ZwOpenKey [0xF7BDA0C0]
SSDT sppj.sys ZwQueryKey [0xF7BF9108]
SSDT sppj.sys ZwQueryValueKey [0xF7BF8F88]
SSDT sppj.sys ZwSetValueKey [0xF7BF919A]

INT 0x62 ? 829A5BF8
INT 0x63 ? 827CEBF8
INT 0x73 ? 827CEBF8
INT 0x82 ? 829A5BF8
INT 0x83 ? 827CEBF8

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!MmProtectMdlSystemAddress + 192 80536A00 22 Bytes [FF, 85, 6C, FF, FF, FF, 81, ...]
.text ntoskrnl.exe!MmProtectMdlSystemAddress + 1A9 80536A17 214 Bytes [83, BD, 6C, FF, FF, FF, 00, ...]
.text ntoskrnl.exe!MmProtectMdlSystemAddress + 280 80536AEE 17 Bytes [8B, D9, 8A, D0, 8B, CF, FF, ...]
.text ntoskrnl.exe!MmProtectMdlSystemAddress + 292 80536B00 62 Bytes CALL 8054B586 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
.text ntoskrnl.exe!MmProtectMdlSystemAddress + 2D1 80536B3F 53 Bytes [8B, CE, FF, 15, 38, 76, 4D, ...]
.text ...
.text ntoskrnl.exe!MmGetVirtualForPhysical + 6 80536BF9 5 Bytes [55, 0C, 56, 8B, 75]
.text ntoskrnl.exe!MmGetVirtualForPhysical + D 80536C00 49 Bytes CALL 804D96A9 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
.text ntoskrnl.exe!MmGetVirtualForPhysical + 3F 80536C32 158 Bytes [FF, 55, 8B, EC, 8B, 4D, 10, ...]
.text ntoskrnl.exe!MmMapMemoryDumpMdl + A 80536CD1 96 Bytes [50, 18, 8B, 48, 14, 03, CA, ...]
.text ntoskrnl.exe!MmMapMemoryDumpMdl + 6B 80536D32 102 Bytes [0F, 00, 00, C1, E0, 0C, 0B, ...]
.text ntoskrnl.exe!MmMapMemoryDumpMdl + D2 80536D99 8 Bytes [08, 00, 00, 81, E1, FF, 0F, ...] {OR [EAX], AL; ADD [ECX+0xfffe1], AL}
.text ntoskrnl.exe!MmMapMemoryDumpMdl + DC 80536DA3 94 Bytes [45, E4, 0F, BF, C0, 8D, B4, ...]
.text ntoskrnl.exe!MmMapMemoryDumpMdl + 13B 80536E02 3 Bytes CALL 8054B6C5 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
.text ...
.text ntoskrnl.exe!MmIsNonPagedSystemAddressValid + F 80538A46 121 Bytes [72, 08, 3B, 35, 34, AE, 55, ...]
.text ntoskrnl.exe!MmIsNonPagedSystemAddressValid + 8A 80538AC1 77 Bytes [C3, CC, CC, CC, CC, CC, CC, ...]
.text ntoskrnl.exe!MmIsNonPagedSystemAddressValid + D8 80538B0F 38 Bytes CALL 804E244B \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
.text ntoskrnl.exe!MmIsNonPagedSystemAddressValid + FF 80538B36 98 Bytes [C6, 7C, 5A, 8B, 87, E8, 01, ...]
.text ntoskrnl.exe!MmIsNonPagedSystemAddressValid + 162 80538B99 7 Bytes [E5, 01, 00, 00, 8D, 87, A8]
.text ...
.text ntoskrnl.exe!MmTrimAllSystemPagableMemory + 2C 80539692 18 Bytes [00, 00, B9, B0, 17, 55, 80, ...]
.text ntoskrnl.exe!MmTrimAllSystemPagableMemory + 40 805396A6 51 Bytes [FF, B9, B0, 17, 55, 80, 0F, ...]
.text ntoskrnl.exe!MmTrimAllSystemPagableMemory + 74 805396DA 37 Bytes CALL 804DA608 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
.text ntoskrnl.exe!MmTrimAllSystemPagableMemory + 9B 80539701 5 Bytes [0F, 84, FE, 00, 00]
.text ntoskrnl.exe!MmTrimAllSystemPagableMemory + A1 80539707 10 Bytes [BE, 80, F6, 55, 80, 56, E8, ...]
.text ...
.text ntoskrnl.exe!ZwGetWriteWatch + 4 8053B779 5 Bytes [00, 68, E8, BB, 53]
.text ntoskrnl.exe!ZwGetWriteWatch + A 8053B77F 28 Bytes CALL 804E244B \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
.text ntoskrnl.exe!ZwGetWriteWatch + 28 8053B79D 45 Bytes [8B, 70, 44, 8A, 80, 40, 01, ...]
.text ntoskrnl.exe!ZwGetWriteWatch + 56 8053B7CB 24 Bytes [C0, EB, 37, 2B, C3, 2D, FF, ...]
.text ntoskrnl.exe!ZwGetWriteWatch + 6F 8053B7E4 19 Bytes [55, 80, 8B, 4D, 1C, 3B, C8, ...] {PUSH EBP; OR BYTE [EBX-0x37c4e3b3], 0x72; PUSH ES; MOV DWORD [EAX], 0x0; MOV EAX, [ECX]; MOV [ECX], EAX}
.text ...
.text ntoskrnl.exe!ZwResetWriteWatch + 25 8053BC2F 79 Bytes [2B, C7, 56, 8B, 75, 10, 2D, ...]
.text ntoskrnl.exe!ZwResetWriteWatch + 75 8053BC7F 13 Bytes [85, C0, 8B, 4D, 0C, 89, 4D, ...]
.text ntoskrnl.exe!ZwResetWriteWatch + 83 8053BC8D 35 Bytes [83, 65, F0, 00, 8D, 74, 37, ...]
.text ntoskrnl.exe!ZwResetWriteWatch + A7 8053BCB1 25 Bytes [58, FB, FF, C7, 45, F0, 01, ...]
.text ntoskrnl.exe!ZwResetWriteWatch + C1 8053BCCB 57 Bytes [81, C1, 60, 01, 00, 00, 88, ...]
.text ...
.text ntoskrnl.exe!ObDereferenceObject + 55 8053D0A6 5 Bytes [00, 84, C0, 75, 19]
.text ntoskrnl.exe!ObDereferenceObject + 5B 8053D0AC 71 Bytes [B7, 45, F8, 40, 40, D1, E8, ...]
.text ntoskrnl.exe!ObIsDosDeviceLocallyMapped + B 8053D0F4 194 Bytes [01, 72, 30, 83, FF, 1A, 77, ...]
.text ntoskrnl.exe!PoCancelDeviceNotify + 4F 8053D1B7 28 Bytes [33, D2, C7, 00, 4E, 4F, 4E, ...]
.text ntoskrnl.exe!PoCancelDeviceNotify + 6C 8053D1D4 14 Bytes [0D, 08, 0B, 56, 80, 52, 50, ...]
.text ntoskrnl.exe!PoCancelDeviceNotify + 7B 8053D1E3 25 Bytes [8B, CF, FF, 15, C4, 75, 4D, ...]
.text ntoskrnl.exe!PoCancelDeviceNotify + 95 8053D1FD 10 Bytes [8A, 55, FF, 8B, CF, FF, 15, ...]
.text ntoskrnl.exe!PoCancelDeviceNotify + A0 8053D208 34 Bytes [B8, 08, 00, 00, C0, 5F, 5B, ...]
.text ...
.text ntoskrnl.exe!PoRegisterDeviceNotify + 65 8053D6C8 143 Bytes [00, 8B, 70, 0C, 83, C6, 30, ...]
.text ntoskrnl.exe!PoUnregisterSystemState + 1 8053D758 76 Bytes [FF, 55, 8B, EC, 68, 00, 00, ...]
.text ntoskrnl.exe!PoUnregisterSystemState + 4E 8053D7A5 74 Bytes [F7, E2, 89, 01, 89, 51, 04, ...]
.text ntoskrnl.exe!PoUnregisterSystemState + 99 8053D7F0 24 Bytes [47, 24, 5F, 5E, 03, C3, 5B, ...]
.text ntoskrnl.exe!PoUnregisterSystemState + B2 8053D809 18 Bytes [55, 8B, EC, 8B, 45, 08, 8B, ...]
.text ntoskrnl.exe!PoUnregisterSystemState + C5 8053D81C 78 Bytes [00, 90, CC, CC, CC, CC, CC, ...]
.text ...
.text ntoskrnl.exe!PsGetVersion + 1 8053E993 51 Bytes [FF, 55, 8B, EC, 8B, 45, 08, ...]
.text ntoskrnl.exe!PsGetVersion + 36 8053E9C8 17 Bytes [89, 08, 8B, 45, 14, 85, C0, ...] {MOV [EAX], ECX; MOV EAX, [EBP+0x14]; TEST EAX, EAX; JZ 0x1a; MOV ECX, [0x805584f8]; MOV [EAX], ECX}
.text ntoskrnl.exe!PsGetVersion + 48 8053E9DA 79 Bytes [0D, FC, 84, 55, 80, 89, 48, ...]
.text ntoskrnl.exe!PsGetJobSessionId + E 8053EA2A 109 Bytes [5D, C2, 04, 00, CC, CC, CC, ...]
.text ntoskrnl.exe!PsGetProcessPriorityClass + 1 8053EA98 11 Bytes [FF, 55, 8B, EC, 8B, 45, 08, ...]
.text ntoskrnl.exe!PsGetProcessPriorityClass + D 8053EAA4 214 Bytes [00, 5D, C2, 04, 00, 90, 90, ...]
.text ntoskrnl.exe!PsGetCurrentThreadStackLimit + 67 8053EB7B 176 Bytes [38, 5D, FF, 74, 4C, 57, 8B, ...]
.text ntoskrnl.exe!DbgPrintReturnControlC + 38 8053EC2C 15 Bytes [C6, 45, FB, 0A, 6A, 00, 66, ...] {MOV BYTE [EBP-0x5], 0xa; PUSH 0x0; MOV [EBP-0x20c], AX; PUSH 0x0}
.text ntoskrnl.exe!DbgPrintReturnControlC + 48 8053EC3C 2 Bytes [85, F4] {TEST ESP, ESI}
.text ntoskrnl.exe!DbgPrintReturnControlC + 4C 8053EC40 13 Bytes [FF, 8D, 8D, FC, FD, FF, FF, ...]
.text ntoskrnl.exe!DbgPrintReturnControlC + 5A 8053EC4E 166 Bytes CALL 804FE337 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
.text ntoskrnl.exe!DbgPrintEx + 10 8053ECF5 112 Bytes [75, 08, 68, 04, ED, 53, 80, ...]
.text ntoskrnl.exe!vDbgPrintEx + 57 8053ED66 144 Bytes [C0, EB, 4C, 8B, 4D, 0C, 85, ...]
.text ntoskrnl.exe!RtlClearBit + 22 8053EDF7 23 Bytes [90, CC, CC, CC, CC, CC, CC, ...]
.text ntoskrnl.exe!RtlTestBit + 4 8053EE0F 60 Bytes [EC, 8B, 4D, 0C, 8B, 55, 08, ...]
.text ntoskrnl.exe!RtlFindSetBits + 1 8053EE4C 18 Bytes [FF, 55, 8B, EC, 83, EC, 28, ...] {CALL [EBP-0x75]; IN AL, DX ; SUB ESP, 0x28; MOV EAX, [EBP+0x8]; PUSH EBX; PUSH ESI; MOV ESI, [EAX]; PUSH EDI; LEA ECX, [ESI+0x7]}
.text ntoskrnl.exe!RtlFindSetBits + 14 8053EE5F 2 Bytes JMP 04527967
.text ntoskrnl.exe!RtlFindSetBits + 17 8053EE62 34 Bytes [FE, 83, E7, 07, 89, 75, F0, ...]
.text ntoskrnl.exe!RtlFindSetBits + 3A 8053EE85 2 Bytes [65, 10]
.text ntoskrnl.exe!RtlFindSetBits + 3D 8053EE88 23 Bytes [8B, 45, 10, 8B, 75, 0C, 8B, ...]
.text ...
.text ntoskrnl.exe!RtlFindMostSignificantBit + 2 8053F176 95 Bytes [55, 8B, EC, 8B, 55, 0C, 33, ...]
.text ntoskrnl.exe!RtlFindMostSignificantBit + 62 8053F1D6 59 Bytes [FF, 0B, CE, 74, 04, B3, 18, ...]
.text ntoskrnl.exe!RtlFindMostSignificantBit + 9E 8053F212 34 Bytes [04, 07, 5E, 5B, 5D, C2, 08, ...]
.text ntoskrnl.exe!RtlFindSetBitsAndClear + 2 8053F235 1 Byte [55]
.text ntoskrnl.exe!RtlFindSetBitsAndClear + 2 8053F235 84 Bytes [55, 8B, EC, 56, FF, 75, 10, ...]
.text ntoskrnl.exe!RtlFindFirstRunClear + 1D 8053F28A 62 Bytes [55, 8B, EC, 81, EC, DC, 02, ...]
.text ntoskrnl.exe!RtlFindFirstRunClear + 5C 8053F2C9 18 Bytes [75, 6D, BE, B5, F3, 53, 80, ...]
.text ntoskrnl.exe!RtlFindFirstRunClear + 6F 8053F2DC 43 Bytes [75, 05, B9, C5, F3, 53, 80, ...]
.text ntoskrnl.exe!RtlFindFirstRunClear + 9B 8053F308 12 Bytes [FB, FF, 83, C4, 20, 6A, 02, ...]
.text ntoskrnl.exe!RtlFindFirstRunClear + A8 8053F315 53 Bytes [50, 68, 12, F4, 53, 80, E8, ...]
.text ...
.text ntoskrnl.exe!RtlCaptureStackBackTrace + 2 8053F4CB 59 Bytes [55, 8B, EC, 81, EC, 00, 01, ...]
.text ntoskrnl.exe!RtlCaptureStackBackTrace + 3E 8053F507 12 Bytes [76, 24, 8D, 94, B5, 00, FF, ...]
.text ntoskrnl.exe!RtlCaptureStackBackTrace + 4B 8053F514 12 Bytes [3B, 4D, 0C, 73, 13, 8B, 0A, ...]
.text ntoskrnl.exe!RtlCaptureStackBackTrace + 58 8053F521 17 Bytes [89, 0C, 83, 40, 83, C2, 04, ...] {MOV [EBX+EAX*4], ECX; INC EAX; ADD EDX, 0x4; CMP EAX, EDI; JB 0xfffffffffffffff0; POP EBX; MOV ECX, [EBP+0x14]; TEST ECX, ECX}
.text ntoskrnl.exe!RtlCaptureStackBackTrace + 6A 8053F533 10 Bytes [05, 8B, 55, 08, 89, 11, 6A, ...]
.text ...
.text ntoskrnl.exe!RtlRealPredecessor + 9 8053F6D4 104 Bytes [41, 04, 85, C0, 75, 06, EB, ...]
.text ntoskrnl.exe!RtlInsertElementGenericTableFull + 14 8053F73D 3 Bytes [8D, 47, 18] {LEA EAX, [EDI+0x18]}
.text ntoskrnl.exe!RtlInsertElementGenericTableFull + 18 8053F741 58 Bytes [56, FF, 56, 1C, 8B, D8, 85, ...]
.text ntoskrnl.exe!RtlInsertElementGenericTableFull + 53 8053F77C 106 Bytes [75, 04, 89, 1E, EB, 13, 83, ...]
.text ntoskrnl.exe!RtlIsGenericTableEmpty + 6 8053F7E7 206 Bytes [4D, 08, 33, C0, 39, 01, 0F, ...]
.text ntoskrnl.exe!RtlEnumerateGenericTableWithoutSplaying + A 8053F8B6 83 Bytes [85, C0, 74, 20, 56, 8B, 75, ...]
.text ntoskrnl.exe!RtlEnumerateGenericTableWithoutSplaying + 5E 8053F90A 82 Bytes [75, 08, 57, FF, 57, 18, 85, ...]
.text ntoskrnl.exe!RtlInsertElementGenericTable + E 8053F95D 44 Bytes CALL 8053F8F3 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
.text ntoskrnl.exe!RtlDeleteElementGenericTable + 4 8053F98A 14 Bytes [EC, 57, 8B, 7D, 08, 8D, 45, ...]
.text ntoskrnl.exe!RtlDeleteElementGenericTable + 13 8053F999 116 Bytes [FF, FF, 85, C0, 74, 33, 83, ...]
.text ntoskrnl.exe!RtlLookupElementGenericTableFull + 2B 8053FA0E 39 Bytes [89, 07, 8B, 06, 83, C0, 18, ...]
.text ntoskrnl.exe!RtlEnumerateGenericTable + B 8053FA36 80 Bytes [37, 85, F6, 75, 04, 33, C0, ...]
.text ntoskrnl.exe!RtlLookupElementGenericTable + 4 8053FA87 12 Bytes [EC, 8D, 45, 0C, 50, 8D, 45, ...] {IN AL, DX ; LEA EAX, [EBP+0xc]; PUSH EAX; LEA EAX, [EBP+0x8]; PUSH EAX; PUSH DWORD [EBP+0xc]}
.text ntoskrnl.exe!RtlLookupElementGenericTable + 11 8053FA94 98 Bytes CALL 8053F9E1 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
.text ntoskrnl.exe!RtlLookupElementGenericTable + 74 8053FAF7 80 Bytes [90, CC, CC, CC, CC, CC, CC, ...]
.text ntoskrnl.exe!RtlGetElementGenericTableAvl + 35 8053FB48 123 Bytes [C1, 8B, 48, 04, 85, C9, 75, ...]
.text ntoskrnl.exe!RtlGetElementGenericTableAvl + B1 8053FBC4 9 Bytes [C1, 8B, 48, 08, 85, C9, 75, ...]
.text ntoskrnl.exe!RtlGetElementGenericTableAvl + BB 8053FBCE 9 Bytes CALL 8053FABC \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
.text ntoskrnl.exe!RtlGetElementGenericTableAvl + C5 8053FBD8 70 Bytes [F7, 89, 46, 10, 89, 5E, 14, ...]
.text ntoskrnl.exe!RtlGetElementGenericTableAvl + 10C 8053FC1F 53 Bytes [90, 90, 90, 90, 8B, FF, 55, ...]
.text ntoskrnl.exe!RtlEnumerateGenericTableLikeADirectory + 33 8053FC56 2 Bytes [45, 1C]
.text ntoskrnl.exe!RtlEnumerateGenericTableLikeADirectory + 36 8053FC59 116 Bytes [00, 3B, 47, 24, 74, 05, 33, ...]
.text ntoskrnl.exe!RtlEnumerateGenericTableLikeADirectory + AC 8053FCCF 21 Bytes [FF, 85, DB, 8B, 45, 18, 8B, ...]
.text ntoskrnl.exe!RtlEnumerateGenericTableLikeADirectory + C2 8053FCE5 5 Bytes [8D, 46, 10, E9, 55]
.text ntoskrnl.exe!RtlEnumerateGenericTableLikeADirectory + C8 8053FCEB 237 Bytes [FF, FF, 90, CC, CC, CC, CC, ...]
.text ...
.text ntoskrnl.exe!RtlIpv6AddressToStringA + 1D 8053FEAA 28 Bytes [00, 66, 39, 56, 02, 0F, 85, ...]
.text ntoskrnl.exe!RtlIpv6AddressToStringA + 3A 8053FEC7 9 Bytes [00, 00, 66, 39, 56, 0C, 0F, ...]
.text ntoskrnl.exe!RtlIpv6AddressToStringA + 44 8053FED1 125 Bytes [00, 00, 66, 8B, 4E, 08, 66, ...]
.text ntoskrnl.exe!RtlIpv6AddressToStringA + C2 8053FF4F 52 Bytes [FF, 83, C4, 18, 03, 45, 0C, ...]
.text ntoskrnl.exe!RtlIpv6AddressToStringA + F8 8053FF85 24 Bytes [40, 8B, CE, 89, 5D, F4, 66, ...]
.text ...
.text ntoskrnl.exe!RtlIpv6AddressToStringExA + 76 80540132 92 Bytes [74, 1C, 66, 8B, 45, 10, 8A, ...]
.text ntoskrnl.exe!RtlIpv6AddressToStringExA + D4 80540190 6 Bytes [00, 00, 5D, 3A, 25, 75]
.text ntoskrnl.exe!RtlIpv6AddressToStringExA + DB 80540197 37 Bytes [CC, CC, CC, CC, CC, 90, 90, ...]
.text ntoskrnl.exe!RtlIpv4AddressToStringA + 1D 805401BE 13 Bytes [00, 50, 68, D8, 01, 54, 80, ...]
.text ntoskrnl.exe!RtlIpv4AddressToStringA + 2C 805401CD 2 Bytes [83, C4]
.text ntoskrnl.exe!RtlIpv4AddressToStringA + 2F 805401D0 1 Byte [03]
.text ntoskrnl.exe!RtlIpv4AddressToStringA + 2F 805401D0 19 Bytes [03, 45, 0C, 5D, C2, 08, 00, ...]
.text ntoskrnl.exe!RtlIpv4AddressToStringA + 43 805401E4 27 Bytes [CC, CC, CC, CC, CC, CC, 90, ...]
.text ntoskrnl.exe!RtlIpv4AddressToStringExA + 12 80540201 5 Bytes [08, 85, C0, 53, 8B]
.text ntoskrnl.exe!RtlIpv4AddressToStringExA + 18 80540207 2 Bytes [14, 57] {ADC AL, 0x57}
.text ntoskrnl.exe!RtlIpv4AddressToStringExA + 1B 8054020A 81 Bytes [7D, 10, 74, 65, 85, FF, 74, ...]
.text ntoskrnl.exe!RtlIpv4AddressToStringExA + 6D 8054025C 25 Bytes JMP 64C98F63
.text ntoskrnl.exe!RtlIpv4AddressToStringExA + 87 80540276 19 Bytes [00, C0, 8B, 4D, FC, 5F, 5B, ...]
.text ...
.text ntoskrnl.exe!RtlIpv6AddressToStringW + 1E 805402B4 27 Bytes [66, 39, 56, 02, 0F, 85, A8, ...]
.text ntoskrnl.exe!RtlIpv6AddressToStringW + 3A 805402D0 185 Bytes [00, 00, 66, 39, 56, 0C, 0F, ...]
.text ntoskrnl.exe!RtlIpv6AddressToStringW + F4 8054038A 7 Bytes [3B, DA, 7E, 2B, 33, C0, 40] {CMP EBX, EDX; JLE 0x2f; XOR EAX, EAX; INC EAX}
.text ntoskrnl.exe!RtlIpv6AddressToStringW + FC 80540392 114 Bytes [CE, 89, 5D, F4, 66, 39, 11, ...]
.text ntoskrnl.exe!RtlIpv6AddressToStringW + 16F 80540405 3 Bytes [D0, 04, 54] {ROL BYTE [ESP+EDX*2], 0x1}
.text ...
.text ntoskrnl.exe!RtlIpv6AddressToStringExW + B 8054050C 50 Bytes [A1, A0, 20, 55, 80, 53, 8B, ...]
.text ntoskrnl.exe!RtlIpv6AddressToStringExW + 3E 8054053F 3 Bytes [78, FF, FF]
.text ntoskrnl.exe!RtlIpv6AddressToStringExW + 42 80540543 19 Bytes [74, 14, 68, D0, 05, 54, 80, ...]
.text ntoskrnl.exe!RtlIpv6AddressToStringExW + 56 80540557 130 Bytes CALL 80540292 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
.text ntoskrnl.exe!RtlIpv6AddressToStringExW + D9 805405DA 1 Byte [75]
.text ...
.text ntoskrnl.exe!RtlIpv4AddressToStringW + 22 80540618 27 Bytes [50, 68, 30, 06, 54, 80, 56, ...]
.text ntoskrnl.exe!RtlIpv4AddressToStringW + 3E 80540634 1 Byte [2E]
.text ntoskrnl.exe!RtlIpv4AddressToStringW + 3E 80540634 19 Bytes [2E, 00, 25, 00, 75, 00, 2E, ...] {ADD CS:[0x2e007500], AH; ADD [0x2e007500], AH; ADD [0x7500], AH}
.text ntoskrnl.exe!RtlIpv4AddressToStringW + 52 80540648 23 Bytes [CC, CC, CC, CC, CC, CC, CC, ...]
.text ntoskrnl.exe!RtlIpv4AddressToStringExW + D 80540661 20 Bytes [89, 45, FC, 8B, 45, 08, 85, ...]
.text ntoskrnl.exe!RtlIpv4AddressToStringExW + 22 80540676 21 Bytes [59, 85, DB, 74, 55, 56, 8D, ...]
.text ntoskrnl.exe!RtlIpv4AddressToStringExW + 38 8054068C 28 Bytes [F0, 74, 1D, 66, 8B, 45, 0C, ...]
.text ntoskrnl.exe!RtlIpv4AddressToStringExW + 55 805406A9 195 Bytes [8D, 34, 46, 8D, 45, D0, 2B, ...]
.text ntoskrnl.exe!RtlIpv6StringToAddressA + 71 8054076D 16 Bytes CALL 805476F8 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
.text ntoskrnl.exe!RtlIpv6StringToAddressA + 83 8054077F 81 Bytes [85, C0, 59, 74, 16, FF, 45, ...]
.text ntoskrnl.exe!RtlIpv6StringToAddressA + D5 805407D1 89 Bytes [41, 6A, 02, 89, 4D, E4, 59, ...]
.text ntoskrnl.exe!RtlIpv6StringToAddressA + 12F 8054082B 10 Bytes [00, 8D, 47, 01, 38, 18, 0F, ...]
.text ntoskrnl.exe!RtlIpv6StringToAddressA + 13A 80540836 41 Bytes [00, 8B, 7D, F0, 8B, 75, 10, ...]
.text ...
.text ntoskrnl.exe!RtlIpv6StringToAddressExA + 27 80540A49 51 Bytes [4D, FC, 89, 4D, F0, 88, 4D, ...]
.text ntoskrnl.exe!RtlIpv6StringToAddressExA + 5B 80540A7D 51 Bytes [85, C0, 59, 74, 0B, 57, E8, ...]
.text ntoskrnl.exe!RtlIpv6StringToAddressExA + 8F 80540AB1 88 Bytes [00, 85, C0, 59, 74, D6, 8B, ...]
.text ntoskrnl.exe!RtlIpv6StringToAddressExA + E8 80540B0A 27 Bytes [00, 46, 80, 3E, 30, C7, 45, ...]
.text ntoskrnl.exe!RtlIpv6StringToAddressExA + 104 80540B26 22 Bytes [00, 00, 74, 08, 3C, 58, 0F, ...]
.text ...
.text ntoskrnl.exe!RtlIpv4StringToAddressA + 30 80540C97 48 Bytes [85, C0, 59, 74, 17, 0F, BE, ...]
.text ntoskrnl.exe!RtlIpv4StringToAddressA + 62 80540CC9 47 Bytes [00, 43, 80, 7D, 0C, 00, 74, ...]
.text ntoskrnl.exe!RtlIpv4StringToAddressA + 92 80540CF9 117 Bytes [85, C0, 59, 74, 15, 8D, 46, ...]
.text ntoskrnl.exe!RtlIpv4StringToAddressA + 108 80540D6F 51 Bytes [8B, 75, F8, 80, 3B, 2E, 75, ...]
.text ntoskrnl.exe!RtlIpv4StringToAddressA + 13C 80540DA3 8 Bytes [02, 80, 7D, 0C, 00, 74, 05, ...]
.text ...
.text ntoskrnl.exe!RtlIpv4StringToAddressExA + 1B 80540E96 36 Bytes [00, 39, 75, 14, 0F, 84, 4A, ...]
.text ntoskrnl.exe!RtlIpv4StringToAddressExA + 40 80540EBB 74 Bytes [7D, 10, 8A, 07, 3C, 3A, 0F, ...]
.text ntoskrnl.exe!RtlIpv4StringToAddressExA + 8B 80540F06 19 Bytes [0F, BE, F3, 56, 47, E8, EA, ...]
.text ntoskrnl.exe!RtlIpv4StringToAddressExA + 9F 80540F1A 39 Bytes [00, 85, C0, 59, 74, 38, 66, ...]
.text ntoskrnl.exe!RtlIpv4StringToAddressExA + C7 80540F42 30 Bytes [0F, 87, A2, 00, 00, 00, 8B, ...]
.text ...
.text ntoskrnl.exe!RtlIpv6StringToAddressW + 28 80541043 57 Bytes [00, 8B, 45, F0, 2B, C2, 0F, ...]
.text ntoskrnl.exe!RtlIpv6StringToAddressW + 62 8054107D 3 Bytes [00, 68, 80] {ADD [EAX-0x80], CH}
.text ntoskrnl.exe!RtlIpv6StringToAddressW + 66 80541081 7 Bytes [00, 00, 56, E8, 85, 39, FC]
.text ntoskrnl.exe!RtlIpv6StringToAddressW + 6E 80541089 65 Bytes [85, C0, 59, 59, 74, 16, FF, ...]
.text ntoskrnl.exe!RtlIpv6StringToAddressW + B0 805410CB 14 Bytes [0F, 85, 67, 01, 00, 00, 83, ...]
.text ...
.text ntoskrnl.exe!RtlIpv6StringToAddressExW + 4 80541322 88 Bytes [EC, 83, EC, 10, 8B, 45, 08, ...]
.text ntoskrnl.exe!RtlIpv6StringToAddressExW + 5D 8054137B 11 Bytes [8B, 7D, 0C, 66, 83, 3F, 25, ...]
.text ntoskrnl.exe!RtlIpv6StringToAddressExW + 6A 80541388 61 Bytes [47, 47, 33, F6, 66, 8B, 37, ...]
.text ntoskrnl.exe!RtlIpv6StringToAddressExW + A8 805413C6 3 Bytes CALL 80504A0F \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
.text ntoskrnl.exe!RtlIpv6StringToAddressExW + AC 805413CA 53 Bytes [85, C0, 59, 59, 0F, 84, 9C, ...]
.text ...
.text ntoskrnl.exe!RtlIpv4StringToAddressExW + 4 80541593 23 Bytes [EC, 53, 33, DB, 39, 5D, 08, ...]
.text ntoskrnl.exe!RtlIpv4StringToAddressExW + 1C 805415AB 50 Bytes [39, 5D, 14, 0F, 84, 34, 01, ...]
.text ntoskrnl.exe!RtlIpv4StringToAddressExW + 4F 805415DE 72 Bytes [47, 47, 66, 83, 3F, 30, C6, ...]
.text ntoskrnl.exe!RtlIpv4StringToAddressExW + 98 80541627 176 Bytes [00, 00, 47, 47, 66, 81, FE, ...]
.text ntoskrnl.exe!RtlIpv4StringToAddressExW + 149 805416D8 27 Bytes [37, 66, 85, F6, 0F, 85, 47, ...]
.text ...
.text ntoskrnl.exe!RtlLargeIntegerDivide + 40 80541753 37 Bytes JMP 8C261A77
.text ntoskrnl.exe!RtlLargeIntegerDivide + 66 80541779 105 Bytes [75, C5, 8B, 4D, 18, 85, C9, ...]
.text ntoskrnl.exe!RtlRandomEx + 40 805417E3 55 Bytes [11, 5B, 5D, C2, 04, 00, 90, ...]
.text ntoskrnl.exe!RtlTimeToSecondsSince1980 + 6 8054181B 79 Bytes [45, 08, 6A, 17, FF, 35, DC, ...]
.text ntoskrnl.exe!RtlSecondsSince1980ToTime + B 8054186B 12 Bytes [8B, 45, 08, 33, C9, 03, C2, ...]
.text ntoskrnl.exe!RtlSecondsSince1980ToTime + 18 80541878 46 Bytes [68, 80, 96, 98, 00, 13, CA, ...]
.text ntoskrnl.exe!RtlTimeToSecondsSince1970 + 8 805418A7 90 Bytes [6A, 17, FF, 35, DC, 98, 52, ...]
.text ntoskrnl.exe!RtlTimeToSecondsSince1970 + 63 80541902 41 Bytes [57, FF, 56, 48, 8B, C8, 83, ...]
.text ntoskrnl.exe!RtlTimeToSecondsSince1970 + 8D 8054192C 48 Bytes [8B, 4A, 1C, 2B, C8, 8B, 1C, ...]
.text ntoskrnl.exe!RtlTimeToSecondsSince1970 + BE 8054195D 83 Bytes [8B, 45, 14, 85, C0, 74, 02, ...]
.text ntoskrnl.exe!RtlTimeToSecondsSince1970 + 112 805419B1 29 Bytes [55, 8B, EC, F6, 45, 0C, 04, ...]
.text ...
.text ntoskrnl.exe!RtlTraceDatabaseEnumerate + 10 80541ACF 5 Bytes [8B, 45, 0C, 8B, 08] {MOV EAX, [EBP+0xc]; MOV ECX, [EAX]}
.text ntoskrnl.exe!RtlTraceDatabaseEnumerate + 16 80541AD5 102 Bytes [DB, 3B, CB, 75, 0C, 89, 30, ...]
.text ntoskrnl.exe!RtlTraceDatabaseEnumerate + 7D 80541B3C 38 Bytes [5E, 8A, C3, 5B, 5D, C2, 0C, ...]
.text ntoskrnl.exe!RtlTraceDatabaseCreate + 15 80541B63 22 Bytes [6A, 06, 25, 00, F0, FF, FF, ...]
.text ntoskrnl.exe!RtlTraceDatabaseCreate + 2C 80541B7A 47 Bytes [00, 00, 8B, 4D, 10, 83, C9, ...]
.text ntoskrnl.exe!RtlTraceDatabaseCreate + 5C 80541BAA 53 Bytes [10, 00, 00, 8D, 7E, 54, 56, ...]
.text ntoskrnl.exe!RtlTraceDatabaseCreate + 92 80541BE0 24 Bytes [19, 54, 80, EB, 03, 89, 46, ...]
.text ntoskrnl.exe!RtlTraceDatabaseCreate + AB 80541BF9 1 Byte [10]
.text ...
.text ntoskrnl.exe!RtlTraceDatabaseDestroy + 1E 80541C5D 60 Bytes [81, EE, 94, 00, 00, 00, FF, ...]
.text ntoskrnl.exe!RtlTraceDatabaseDestroy + 5B 80541C9A 78 Bytes [54, 72, 61, 63, 65, 20, 64, ...]
.text ntoskrnl.exe!RtlTraceDatabaseValidate + 11 80541CE9 26 Bytes [0C, EB, 03, 8B, 40, 08, 85, ...]
.text ntoskrnl.exe!RtlTraceDatabaseValidate + 2C 80541D04 88 Bytes [40, 18, 85, C0, 75, F9, 83, ...]
.text ntoskrnl.exe!RtlTraceDatabaseFind + 36 80541D5D 11 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] {NOP ; NOP ; NOP ; NOP ; NOP ; MOV EDI, EDI; PUSH EBP; MOV EBP, ESP; PUSH EBX}
.text ntoskrnl.exe!RtlTraceDatabaseFind + 42 80541D69 107 Bytes [5D, 0C, 57, 8B, 7D, 08, 8D, ...]
.text ntoskrnl.exe!RtlTraceDatabaseFind + AE 80541DD5 2 Bytes [00, 10] {ADD [EAX], DL}
.text ntoskrnl.exe!RtlTraceDatabaseFind + B1 80541DD8 246 Bytes CALL 805419AD \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
.text ntoskrnl.exe!RtlTraceDatabaseFind + 1A8 80541ECF 32 Bytes [6F, 20, 73, 61, 76, 65, 20, ...]
.text ...
.text ntoskrnl.exe!RtlTraceDatabaseAdd + E 80541F39 178 Bytes [FF, 75, 14, FF, 75, 10, FF, ...]
.text ntoskrnl.exe!RtlTraceDatabaseAdd + C1 80541FEC 23 Bytes [45, F8, B9, 40, 15, 56, 80, ...]
.text ntoskrnl.exe!RtlTraceDatabaseAdd + D9 80542004 11 Bytes [4D, 18, 8B, 75, 14, 8B, C3, ...]
.text ntoskrnl.exe!RtlTraceDatabaseAdd + E5 80542010 70 Bytes [00, 8D, BC, 10, 24, 03, 00, ...]
.text ntoskrnl.exe!RtlTraceDatabaseAdd + 12C 80542057 10 Bytes [00, FF, 5F, 5E, 8B, C3, 5B, ...]
.text ...
.text ntoskrnl.exe!VfFailSystemBIOS + 34 8054382E 92 Bytes [C9, C3, CC, CC, CC, CC, CC, ...]
.text ntoskrnl.exe!VfFailDriver + 50 8054388B 22 Bytes [00, 8B, 4D, 08, 0F, C1, 01, ...]
.text ntoskrnl.exe!VfFailDriver + 67 805438A2 32 Bytes [55, 8B, EC, 8B, 55, 08, 8D, ...]
.text ntoskrnl.exe!VfFailDriver + 88 805438C3 45 Bytes [00, 8B, 4D, 08, 0F, C1, 01, ...]
.text ntoskrnl.exe!VfFailDriver + B6 805438F1 38 Bytes [8B, 0F, EB, 0D, 0F, B7, 11, ...]
.text ntoskrnl.exe!VfFailDriver + DD 80543918 45 Bytes [5F, 8B, C6, 5E, 5B, 5D, C2, ...]
.text ...
.text ntoskrnl.exe!WmiGetClock + 2 80545126 57 Bytes [55, 8B, EC, 51, 51, 83, E9, ...]
.text ntoskrnl.exe!WmiGetClock + 3C 80545160 18 Bytes [00, 00, 8B, F0, EB, 07, 8B, ...]
.text ntoskrnl.exe!WmiGetClock + 4F 80545173 10 Bytes [89, 45, FC, 8B, 86, 48, 01, ...]
.text ntoskrnl.exe!WmiGetClock + 5A 8054517E 125 Bytes [89, 45, F8, 74, 49, 8B, CE, ...]
.text ntoskrnl.exe!WmiGetClock + DA 805451FE 4 Bytes [E0, 89, 45, AC] {LOOPNZ 0xffffffffffffff8b; INC EBP; LODSB }
.text ...
.text ntoskrnl.exe!WmiTraceMessageVa + F6 805458FF 92 Bytes [FF, FF, 8B, 4D, C0, 0F, C1, ...]
.text ntoskrnl.exe!WmiTraceMessageVa + 153 8054595C 23 Bytes [45, 98, 85, C0, 75, 22, 8B, ...]
.text ntoskrnl.exe!WmiTraceMessageVa + 16B 80545974 66 Bytes [8B, 4D, BC, 0F, C1, 01, B8, ...]
.text ntoskrnl.exe!WmiTraceMessageVa + 1AE 805459B7 54 Bytes [74, 0C, 8B, 45, 14, 8B, 00, ...]
.text ntoskrnl.exe!WmiTraceMessageVa + 1E5 805459EE 38 Bytes [89, 03, 89, 53, 04, EB, 06, ...]
.text ...
.text ntoskrnl.exe!WmiTraceMessage + 2 80545B01 19 Bytes [55, 8B, EC, 8D, 45, 1C, 50, ...] {PUSH EBP; MOV EBP, ESP; LEA EAX, [EBP+0x1c]; PUSH EAX; PUSH DWORD [EBP+0x18]; PUSH DWORD [EBP+0x14]; PUSH DWORD [EBP+0x10]; PUSH DWORD [EBP+0xc]}
.text ntoskrnl.exe!WmiTraceMessage + 16 80545B15 45 Bytes CALL 80545807 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
.text ntoskrnl.exe!NtTraceEvent + 1B 80545B43 25 Bytes [00, 8A, 90, 40, 01, 00, 00, ...]
.text ntoskrnl.exe!NtTraceEvent + 35 80545B5D 3 Bytes [85, 40, 01] {TEST [EAX+0x1], EAX}
.text ntoskrnl.exe!NtTraceEvent + 3A 80545B62 91 Bytes [66, 8B, 46, 08, BB, FF, FF, ...]
.text ntoskrnl.exe!NtTraceEvent + 97 80545BBF 5 Bytes [74, 39, 6A, 01, 56] {JZ 0x3b; PUSH 0x1; PUSH ESI}
.text ntoskrnl.exe!NtTraceEvent + 9D 80545BC5 26 Bytes [69, 5A, 13, 00, 83, F8, 01, ...]
.text ...
.text ntoskrnl.exe!IoWMIDeviceObjectToInstanceName + B3 80545D8E 14 Bytes [85, C0, 7D, 03, 89, 46, 20, ...]
.text ntoskrnl.exe!IoWMIDeviceObjectToInstanceName + C2 80545D9D 17 Bytes [90, 90, 90, CC, CC, CC, CC, ...] {NOP ; NOP ; NOP ; INT 3 ; INT 3 ; INT 3 ; INT 3 ; INT 3 ; INT 3 ; NOP ; NOP ; NOP ; NOP ; NOP ; MOV EDI, EDI; PUSH EBP}
.text ntoskrnl.exe!IoWMIDeviceObjectToInstanceName + D4 80545DAF 19 Bytes [EC, 83, EC, 38, 6A, 00, FF, ...]
.text ntoskrnl.exe!IoWMIDeviceObjectToInstanceName + E8 80545DC3 33 Bytes [8B, 48, 44, 83, B9, C0, 00, ...]
.text ntoskrnl.exe!IoWMIDeviceObjectToInstanceName + 10A 80545DE5 8 Bytes [45, F8, 68, 1D, 00, 01, 00, ...]
.text ...
.text ntoskrnl.exe!ExGetSharedWaiterCount + 22 80545EE5 279 Bytes [CC, CC, CC, CC, CC, 90, 90, ...]
.text ntoskrnl.exe!ExGetSharedWaiterCount + 13A 80545FFD 4 Bytes [A1, 24, 01, 00]
.text ntoskrnl.exe!ExGetSharedWaiterCount + 13F 80546002 55 Bytes [FA, 8B, 4D, 08, 33, D2, 66, ...]
.text ntoskrnl.exe!ExGetSharedWaiterCount + 177 8054603A 53 Bytes [CC, CC, CC, CC, CC, CC, CC, ...]
.text ntoskrnl.exe!ExGetSharedWaiterCount + 1AD 80546070 6 Bytes [F0, 09, 01, 5D, C2, 04]
.text ...
.text ntoskrnl.exe!ExQueryPoolBlockSize + 39 80546236 1 Byte [10]
.text ntoskrnl.exe!ExQueryPoolBlockSize + 39 80546236 5 Bytes [10, 00, 00, EB, 27] {ADC [EAX], AL; ADD BL, CH; DAA }
.text ntoskrnl.exe!ExQueryPoolBlockSize + 3F 8054623C 100 Bytes [55, 0C, 33, C0, 66, 8B, 46, ...]
.text ntoskrnl.exe!ExQueryPoolBlockSize + A4 805462A1 48 Bytes [8B, 15, F0, 37, 56, 80, 8B, ...]
.text ntoskrnl.exe!ExQueryPoolBlockSize + D5 805462D2 32 Bytes [00, 75, 3E, BB, FF, 01, 00, ...]
.text ...
.text ntoskrnl.exe!ExUnregisterCallback + 37 80546AC9 145 Bytes [D3, 33, C0, 50, 50, 50, 50, ...]
.text ntoskrnl.exe!ExDeleteNPagedLookasideList + 2E 80546B5B 7 Bytes [56, 2C, 56, E8, 0F, 34, FA]
.text ntoskrnl.exe!ExDeleteNPagedLookasideList + 36 80546B63 101 Bytes [85, C0, 75, F2, 5F, 5E, 5D, ...]
.text ntoskrnl.exe!ExExtendZone + 44 80546BC9 50 Bytes [D3, 2B, 50, 08, 3B, F2, 76, ...]
.text ntoskrnl.exe!ExInterlockedExtendZone + D 80546BFC 1 Byte [FF]
.text ntoskrnl.exe!ExInterlockedExtendZone + D 80546BFC 141 Bytes [FF, 75, 10, 8A, D8, FF, 75, ...]
.text ntoskrnl.exe!ExInterlockedExtendZone + 9B 80546C8A 30 Bytes [08, 8B, 4B, 64, 2B, 4B, 48, ...]
.text ntoskrnl.exe!ExInterlockedExtendZone + BC 80546CAB 13 Bytes [03, CE, 89, 4D, E0, 39, 4D, ...]
.text ntoskrnl.exe!ExInterlockedExtendZone + CA 80546CB9 83 Bytes [83, C0, 10, 89, 45, D4, 8B, ...]
.text ...
.text ntoskrnl.exe!ExGetCurrentProcessorCpuUsage + 2A 80546EB2 30 Bytes CALL 804D96CD \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
.text ntoskrnl.exe!ExGetCurrentProcessorCounts + 2 80546ED1 40 Bytes [55, 8B, EC, 3E, A1, 20, F0, ...]
.text ntoskrnl.exe!ExGetCurrentProcessorCounts + 2B 80546EFA 57 Bytes [BE, 40, 10, 8B, 4D, 10, 89, ...]
.text ntoskrnl.exe!ExGetCurrentProcessorCounts + 65 80546F34 4 Bytes [68, E0, 24, 56]
.text ntoskrnl.exe!ExGetCurrentProcessorCounts + 6A 80546F39 144 Bytes CALL 804E4177 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
.text ntoskrnl.exe!ExGetCurrentProcessorCounts + FB 80546FCA 29 Bytes [00, 7C, DD, 5F, 5E, 5B, E8, ...]
.text ...
.text ntoskrnl.exe!_purecall + 17 8054700F 157 Bytes [55, 8B, EC, 8B, 45, 08, 66, ...]
.text ntoskrnl.exe!XIPDispatch + 3E 805470AD 334 Bytes [83, 7D, 10, 0C, 75, 0E, 8B, ...]
.text ntoskrnl.exe!XIPDispatch + 18D 805471FC 55 Bytes [49, 8A, 16, 8A, 01, 88, 11, ...]
.text ntoskrnl.exe!_itoa + 1B 80547235 33 Bytes [75, 10, 8B, 4D, 0C, E8, 8D, ...]
.text ntoskrnl.exe!_itoa + 3D 80547257 109 Bytes [74, 0A, 66, C7, 01, 2D, 00, ...]
.text ntoskrnl.exe!_itow + 1B 805472C5 65 Bytes [75, 10, 8B, 4D, 0C, E8, 7F, ...]
.text ntoskrnl.exe!_strlwr + 15 80547307 127 Bytes [0A, 80, F9, 5A, 7F, 05, 80, ...]
.text ntoskrnl.exe!_vsnwprintf + 33 80547387 88 Bytes [FF, 4D, E4, 8B, F0, 78, 0B, ...]
.text ntoskrnl.exe!_wcslwr + 6 805473E0 65 Bytes [45, 08, 66, 83, 38, 00, 8B, ...]
.text ntoskrnl.exe!_wcsnset + 6 80547422 12 Bytes [4D, 08, 33, D2, 39, 55, 10, ...] {DEC EBP; OR [EBX], DH; SAR BYTE [ECX], CL; PUSH EBP; ADC [EBX+0x561874c1], CL}
.text ntoskrnl.exe!_wcsnset + 13 8054742F 49 Bytes [4D, 10, 66, 39, 11, 74, 0E, ...]
.text ntoskrnl.exe!_wcsrev + F 80547461 20 Bytes [31, 41, 41, 66, 85, F6, 75, ...]
.text ntoskrnl.exe!_wcsrev + 24 80547476 97 Bytes [32, 66, 89, 3A, 42, 42, 66, ...]
.text ntoskrnl.exe!_wcsrev + 86 805474D8 21 Bytes [0F, B6, 04, 41, 83, E0, 08, ...]
.text ntoskrnl.exe!_wcsrev + 9C 805474EE 6 Bytes [2D, 8B, DF, 74, 05, 83]
.text ntoskrnl.exe!_wcsrev + A3 805474F5 47 Bytes [2B, 75, 04, 0F, B6, 3E, 46, ...]
.text ...
.text ntoskrnl.exe!isupper + 1D 805475B9 43 Bytes [45, 08, 8B, 0D, F0, 20, 55, ...]
.text ntoskrnl.exe!islower + 11 805475E5 46 Bytes CALL 8054844F \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
.text ntoskrnl.exe!isdigit + 6 80547614 3 Bytes [3D, F8, 20]
.text ntoskrnl.exe!isdigit + A 80547618 97 Bytes [80, 01, 7E, 0E, 6A, 04, FF, ...]
.text ntoskrnl.exe!isxdigit + 34 8054767A 10 Bytes [CC, CC, CC, CC, 90, 90, 90, ...]
.text ntoskrnl.exe!isspace + 2 80547685 9 Bytes [55, 8B, EC, 83, 3D, F8, 20, ...]
.text ntoskrnl.exe!isspace + C 8054768F 62 Bytes [7E, 0E, 6A, 08, FF, 75, 08, ...]
.text ntoskrnl.exe!isprint + 12 805476CE 26 Bytes CALL 8054844D \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
.text ntoskrnl.exe!isprint + 2D 805476E9 27 Bytes [57, 01, 00, 00, 5D, C3, 90, ...]
.text ntoskrnl.exe!isprint + 49 80547705 493 Bytes [00, 1B, C0, F7, D8, 5D, C3, ...]
.text ntoskrnl.exe!tolower + 23 805478F3 153 Bytes [0F, B6, 04, 70, 83, E0, 01, ...]
.text ntoskrnl.exe!wcscspn + 19 8054798D 92 Bytes [66, 85, FF, 8B, D3, 74, 14, ...]
.text ntoskrnl.exe!wcsspn + 6 805479EA 50 Bytes [45, 08, 53, 33, C9, 66, 8B, ...]
.text ntoskrnl.exe!wcsspn + 39 80547A1D 232 Bytes [08, 66, 85, C9, 75, DE, 2B, ...]
.text ntoskrnl.exe!wcstombs + C6 80547B06 45 Bytes [75, 10, FF, 75, 0C, FF, 75, ...]
.text ntoskrnl.exe!wcstombs + F4 80547B34 31 Bytes [00, 53, 8B, 5D, 08, 56, 57, ...]
.text ntoskrnl.exe!wcstombs + 114 80547B54 46 Bytes [85, C0, 59, 59, 75, EB, 66, ...]
.text ntoskrnl.exe!wcstombs + 145 80547B85 205 Bytes [83, F8, 24, 0F, 8F, 53, 01, ...]
.text ntoskrnl.exe!wcstombs + 213 80547C53 48 Bytes [4D, FC, 0F, AF, 4D, 10, 03, ...]
.text ...
PAGE ntoskrnl.exe!ExWindowStationObjectType + 1243 80563903 8 Bytes [00, 49, 00, 6E, 00, 74, 00, ...] {ADD [ECX+0x0], CL; OUTSB ; ADD [EAX+EAX+0x65], DH}
PAGE ntoskrnl.exe!ExWindowStationObjectType + 124C 8056390C 1 Byte [72]
PAGE ntoskrnl.exe!ExWindowStationObjectType + 124C 8056390C 7 Bytes [72, 00, 6E, 00, 61, 00, 6C] {JB 0x2; OUTSB ; ADD [ECX+0x0], AH; INSB }
PAGE ntoskrnl.exe!ExWindowStationObjectType + 1254 80563914 13 Bytes [00, 00, 00, 00, 49, 00, 73, ...]
PAGE ntoskrnl.exe!ExWindowStationObjectType + 1262 80563922 25 Bytes [69, 00, 73, 00, 61, 00, 00, ...]
PAGE ...
PAGE ntoskrnl.exe!RtlEqualUnicodeString + 3F 80563B5C 28 Bytes [66, 8B, 16, 33, C9, 66, 8B, ...]
PAGE ntoskrnl.exe!RtlEqualUnicodeString + 5D 80563B7A 124 Bytes [72, E0, B0, 01, 5F, 5E, 5B, ...]
PAGE ntoskrnl.exe!RtlEqualUnicodeString + DA 80563BF7 183 Bytes [00, 0F, B7, C0, 03, F0, 4B, ...]
PAGE ntoskrnl.exe!RtlEqualUnicodeString + 193 80563CB0 63 Bytes CALL E63E8E05
PAGE ntoskrnl.exe!RtlEqualUnicodeString + 1D3 80563CF0 45 Bytes [F8, 74, 35, 8D, 5F, 0C, 8B, ...]
PAGE ...
PAGE ntoskrnl.exe!PsReferencePrimaryToken + 26 805640E1 34 Bytes [45, 08, 5B, C9, C2, 04, 00, ...]
PAGE ntoskrnl.exe!PsReferencePrimaryToken + 49 80564104 35 Bytes [89, 46, 0C, 0F, 84, 60, 7C, ...]
PAGE ntoskrnl.exe!PsReferencePrimaryToken + 6E 80564129 15 Bytes [5F, 89, 46, 08, 5E, 5D, C2, ...]
PAGE ntoskrnl.exe!PsReferencePrimaryToken + 7E 80564139 55 Bytes [55, 8B, EC, 8B, 45, 18, A9, ...]
PAGE ntoskrnl.exe!PsReferencePrimaryToken + B6 80564171 7 Bytes CALL 805640EB \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ...
PAGE ntoskrnl.exe!SeCreateAccessState + 1 805641C2 24 Bytes [FF, 55, 8B, EC, 64, A1, 24, ...]
PAGE ntoskrnl.exe!SeCreateAccessState + 1A 805641DB 248 Bytes [75, 0C, FF, 75, 08, FF, 71, ...]
PAGE ntoskrnl.exe!SeDeleteAccessState + B6 805642D4 77 Bytes [17, 66, 89, 57, 02, 89, 55, ...]
PAGE ntoskrnl.exe!SeDeleteAccessState + 104 80564322 1 Byte [CB]
PAGE ntoskrnl.exe!SeDeleteAccessState + 104 80564322 5 Bytes [CB, 0F, 82, 2F, B3]
PAGE ntoskrnl.exe!SeDeleteAccessState + 10B 80564329 46 Bytes [3B, C8, 0F, 87, 27, B3, 00, ...]
PAGE ntoskrnl.exe!SeDeleteAccessState + 13A 80564358 36 Bytes [FE, FF, FF, 89, 45, E0, 85, ...]
PAGE ...
PAGE ntoskrnl.exe!SeAccessCheck + 25 8056496D 12 Bytes [00, 57, 8B, 7D, 14, 3B, FB, ...]
PAGE ntoskrnl.exe!SeAccessCheck + 32 8056497A 11 Bytes [38, 5D, 10, 0F, 84, 35, 79, ...]
PAGE ntoskrnl.exe!SeAccessCheck + 3E 80564986 40 Bytes [00, 06, 02, 74, 34, 8B, 06, ...]
PAGE ntoskrnl.exe!SeAccessCheck + 67 805649AF 13 Bytes [8B, C7, 25, 00, 00, 06, 00, ...]
PAGE ntoskrnl.exe!SeAccessCheck + 75 805649BD 28 Bytes [F9, FF, 3B, FB, 0F, 84, 4F, ...]
PAGE ...
PAGE ntoskrnl.exe!SeLockSubjectContext + 2B 80564A48 47 Bytes [5E, 5D, C2, 04, 00, 90, 90, ...]
PAGE ntoskrnl.exe!SeUnlockSubjectContext + 26 80564A78 29 Bytes [80, 0F, 84, 60, 35, 00, 00, ...]
PAGE ntoskrnl.exe!SeUnlockSubjectContext + 44 80564A96 37 Bytes [55, 8B, EC, 51, 83, 65, FC, ...]
PAGE ntoskrnl.exe!SeUnlockSubjectContext + 6B 80564ABD 8 Bytes [FF, 88, D4, 00, 00, 00, 6A, ...] {DEC DWORD [EAX+0xd4]; PUSH 0x1}
PAGE ntoskrnl.exe!SeUnlockSubjectContext + 74 80564AC6 42 Bytes CALL 804D93A4 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!SeUnlockSubjectContext + 9F 80564AF1 172 Bytes [00, FF, 45, 18, 83, C0, 0C, ...]
PAGE ...
PAGE ntoskrnl.exe!ObReferenceObjectByHandle + 32 80564C1A 11 Bytes [00, 00, FF, 75, 08, 89, 45, ...]
PAGE ntoskrnl.exe!ObReferenceObjectByHandle + 3E 80564C26 1 Byte [FF]
PAGE ntoskrnl.exe!ObReferenceObjectByHandle + 3E 80564C26 64 Bytes [FF, FF, 8B, F8, 3B, FB, 0F, ...]
PAGE ntoskrnl.exe!ObReferenceObjectByHandle + 7F 80564C67 198 Bytes [85, 45, 0C, 0F, 85, 17, 54, ...]
PAGE ntoskrnl.exe!ObReferenceObjectByHandle + 146 80564D2E 21 Bytes [00, C3, 90, 90, 90, 90, 90, ...]
PAGE ...
PAGE ntoskrnl.exe!ObInsertObject + D 80565047 6 Bytes [08, 8B, 48, F0, 83, C0] {OR [EBX-0x3f7c0fb8], CL}
PAGE ntoskrnl.exe!ObInsertObject + 14 8056504E 40 Bytes [53, 33, DB, 89, 4D, D0, 8A, ...]
PAGE ntoskrnl.exe!ObInsertObject + 3D 80565077 213 Bytes [8D, 46, 0C, 89, 45, D8, 8B, ...]
PAGE ntoskrnl.exe!ObInsertObject + 113 8056514D 38 Bytes [8D, 45, FC, 50, 8D, 45, E0, ...]
PAGE ntoskrnl.exe!ObInsertObject + 13A 80565174 150 Bytes [75, D0, FF, 37, FF, 75, DC, ...]
PAGE ...
PAGE ntoskrnl.exe!NtCreateSection + 1F 805652D2 7 Bytes [00, 0D, 0F, 84, 74, B2, 08]
PAGE ntoskrnl.exe!NtCreateSection + 27 805652DA 109 Bytes [F7, C2, 00, 00, 00, 01, 0F, ...]
PAGE ntoskrnl.exe!NtCreateSection + 95 80565348 29 Bytes [55, 80, 3B, C1, 0F, 83, 0D, ...]
PAGE ntoskrnl.exe!NtCreateSection + B3 80565366 25 Bytes [75, 20, 52, 8D, 45, CC, FF, ...]
PAGE ntoskrnl.exe!NtCreateSection + CD 80565380 12 Bytes CALL 804E448F \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ...
PAGE ntoskrnl.exe!ObCreateObject + 19 8056557F 1 Byte [46]
PAGE ntoskrnl.exe!ObCreateObject + 19 8056557F 59 Bytes CALL 804E20E2 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!ObCreateObject + 55 805655BB 5 Bytes [85, 01, 02, 09, 00]
PAGE ntoskrnl.exe!ObCreateObject + 5B 805655C1 90 Bytes [4D, 20, 85, C9, 75, 06, 8B, ...]
PAGE ntoskrnl.exe!ObCreateObject + B6 8056561C 284 Bytes [85, 18, 02, 09, 00, 5F, 5E, ...]
PAGE ...
PAGE ntoskrnl.exe!SeOpenObjectAuditAlarm + 12 80565B7A 1 Byte [C6]
PAGE ntoskrnl.exe!SeOpenObjectAuditAlarm + 12 80565B7A 56 Bytes [C6, 45, FE, 00, 89, 5D, F0, ...]
PAGE ntoskrnl.exe!SeOpenObjectAuditAlarm + 4B 80565BB3 61 Bytes [24, 89, 45, 24, 8B, F8, 8B, ...]
PAGE ntoskrnl.exe!SeOpenObjectAuditAlarm + 89 80565BF1 114 Bytes [33, DB, 80, 7D, 20, 01, 75, ...]
PAGE ntoskrnl.exe!ObCheckObjectAccess + 18 80565C64 3 Bytes [4D, FC, 33]
PAGE ntoskrnl.exe!ObCheckObjectAccess + 1C 80565C68 73 Bytes [51, 50, 89, 75, F4, 89, 75, ...]
PAGE ntoskrnl.exe!ObCheckObjectAccess + 66 80565CB2 12 Bytes CALL 80564946 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!ObCheckObjectAccess + 73 80565CBF 20 Bytes [18, 0F, 85, 65, 1B, 04, 00, ...]
PAGE ntoskrnl.exe!ObCheckObjectAccess + 88 80565CD4 141 Bytes [00, 00, 02, F7, D0, 21, 46, ...]
PAGE ntoskrnl.exe!ObReleaseObjectSecurity + 48 80565D62 7 Bytes [45, FC, 8B, 4D, F4, 8B, 55]
PAGE ntoskrnl.exe!ObReleaseObjectSecurity + 50 80565D6A 61 Bytes [0F, B1, 11, 3B, C7, 0F, 85, ...]
PAGE ntoskrnl.exe!ObReleaseObjectSecurity + 8E 80565DA8 3 Bytes JMP 805654E9 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!ObReleaseObjectSecurity + 92 80565DAC 128 Bytes [90, 90, 90, 90, 90, 8B, FF, ...]
PAGE ntoskrnl.exe!ObDereferenceSecurityDescriptor + 21 80565E2D 97 Bytes [89, 5D, F8, 8B, C6, 2B, 45, ...]
PAGE ntoskrnl.exe!ObDereferenceSecurityDescriptor + 83 80565E8F 88 Bytes [88, D4, 00, 00, 00, 8D, 87, ...]
PAGE ntoskrnl.exe!ObDereferenceSecurityDescriptor + DC 80565EE8 91 Bytes [FF, 88, D4, 00, 00, 00, 8D, ...]
PAGE ntoskrnl.exe!ObDereferenceSecurityDescriptor + 138 80565F44 25 Bytes [40, 08, 8D, 8C, 07, B0, 00, ...]
PAGE ntoskrnl.exe!ObDereferenceSecurityDescriptor + 152 80565F5E 35 Bytes [0F, 84, D3, E1, 08, 00, 38, ...]
PAGE ...
PAGE ntoskrnl.exe!NtWaitForSingleObject + 47 805661C3 24 Bytes [45, D0, 8D, 75, CC, 89, 75, ...]
PAGE ntoskrnl.exe!NtWaitForSingleObject + 60 805661DC 8 Bytes [00, FF, 75, 08, E8, 03, EA, ...]
PAGE ntoskrnl.exe!NtWaitForSingleObject + 69 805661E5 124 Bytes [8B, F8, 3B, FB, 7C, 36, 8B, ...]
PAGE ntoskrnl.exe!NtWaitForSingleObject + E7 80566263 56 Bytes [43, AE, 09, 00, 8D, 3C, 01, ...]
PAGE ntoskrnl.exe!NtWaitForSingleObject + 120 8056629C 2 Bytes [8A, 45]
PAGE ...
PAGE ntoskrnl.exe!ProbeForWrite + 25 805663D7 83 Bytes [80, 73, 23, BA, 00, F0, FF, ...]
PAGE ntoskrnl.exe!ZwDelayExecution + 1B 8056642B 28 Bytes [84, C0, 0F, 84, E7, 28, 0A, ...]
PAGE ntoskrnl.exe!ZwDelayExecution + 38 80566448 73 Bytes [3B, D8, 0F, 83, 98, 28, 0A, ...]
PAGE ntoskrnl.exe!ZwReleaseMutant + 17 80566492 116 Bytes [89, 45, CC, 8A, 80, 40, 01, ...]
PAGE ntoskrnl.exe!ZwReleaseMutant + 8C 80566507 2 Bytes [C2, 08]
PAGE ntoskrnl.exe!ZwReleaseMutant + 8F 8056650A 147 Bytes CALL 804D904D \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!ZwReleaseMutant + 123 8056659E 23 Bytes [89, 5D, 0C, 74, 11, 33, D2, ...]
PAGE ntoskrnl.exe!ZwReleaseMutant + 13B 805665B6 235 Bytes [35, 40, 48, 4E, 80, 8D, 04, ...]
PAGE ...
PAGE ntoskrnl.exe!ZwWaitForMultipleObjects + 2D 805666F3 28 Bytes [64, A1, 24, 01, 00, 00, 8A, ...]
PAGE ntoskrnl.exe!ZwWaitForMultipleObjects + 4A 80566710 4 Bytes [55, 80, 85, D2]
PAGE ntoskrnl.exe!ZwWaitForMultipleObjects + 4F 80566715 69 Bytes [85, 0D, 06, 00, 00, 8B, F3, ...]
PAGE ntoskrnl.exe!ZwWaitForMultipleObjects + 95 8056675B 22 Bytes [87, 52, 0E, 00, 00, 89, 75, ...]
PAGE ntoskrnl.exe!ZwWaitForMultipleObjects + AC 80566772 12 Bytes [8F, D4, 00, 00, 00, C6, 45, ...]
PAGE ...
PAGE ntoskrnl.exe!RtlAreAllAccessesGranted + 2A 80566A37 81 Bytes [EC, 51, 51, 57, 8B, 7D, 0C, ...]
PAGE ntoskrnl.exe!RtlAreAllAccessesGranted + 7C 80566A89 46 Bytes [8B, C6, 5E, 5B, 5F, C9, C2, ...]
PAGE ntoskrnl.exe!RtlAreAllAccessesGranted + AB 80566AB8 78 Bytes [90, 90, 90, 90, 90, 6A, 30, ...]
PAGE ntoskrnl.exe!KeUserModeCallback + 4A 80566B07 337 Bytes [F3, A4, 89, 43, FC, 89, 5B, ...]
PAGE ntoskrnl.exe!RtlUpcaseUnicodeChar + 39 80566C59 36 Bytes [83, 3D, 34, 72, 55, 80, 00, ...]
PAGE ntoskrnl.exe!RtlUpcaseUnicodeChar + 5F 80566C7F 86 Bytes [56, BE, E0, 7E, 55, 80, 0F, ...]
PAGE ntoskrnl.exe!RtlUpcaseUnicodeString + 24 80566CD6 21 Bytes [0F, B7, 16, 6A, 00, D1, EA, ...]
PAGE ntoskrnl.exe!RtlUpcaseUnicodeString + 3A 80566CEC 124 Bytes [04, 48, 66, 83, F8, 61, 72, ...]
PAGE ntoskrnl.exe!RtlUpcaseUnicodeString + B7 80566D69 8 Bytes [8B, C1, F7, D0, 85, 45, 0C, ...]
PAGE ntoskrnl.exe!RtlUpcaseUnicodeString + C0 80566D72 50 Bytes [20, CF, 08, 00, 8B, 45, 1C, ...]
PAGE ntoskrnl.exe!RtlUpcaseUnicodeString + F3 80566DA5 19 Bytes [FF, 83, 7D, 08, FE, 0F, 85, ...]
PAGE ...
PAGE ntoskrnl.exe!ZwRemoveIoCompletion + 23 80566FBC 15 Bytes [88, 45, DC, 84, C0, 0F, 84, ...]
PAGE ntoskrnl.exe!ZwRemoveIoCompletion + 33 80566FCC 65 Bytes [8B, 4D, 10, 3B, C8, 0F, 83, ...]
PAGE ntoskrnl.exe!ZwRemoveIoCompletion + 75 8056700E 43 Bytes [D6, 74, 24, 8D, 45, A8, 89, ...]
PAGE ntoskrnl.exe!ZwRemoveIoCompletion + A1 8056703A 24 Bytes [89, 45, C4, 56, 8D, 4D, D8, ...]
PAGE ntoskrnl.exe!ZwRemoveIoCompletion + BA 80567053 15 Bytes [8B, 4D, D8, 89, 4D, BC, 89, ...]
PAGE ...
PAGE ntoskrnl.exe!NtQueryInformationThread + 5 805671A3 139 Bytes [68, A0, 6F, 4E, 80, E8, 9E, ...]
PAGE ntoskrnl.exe!NtQueryInformationThread + 91 8056722F 6 Bytes [85, C0, 0F, 8C, 91, 00]
PAGE ntoskrnl.exe!NtQueryInformationThread + 98 80567236 20 Bytes [00, 8B, 1D, 0C, 20, 55, 80, ...]
PAGE ntoskrnl.exe!NtQueryInformationThread + AD 8056724B 20 Bytes CALL 804D9568 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!NtQueryInformationThread + C2 80567260 34 Bytes CALL 804D9567 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ...
PAGE ntoskrnl.exe!RtlAddAtomToAtomTable + 2D 80567461 17 Bytes [FF, 84, C0, 0F, 85, 83, 71, ...]
PAGE ntoskrnl.exe!RtlAddAtomToAtomTable + 3F 80567473 95 Bytes [8D, 45, DC, 50, 8D, 45, D8, ...]
PAGE ntoskrnl.exe!RtlAddAtomToAtomTable + 9F 805674D3 16 Bytes [90, 90, 90, 90, 90, 6A, 1C, ...]
PAGE ntoskrnl.exe!ZwQueryPerformanceCounter + C 805674E4 113 Bytes [64, A1, 24, 01, 00, 00, 8A, ...]
PAGE ntoskrnl.exe!ZwQueryPerformanceCounter + 7E 80567556 33 Bytes [89, 03, 89, 53, 04, 8B, 45, ...]
PAGE ntoskrnl.exe!ZwQueryPerformanceCounter + A0 80567578 138 Bytes [C2, 08, 00, 90, 90, 90, 90, ...]
PAGE ntoskrnl.exe!ZwQueryPerformanceCounter + 12B 80567603 81 Bytes [F0, FF, FF, 8B, D0, 23, D1, ...]
PAGE ntoskrnl.exe!ZwQueryPerformanceCounter + 17D 80567655 83 Bytes [C1, EB, 05, 83, E3, 1F, 8B, ...]
PAGE ...
PAGE ntoskrnl.exe!NtClose + 3E 80567AAB 14 Bytes [53, 56, 57, 0F, 86, B7, 00, ...] {PUSH EBX; PUSH ESI; PUSH EDI; JBE 0xc0; LEA ESI, [ECX+0x10]; MOV EDI, [ESI]}
PAGE ntoskrnl.exe!NtClose + 4E 80567ABB 44 Bytes [04, 8B, 18, 8B, D3, 2B, D7, ...]
PAGE ntoskrnl.exe!NtClose + 7B 80567AE8 10 Bytes [00, 74, 4D, 8B, 55, 0C, B9, ...]
PAGE ntoskrnl.exe!NtClose + 86 80567AF3 6 Bytes [3B, D1, 89, 55, FC, 0F]
PAGE ntoskrnl.exe!NtClose + 8D 80567AFA 259 Bytes [CE, 26, 09, 00, 8B, CB, 2B, ...]
PAGE ...
PAGE ntoskrnl.exe!SeTokenIsRestricted + 26 80567EE7 52 Bytes [0F, 85, 78, CF, FF, FF, 8B, ...]
PAGE ntoskrnl.exe!SeTokenIsRestricted + 5B 80567F1C 115 Bytes [10, 0F, 84, 06, D8, FF, FF, ...]
PAGE ntoskrnl.exe!RtlCreateSecurityDescriptor + 63 80567F90 62 Bytes [00, 90, 90, 90, 90, 90, 8B, ...]
PAGE ntoskrnl.exe!RtlMapGenericMask + 39 80567FCF 25 Bytes [10, 5E, 0F, 85, 84, 4E, 00, ...]
PAGE ntoskrnl.exe!RtlMapGenericMask + 53 80567FE9 176 Bytes JMP 80602F4E \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!RtlCopySid + A6 8056809A 20 Bytes CALL 804D9050 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!RtlCopySid + BB 805680AF 109 Bytes [FF, 55, 8B, EC, 53, 56, 57, ...]
PAGE ntoskrnl.exe!FsRtlOplockIsFastIoPossible + 2 8056811D 28 Bytes [55, 8B, EC, 8B, 4D, 08, 8B, ...]
PAGE ntoskrnl.exe!FsRtlOplockIsFastIoPossible + 1F 8056813A 152 Bytes [FF, 80, 7D, 14, 00, 0F, 85, ...]
PAGE ntoskrnl.exe!FsRtlOplockIsFastIoPossible + B8 805681D3 4 Bytes [A1, D4, FB, 55]
PAGE ntoskrnl.exe!FsRtlOplockIsFastIoPossible + BD 805681D8 8 Bytes [39, 45, E0, 0F, 83, 71, D5, ...]
PAGE ntoskrnl.exe!FsRtlOplockIsFastIoPossible + C6 805681E1 25 Bytes [8D, 43, 24, 8B, 75, E0, 8B, ...]
PAGE ...
Doug_Tilley
Active Member
 
Posts: 12
Joined: May 30th, 2010, 4:16 pm

Re: Google redirects, Firefox Crashing, Google Chrome issues

Unread postby Doug_Tilley » June 5th, 2010, 2:52 pm

PAGE ntoskrnl.exe!RtlEqualSid + 17 8056821E 8 Bytes [8A, 46, 01, 3A, 47, 01, 0F, ...]
PAGE ntoskrnl.exe!RtlEqualSid + 20 80568227 1 Byte [5D]
PAGE ntoskrnl.exe!RtlEqualSid + 23 8056822A 10 Bytes [0F, B6, C8, 33, C0, 8D, 0C, ...]
PAGE ntoskrnl.exe!RtlEqualSid + 2F 80568236 10 Bytes [F3, A6, 0F, 94, C0, 5F, 5E, ...]
PAGE ntoskrnl.exe!RtlEqualSid + 3A 80568241 7 Bytes [8B, 42, 08, 03, 02, 8B, 52]
PAGE ...
PAGE ntoskrnl.exe!SeTokenType + 2 8056828A 9 Bytes [55, 8B, EC, 8B, 45, 08, 8B, ...]
PAGE ntoskrnl.exe!SeTokenType + E 80568296 9 Bytes [5D, C2, 04, 00, 90, 90, E6, ...]
PAGE ntoskrnl.exe!SeTokenType + 18 805682A0 3 Bytes [00, 00, 00]
PAGE ntoskrnl.exe!SeTokenType + 1C 805682A4 13 Bytes JMP 025682A1
PAGE ntoskrnl.exe!SeTokenType + 2A 805682B2 11 Bytes [0F, 84, DD, F8, FF, FF, 80, ...]
PAGE ...
PAGE ntoskrnl.exe!SePrivilegeCheck + 59 80568528 31 Bytes [8B, 45, 08, 8B, 80, 98, 00, ...]
PAGE ntoskrnl.exe!SePrivilegeCheck + 79 80568548 142 Bytes [90, 90, 90, 90, 90, 8B, FF, ...]
PAGE ntoskrnl.exe!ObOpenObjectByName + 48 805685D7 95 Bytes [FF, 75, 10, FF, 75, 10, 56, ...]
PAGE ntoskrnl.exe!ObOpenObjectByName + A8 80568637 472 Bytes [0F, 8C, CC, 00, 00, 00, 8D, ...]
PAGE ntoskrnl.exe!ObOpenObjectByName + 281 80568810 55 Bytes [45, 10, 0F, 84, C4, 1A, 00, ...]
PAGE ntoskrnl.exe!ObOpenObjectByName + 2B9 80568848 78 Bytes [0F, 84, 48, C8, 08, 00, C7, ...]
PAGE ntoskrnl.exe!ObOpenObjectByName + 308 80568897 351 Bytes [00, 0F, 84, 72, 1A, 01, 00, ...]
PAGE ...
PAGE ntoskrnl.exe!ZwOpenKey + 3 80568EEC 6 Bytes [00, 00, 68, A8, 65, 4E]
PAGE ntoskrnl.exe!ZwOpenKey + A 80568EF3 41 Bytes CALL 804E244B \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!ZwOpenKey + 34 80568F1D 22 Bytes [80, 65, 0D, FC, 80, 3D, A4, ...]
PAGE ntoskrnl.exe!ZwOpenKey + 4B 80568F34 4 Bytes [8A, 80, 40, 01]
PAGE ntoskrnl.exe!ZwOpenKey + 51 80568F3A 15 Bytes [88, 45, D4, 89, 75, FC, 8B, ...]
PAGE ...
PAGE ntoskrnl.exe!NtAllocateVirtualMemory + 5 80569158 4 Bytes [68, 58, 91, 4E]
PAGE ntoskrnl.exe!NtAllocateVirtualMemory + A 8056915D 19 Bytes CALL 804E244B \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!NtAllocateVirtualMemory + 1E 80569171 8 Bytes [8B, 4D, 18, F7, C1, FF, CF, ...]
PAGE ntoskrnl.exe!NtAllocateVirtualMemory + 27 8056917A 5 Bytes [0F, 85, 70, 66, 08]
PAGE ntoskrnl.exe!NtAllocateVirtualMemory + 2D 80569180 5 Bytes [F7, C1, 00, 30, 08]
PAGE ...
PAGE ntoskrnl.exe!ZwClearEvent + 2 80569801 10 Bytes [55, 8B, EC, 51, 56, 64, A1, ...]
PAGE ntoskrnl.exe!ZwClearEvent + D 8056980C 7 Bytes [8A, 80, 40, 01, 00, 00, 6A]
PAGE ntoskrnl.exe!ZwClearEvent + 15 80569814 74 Bytes [88, 45, FC, 8D, 45, 08, 50, ...]
PAGE ntoskrnl.exe!NtSetEvent + 12 80569860 104 Bytes [8A, 80, 40, 01, 00, 00, 88, ...]
PAGE ntoskrnl.exe!NtSetEvent + 7B 805698C9 14 Bytes [83, 4D, FC, FF, 8B, 45, DC, ...]
PAGE ntoskrnl.exe!NtSetEvent + 8A 805698D8 14 Bytes [90, 90, 90, 90, 90, 8B, 41, ...]
PAGE ntoskrnl.exe!NtSetEvent + 9A 805698E8 63 Bytes [8B, 41, 08, 85, C0, 0F, 84, ...]
PAGE ntoskrnl.exe!NtSetEvent + DA 80569928 58 Bytes [00, 00, C3, 8B, C8, EB, B9, ...]
PAGE ...
PAGE ntoskrnl.exe!NtFreeVirtualMemory + A 80569A88 10 Bytes CALL 804E244B \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!NtFreeVirtualMemory + 15 80569A93 8 Bytes [3F, FF, FF, 0F, 85, 6E, 6B, ...]
PAGE ntoskrnl.exe!NtFreeVirtualMemory + 1E 80569A9C 1 Byte [B8]
PAGE ntoskrnl.exe!NtFreeVirtualMemory + 1E 80569A9C 3 Bytes [B8, 00, C0]
PAGE ntoskrnl.exe!NtFreeVirtualMemory + 22 80569AA0 67 Bytes [00, 23, C8, 0F, 84, 61, 6B, ...]
PAGE ...
PAGE ntoskrnl.exe!ZwQueryValueKey + 7 8056A389 35 Bytes CALL 804E244B \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!ZwQueryValueKey + 2B 8056A3AD 18 Bytes [8B, 7D, 10, 3B, FE, 74, 18, ...]
PAGE ntoskrnl.exe!ZwQueryValueKey + 3E 8056A3C0 22 Bytes [04, 74, 09, 83, FF, 02, 0F, ...]
PAGE ntoskrnl.exe!ZwQueryValueKey + 56 8056A3D8 18 Bytes [88, 5D, D4, 33, FF, 57, 8D, ...]
PAGE ntoskrnl.exe!ZwQueryValueKey + 69 8056A3EB 9 Bytes [6A, 01, FF, 75, 08, E8, F3, ...]
PAGE ...
PAGE ntoskrnl.exe!SeQuerySecurityDescriptorInfo + 1E 8056A768 42 Bytes [11, 89, 55, D0, 8B, 45, 14, ...]
PAGE ntoskrnl.exe!SeQuerySecurityDescriptorInfo + 4A 8056A794 63 Bytes [74, 0A, 3B, CB, 0F, 84, 91, ...]
PAGE ntoskrnl.exe!SeQuerySecurityDescriptorInfo + 8A 8056A7D4 15 Bytes [F9, 89, 7D, C4, F6, C2, 10, ...] {STC ; MOV [EBP-0x3c], EDI; TEST DL, 0x10; JNZ 0x6f7d6; XOR EAX, EAX}
PAGE ntoskrnl.exe!SeQuerySecurityDescriptorInfo + 9A 8056A7E4 84 Bytes [F0, 89, 75, C0, 8B, 45, B6, ...]
PAGE ntoskrnl.exe!SeQuerySecurityDescriptorInfo + EF 8056A839 151 Bytes [00, 00, 89, 4D, DC, 83, C1, ...]
PAGE ...
PAGE ntoskrnl.exe!MmSecureVirtualMemory + B 8056AEC1 36 Bytes [75, 0C, FF, 75, 08, E8, EB, ...]
PAGE ntoskrnl.exe!PsSetProcessPriorityByClass + 12 8056AEE6 79 Bytes [00, 0F, B6, C8, 8B, 0C, 8D, ...]
PAGE ntoskrnl.exe!PsSetProcessPriorityByClass + 62 8056AF36 32 Bytes [00, 00, 04, 00, 00, 00, 08, ...]
PAGE ntoskrnl.exe!PsSetProcessPriorityByClass + 83 8056AF57 36 Bytes [55, 8B, EC, 83, 3D, A0, B0, ...]
PAGE ntoskrnl.exe!PsSetProcessPriorityByClass + A8 8056AF7C 90 Bytes [90, 90, 90, 90, 90, 8B, FF, ...]
PAGE ntoskrnl.exe!RtlMultiByteToUnicodeN + 56 8056AFD7 21 Bytes [34, 71, 66, 89, 30, 3B, DF, ...]
PAGE ntoskrnl.exe!RtlMultiByteToUnicodeN + 6C 8056AFED 95 Bytes [8D, 0C, 1B, 89, 08, EB, B1, ...]
PAGE ntoskrnl.exe!RtlMultiByteToUnicodeN + CC 8056B04D 45 Bytes [30, 66, 89, 01, 41, 41, 42, ...]
PAGE ntoskrnl.exe!RtlMultiByteToUnicodeN + FA 8056B07B 35 Bytes [D2, AF, 56, 80, FC, 88, 58, ...]
PAGE ntoskrnl.exe!RtlMultiByteToUnicodeN + 11E 8056B09F 83 Bytes [87, 89, 58, 80, 6B, 89, 58, ...]
PAGE ...
PAGE ntoskrnl.exe!CcPreparePinWrite + 23 8056B3B0 58 Bytes [45, 10, 89, 45, D4, 88, 5D, ...]
PAGE ntoskrnl.exe!CcPreparePinWrite + 5E 8056B3EB 201 Bytes [55, C4, 8B, 4D, CC, 2B, D1, ...]
PAGE ntoskrnl.exe!CcUnpinDataForThread + 1D 8056B4B5 22 Bytes [FF, 75, 0C, 8D, 43, 38, 50, ...]
PAGE ntoskrnl.exe!CcUnpinDataForThread + 34 8056B4CC 58 Bytes [5B, 5D, C2, 08, 00, 90, 90, ...]
PAGE ntoskrnl.exe!ZwReplyWaitReceivePortEx + 31 8056B507 62 Bytes [88, 45, C8, 84, C0, 0F, 84, ...]
PAGE ntoskrnl.exe!ZwReplyWaitReceivePortEx + 70 8056B546 143 Bytes [75, 10, 3B, F0, 0F, 83, EB, ...]
PAGE ntoskrnl.exe!ZwReplyWaitReceivePortEx + 100 8056B5D6 50 Bytes [36, 03, 00, 39, 5D, 10, 74, ...]
PAGE ntoskrnl.exe!ZwReplyWaitReceivePortEx + 133 8056B609 46 Bytes [24, 0F, BE, E0, AB, 55, 80, ...]
PAGE ntoskrnl.exe!ZwReplyWaitReceivePortEx + 162 8056B638 22 Bytes CALL 804D9021 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ...
PAGE ntoskrnl.exe!ZwReplyWaitReceivePort + 6D 8056BA2B 23 Bytes JMP 8056475B \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!ZwReplyWaitReceivePort + 85 8056BA43 57 Bytes [EC, 8B, 4D, 08, 8B, 01, 83, ...]
PAGE ntoskrnl.exe!ExAcquireRundownProtection + C 8056BA7D 22 Bytes [4D, F4, F6, C3, 01, EB, 00, ...]
PAGE ntoskrnl.exe!ExAcquireRundownProtection + 23 8056BA94 23 Bytes [45, FC, 8B, 4D, F4, 8B, 55, ...]
PAGE ntoskrnl.exe!ExAcquireRundownProtection + 3B 8056BAAC 78 Bytes [90, 90, 90, 90, 90, 8B, FF, ...]
PAGE ntoskrnl.exe!ExReleaseRundownProtection + 4A 8056BAFB 90 Bytes [F9, 8B, DA, 89, 7D, F8, 8B, ...]
PAGE ntoskrnl.exe!ExReleaseRundownProtection + A5 8056BB56 22 Bytes CALL 8067B00D \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!ExReleaseRundownProtection + BC 8056BB6D 474 Bytes CALL 80564B3E \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!RtlFreeHeap + 43 8056BD48 247 Bytes [FE, 01, 00, 00, F6, 43, 05, ...]
PAGE ntoskrnl.exe!RtlFreeHeap + 13B 8056BE40 45 Bytes [56, 0C, 8D, 4E, 08, 8B, 01, ...]
PAGE ntoskrnl.exe!RtlFreeHeap + 169 8056BE6E 15 Bytes [C1, 83, E1, 07, B2, 01, C1, ...] {ROL DWORD [EBX+0x1b207e1], 0xc1; CALL 0xffffffff8de2d20f; TEST [EAX], BL; POP EAX}
PAGE ntoskrnl.exe!RtlFreeHeap + 179 8056BE7E 11 Bytes [00, 00, 30, 10, 8A, 46, 05, ...]
PAGE ntoskrnl.exe!RtlFreeHeap + 185 8056BE8A 2 Bytes [14, 09] {ADC AL, 0x9}
PAGE ...
PAGE ntoskrnl.exe!ZwSetIoCompletion + 28 8056C18D 35 Bytes CALL 80564BE6 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!ZwSetIoCompletion + 4D 8056C1B2 90 Bytes CALL 804D904D \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!ZwSetIoCompletion + A8 8056C20D 43 Bytes [78, 0C, 89, 7D, D0, 8B, 58, ...]
PAGE ntoskrnl.exe!ZwSetIoCompletion + D4 8056C239 76 Bytes [90, 90, 90, 90, 90, 6A, 14, ...]
PAGE ntoskrnl.exe!IoSetIoCompletion + 48 8056C286 61 Bytes [4D, 10, 89, 48, 10, 8B, 4D, ...]
PAGE ntoskrnl.exe!NtSetInformationThread + 15 8056C2C5 7 Bytes [89, 45, DC, 8A, 80, 40, 01]
PAGE ntoskrnl.exe!NtSetInformationThread + 1D 8056C2CD 38 Bytes [00, 88, 45, E4, 84, C0, 0F, ...]
PAGE ntoskrnl.exe!NtSetInformationThread + 44 8056C2F4 11 Bytes [2B, C7, C7, 45, D8, 04, 00, ...]
PAGE ntoskrnl.exe!NtSetInformationThread + 50 8056C300 19 Bytes [8B, 75, 10, 85, DB, 74, 23, ...] {MOV ESI, [EBP+0x10]; TEST EBX, EBX; JZ 0x2a; MOV EAX, [EBP-0x28]; DEC EAX; TEST ESI, EAX; JNZ 0x8c79a}
PAGE ntoskrnl.exe!NtSetInformationThread + 64 8056C314 9 Bytes [04, 1E, 3B, C6, 0F, 82, 28, ...]
PAGE ...
PAGE ntoskrnl.exe!PsAssignImpersonationToken + 3A 8056C3FA 57 Bytes [8B, 77, 20, 3B, F3, 74, 4B, ...]
PAGE ntoskrnl.exe!PsAssignImpersonationToken + 74 8056C434 8 Bytes [83, 4D, FC, FF, 8D, 8F, 34, ...]
PAGE ntoskrnl.exe!PsAssignImpersonationToken + 7D 8056C43D 22 Bytes CALL 8056BAB0 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!PsAssignImpersonationToken + 94 8056C454 9 Bytes [C2, 08, 00, 90, 90, 90, 90, ...]
PAGE ntoskrnl.exe!PsRevertThreadToSelf + 2 8056C45E 6 Bytes [55, 8B, EC, 51, 53, 57] {PUSH EBP; MOV EBP, ESP; PUSH ECX; PUSH EBX; PUSH EDI}
PAGE ntoskrnl.exe!PsRevertThreadToSelf + 9 8056C465 22 Bytes [7D, 08, 8D, 9F, 48, 02, 00, ...]
PAGE ntoskrnl.exe!PsRevertThreadToSelf + 22 8056C47E 5 Bytes [F0, FF, 8E, D4, 00]
PAGE ntoskrnl.exe!PsRevertThreadToSelf + 29 8056C485 16 Bytes [8D, 87, 38, 02, 00, 00, 89, ...]
PAGE ntoskrnl.exe!PsRevertThreadToSelf + 3A 8056C496 188 Bytes [8B, 4D, 08, BA, 02, 00, 00, ...]
PAGE ntoskrnl.exe!PsImpersonateClient + 4A 8056C553 100 Bytes [75, 18, FF, 75, 0C, 57, E8, ...]
PAGE ntoskrnl.exe!PsImpersonateClient + AF 8056C5B8 68 Bytes [00, 8B, 4D, 08, BA, 02, 00, ...]
PAGE ntoskrnl.exe!PsImpersonateClient + F4 8056C5FD 35 Bytes [75, F4, 89, 75, 14, B8, 02, ...]
PAGE ntoskrnl.exe!PsImpersonateClient + 118 8056C621 72 Bytes [75, 0B, 8D, 47, 34, 39, 00, ...]
PAGE ntoskrnl.exe!PsImpersonateClient + 161 8056C66A 9 Bytes [33, DB, 8B, 51, 24, F7, C2, ...]
PAGE ...
PAGE ntoskrnl.exe!MmUnmapViewOfSection + 2 8056C6AF 4 Bytes [55, 8B, EC, 6A]
PAGE ntoskrnl.exe!MmUnmapViewOfSection + 7 8056C6B4 65 Bytes [FF, 75, 0C, FF, 75, 08, E8, ...]
PAGE ntoskrnl.exe!ZwSetEventBoostPriority + 2F 8056C6F7 57 Bytes [8B, F8, 85, FF, 7C, 1D, 56, ...]
PAGE ntoskrnl.exe!ZwSetEventBoostPriority + 69 8056C731 17 Bytes [53, 56, 57, 33, FF, 89, 7D, ...]
PAGE ntoskrnl.exe!ZwSetEventBoostPriority + 7B 8056C743 15 Bytes [C6, 45, FF, 00, C6, 45, F1, ...]
PAGE ntoskrnl.exe!ZwSetEventBoostPriority + 8B 8056C753 68 Bytes [C6, 45, EB, 00, 89, 7D, EC, ...]
PAGE ntoskrnl.exe!ZwSetEventBoostPriority + D0 8056C798 3 Bytes [9D, 7C, FF] {POPF ; JL 0x2}
PAGE ...
PAGE ntoskrnl.exe!SeAssignSecurity 8056CD63 165 Bytes [8B, FF, 55, 8B, EC, 8B, 4D, ...]
PAGE ntoskrnl.exe!SeAssignSecurity + A6 8056CE09 67 Bytes [00, 0F, 85, 26, D2, 01, 00, ...]
PAGE ntoskrnl.exe!SeAssignSecurity + EA 8056CE4D 148 Bytes [00, 80, 8B, 4D, 40, 89, 19, ...]
PAGE ntoskrnl.exe!RtlValidSid + 76 8056CEE2 78 Bytes [50, 68, 8B, 48, 64, 8B, 0C, ...]
PAGE ntoskrnl.exe!RtlLengthSecurityDescriptor + 30 8056CF31 47 Bytes [85, 0B, 00, 00, 00, 83, E0, ...]
PAGE ntoskrnl.exe!RtlLengthSecurityDescriptor + 61 8056CF62 39 Bytes [1E, 66, 85, F6, 8B, 51, 10, ...]
PAGE ntoskrnl.exe!RtlLengthSecurityDescriptor + 89 8056CF8A 91 Bytes [5E, 5B, 5D, C2, 04, 00, 90, ...]
PAGE ntoskrnl.exe!RtlCreateAcl + 51 8056CFE6 106 Bytes [90, 8B, FF, 55, 8B, EC, 33, ...]
PAGE ntoskrnl.exe!SeReleaseSecurityDescriptor + 6A 8056D051 58 Bytes [56, 8B, 75, 08, 0F, 84, 07, ...]
PAGE ntoskrnl.exe!SeReleaseSecurityDescriptor + A8 8056D08F 246 Bytes [90, 8B, FF, 55, 8B, EC, 83, ...]
PAGE ntoskrnl.exe!ObLogSecurityDescriptor + F6 8056D186 64 Bytes [00, 33, C0, 5F, 5E, 5B, C9, ...]
PAGE ntoskrnl.exe!ObLogSecurityDescriptor + 137 8056D1C7 128 Bytes [00, 90, 90, 90, 90, 90, 8B, ...]
PAGE ntoskrnl.exe!ObAssignSecurity + 5D 8056D249 33 Bytes [00, 8B, F0, 85, F6, 0F, 8C, ...]
PAGE ntoskrnl.exe!ObAssignSecurity + 7F 8056D26B 71 Bytes [FF, FF, 39, 5D, F8, 89, 45, ...]
PAGE ntoskrnl.exe!ObAssignSecurity + C7 8056D2B3 73 Bytes [00, 39, 5D, D4, 0F, 85, 21, ...]
PAGE ntoskrnl.exe!ObAssignSecurity + 111 8056D2FD 70 Bytes [8B, 7D, 0C, 57, 8B, F0, E8, ...]
PAGE ntoskrnl.exe!ObAssignSecurity + 158 8056D344 48 Bytes [4D, 83, 65, 08, 00, 66, 83, ...]
PAGE ...
PAGE ntoskrnl.exe!SeTokenImpersonationLevel + 45 8056D8C7 125 Bytes CALL 805702B5 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!PsLookupProcessThreadByCid + 65 8056D946 17 Bytes [C0, 74, 39, 80, 3F, 06, 0F, ...]
PAGE ntoskrnl.exe!PsLookupProcessThreadByCid + 77 8056D958 31 Bytes [8B, 4D, 08, 3B, 01, 0F, 85, ...]
PAGE ntoskrnl.exe!PsLookupProcessThreadByCid + 97 8056D978 22 Bytes [85, C0, 0F, 85, C6, 22, 02, ...]
PAGE ntoskrnl.exe!PsLookupProcessThreadByCid + AF 8056D990 184 Bytes [8B, 81, 08, 02, 00, 00, A8, ...]
PAGE ntoskrnl.exe!NtRequestWaitReplyPort + 29 8056DA49 127 Bytes [64, A1, 24, 01, 00, 00, 8A, ...]
PAGE ntoskrnl.exe!NtRequestWaitReplyPort + A9 8056DAC9 76 Bytes [83, 4D, FC, FF, 8B, 85, 78, ...]
PAGE ntoskrnl.exe!NtRequestWaitReplyPort + F6 8056DB16 24 Bytes [75, C4, FF, 35, 08, AC, 55, ...]
PAGE ntoskrnl.exe!NtRequestWaitReplyPort + 10F 8056DB2F 21 Bytes [0F, BF, 85, 76, FF, FF, FF, ...]
PAGE ntoskrnl.exe!NtRequestWaitReplyPort + 125 8056DB45 22 Bytes [10, 03, 00, 0F, BF, 95, 74, ...]
PAGE ...
PAGE ntoskrnl.exe!RtlLookupAtomInAtomTable + 74 8056DE41 13 Bytes [74, 07, 66, 8B, 4E, 06, 66, ...] {JZ 0x9; MOV CX, [ESI+0x6]; MOV [EAX], CX; OR DWORD [EBP-0x4], -0x1}
PAGE ntoskrnl.exe!RtlLookupAtomInAtomTable + 82 8056DE4F 101 Bytes CALL 80566E00 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!PsLookupThreadByThreadId + 1F 8056DEB5 3 Bytes CALL 80566A34 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!PsLookupThreadByThreadId + 24 8056DEBA 83 Bytes [D8, 85, DB, C7, 45, 08, 0D, ...]
PAGE ntoskrnl.exe!PsLookupThreadByThreadId + 78 8056DF0E 27 Bytes [90, 90, 10, 00, 12, 00, 18, ...]
PAGE ntoskrnl.exe!PsLookupThreadByThreadId + 94 8056DF2A 1 Byte [32]
PAGE ntoskrnl.exe!PsLookupThreadByThreadId + 94 8056DF2A 193 Bytes JMP 80568239 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!FsRtlDissectName + 17 8056DFEC 175 Bytes [39, 66, 89, 79, 02, 89, 79, ...]
PAGE ntoskrnl.exe!RtlDeleteAtomFromAtomTable + 37 8056E09C 39 Bytes [8B, C6, 25, FF, 3F, 00, 00, ...]
PAGE ntoskrnl.exe!RtlDeleteAtomFromAtomTable + 5F 8056E0C4 81 Bytes [66, FF, 48, 08, 66, 39, 58, ...]
PAGE ntoskrnl.exe!RtlDeleteAtomFromAtomTable + B1 8056E116 11 Bytes [0F, 94, C0, 8D, 04, 85, 04, ...] {SETZ AL; LEA EAX, [EAX*4+0x4]; PUSH EAX}
PAGE ntoskrnl.exe!RtlDeleteAtomFromAtomTable + BD 8056E122 24 Bytes CALL 8058CE37 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!RtlDeleteAtomFromAtomTable + D6 8056E13B 13 Bytes CALL F5561CC3
PAGE ...
PAGE ntoskrnl.exe!ZwOpenSection + 17 8056E21A 24 Bytes [00, 88, 45, DC, 33, C9, 3A, ...]
PAGE ntoskrnl.exe!ZwOpenSection + 30 8056E233 15 Bytes [3B, F0, 0F, 83, 23, 1F, 08, ...]
PAGE ntoskrnl.exe!ZwOpenSection + 40 8056E243 9 Bytes [8D, 45, E4, 50, 51, FF, 75, ...] {LEA EAX, [EBP-0x1c]; PUSH EAX; PUSH ECX; PUSH DWORD [EBP+0xc]; PUSH ECX}
PAGE ntoskrnl.exe!ZwOpenSection + 4A 8056E24D 7 Bytes [75, DC, FF, 35, 40, F9, 55]
PAGE ntoskrnl.exe!ZwOpenSection + 52 8056E255 98 Bytes CALL 8056858C \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ...
PAGE ntoskrnl.exe!ZwFlushInstructionCache + 5C 8056E486 68 Bytes [0F, 85, 7B, 0E, 04, 00, 3B, ...]
PAGE ntoskrnl.exe!ZwFlushInstructionCache + A1 8056E4CB 262 Bytes [A5, 00, 00, C0, 32, C0, E9, ...]
PAGE ntoskrnl.exe!CcSetLogHandleForFile + C5 8056E5D2 17 Bytes JMP 805707E4 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!CcSetLogHandleForFile + D7 8056E5E4 39 Bytes [00, 75, 0B, 8D, 48, 34, 39, ...]
PAGE ntoskrnl.exe!SeQueryAuthenticationIdToken + B 8056E60C 46 Bytes [00, FF, 88, D4, 00, 00, 00, ...]
PAGE ntoskrnl.exe!SeQueryAuthenticationIdToken + 3B 8056E63C 19 Bytes [FF, 80, D4, 00, 00, 00, 5E, ...]
PAGE ntoskrnl.exe!SeQueryAuthenticationIdToken + 4F 8056E650 41 Bytes [33, C0, 5D, C2, 08, 00, 8B, ...]
PAGE ntoskrnl.exe!SeQueryAuthenticationIdToken + 7A 8056E67B 17 Bytes JMP 8056A49F \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!SeQueryAuthenticationIdToken + 13F 8056E740 74 Bytes [15, 74, 76, 4D, 80, 8B, 56, ...]
PAGE ...
PAGE ntoskrnl.exe!SeSetAccessStateGenericMapping + 25 8056F118 58 Bytes [FF, 8B, 71, 04, 3B, 35, 1C, ...]
PAGE ntoskrnl.exe!SeSetAccessStateGenericMapping + 60 8056F153 3 Bytes [0F, B7, D0] {MOVZX EDX, AX}
PAGE ntoskrnl.exe!SeSetAccessStateGenericMapping + 64 8056F157 22 Bytes [4D, E0, 8B, 4B, 04, D1, EA, ...]
PAGE ntoskrnl.exe!SeSetAccessStateGenericMapping + 7B 8056F16E 145 Bytes JMP 80564471 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!FsRtlAreNamesEqual + 67 8056F200 23 Bytes [00, FF, 45, 10, 46, 46, 39, ...]
PAGE ntoskrnl.exe!FsRtlCurrentBatchOplock 8056F219 3 Bytes [8B, FF, 55] {MOV EDI, EDI; PUSH EBP}
PAGE ntoskrnl.exe!FsRtlCurrentBatchOplock + 4 8056F21D 19 Bytes [EC, 8B, 4D, 08, 8B, 09, 32, ...]
PAGE ntoskrnl.exe!FsRtlCurrentBatchOplock + 18 8056F231 28 Bytes [66, 3D, F8, 00, 0F, 83, BB, ...]
PAGE ntoskrnl.exe!FsRtlCurrentBatchOplock + 35 8056F24E 4 Bytes JMP 80577CAC \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!FsRtlCurrentBatchOplock + 3B 8056F254 36 Bytes JMP 80577CE7 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ...
PAGE ntoskrnl.exe!IoCreateFile + 21 8056F4CC 57 Bytes [75, 3C, FF, 75, 38, FF, 75, ...]
PAGE ntoskrnl.exe!IoCreateFile + 5B 8056F506 84 Bytes [38, 00, 90, 90, 90, 90, 90, ...]
PAGE ntoskrnl.exe!IoCreateFile + B0 8056F55B 70 Bytes JMP 805654D6 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!NtOpenFile + 7 8056F5A2 56 Bytes [50, 50, 50, 50, 50, FF, 75, ...]
PAGE ntoskrnl.exe!NtOpenFile + 40 8056F5DB 118 Bytes [83, FF, 02, 0F, 84, 2C, FD, ...]
PAGE ntoskrnl.exe!NtCreateFile + 52 8056F652 126 Bytes JMP 80564330 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!IoSetShareAccess + 2 8056F6D1 32 Bytes [55, 8B, EC, 51, 8B, 4D, 08, ...]
PAGE ntoskrnl.exe!IoSetShareAccess + 23 8056F6F2 32 Bytes [10, 43, 22, CB, F6, 40, 2E, ...]
PAGE ntoskrnl.exe!IoSetShareAccess + 44 8056F713 90 Bytes [4D, 0C, 8A, D1, 22, D3, 88, ...]
PAGE ntoskrnl.exe!IoSetShareAccess + 9F 8056F76E 6 Bytes [55, 8B, EC, 80, 7D, 10]
PAGE ntoskrnl.exe!IoSetShareAccess + A6 8056F775 82 Bytes [53, 56, 57, 0F, 84, 8D, 00, ...]
PAGE ...
PAGE ntoskrnl.exe!NtQueryVolumeInformationFile + 44 8056F887 31 Bytes [00, 0F, B6, C0, 39, 45, 14, ...]
PAGE ntoskrnl.exe!NtQueryVolumeInformationFile + 64 8056F8A7 4 Bytes [8B, 07, 89, 07] {MOV EAX, [EDI]; MOV [EDI], EAX}
PAGE ntoskrnl.exe!NtQueryVolumeInformationFile + 69 8056F8AC 43 Bytes [47, 04, 89, 47, 04, 6A, 04, ...]
PAGE ntoskrnl.exe!NtQueryVolumeInformationFile + 95 8056F8D8 137 Bytes CALL 80564BE5 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!NtQueryVolumeInformationFile + 11F 8056F962 85 Bytes [4D, 10, 89, 11, 8B, 76, 20, ...]
PAGE ...
PAGE ntoskrnl.exe!NtCreateEvent + C 8056FDC6 4 Bytes [64, A1, 24, 01]
PAGE ntoskrnl.exe!NtCreateEvent + 12 8056FDCC 7 Bytes [8A, 80, 40, 01, 00, 00, 88]
PAGE ntoskrnl.exe!NtCreateEvent + 1A 8056FDD4 66 Bytes [E0, 33, DB, 3A, C3, 0F, 84, ...]
PAGE ntoskrnl.exe!NtCreateEvent + 5D 8056FE17 55 Bytes [10, FF, 35, 40, 26, 56, 80, ...]
PAGE ntoskrnl.exe!NtCreateEvent + 96 8056FE50 6 Bytes [0C, 53, 51, E8, E2, 51]
PAGE ...
PAGE ntoskrnl.exe!CcMapData + 1F 8056FEB2 9 Bytes [00, C1, EF, 0C, 64, A1, 24, ...]
PAGE ntoskrnl.exe!CcMapData + 29 8056FEBC 25 Bytes [8B, F0, 89, 75, D0, 8B, 86, ...]
PAGE ntoskrnl.exe!CcMapData + 43 8056FED6 14 Bytes [14, 83, E0, 01, 89, 45, D8, ...]
PAGE ntoskrnl.exe!CcMapData + 52 8056FEE5 3 Bytes [B0, 72, 55] {MOV AL, 0x72; PUSH EBP}
PAGE ntoskrnl.exe!CcMapData + 56 8056FEE9 9 Bytes [C7, 05, 28, CB, 54, 80, A8, ...]
PAGE ...
PAGE ntoskrnl.exe!CcUnpinData + 59 8056FFC6 30 Bytes [D1, EB, 89, 9E, 40, 02, 00, ...]
PAGE ntoskrnl.exe!CcUnpinData + 7A 8056FFE7 28 Bytes [90, 90, 90, 90, 90, 8B, FF, ...]
PAGE ntoskrnl.exe!CcUnpinData + 97 80570004 29 Bytes [DE, 20, F7, FF, 3B, C3, 0F, ...]
PAGE ntoskrnl.exe!CcUnpinData + B5 80570022 93 Bytes [FF, 55, 8B, EC, 8B, 55, 08, ...]
PAGE ntoskrnl.exe!RtlInitializeBitMap + 1E 80570080 63 Bytes [55, 8B, EC, 8B, 45, 0C, 8B, ...]
PAGE ntoskrnl.exe!RtlInitializeBitMap + 5E 805700C0 9 Bytes [C1, E0, 04, 03, 04, 8A, 5D, ...]
PAGE ntoskrnl.exe!RtlInitializeBitMap + 68 805700CA 62 Bytes [90, 90, 90, 90, 90, 8B, FF, ...]
PAGE ntoskrnl.exe!RtlInitializeBitMap + A7 80570109 4 Bytes [0E, 7C, 2C, 57] {PUSH CS; JL 0x2f; PUSH EDI}
PAGE ntoskrnl.exe!RtlInitializeBitMap + AC 8057010E 5 Bytes [75, 20, FF, 75, 1C] {JNZ 0x22; PUSH DWORD [EBP+0x1c]}
PAGE ...
PAGE ntoskrnl.exe!NtOpenThreadTokenEx + 33 80570176 36 Bytes [0F, 85, E7, 07, 09, 00, 3A, ...]
PAGE ntoskrnl.exe!NtOpenThreadTokenEx + 58 8057019B 6 Bytes [89, 5D, 14, 8D, 45, D8] {MOV [EBP+0x14], EBX; LEA EAX, [EBP-0x28]}
PAGE ntoskrnl.exe!NtOpenThreadTokenEx + 60 805701A3 11 Bytes [45, D4, 50, 8D, 45, E7, 50, ...] {INC EBP; AAM 0x50; LEA EAX, [EBP-0x19]; PUSH EAX; LEA EAX, [EBP-0x38]; PUSH EAX}
PAGE ntoskrnl.exe!NtOpenThreadTokenEx + 6C 805701AF 3 Bytes [45, CC, 50] {INC EBP; INT 3 ; PUSH EAX}
PAGE ntoskrnl.exe!NtOpenThreadTokenEx + 70 805701B3 32 Bytes [75, 10, FF, 75, 08, E8, 12, ...]
PAGE ntoskrnl.exe!NtOpenThreadToken + 2 805701D4 11 Bytes [55, 8B, EC, FF, 75, 14, 6A, ...] {PUSH EBP; MOV EBP, ESP; PUSH DWORD [EBP+0x14]; PUSH 0x0; PUSH DWORD [EBP+0x10]}
PAGE ntoskrnl.exe!NtOpenThreadToken + E 805701E0 4 Bytes [75, 0C, FF, 75]
PAGE ntoskrnl.exe!NtOpenThreadToken + 13 805701E5 30 Bytes CALL 80570143 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!NtOpenThreadToken + 32 80570204 27 Bytes [71, 09, 09, 00, 8B, 75, 10, ...]
PAGE ntoskrnl.exe!NtOpenThreadToken + 4E 80570220 47 Bytes [08, 75, 1D, 8A, 06, 84, C0, ...]
PAGE ...
PAGE ntoskrnl.exe!ObOpenObjectByPointer + 12 805702C8 4 Bytes [75, 1C, 33, FF] {JNZ 0x1e; XOR EDI, EDI}
PAGE ntoskrnl.exe!ObOpenObjectByPointer + 17 805702CD 5 Bytes [75, 18, 89, 7D, FC] {JNZ 0x1a; MOV [EBP-0x4], EDI}
PAGE ntoskrnl.exe!ObOpenObjectByPointer + 1D 805702D3 16 Bytes CALL 804E9FC0 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!ObOpenObjectByPointer + 2E 805702E4 6 Bytes [45, 10, 3B, C7, 75, 28]
PAGE ntoskrnl.exe!ObOpenObjectByPointer + 35 805702EB 7 Bytes [43, F0, 83, C0, 68, 50, FF]
PAGE ...
PAGE ntoskrnl.exe!NtQueryInformationProcess + A 8057037A 9 Bytes CALL 804E244B \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!NtQueryInformationProcess + 14 80570384 5 Bytes [00, 8A, 80, 40, 01]
PAGE ntoskrnl.exe!NtQueryInformationProcess + 1A 8057038A 11 Bytes [00, 88, 45, E4, 84, C0, 0F, ...]
PAGE ntoskrnl.exe!NtQueryInformationProcess + 26 80570396 3 Bytes [83, 65, FC]
PAGE ntoskrnl.exe!NtQueryInformationProcess + 2A 8057039A 186 Bytes [6A, 04, 8B, 7D, 14, 57, 8B, ...]
PAGE ntoskrnl.exe!NtSetInformationProcess + 14 80570455 191 Bytes [00, 8B, F0, 8A, 86, 40, 01, ...]
PAGE ntoskrnl.exe!NtSetInformationProcess + D4 80570515 194 Bytes [50, FF, 75, E4, FF, 35, 58, ...]
PAGE ntoskrnl.exe!NtSetInformationProcess + 197 805705D8 121 Bytes [16, 0F, 87, 7D, C6, 09, 00, ...]
PAGE ntoskrnl.exe!NtSetInformationProcess + 211 80570652 181 Bytes [5B, 5D, C2, 04, 00, 90, 90, ...]
PAGE ntoskrnl.exe!NtSetInformationProcess + 2C7 80570708 45 Bytes JMP 8056F6BF \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!NtOpenProcessToken + 1 80570736 72 Bytes [FF, 55, 8B, EC, FF, 75, 10, ...]
PAGE ntoskrnl.exe!RtlCompareUnicodeString + 2D 80570780 169 Bytes [89, 45, FC, 0F, 84, B1, A3, ...]
PAGE ntoskrnl.exe!RtlCompareUnicodeString + D7 8057082A 35 Bytes [66, 83, FA, 61, 0F, 82, B4, ...]
PAGE ntoskrnl.exe!RtlCompareUnicodeString + FB 8057084E 26 Bytes [0F, B7, C9, 3B, D1, 0F, 84, ...]
PAGE ntoskrnl.exe!RtlCompareUnicodeString + 116 80570869 61 Bytes [F1, C1, EE, 08, 0F, B7, 34, ...]
PAGE ntoskrnl.exe!RtlCompareUnicodeString + 154 805708A7 101 Bytes [00, 8B, 45, 10, 53, 8B, 5D, ...]
PAGE ...
PAGE ntoskrnl.exe!NtOpenProcessTokenEx + 33 80570961 9 Bytes [5D, FC, 8B, 7D, 14, A1, D4, ...]
PAGE ntoskrnl.exe!NtOpenProcessTokenEx + 3D 8057096B 72 Bytes [3B, F8, 0F, 83, 89, FF, 08, ...]
PAGE ntoskrnl.exe!NtOpenProcessTokenEx + 86 805709B4 72 Bytes [3B, F3, 7C, 10, C7, 45, FC, ...]
PAGE ntoskrnl.exe!NtOpenProcessTokenEx + CF 805709FD 1 Byte [04]
PAGE ntoskrnl.exe!NtOpenProcessTokenEx + CF 805709FD 9 Bytes [04, 00, 00, FF, 75, 08, E8, ...]
PAGE ...
PAGE ntoskrnl.exe!ZwQueryVirtualMemory + 82 80570AAE 10 Bytes [FF, FF, BE, 00, 00, FE, 7F, ...]
PAGE ntoskrnl.exe!ZwQueryVirtualMemory + 8D 80570AB9 81 Bytes [FF, 3B, C2, 0F, 83, AA, D0, ...]
PAGE ntoskrnl.exe!ZwQueryVirtualMemory + DF 80570B0B 52 Bytes [20, 0F, 85, F3, 2B, 08, 00, ...]
PAGE ntoskrnl.exe!ZwQueryVirtualMemory + 114 80570B40 110 Bytes [00, C7, 45, E4, 01, 00, 00, ...]
PAGE ntoskrnl.exe!ZwQueryVirtualMemory + 183 80570BAF 111 Bytes [83, 7D, 10, 03, 0F, 84, AA, ...]
PAGE ...
PAGE ntoskrnl.exe!NtQueryInformationToken + 2 80570EA1 54 Bytes [01, 00, 00, 68, 28, C6, 4E, ...]
PAGE ntoskrnl.exe!NtQueryInformationToken + 39 80570ED8 13 Bytes [5D, 18, A1, D4, FB, 55, 80, ...]
PAGE ntoskrnl.exe!NtQueryInformationToken + 47 80570EE6 21 Bytes [00, 8B, 03, 89, 03, 83, 4D, ...]
PAGE ntoskrnl.exe!NtQueryInformationToken + 5D 80570EFC 69 Bytes [02, 00, FF, 24, 85, BB, 1D, ...]
PAGE ntoskrnl.exe!NtQueryInformationToken + A3 80570F42 3 Bytes [46, 68, 8B]
PAGE ...
PAGE ntoskrnl.exe!ZwCreateKey + C 80572EA9 28 Bytes [F5, F6, FF, 33, DB, 89, 5D, ...]
PAGE ntoskrnl.exe!ZwCreateKey + 29 80572EC6 75 Bytes [0F, 85, DD, 7B, 09, 00, 80, ...]
PAGE ntoskrnl.exe!ZwCreateKey + 75 80572F12 72 Bytes [8B, 0A, 89, 4D, 90, 8B, 52, ...]
PAGE ntoskrnl.exe!ZwCreateKey + BE 80572F5B 8 Bytes [A1, D4, FB, 55, 80, 8B, 4D, ...] {MOV EAX, [0x8055fbd4]; MOV ECX, [EBP+0x10]}
PAGE ntoskrnl.exe!ZwCreateKey + C7 80572F64 20 Bytes [C8, 0F, 83, 05, 7C, 09, 00, ...]
PAGE ...
PAGE ntoskrnl.exe!ZwQueryKey + 7 805732B4 4 Bytes CALL 804E244B \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!ZwQueryKey + C 805732B9 299 Bytes [33, FF, 89, 7D, E0, 39, 3D, ...]
PAGE ntoskrnl.exe!ZwQueryKey + 138 805733E5 1 Byte [38]
PAGE ntoskrnl.exe!ZwQueryKey + 138 805733E5 48 Bytes [38, FF, FF, C3, 90, 90, 90, ...]
PAGE ntoskrnl.exe!ZwQueryKey + 169 80573416 31 Bytes [55, 8B, EC, 53, 8B, 5D, 0C, ...]
PAGE ...
PAGE ntoskrnl.exe!ZwEnumerateKey 805735A4 62 Bytes [6A, 54, 68, 60, C8, 4E, 80, ...]
PAGE ntoskrnl.exe!ZwEnumerateKey + 3F 805735E3 21 Bytes [45, DC, 50, FF, 75, D0, FF, ...]
PAGE ntoskrnl.exe!ZwEnumerateKey + 55 805735F9 72 Bytes [89, 45, E4, 3B, C6, 7C, 7D, ...]
PAGE ntoskrnl.exe!ZwEnumerateKey + 9E 80573642 30 Bytes [FC, FF, 33, DB, 39, 5D, E4, ...]
PAGE ntoskrnl.exe!ZwEnumerateKey + BD 80573661 26 Bytes [75, 14, FF, 75, 10, FF, 75, ...]
PAGE ...
PAGE ntoskrnl.exe!RtlAllocateHeap + 5 80573707 37 Bytes [68, B8, 6E, 4E, 80, E8, 3A, ...]
PAGE ntoskrnl.exe!RtlAllocateHeap + 2B 8057372D 23 Bytes [01, 3C, 0F, 85, 13, A8, 08, ...]
PAGE ntoskrnl.exe!RtlAllocateHeap + 43 80573745 27 Bytes [C9, 0F, 84, 16, A5, 08, 00, ...]
PAGE ntoskrnl.exe!RtlAllocateHeap + 5F 80573761 32 Bytes [A8, 01, 0F, 84, FF, A4, 08, ...]
PAGE ntoskrnl.exe!RtlAllocateHeap + 80 80573782 67 Bytes [85, 5F, 02, 00, 00, 8B, 4D, ...]
PAGE ...
PAGE ntoskrnl.exe!NtAddAtom + 32 80573C30 41 Bytes [FF, FF, 85, C0, 0F, 84, 7F, ...]
PAGE ntoskrnl.exe!NtAddAtom + 5C 80573C5A 1 Byte [FF]
PAGE ntoskrnl.exe!NtAddAtom + 5C 80573C5A 157 Bytes [FF, 8B, 8D, 54, FF, FF, FF, ...]
PAGE ntoskrnl.exe!NtAddAtom + FA 80573CF8 69 Bytes JMP 0BFD2FFF
PAGE ntoskrnl.exe!NtAddAtom + 140 80573D3E 14 Bytes [FF, FF, 00, 0F, 84, 82, 4D, ...]
PAGE ...
PAGE ntoskrnl.exe!NtDuplicateObject + 31 8057401A 10 Bytes [55, 80, 3B, F0, 0F, 83, DF, ...] {PUSH EBP; CMP BYTE [EBX], 0xf0; JAE 0x80de9}
PAGE ntoskrnl.exe!NtDuplicateObject + 3C 80574025 65 Bytes [06, 89, 06, 89, 1E, 83, 4D, ...]
PAGE ntoskrnl.exe!NtDuplicateObject + 7E 80574067 48 Bytes CALL 80564BE5 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!NtDuplicateObject + AF 80574098 11 Bytes CALL 80573E59 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!NtDuplicateObject + BB 805740A4 47 Bytes [10, C7, 45, FC, 01, 00, 00, ...]
PAGE ...
PAGE ntoskrnl.exe!SeSinglePrivilegeCheck + 5D 805741C3 17 Bytes [FF, 8A, 45, 0C, C9, C2, 0C, ...]
PAGE ntoskrnl.exe!NtOpenProcess + 5 805741D5 51 Bytes CALL 68D7907A
PAGE ntoskrnl.exe!NtOpenProcess + 39 80574209 11 Bytes [8B, 4D, 08, 3B, C8, 0F, 83, ...] {MOV ECX, [EBP+0x8]; CMP ECX, EAX; JAE 0x8431d}
PAGE ntoskrnl.exe!NtOpenProcess + 45 80574215 69 Bytes [01, 89, 01, 8B, 5D, 10, F6, ...]
PAGE ntoskrnl.exe!NtOpenProcess + 8B 8057425B 53 Bytes [01, 89, 45, D4, 8B, 41, 04, ...]
PAGE ntoskrnl.exe!NtOpenProcess + C1 80574291 238 Bytes CALL 805641C1 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!PsLookupProcessByProcessId + 29 80574380 20 Bytes [08, 0D, 00, 00, C0, 74, 32, ...]
PAGE ntoskrnl.exe!PsLookupProcessByProcessId + 3F 80574396 153 Bytes CALL 804EA02D \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!PsLookupProcessByProcessId + D9 80574430 28 Bytes [7C, 1F, FF, 81, CF, FF, 0F, ...]
PAGE ntoskrnl.exe!PsLookupProcessByProcessId + F7 8057444E 14 Bytes [89, 4D, A4, FF, 15, 8C, 76, ...]
PAGE ntoskrnl.exe!PsLookupProcessByProcessId + 106 8057445D 24 Bytes [20, 0F, 85, CF, ED, 07, 00, ...]
PAGE ...
PAGE ntoskrnl.exe!ZwProtectVirtualMemory + 33 805745B2 22 Bytes [00, 88, 45, D4, 84, C0, 0F, ...]
PAGE ntoskrnl.exe!ZwProtectVirtualMemory + 4A 805745C9 154 Bytes [3B, F8, 0F, 83, B1, EE, 07, ...]
PAGE ntoskrnl.exe!ZwProtectVirtualMemory + E5 80574664 21 Bytes [DC, 50, FF, 75, E4, E8, 8D, ...]
PAGE ntoskrnl.exe!ZwProtectVirtualMemory + FC 8057467B 12 Bytes CALL 804D904D \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!ZwProtectVirtualMemory + 10A 80574689 28 Bytes [00, 80, 7D, D4, 00, 74, 33, ...]
PAGE ...
PAGE ntoskrnl.exe!SeFreePrivileges + 7 80574855 55 Bytes CALL 8054B584 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!SeCaptureSecurityDescriptor + 27 8057488D 26 Bytes [00, 80, 7D, 0C, 00, 0F, 84, ...]
PAGE ntoskrnl.exe!SeCaptureSecurityDescriptor + 42 805748A8 12 Bytes [A1, D4, FB, 55, 80, 3B, D8, ...]
PAGE ntoskrnl.exe!SeCaptureSecurityDescriptor + 4F 805748B5 118 Bytes [6A, 05, 59, 8B, F3, 8D, BD, ...]
PAGE ntoskrnl.exe!SeCaptureSecurityDescriptor + C6 8057492C 32 Bytes [FF, FF, FF, F6, C1, 04, 0F, ...]
PAGE ntoskrnl.exe!SeCaptureSecurityDescriptor + E7 8057494D 67 Bytes [66, 25, FF, 7F, 66, 89, 85, ...]
PAGE ...
PAGE ntoskrnl.exe!RtlAnsiCharToUnicodeChar + C 80574D3C 117 Bytes [53, 56, 8B, 75, 08, 8B, 06, ...]
PAGE ntoskrnl.exe!RtlAnsiCharToUnicodeChar + 82 80574DB2 80 Bytes [84, D1, 88, 09, 00, 3B, F2, ...]
PAGE ntoskrnl.exe!RtlAnsiCharToUnicodeChar + D3 80574E03 12 Bytes [64, A1, 24, 01, 00, 00, 8B, ...] {MOV EAX, FS:[0x124]; MOV EAX, [EBP+0xc]; MOV [EBP-0x24], EAX}
PAGE ntoskrnl.exe!RtlAnsiCharToUnicodeChar + E0 80574E10 2 Bytes [45, 14]
PAGE ntoskrnl.exe!RtlAnsiCharToUnicodeChar + E3 80574E13 46 Bytes [45, D0, B8, 00, 00, 01, 00, ...]
PAGE ...
PAGE ntoskrnl.exe!SeImpersonateClientEx + 4 80575022 149 Bytes [EC, 8B, 4D, 08, 80, 79, 10, ...]
PAGE ntoskrnl.exe!SeImpersonateClientEx + 9B 805750B9 3 Bytes [90, 90, 90] {NOP ; NOP ; NOP }
PAGE ntoskrnl.exe!RtlLengthRequiredSid + 1 805750BD 10 Bytes [FF, 55, 8B, EC, 8B, 45, 08, ...]
PAGE ntoskrnl.exe!RtlLengthRequiredSid + C 805750C8 4 Bytes [00, 00, 00, 5D]
PAGE ntoskrnl.exe!RtlLengthRequiredSid + 11 805750CD 66 Bytes [04, 00, 90, 90, 90, 90, 90, ...]
PAGE ntoskrnl.exe!RtlLengthRequiredSid + 54 80575110 4 Bytes [80, 7D, 10, 00] {CMP BYTE [EBP+0x10], 0x0}
PAGE ntoskrnl.exe!RtlLengthRequiredSid + 59 80575115 42 Bytes [5D, 08, C6, 46, 10, 01, 0F, ...]
PAGE ...
PAGE ntoskrnl.exe!SeCreateClientSecurity + 9C 805751EC 95 Bytes [FF, C7, 45, FC, 08, 00, 00, ...]
PAGE ntoskrnl.exe!SeCreateClientSecurity + FC 8057524C 131 Bytes [00, 40, 8B, 0D, D4, FB, 55, ...]
PAGE ntoskrnl.exe!SeCreateClientSecurity + 180 805752D0 21 Bytes CALL 805750B8 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!SeCreateClientSecurity + 196 805752E6 37 Bytes [FF, FF, 03, 0F, 85, 93, D4, ...]
PAGE ntoskrnl.exe!SeCreateClientSecurity + 1BC 8057530C 2 Bytes [83, 4D]
PAGE ...
PAGE ntoskrnl.exe!ZwAccessCheck + 90 80575768 49 Bytes [53, FF, 75, D0, 6A, 01, 8D, ...]
PAGE ntoskrnl.exe!ZwAccessCheck + C2 8057579A 12 Bytes [5D, 94, 8D, 45, E0, 50, 53, ...] {POP EBP; XCHG ESP, EAX; LEA EAX, [EBP-0x20]; PUSH EAX; PUSH EBX; PUSH DWORD [EBP-0x28]; PUSH 0x2}
PAGE ntoskrnl.exe!ZwAccessCheck + CF 805757A7 35 Bytes [75, D4, 8D, 45, 80, 50, FF, ...]
PAGE ntoskrnl.exe!ZwAccessCheck + F3 805757CB 36 Bytes [0C, 53, FF, 75, E0, E8, 65, ...]
PAGE ntoskrnl.exe!ZwAccessCheck + 118 805757F0 27 Bytes [8D, 4D, AC, 51, 50, E8, 51, ...]
PAGE ...
PAGE ntoskrnl.exe!SePrivilegeObjectAuditAlarm + 1A 805760E0 5 Bytes [FF, 70, 08, FF, 30] {PUSH DWORD [EAX+0x8]; PUSH DWORD [EAX]}
PAGE ntoskrnl.exe!SePrivilegeObjectAuditAlarm + 20 805760E6 6 Bytes [75, 08, 68, 10, DF, 56]
PAGE ntoskrnl.exe!SePrivilegeObjectAuditAlarm + 27 805760ED 2 Bytes CALL 80576180 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!SePrivilegeObjectAuditAlarm + 2C 805760F2 14 Bytes [5D, C2, 18, 00, 90, 90, 90, ...] {POP EBP; RET 0x18; NOP ; NOP ; NOP ; NOP ; NOP ; MOV EDI, EDI; PUSH EBP; MOV EBP, ESP}
PAGE ntoskrnl.exe!SeAppendPrivileges + 6 80576101 16 Bytes [51, 8B, 45, 08, 53, 8B, 58, ...] {PUSH ECX; MOV EAX, [EBP+0x8]; PUSH EBX; MOV EBX, [EAX+0x30]; MOV EDX, [EBX]; MOV ECX, [EDX]; PUSH ESI; MOV ESI, [EBP+0xc]}
PAGE ntoskrnl.exe!SeAppendPrivileges + 17 80576112 22 Bytes [06, 57, 8D, 3C, 01, 83, FF, ...]
PAGE ntoskrnl.exe!SeAppendPrivileges + 2E 80576129 171 Bytes [33, C0, 5F, 5E, 5B, C9, C2, ...]
PAGE ntoskrnl.exe!SeAppendPrivileges + DA 805761D5 65 Bytes [64, A1, 24, 01, 00, 00, 8B, ...]
PAGE ntoskrnl.exe!IoCreateFileSpecifyDeviceObjectHint + 2 80576217 37 Bytes [55, 8B, EC, 83, 7D, 40, 00, ...]
PAGE ntoskrnl.exe!IoCreateFileSpecifyDeviceObjectHint + 28 8057623D 92 Bytes [38, FF, 75, 34, FF, 75, 30, ...]
PAGE ntoskrnl.exe!IoCreateFileSpecifyDeviceObjectHint + 86 8057629B 10 Bytes [8F, 8B, FF, FF, C7, 43, 70, ...]
PAGE ntoskrnl.exe!IoCreateFileSpecifyDeviceObjectHint + 91 805762A6 1 Byte [E9]
PAGE ntoskrnl.exe!IoCreateFileSpecifyDeviceObjectHint + 91 805762A6 9 Bytes JMP 8056EE2E \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ...
PAGE ntoskrnl.exe!SeValidSecurityDescriptor + 1B 80576357 217 Bytes [0B, 4B, 03, 00, F6, 46, 03, ...]
PAGE ntoskrnl.exe!SeValidSecurityDescriptor + F5 80576431 44 Bytes [CF, 2B, C8, 83, F9, 08, 0F, ...]
PAGE ntoskrnl.exe!SeValidSecurityDescriptor + 122 8057645E 5 Bytes [0F, 85, D1, 49, 03]
PAGE ntoskrnl.exe!SeValidSecurityDescriptor + 128 80576464 8 Bytes [B0, 01, 5E, 5F, 5D, C2, 08, ...] {MOV AL, 0x1; POP ESI; POP EDI; POP EBP; RET 0x8}
PAGE ntoskrnl.exe!SeValidSecurityDescriptor + 132 8057646E 9 Bytes [90, 90, 90, 6A, 68, 68, 20, ...]
PAGE ntoskrnl.exe!NtReadFile + 7 80576478 84 Bytes CALL 804E244B \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!NtReadFile + 5C 805764CD 9 Bytes [0F, 84, 27, AB, 01, 00, 89, ...] {JZ 0x1ab2d; MOV [EBP-0x4], ESI}
PAGE ntoskrnl.exe!NtReadFile + 66 805764D7 27 Bytes [7D, 18, A1, D4, FB, 55, 80, ...]
PAGE ntoskrnl.exe!NtReadFile + 82 805764F3 110 Bytes [75, 20, FF, 75, 1C, E8, B5, ...]
PAGE ntoskrnl.exe!NtReadFile + F1 80576562 4 Bytes [85, B1, 45, 03]
PAGE ...
? sppj.sys The system cannot find the file specified. !
.rsrc C:\WINDOWS\system32\drivers\ftdisk.sys entry point in ".rsrc" section [0xF7B7F314]
.text USBPORT.SYS!DllUnload F79838AC 5 Bytes JMP 827CE1D8
.text acrfkmqt.SYS F78CC384 1 Byte [20]
.text acrfkmqt.SYS F78CC384 37 Bytes [20, 00, 00, 68, 00, 00, 00, ...]
.text acrfkmqt.SYS F78CC3AA 24 Bytes [00, 00, 20, 00, 00, E0, 00, ...]
.text acrfkmqt.SYS F78CC3C4 3 Bytes [00, 00, 00]
.text acrfkmqt.SYS F78CC3C9 1 Byte [00]
.text ...
init C:\WINDOWS\System32\Drivers\sunkfilt.sys entry point in "init" section [0xF7FF2300]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\svchost.exe[596] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 008D000A
.text C:\WINDOWS\system32\svchost.exe[596] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 008E000A
.text C:\WINDOWS\system32\svchost.exe[596] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 008C000C
.text C:\WINDOWS\system32\svchost.exe[596] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 0125000A
.text C:\WINDOWS\Explorer.EXE[996] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B6000A
.text C:\WINDOWS\Explorer.EXE[996] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00B7000A
.text C:\WINDOWS\Explorer.EXE[996] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B5000C

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 82A121F8
Device \FileSystem\Fastfat \FatCdrom 827071F8
Device \Driver\sptd \Device\570249160 sppj.sys
Device \Driver\usbohci \Device\USBPDO-0 827CD1F8
Device \Driver\usbohci \Device\USBPDO-1 827CD1F8
Device \Driver\usbehci \Device\USBPDO-2 827CF1F8
Device \Driver\PCI_PNP4160 \Device\00000049 sppj.sys
Device \Driver\PCI_PNP4160 \Device\00000049 sppj.sys
Device \Driver\USBSTOR \Device\00000070 827011F8
Device ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Driver\Ftdisk \Device\HarddiskVolume1 82A141F8
Device \Driver\USBSTOR \Device\00000071 827011F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 82A141F8
Device \Driver\Cdrom \Device\CdRom0 827AB1F8
Device \Driver\USBSTOR \Device\00000072 827011F8
Device \Driver\Ftdisk \Device\HarddiskVolume3 82A141F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 [F7B54B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 [F7B54B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [F7B54B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f [F7B54B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\Cdrom \Device\CdRom1 827AB1F8
Device \Driver\USBSTOR \Device\00000073 827011F8
Device \Driver\Cdrom \Device\CdRom2 827AB1F8
Device \Driver\USBSTOR \Device\00000074 827011F8
Device \Driver\Cdrom \Device\CdRom3 827AB1F8
Device \Driver\USBSTOR \Device\00000075 827011F8
Device \Driver\USBSTOR \Device\0000006c 827011F8
Device \Driver\usbohci \Device\USBFDO-0 827CD1F8
Device \Driver\USBSTOR \Device\0000006d 827011F8
Device \Driver\usbohci \Device\USBFDO-1 827CD1F8
Device \Driver\USBSTOR \Device\0000006e 827011F8
Device \Driver\usbehci \Device\USBFDO-2 827CF1F8
Device \Driver\Ftdisk \Device\FtControl 82A141F8
Device \Driver\acrfkmqt \Device\Scsi\acrfkmqt1 827991F8
Device \Driver\acrfkmqt \Device\Scsi\acrfkmqt1Port2Path0Target0Lun0 827991F8
Device \FileSystem\Fastfat \Fat 827071F8
Device \FileSystem\Cdfs \Cdfs 823811F8
Device \FileSystem\Cdfs \Cdfs F758CBCE
Device -> \Driver\atapi \Device\Harddisk0\DR0 82886D01

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xB5 0x36 0x68 0xC6 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x08 0xC3 0x06 0xAC ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x46 0xF6 0x99 0x37 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xB5 0x36 0x68 0xC6 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x08 0xC3 0x06 0xAC ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x52 0x1B 0xB5 0x62 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xB5 0x36 0x68 0xC6 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x08 0xC3 0x06 0xAC ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x46 0xF6 0x99 0x37 ...

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\drivers\ftdisk.sys suspicious modification
File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----
Doug_Tilley
Active Member
 
Posts: 12
Joined: May 30th, 2010, 4:16 pm

Re: Google redirects, Firefox Crashing, Google Chrome issues

Unread postby Cypher » June 5th, 2010, 3:16 pm

Hi Doug.
Well done thats what i needed to see.

Your computer is infected with a ROOTKIT. In particular, the TDL3/TDSS rootkit, also known as Win32/Alureon. A rootkit is a set of software tools intended for concealing running processes, files or system data from the operating system.

Due to its rootkit functionality, it's impossible to tell what may have been done when the system was compromised.

Therefore once you're PC is clean it may be prudent to:

  1. Call all your banks, financial institutions, credit card companies and inform them that you may be a victim of identity theft and put a watch on your accounts.
  2. Change all your passwords (ISP login password, your email address(es) passwords, financial accounts, PayPal, eBay, Amazon, online groups and forums and any other online activities you carry out which require a username and password)

What are rootkits from Wikipedia

How do I respond to a possible identity theft and how do I prevent it

This can prove difficult to remove so we will try the easiest way first.
Let me know if you're searches are still being redirected after this fix.



TDSSKiller
  • Please Download TDSSKiller.zip and save it on your desktop.
  • Extract (unzip) its contents to your Desktop.
  • Double-click the TDSSKiller Folder on your desktop.
  • Right-click on tdsskiller.exe and click Copy then Paste it directly on to your Desktop.
  • Important!: only run this fix once.
  • Highlight and copy the text in the codebox below, Do not include the word Code:
    Code: Select all
    "%userprofile%\desktop\tdsskiller.exe" -l "%userprofile%\desktop\tdsskiller.txt"
  • Click Start, click Run... and paste the text above into the Open: line and click OK.
  • Wait for the scan and disinfection process to be over.
  • A log file should be created on your desktop called tdskiller.txt, Please post the contents of that log in your next reply.


Next.

Disable AVG9

  • Open AVG User Interface.
  • Double-click on the Resident Shield.
  • Un-tick the option Resident Shield active.
  • Save the changes.
  • Note: Don't forget to re-enable it after the fix.


Next.


Back Up registry with ERUNT

  • Please use the following link and download ERUNT to your desktop. HERE
  • Click on the erunt-setup.exe
  • Follow the prompts to install ERUNT
  • Choose language
  • A set up window will pop up. It will ask: Create ERUNT entry in to the Start up folder, answer NO

    Image
  • Backup your registry to the default location

Note: To restore your registry (if needed), go to the folder and start ERDNT.exe


Next

Download and Run ComboFix

  • Please download ComboFix from one of the following links.

    Link 1.

    Link 2.

    **IMPORTANT !!! Save ComboFix.exe to your Desktop**
  • Please disable any Antivirus or Firewall you have active, as shown in this topic. Please close all open application windows.
  • Double click on ComboFix.exe & follow the prompts
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console
Image
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Image

  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply
A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper




Logs/Information to Post in your Next Reply

  • TDSSKiller log.
  • ComboFix.txt log.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Google redirects, Firefox Crashing, Google Chrome issues

Unread postby Doug_Tilley » June 5th, 2010, 8:04 pm

Currently, i'm now able to open Google Chrome, and I haven't yet run into any random ad popups in Firefox since these changes were made.

15:28:54:750 4432 TDSS rootkit removing tool 2.3.2.0 May 31 2010 10:39:48
15:28:54:750 4432 ================================================================================
15:28:54:750 4432 SystemInfo:

15:28:54:750 4432 OS Version: 5.1.2600 ServicePack: 3.0
15:28:54:750 4432 Product type: Workstation
15:28:54:750 4432 ComputerName: YOUR-AT5QGAAC3Z
15:28:54:750 4432 UserName: Owner
15:28:54:750 4432 Windows directory: C:\WINDOWS
15:28:54:750 4432 Processor architecture: Intel x86
15:28:54:750 4432 Number of processors: 1
15:28:54:750 4432 Page size: 0x1000
15:28:54:750 4432 Boot type: Normal boot
15:28:54:750 4432 ================================================================================
15:28:57:234 4432 Initialize success
15:28:57:234 4432
15:28:57:234 4432 Scanning Services ...
15:28:58:078 4432 Raw services enum returned 381 services
15:28:58:078 4432
15:28:58:078 4432 Scanning Drivers ...
15:29:02:390 4432 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys
15:29:03:718 4432 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:29:03:921 4432 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
15:29:04:750 4432 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
15:29:04:937 4432 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
15:29:05:656 4432 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys
15:29:06:500 4432 ALCXSENS (fbbcb95f677cbaa924140b6ea2d9a97b) C:\WINDOWS\system32\drivers\ALCXSENS.SYS
15:29:07:750 4432 ALCXWDM (8d6c30e515717248e0e52b85fd7ac466) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
15:29:08:312 4432 AmdK7 (8fce268cdbdd83b23419d1f35f42c7b1) C:\WINDOWS\system32\DRIVERS\amdk7.sys
15:29:08:750 4432 AnyDVD (2dc0453092230c19a913702360ba717f) C:\WINDOWS\system32\Drivers\AnyDVD.sys
15:29:09:453 4432 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
15:29:11:328 4432 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:29:12:156 4432 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
15:29:13:093 4432 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:29:14:312 4432 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
15:29:15:015 4432 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys
15:29:15:968 4432 AvgLdx86 (9c0a7e6d3cb9a8a7ad4e4575d9a42e94) C:\WINDOWS\system32\Drivers\avgldx86.sys
15:29:16:359 4432 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\WINDOWS\system32\Drivers\avgmfx86.sys
15:29:16:468 4432 AvgTdiX (6e11bbc8dc5af836adc9c5f682fa3186) C:\WINDOWS\system32\Drivers\avgtdix.sys
15:29:16:656 4432 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
15:29:16:859 4432 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
15:29:17:703 4432 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
15:29:18:375 4432 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
15:29:18:718 4432 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
15:29:18:828 4432 cdrbsdrv (351735695e9ead93de6af85d8beb1ca8) C:\WINDOWS\system32\drivers\cdrbsdrv.sys
15:29:19:609 4432 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:29:21:453 4432 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
15:29:21:562 4432 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
15:29:22:312 4432 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
15:29:22:953 4432 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
15:29:23:593 4432 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
15:29:24:609 4432 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
15:29:24:921 4432 ElbyCDIO (aaa8999a169e39fb8b48ae49cd6ac30a) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
15:29:25:671 4432 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
15:29:25:687 4432 fasttx2k (1e580770bdece924494b368ac980749e) C:\WINDOWS\system32\DRIVERS\fasttx2k.sys
15:29:25:765 4432 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
15:29:26:500 4432 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
15:29:27:218 4432 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
15:29:27:859 4432 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
15:29:28:015 4432 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:29:28:625 4432 Ftdisk (e6bde2f6209a61e326484f1f75f1d8e9) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:29:28:640 4432 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ftdisk.sys. Real md5: e6bde2f6209a61e326484f1f75f1d8e9, Fake md5: 6ac26732762483366c3969c9e4d2259d
15:29:28:640 4432 File "C:\WINDOWS\system32\DRIVERS\ftdisk.sys" infected by TDSS rootkit ... 15:29:45:140 4432 Backup copy found, using it..
15:29:45:718 4432 will be cured on next reboot
15:29:46:484 4432 GEARAspiWDM (4ac51459805264affd5f6fdfb9d9235f) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
15:29:47:953 4432 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:29:48:703 4432 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
15:29:48:859 4432 HPZid412 (287a63bd8509bd78e7978823b38afa81) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
15:29:49:468 4432 HPZipr12 (0b4fda2657c3e0315eaa57f9c6d4fd1f) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
15:29:50:765 4432 HPZius12 (29559db25258b60510a60c4e470fce32) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
15:29:52:531 4432 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
15:29:53:046 4432 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
15:29:53:796 4432 ialm (537efe2f9adcd01073f59e9d3d24164e) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
15:29:54:890 4432 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
15:29:56:031 4432 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\System32\DRIVERS\intelide.sys
15:29:56:656 4432 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
15:29:57:890 4432 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:29:59:078 4432 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:30:00:125 4432 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:30:01:171 4432 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:30:02:281 4432 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
15:30:03:125 4432 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:30:03:687 4432 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:30:04:343 4432 klmd23 (67e1faa88fb397b3d56909d7e04f4dd3) C:\WINDOWS\system32\drivers\klmd.sys
15:30:04:406 4432 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
15:30:04:484 4432 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
15:30:04:828 4432 ltmodem5 (829ef680a308c12e2a80e5e0da0d958d) C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys
15:30:06:015 4432 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
15:30:06:812 4432 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
15:30:07:750 4432 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:30:08:640 4432 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
15:30:09:171 4432 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
15:30:09:921 4432 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:30:10:171 4432 MRxSmb (421f7b922cec5a5f340e7574a98f7b7c) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:30:10:281 4432 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys
15:30:10:484 4432 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
15:30:10:515 4432 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:30:10:734 4432 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:30:11:312 4432 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
15:30:11:562 4432 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:30:12:296 4432 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
15:30:13:156 4432 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
15:30:13:390 4432 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
15:30:14:109 4432 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
15:30:14:296 4432 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
15:30:14:468 4432 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:30:15:250 4432 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:30:15:609 4432 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:30:16:515 4432 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
15:30:17:562 4432 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
15:30:17:750 4432 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
15:30:18:468 4432 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
15:30:19:171 4432 NPF (b9730495e0cf674680121e34bd95a73b) C:\WINDOWS\system32\drivers\NPF.sys
15:30:20:015 4432 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
15:30:20:531 4432 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
15:30:21:015 4432 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
15:30:22:140 4432 nv (694de491fbf0573625ffe6a8a474b7b5) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
15:30:23:046 4432 NVENET (2afa043b0243137d0edc8cfb8305551b) C:\WINDOWS\system32\DRIVERS\NVENET.sys
15:30:23:734 4432 nv_agp (01621905ae34bc24aaa2fddb93977299) C:\WINDOWS\system32\DRIVERS\nv_agp.sys
15:30:23:828 4432 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:30:24:640 4432 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:30:25:125 4432 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
15:30:25:359 4432 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
15:30:25:671 4432 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
15:30:25:765 4432 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
15:30:25:890 4432 pavboot (3adb8bd6154a3ef87496e8fce9c22493) C:\WINDOWS\system32\drivers\pavboot.sys
15:30:26:000 4432 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
15:30:26:125 4432 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
15:30:26:218 4432 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
15:30:27:015 4432 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
15:30:28:343 4432 pfc (957b82ec80ad7ead64e5e47df6b0dc40) C:\WINDOWS\system32\drivers\pfc.sys
15:30:29:203 4432 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:30:29:468 4432 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
15:30:29:812 4432 Ps2 (bffdb363485501a38f0bca83aec810db) C:\WINDOWS\system32\DRIVERS\PS2.sys
15:30:30:562 4432 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
15:30:31:468 4432 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:30:32:000 4432 PxHelp20 (03e0fe281823ba64b3782f5b38950e73) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
15:30:32:203 4432 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:30:32:968 4432 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:30:34:000 4432 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:30:34:343 4432 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
15:30:34:625 4432 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:30:34:750 4432 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:30:35:468 4432 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
15:30:36:406 4432 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
15:30:36:687 4432 rtl8139 (2ef9c0dc26b30b2318b1fc3faa1f0ae7) C:\WINDOWS\system32\DRIVERS\R8139n51.SYS
15:30:37:203 4432 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
15:30:38:218 4432 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
15:30:39:078 4432 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:30:39:734 4432 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
15:30:40:812 4432 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
15:30:41:375 4432 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
15:30:42:187 4432 SIS163u (d937333f5a42ed8fc550a70ad06642e3) C:\WINDOWS\system32\DRIVERS\sis163u.sys
15:30:43:046 4432 SiS315 (7a363269d1b57526410fa23fc92cdfa1) C:\WINDOWS\system32\DRIVERS\sisgrp.sys
15:30:43:671 4432 SISAGP (61ca562def09a782d26b3e7edec5369a) C:\WINDOWS\system32\DRIVERS\SISAGPX.sys
15:30:43:734 4432 SiSkp (7ef8e5c266133638e7e06be03fcbeff3) C:\WINDOWS\system32\DRIVERS\srvkp.sys
15:30:44:437 4432 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
15:30:45:437 4432 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
15:30:47:140 4432 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
15:30:47:453 4432 sptd (71e276f6d189413266ea22171806597b) C:\WINDOWS\system32\Drivers\sptd.sys
15:30:47:453 4432 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 71e276f6d189413266ea22171806597b
15:30:47:484 4432 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
15:30:47:765 4432 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
15:30:47:875 4432 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
15:30:49:000 4432 SunkFilt (f658d6420b14bedb49c19e39e7d03594) C:\WINDOWS\System32\Drivers\sunkfilt.sys
15:30:49:765 4432 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
15:30:49:984 4432 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
15:30:50:218 4432 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
15:30:50:328 4432 taphss (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\WINDOWS\system32\DRIVERS\taphss.sys
15:30:51:250 4432 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:30:52:156 4432 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
15:30:52:468 4432 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
15:30:53:156 4432 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
15:30:53:906 4432 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
15:30:54:031 4432 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
15:30:54:328 4432 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
15:30:55:250 4432 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:30:55:921 4432 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:30:56:765 4432 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
15:30:57:953 4432 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
15:30:58:390 4432 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
15:30:58:781 4432 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:30:59:875 4432 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
15:31:00:734 4432 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
15:31:01:437 4432 viaagp1 (4b039bbd037b01f5db5a144c837f283a) C:\WINDOWS\system32\DRIVERS\viaagp1.sys
15:31:01:500 4432 viagfx (29d6a65fdc694cb1ef2cc6bbe5f79b3b) C:\WINDOWS\system32\DRIVERS\vtmini.sys
15:31:02:406 4432 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\System32\DRIVERS\viaide.sys
15:31:03:359 4432 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
15:31:03:921 4432 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:31:05:140 4432 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
15:31:05:375 4432 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
15:31:05:656 4432 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
15:31:06:625 4432 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
15:31:07:515 4432 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
15:31:07:703 4432 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
15:31:07:984 4432 {6080A529-897E-4629-A488-ABA0C29B635E} (e6c22d34baef5196e1b23a4492c275b7) C:\WINDOWS\system32\drivers\ialmsbw.sys
15:31:08:812 4432 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (6e53bd96b0ebad721cdd6320dbfc3f5f) C:\WINDOWS\system32\drivers\ialmkchw.sys
15:31:09:031 4432 Reboot required for cure complete..
15:31:09:703 4432 Cure on reboot scheduled successfully
15:31:09:703 4432
15:31:09:703 4432 Completed
15:31:09:703 4432
15:31:09:703 4432 Results:
15:31:09:703 4432 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
15:31:09:703 4432 File objects infected / cured / cured on reboot: 1 / 0 / 1
15:31:09:703 4432
15:31:09:703 4432 KLMD(ARK) unloaded successfully

ComboFix 10-06-03.01 - Owner 06/05/2010 16:21:23.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.703.312 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users.\documents\settings
c:\documents and settings\All Users.\documents\settings\cbss.dll~
c:\documents and settings\All Users\Documents\Settings\cbss.dll~
c:\documents and settings\Owner\Application Data\inst.exe
c:\documents and settings\Owner\Local Settings\Application Data\Windows Server
c:\documents and settings\Owner\Local Settings\Application Data\Windows Server\flags.ini
c:\documents and settings\Owner\Local Settings\Application Data\Windows Server\uses32.dat
C:\feed.txt
c:\windows\system32\1904516236.dat
c:\windows\system32\drivers\npf.sys
c:\windows\system32\hlp.dat
c:\windows\system32\muzapp.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
D:\Autorun.inf

Infected copy of c:\windows\system32\ws2_32.dll was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\ws2_32.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2010-05-05 to 2010-06-05 )))))))))))))))))))))))))))))))
.

2010-06-05 19:46 . 2010-06-05 19:46 -------- d-----w- C:\_OTM
2010-06-05 19:43 . 2010-06-05 19:43 -------- d-----w- c:\program files\ERUNT
2010-06-04 16:36 . 2010-06-04 16:37 -------- d-----w- C:\rsit
2010-05-30 22:01 . 2010-05-30 22:01 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2010-05-30 22:01 . 2010-05-30 22:01 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-05-30 22:01 . 2010-05-30 22:01 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-05-28 18:02 . 2010-05-28 18:01 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-05-28 16:57 . 2009-06-30 13:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-05-28 16:56 . 2010-05-28 16:56 -------- d-----w- c:\program files\Panda Security
2010-05-28 16:26 . 2010-06-04 16:36 -------- d-----w- c:\program files\Trend Micro
2010-05-23 19:36 . 2010-05-23 19:37 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Songbird2
2010-05-23 19:36 . 2010-05-23 19:36 -------- d-----w- c:\documents and settings\Owner\Application Data\Songbird2
2010-05-23 19:29 . 2010-06-05 16:14 -------- d-----w- c:\program files\Songbird
2010-05-18 20:22 . 2010-05-18 20:22 -------- d-----w- c:\documents and settings\Owner\Application Data\Freeze Tag
2010-05-17 04:20 . 2010-05-17 04:20 -------- d-----w- c:\documents and settings\All Users\Application Data\MumboJumbo
2010-05-16 23:06 . 2010-05-16 23:06 -------- d-----w- c:\documents and settings\Owner\Application Data\Namco
2010-05-16 23:04 . 2010-05-20 03:32 -------- d-----w- c:\program files\Journalist Journey The Eye of Odin
2010-05-15 17:22 . 2010-05-15 17:24 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-05-13 17:48 . 2010-05-13 17:48 -------- d-----w- c:\documents and settings\Owner\Application Data\VendelGAMES
2010-05-12 18:52 . 2010-05-12 18:52 -------- d-----w- c:\documents and settings\Owner\Application Data\HorizonWimba
2010-05-11 19:15 . 2010-05-11 20:10 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\vrgchobrk
2010-05-10 23:11 . 2010-05-10 23:11 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2010-05-10 23:11 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-10 23:11 . 2010-05-10 23:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-05-10 23:11 . 2010-05-10 23:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-10 23:11 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-10 21:04 . 2010-05-10 22:57 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\cmtkrdabc
2010-05-07 18:42 . 2010-05-07 18:42 -------- d-----w- c:\documents and settings\Owner\Application Data\Lazy Turtle Games

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-05 20:08 . 2008-04-10 21:19 0 --sh--w- c:\windows\S62356CEC.tmp
2010-06-05 19:35 . 2005-07-22 02:04 125056 ----a-w- c:\windows\system32\drivers\ftdisk.sys
2010-06-05 15:43 . 2008-06-20 23:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-06-04 03:13 . 2005-07-22 20:59 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2010-06-02 16:37 . 2009-05-23 03:03 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-02 16:37 . 2009-05-23 03:03 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-06-02 02:34 . 2009-06-30 17:30 -------- d-----w- c:\documents and settings\All Users\Application Data\acccore
2010-06-01 23:28 . 2005-07-28 04:06 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-06-01 23:28 . 2005-07-28 04:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-06-01 23:26 . 2004-01-21 01:53 -------- d-----w- c:\program files\Java
2010-06-01 23:15 . 2005-07-28 04:05 -------- d-----w- c:\program files\Lavasoft
2010-06-01 23:15 . 2008-04-12 05:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-06-01 15:48 . 2005-09-30 04:41 -------- d-----w- c:\documents and settings\Owner\Application Data\Apple Computer
2010-06-01 01:54 . 2005-07-22 00:26 165824 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-31 22:43 . 2009-02-08 21:07 -------- d-----w- c:\program files\Final Draft 7
2010-05-31 22:32 . 2005-07-27 08:57 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-05-31 22:31 . 2009-02-08 21:07 -------- d-----w- c:\program files\Final Draft Tagger
2010-05-16 23:05 . 2010-04-16 19:57 -------- d-----w- c:\documents and settings\Owner\Application Data\PlayFirst
2010-05-16 23:05 . 2009-07-06 19:01 -------- d-----w- c:\documents and settings\All Users\Application Data\PlayFirst
2010-05-16 05:29 . 2008-04-10 21:51 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-05-15 17:24 . 2006-05-24 01:57 -------- d-----w- c:\program files\iTunes
2010-05-15 17:22 . 2008-02-23 19:46 -------- d-----w- c:\program files\iPod
2010-05-15 17:22 . 2007-07-11 04:05 -------- d-----w- c:\program files\Common Files\Apple
2010-05-15 17:08 . 2005-11-04 06:52 -------- d-----w- c:\program files\QuickTime
2010-05-15 17:05 . 2006-10-03 01:42 -------- d-----w- c:\program files\Apple Software Update
2010-05-15 16:58 . 2008-04-12 07:38 -------- d-----w- c:\program files\Bonjour
2010-05-14 03:06 . 2005-08-25 00:18 -------- d-----w- c:\program files\Google
2010-05-11 19:28 . 2009-11-21 04:11 -------- d-----w- c:\program files\Season of Mystery - The Cherry Blossom Murders
2010-05-11 19:26 . 2009-07-08 00:48 -------- d-----w- c:\program files\Games
2010-05-10 16:45 . 2007-04-27 00:30 -------- d-----w- c:\documents and settings\Owner\Application Data\dvdcss
2010-05-10 01:01 . 2009-09-01 03:59 -------- d-----r- c:\program files\Skype
2010-05-06 00:24 . 2009-05-23 03:03 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-05-06 00:24 . 2009-05-23 03:03 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-05-06 00:22 . 2010-05-06 00:22 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-05-06 00:22 . 2008-05-28 21:38 -------- d-----w- c:\program files\AVG
2010-05-01 17:56 . 2010-05-01 17:56 -------- d-----w- c:\documents and settings\Administrator.YOUR-AT5QGAAC3Z\Application Data\Lavasoft
2010-05-01 17:54 . 2010-05-01 15:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Deadtime Stories
2010-04-21 14:50 . 2010-04-21 14:50 -------- d-----w- c:\documents and settings\Owner\Application Data\ERS G-Studio
2010-04-18 06:27 . 2008-08-05 12:50 116920 ---ha-w- c:\windows\system32\mlfcache.dat
2010-04-11 20:55 . 2010-04-11 19:36 -------- d-----w- c:\program files\BackStreet Browser 3.1
2010-04-11 03:09 . 2008-07-28 22:08 11114 ----a-w- c:\documents and settings\All Users\Application Data\MainApp.dll
2010-04-08 17:20 . 2010-04-08 17:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 17:20 . 2010-04-08 17:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-03-11 12:38 . 2005-07-22 01:32 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:38 . 2008-04-12 07:01 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:38 . 2005-07-22 02:03 17408 ------w- c:\windows\system32\corpol.dll
2006-07-06 22:20 . 2006-07-06 22:20 774144 ----a-w- c:\program files\RngInterstitial.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2007-01-23 18:07 . 2007-08-09 22:26 1847296 ----a-w- c:\program files\mozilla firefox\plugins\Seadragon.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2005-05-13 21:12 . 2005-05-13 21:12 217073 --sha-r- c:\windows\meta4.exe
2005-10-24 15:13 . 2005-10-24 15:13 66560 --sha-r- c:\windows\MOTA113.exe
2005-10-14 01:27 . 2005-10-14 01:27 422400 --sha-r- c:\windows\x2.64.exe
2005-08-01 23:09 . 2005-08-01 20:09 0 --sha-w- c:\windows\SMINST\HPCD.sys
2006-05-03 09:06 . 2009-09-15 17:52 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47 . 2009-09-15 17:52 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 12:30 . 2009-09-15 17:52 216064 --sh--r- c:\windows\system32\nbDX.dll
.

------- Sigcheck -------

[7] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 . 48FDBBE0E55B15E1886FCF5D8563B19F . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[-] 2007-03-08 . 7AA4F6C00405DFC4B70ED4214E7D687B . 578048 . . [5.1.2600.3099] . . c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2007-03-08 . B409909F6E2E8A7067076ED748ABF1E7 . 577536 . . [5.1.2600.3099] . . c:\windows\$NtServicePackUninstall$\user32.dll
[-] 2005-03-02 . 74202EB1BD67E8BE9509E38C8D2234B0 . 561152 . . [5.1.2600.1634] . . c:\windows\SoftwareDistribution\Download\58bffe479c581eda56fcf7412cce5cc0\sp1qfe\user32.dll
[-] 2005-03-02 . 1800F293BCCC8EDE8A70E12B88D80036 . 577024 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2005-03-02 . DE2DB164BBB35DB061AF0997E4499054 . 577024 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB925902$\user32.dll
[7] 2004-08-04 . C72661F8552ACE7C5C85E16A3CF505C4 . 577024 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WeatherEye"="c:\documents and settings\Owner\Local Settings\Application Data\TheWeatherNetwork\WeatherEye\WeatherEye.exe" [2009-10-27 718232]
"Google Update"="c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-03-18 136176]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-05-18 2397424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LTMSG"="LTMSG.exe 7" [X]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-08 52736]
"HPHUPD05"="c:\program files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-08-21 49152]
"HPHmon05"="c:\windows\System32\hphmon05.exe" [2003-08-21 483328]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-12 61440]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2003-11-04 221184]
"PS2"="c:\windows\system32\ps2.exe" [2002-10-16 81920]
"Sunkist2k"="c:\program files\Multimedia Card Reader\shwicon2k.exe" [2003-10-29 135168]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-12-06 3022848]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-04-13 47392]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-16 149280]

c:\documents and settings\Administrator.YOUR-AT5QGAAC3Z\Start Menu\Programs\Startup\
AutoTBar.exe [2003-11-14 32768]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-05-06 00:24 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe"
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background
"RecordNow!"=
"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVD.exe"
"BackupNotify"=c:\program files\HP\Digital Imaging\bin\backupnotify.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"NvCplDaemon"=RUNDLL32.EXE c:\windows\System32\NvCpl.dll,NvStartup
"NvMediaCenter"=RUNDLL32.EXE c:\windows\System32\NvMcTray.dll,NvTaskbarInit
"nwiz"=nwiz.exe /installquiet /keeploaded /nodetect
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" /r
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"AlcxMonitor"=ALCXMNTR.EXE
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [5/28/2010 12:57 PM 28552]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [4/12/2008 3:47 AM 717296]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/22/2009 11:03 PM 216200]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/22/2009 11:03 PM 242896]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [5/5/2010 8:23 PM 308064]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [6/30/2009 1:30 PM 24652]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/18/2010 4:40 PM 135664]
S3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;c:\windows\system32\drivers\sis163u.sys [9/5/2006 3:16 AM 217600]
.
Contents of the 'Scheduled Tasks' folder

2010-06-05 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-06-04 11:51]

2010-06-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cac6348b368ccc.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-18 20:40]

2010-06-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3659986384-410713596-3707131593-1003Core.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-28 00:46]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\pv9vfib1.default\
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/sli ... 706&query=
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\pv9vfib1.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\pv9vfib1.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp07061050.dll
FF - plugin: c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npJoostPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nppsynth.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npracplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Picasa2\npPicasa2.dll
FF - plugin: c:\program files\Picasa2\npPicasa3.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, falsec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-klmdb.sys



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-05 16:36
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys span.sys >>UNKNOWN [0x829C7938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7d3ef28
\Driver\ACPI -> ACPI.sys @ 0xf7b99cb8
\Driver\atapi -> atapi.sys @ 0xf7b54b40
IoDeviceObjectType -> ParseProcedure -> ntoskrnl.exe @ 0x8056ea15
\Device\Harddisk0\DR0 -> ParseProcedure -> ntoskrnl.exe @ 0x8056ea15
NDIS: NVIDIA nForce MCP Networking Controller -> SendCompleteHandler -> NDIS.sys @ 0xf7a27bb0
PacketIndicateHandler -> NDIS.sys @ 0xf7a34a21
SendHandler -> NDIS.sys @ 0xf7a1287b
user & kernel MBR OK

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3659986384-410713596-3707131593-1003\Software\MainConcept (iuLab)*%*s* *M*P*E*G* *S*p*l*i*t*t*e*r*\DirectShow\MPEGSplitter]
"FastSeeking"=dword:00000000
"IndexModeOptions"=dword:00000000

[HKEY_LOCAL_MACHINE\software\Adobe\Premiere\7.0\DefaultPreset]
@DACL=(02 0000)
@="c:\\Program Files\\Adobe\\Premiere Pro\\Settings\\DV - NTSC\\Standard 48kHz.prpreset"

[HKEY_LOCAL_MACHINE\software\Adobe\Premiere\7.0\Help]
@DACL=(02 0000)
"AdobeMediaEncoder"="c:\\Program Files\\Adobe\\Premiere Pro\\Help\\1_0_0_0.html"
"Contents"="c:\\Program Files\\Adobe\\Premiere Pro\\Help\\1_0_0_0.html"
"ExportToDVD"="c:\\Program Files\\Adobe\\Premiere Pro\\Help\\1_13_2_0.html"
"HowToUse"="c:\\Program Files\\Adobe\\Premiere Pro\\Help\\0_0_0_0.html"
"Keyboard"="c:\\Program Files\\Adobe\\Premiere Pro\\Help\\1_4_15_0.html"
"Search"="c:\\Program Files\\Adobe\\Premiere Pro\\Help\\search.html"
"Support"="http://www.adobe.com/support/products/premiere.html"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(576)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(860)
c:\windows\system32\WININET.dll
c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.13.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\bgsvcgen.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\System32\nvsvc32.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\windows\LTMSG.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Java\jre6\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2010-06-05 16:52:55 - machine was rebooted
ComboFix-quarantined-files.txt 2010-06-05 20:52

Pre-Run: 32,879,980,544 bytes free
Post-Run: 32,725,520,384 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

- - End Of File - - 9D1D8087C796770A63666D7325760725
Doug_Tilley
Active Member
 
Posts: 12
Joined: May 30th, 2010, 4:16 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: pgmigg and 44 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware