1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

0x80072efe error with Microsoft Update

Discussion in 'Virus & Other Malware Removal' started by bingbong123, Feb 18, 2013.

Thread Status:
Not open for further replies.
  1. bingbong123

    bingbong123 Thread Starter

    Joined:
    Feb 18, 2013
    Messages:
    2
    I have been trying to update my parents' computer for quite a while, but this is the first weekend where I've actually spent significant time attempting to do so. I cannot get through to the Microsoft Update site to download any of the security updates, as evidenced by the fact that they are STILL RUNNING SERVICE PACK 2! It is a XP Home addition machine. Here is the techguy sysinfo:

    Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft Windows XP Home Edition, Service Pack 2, 32 bit
    Processor: Intel(R) Pentium(R) 4 CPU 1.80GHz, x86 Family 15 Model 2 Stepping 4
    Processor Count: 1
    RAM: 1022 Mb
    Graphics Card: NVIDIA GeForce4 MX 420, 64 Mb
    Hard Drives: C: Total - 38138 MB, Free - 22048 MB;
    Motherboard: Intel Corporation, D845EPT2
    Antivirus: Norton AntiVirus, Updated: No, On-Demand Scanner: Disabled

    I'm not sure why it says Norton AntiVirus, as the machine is running Avast and I could have sworn I disabled and uninstalled Norton.

    Anyway, I have been exploring the different reasons for a 0x80072efe error. I checked the system date and time. Those are fine. I went to Windows Firewall. Didn't help. I disabled the anti-virus software. Didn't help (though, as I mentioned above, if Norton is running somewhere, maybe that has something to do with it). I disabled Automatic Updates and tried to go to download.microsoft. That was a waste of time. I even found ComboFix recommended in another thread and downloaded that. It made my screen go blank, which required a reboot. That really leaves me thinking it's the one thing I didn't want it to be - malware/virus. Unfortunately, my flight home is in about 6 hours, so it doesn't leave me a lot of time to work, so I'm hoping for your help. Here are the log files:

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 11:43:13 PM, on 2/17/2013
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\BCMSMMSG.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    C:\Program Files\Alwil Software\Avast5\avastUI.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Documents and Settings\Zohreh Majd\My Documents\Downloads\HijackThis.exe

    O2 - BHO: (no name) - AutorunsDisabled - (no file)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    O4 - HKLM\..\Run: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
    O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - AutorunsDisabled - (no file)
    O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
    O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1361160849828
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
    O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/ZOHREH~1/LOCALS~1/Temp/msohtml1/01/clip_image001.jpg

    --
    End of file - 5377 bytes


    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 6.0.2900.2180
    Run by Zohreh Majd at 23:44:07 on 2013-02-17
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1023.267 [GMT -5:00]
    .
    AV: Norton AntiVirus *Disabled/Outdated* {E10A9785-9598-4754-B552-92431C1C35F8}
    AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    FW: Norton AntiVirus *Enabled*
    .
    ============== Running Processes ================
    .
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\BCMSMMSG.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    C:\Program Files\Alwil Software\Avast5\avastUI.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Documents and Settings\Zohreh Majd\My Documents\Downloads\HijackThis.exe
    C:\WINDOWS\System32\wbem\wmiprvse.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\System32\svchost.exe -k NetworkService
    C:\WINDOWS\System32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\WINDOWS\System32\svchost.exe -k imgsvc
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    uSearch Bar = hxxp://www.google.com/ie
    mStart Page = hxxp://www.google.com
    uSearchAssistant = hxxp://www.google.com
    mSearchAssistant = hxxp://www.google.com
    BHO: AutorunsDisabled - <orphaned>
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
    EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>
    uRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NVMCTRAY.DLL,NvTaskbarInit
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [BCMSMMSG] BCMSMMSG.exe
    mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
    mRun: [UpdReg] c:\windows\Updreg.exe
    mRun: [nwiz] nwiz.exe /install
    mRun: [MMTray] c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
    mRun: [avast] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
    IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll
    IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    .
    INFO: HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1361137044921
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1361160849828
    TCP: NameServer = 192.168.1.1 71.252.0.12
    TCP: Interfaces\{BF8BE9F2-CE68-4877-ACC8-1A43B4D8FA52} : DHCPNameServer = 192.168.1.1 71.252.0.12
    Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
    Notify: WRNotifier - WRLogonNTF.dll
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\24.0.1312.57\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\zohreh majd\application data\mozilla\firefox\profiles\vqvwyyjt.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - plugin: c:\program files\google\update\1.3.21.135\npGoogleUpdate3.dll
    FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\NPAdbESD.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\NPZoneSB.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_6_602_168.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-7-28 721000]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2008-11-27 353688]
    R1 hugoio;hugoio;c:\program files\i-menu\hugoio.sys [2012-7-28 9760]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-11-27 21256]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-3-20 44808]
    S4 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2006-9-28 108648]
    S4 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2006-9-28 108648]
    S4 Symantec Core LC;Symantec Core LC;"c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe" --> c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [?]
    .
    =============== Created Last 30 ================
    .
    2013-02-16 15:49:26 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-02-16 15:49:26 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    .
    ==================== Find3M ====================
    .
    2008-11-08 15:04:51 11967 ----a-w- c:\program files\common files\udum.bin
    2008-11-08 15:02:00 10083 ----a-w- c:\program files\common files\ocekepumy.exe
    2008-11-08 15:01:59 16358 ----a-w- c:\program files\common files\jojyjyli.bat
    .
    ============= FINISH: 23:44:47.07 ===============


    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume1
    Install Date: 9/19/2005 8:22:54 AM
    System Uptime: 2/17/2013 4:34:57 PM (7 hours ago)
    .
    Motherboard: Intel Corporation | | D845EPT2
    Processor: Intel(R) Pentium(R) 4 CPU 1.80GHz | X1 | 1795/100mhz
    .
    ==== Disk Partitions =========================
    .
    A: is Removable
    C: is FIXED (NTFS) - 37 GiB total, 21.207 GiB free.
    D: is CDROM ()
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP2154: 2/2/2013 7:54:52 PM - System Checkpoint
    RP2155: 2/3/2013 9:29:38 PM - System Checkpoint
    RP2156: 2/5/2013 7:58:10 AM - System Checkpoint
    RP2157: 2/6/2013 8:46:43 AM - System Checkpoint
    RP2158: 2/7/2013 9:21:39 AM - System Checkpoint
    RP2159: 2/8/2013 1:48:10 PM - System Checkpoint
    RP2160: 2/9/2013 2:09:00 PM - System Checkpoint
    RP2161: 2/10/2013 3:50:13 PM - System Checkpoint
    RP2162: 2/11/2013 4:03:17 PM - System Checkpoint
    RP2163: 2/12/2013 4:57:29 PM - System Checkpoint
    RP2164: 2/13/2013 5:21:33 PM - System Checkpoint
    RP2165: 2/14/2013 5:50:51 PM - System Checkpoint
    RP2166: 2/15/2013 6:21:06 PM - System Checkpoint
    RP2167: 2/16/2013 6:26:14 PM - System Checkpoint
    RP2168: 2/17/2013 6:39:32 PM - System Checkpoint
    .
    ==== Installed Programs ======================
    .
    32 Bit HP CIO Components Installer
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 11 Plugin
    Adobe Reader 9.3
    AIO_Scan
    AppCore
    ArcSoft MediaImpression 2
    AusLogics Disk Defrag
    AV
    avast! Free Antivirus
    BCM V.92 56K Modem
    BufferChm
    C7200
    C7200_doccd
    c7200_Help
    ccCommon
    Copy
    CustomerResearchQFolder
    Dell ResourceCD
    Destination Component
    DeviceDiscovery
    DeviceManagementQFolder
    DocProc
    DocProcQFolder
    eSupportQFolder
    Fax
    Google Chrome
    Google Update Helper
    Hotfix for Windows XP (KB943232)
    HP Customer Participation Program 9.0
    HP Imaging Device Functions 9.0
    HP OCR Software 9.0
    HP Photosmart All-In-One Software 9.0
    HP Photosmart Essential 2.01
    HP Photosmart Essential2.01
    HP Smart Web Printing
    HP Solution Center 9.0
    HP Update
    HPProductAssistant
    HPSSupply
    i-Menu 2.2
    LiveUpdate Notice (Symantec Corporation)
    Malwarebytes' Anti-Malware
    MarketResearch
    Microsoft Office XP Small Business
    Microsoft Silverlight
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Mozilla Firefox 18.0.2 (x86 en-US)
    Mozilla Maintenance Service
    MUSICMATCH Jukebox
    Norton AntiVirus Parent MSI
    Norton AntiVirus SYMLT MSI
    Norton Confidential
    Norton Confidential MS redistributables
    Norton Personal Privacy
    Norton Protection Center
    NVIDIA Display Driver
    NVIDIA Windows 2000/XP Display Drivers
    PanoStandAlone
    PowerDVD
    PS_AIO_02_ProductContext
    PS_AIO_02_Software
    PS_AIO_02_Software_min
    PSSWCORE
    QuickTime
    Revo Uninstaller 1.93
    Scan
    Screen+ 1.0
    Security Update for Windows XP (KB890046)
    Security Update for Windows XP (KB893066)
    Security Update for Windows XP (KB893756)
    Security Update for Windows XP (KB896358)
    Security Update for Windows XP (KB896422)
    Security Update for Windows XP (KB896423)
    Security Update for Windows XP (KB896428)
    Security Update for Windows XP (KB899587)
    Security Update for Windows XP (KB899588)
    Security Update for Windows XP (KB899591)
    Security Update for Windows XP (KB901214)
    Skype 3.0
    Skype Plugin Manager
    SolutionCenter
    Sound Blaster Live! Value
    Spybot - Search & Destroy
    Status
    Symantec
    SymNet
    Toolbox
    TrayApp
    UnloadSupport
    Update for Windows XP (KB894391)
    Update for Windows XP (KB896727)
    Update for Windows XP (KB898461)
    VC 9.0 Runtime
    Verizon Online
    VideoToolkit01
    WebFldrs XP
    WebReg
    Windows Genuine Advantage v1.3.0254.0
    Windows Installer 3.1 (KB893803)
    Windows Media Format Runtime
    Windows XP Hotfix - KB873333
    Windows XP Hotfix - KB873339
    Windows XP Hotfix - KB885250
    Windows XP Hotfix - KB885835
    Windows XP Hotfix - KB885836
    Windows XP Hotfix - KB886185
    Windows XP Hotfix - KB887472
    Windows XP Hotfix - KB887742
    Windows XP Hotfix - KB888113
    Windows XP Hotfix - KB888302
    Windows XP Hotfix - KB890859
    Windows XP Hotfix - KB891781
    Windows XP Hotfix - KB893086
    Windows XP Service Pack 2
    ZoneAlarm Spy Blocker
    .
    ==== Event Viewer Messages From Past Week ========
    .
    2/12/2013 6:47:08 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.
    2/12/2013 6:46:38 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Beep
    .
    ==== End Of File ===========================


    GMER 2.1.18952 - http://www.gmer.net
    Rootkit scan 2013-02-18 09:40:10
    Windows 5.1.2600 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD400BB-75DEA0 rev.05.03E05 37.25GB
    Running: p9emx7ko.exe; Driver: C:\DOCUME~1\ZOHREH~1\LOCALS~1\Temp\axwcikog.sys


    ---- System - GMER 2.1 ----

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xF5973536]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xF5A1C7BA]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0xF5973F52]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xF59B3C31]
    SSDT 86D581E8 ZwConnectPort
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xF597ED7A]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xF597EDC6]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xF597EF48]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xF59B35E5]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xF597ECE8]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xF597EE0A]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xF597ED30]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0xF5974146]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xF597EF02]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0xF59748CA]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xF5973584]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xF59B42F7]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xF59B45AD]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xF5977F36]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xF59B4162]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xF59B3FCD]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xF5A1C89E]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xF59731EC]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xF59735D2]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xF59782A8]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xF5975292]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xF597EDA4]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xF597EDE8]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xF597EF6C]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xF59B3941]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xF597ED0E]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xF5977AAC]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xF597EE8C]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xF597ED58]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xF5977CDE]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xF597EF26]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xF5A1CA1E]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xF59B3E48]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xF597515E]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xF59B3C9A]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThread [0xF5974D08]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xF5A28338]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xF59B2C58]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xF5973620]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xF597366E]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0xF597474A]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xF5973276]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xF5973426]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xF59B43FE]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xF59733CC]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0xF5974A2C]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0xF5974B88]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xF5973496]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateProcess [0xF5974468]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0xF59745CA]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xF59736BC]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwWriteVirtualMemory [0xF5973F96]

    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xF5A34744]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

    ---- Kernel code sections - GMER 2.1 ----

    .text ntoskrnl.exe!_abnormal_termination + C8 804E2724 4 Bytes [E8, 81, D5, 86]
    .text ntoskrnl.exe!_abnormal_termination + F8 804E2754 4 Bytes CALL DA43BF45
    .text ntoskrnl.exe!_abnormal_termination + 1D1 804E282D 3 Bytes [31, 97, F5]
    .text ntoskrnl.exe!_abnormal_termination + 398 804E29F4 12 Bytes [20, 36, 97, F5, 6E, 36, 97, ...] {AND [ESI], DH; XCHG EDI, EAX; CMC ; OUTS DX, BYTE [ESI]; XCHG EDI, EAX; CMC ; DEC EDX; INC EDI; XCHG EDI, EAX; CMC }
    .text ntoskrnl.exe!_abnormal_termination + 440 804E2A9C 12 Bytes [2C, 4A, 97, F5, 88, 4B, 97, ...] {SUB AL, 0x4a; XCHG EDI, EAX; CMC ; MOV [EBX-0x69], CL; CMC ; XCHG ESI, EAX; XOR AL, 0x97; CMC }
    PAGE ntoskrnl.exe!ObInsertObject 805641A3 5 Bytes JMP F5A330FE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntoskrnl.exe!ZwReplyWaitReceivePortEx + 3CC 80569D33 4 Bytes CALL F5975943 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    PAGE ntoskrnl.exe!ZwCreateProcessEx 8058041A 7 Bytes JMP F5A34748 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntoskrnl.exe!ObMakeTemporaryObject 8059D924 5 Bytes JMP F5A3161C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    .text C:\WINDOWS\System32\DRIVERS\nv4_mini.sys section is writeable [0xF719E340, 0x121A5F, 0xF8000020]
    .text win32k.sys!EngFreeUserMem + 674 BF80BB11 5 Bytes JMP F59798C0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngFreeUserMem + E5B BF80C2F8 5 Bytes JMP F59797B0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngDeleteSurface + 45 BF810239 5 Bytes JMP F597976A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!BRUSHOBJ_pvAllocRbrush + 3228 BF81E155 5 Bytes JMP F59783FC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngMulDiv + 506D BF823F38 5 Bytes JMP F5978E1C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngPaint + 4EF BF82CB8B 5 Bytes JMP F5978538 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCreateBitmap + 6077 BF835D15 5 Bytes JMP F5979A2A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngUnmapFontFileFD + 37B3 BF83DAE6 5 Bytes JMP F5979C32 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngUnmapFontFileFD + ED04 BF849037 5 Bytes JMP F59797FA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngMultiByteToWideChar + 44AF BF851373 5 Bytes JMP F5979B90 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngUnicodeToMultiByteN + DB4 BF858BB3 5 Bytes JMP F59785A8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngUnicodeToMultiByteN + 2D97 BF85AB96 5 Bytes JMP F5979670 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngUnicodeToMultiByteN + 63E4 BF85E1E3 5 Bytes JMP F5978992 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngUnicodeToMultiByteN + 646F BF85E26E 5 Bytes JMP F5978C58 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngGetCurrentCodePage + 3637 BF879040 5 Bytes JMP F5978A52 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngGetCurrentCodePage + 415A BF879B63 5 Bytes JMP F5978C12 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngGetLastError + 1606 BF896DAD 5 Bytes JMP F5978EF6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngGradientFill + 1899 BF899503 5 Bytes JMP F59783E4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!XLATEOBJ_iXlate + 23AD BF89DBF1 5 Bytes JMP F5979972 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!FONTOBJ_pxoGetXform + 8D7E BF8B97A5 5 Bytes JMP F5978E04 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!FONTOBJ_pxoGetXform + D861 BF8BE288 5 Bytes JMP F5978EDE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngAlphaBlend + 4C65 BF8C3DC7 5 Bytes JMP F59786B8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!PATHOBJ_bCloseFigure + 15C6 BF8E92E9 5 Bytes JMP F5978790 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!PATHOBJ_bCloseFigure + 1846 BF8E9569 5 Bytes JMP F59788BC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!PATHOBJ_bCloseFigure + 445D BF8EC180 5 Bytes JMP F59782DE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!PATHOBJ_bCloseFigure + CE64 BF8F4B87 5 Bytes JMP F5978E34 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCreateClip + 1994 BF911BC0 5 Bytes JMP F59784D4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCreateClip + 2568 BF912794 5 Bytes JMP F5978664 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCreateClip + 4EC2 BF9150EE 5 Bytes JMP F5978D72 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngPlgBlt + 191E BF942A95 5 Bytes JMP F5979AE8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text C:\WINDOWS\System32\nv4_disp.dll section is writeable [0xBF9D3380, 0x25BA81, 0xF8000020]
    ? C:\DOCUME~1\ZOHREH~1\LOCALS~1\Temp\mbr.sys The filename, directory name, or volume label syntax is incorrect. !

    ---- User code sections - GMER 2.1 ----

    .text C:\WINDOWS\System32\svchost.exe[164] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
    .text C:\WINDOWS\System32\svchost.exe[164] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
    .text C:\WINDOWS\System32\svchost.exe[216] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
    .text C:\WINDOWS\System32\svchost.exe[216] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
    .text C:\WINDOWS\system32\wdfmgr.exe[356] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
    .text C:\WINDOWS\system32\wdfmgr.exe[356] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
    .text C:\WINDOWS\System32\smss.exe[484] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
    .text C:\WINDOWS\system32\MsPMSPSv.exe[516] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
    .text C:\WINDOWS\system32\MsPMSPSv.exe[516] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
    .text C:\WINDOWS\system32\csrss.exe[540] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
    .text C:\WINDOWS\system32\csrss.exe[540] KERNEL32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
    .text C:\WINDOWS\system32\winlogon.exe[564] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
    .text C:\WINDOWS\system32\winlogon.exe[564] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
    .text C:\WINDOWS\system32\services.exe[608] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
    .text C:\WINDOWS\system32\services.exe[608] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
    .text C:\WINDOWS\system32\lsass.exe[620] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
    .text C:\WINDOWS\system32\lsass.exe[620] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[780] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[780] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[828] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
    .text C:\WINDOWS\System32\svchost.exe[896] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
    .text C:\WINDOWS\System32\svchost.exe[896] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
    .text C:\WINDOWS\System32\svchost.exe[960] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
    .text C:\WINDOWS\System32\svchost.exe[960] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
    .text C:\WINDOWS\System32\svchost.exe[1080] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
    .text C:\WINDOWS\System32\svchost.exe[1080] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
    .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1316] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
    .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1316] kernel32.dll!SetUnhandledExceptionFilter 7C810386 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
    .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1316] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
    .text C:\WINDOWS\Explorer.EXE[1324] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
    .text C:\WINDOWS\Explorer.EXE[1324] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
    .text C:\WINDOWS\BCMSMMSG.exe[1392] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
    .text C:\WINDOWS\BCMSMMSG.exe[1392] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
    .text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[1400] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
    .text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[1400] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
    .text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[1424] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
    .text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[1424] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
    .text C:\Program Files\Alwil Software\Avast5\avastUI.exe[1496] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
    .text C:\Program Files\Alwil Software\Avast5\avastUI.exe[1496] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
    .text C:\WINDOWS\system32\RUNDLL32.EXE[1508] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
    .text C:\WINDOWS\system32\RUNDLL32.EXE[1508] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
    .text C:\WINDOWS\system32\spoolsv.exe[1552] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
    .text C:\WINDOWS\system32\spoolsv.exe[1552] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
    .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1824] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
    .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1824] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
    .text C:\WINDOWS\system32\CTsvcCDA.EXE[1836] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
    .text C:\WINDOWS\system32\CTsvcCDA.EXE[1836] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1908] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1908] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
    .text C:\WINDOWS\System32\svchost.exe[1972] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
    .text C:\WINDOWS\System32\svchost.exe[1972] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
    .text C:\WINDOWS\system32\nvsvc32.exe[2016] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
    .text C:\WINDOWS\system32\nvsvc32.exe[2016] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
    .text C:\WINDOWS\System32\alg.exe[2140] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
    .text C:\WINDOWS\System32\alg.exe[2140] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
    .text C:\Documents and Settings\Zohreh Majd\My Documents\Downloads\HijackThis.exe[2672] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001401F8
    .text C:\Documents and Settings\Zohreh Majd\My Documents\Downloads\HijackThis.exe[2672] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
    .text C:\Documents and Settings\Zohreh Majd\My Documents\Downloads\HijackThis.exe[2672] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001403FC
    .text C:\Documents and Settings\Zohreh Majd\My Documents\Downloads\HijackThis.exe[2672] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
    .text C:\Documents and Settings\Zohreh Majd\My Documents\Downloads\HijackThis.exe[2672] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 00370A08
    .text C:\Documents and Settings\Zohreh Majd\My Documents\Downloads\HijackThis.exe[2672] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 00370804
    .text C:\Documents and Settings\Zohreh Majd\My Documents\Downloads\HijackThis.exe[2672] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 00370600
    .text C:\Documents and Settings\Zohreh Majd\My Documents\Downloads\HijackThis.exe[2672] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 003701F8
    .text C:\Documents and Settings\Zohreh Majd\My Documents\Downloads\HijackThis.exe[2672] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 003703FC
    .text C:\Documents and Settings\Zohreh Majd\My Documents\Downloads\HijackThis.exe[2672] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 00381014
    .text C:\Documents and Settings\Zohreh Majd\My Documents\Downloads\HijackThis.exe[2672] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 00380804
    .text C:\Documents and Settings\Zohreh Majd\My Documents\Downloads\HijackThis.exe[2672] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 00380A08
    .text C:\Documents and Settings\Zohreh Majd\My Documents\Downloads\HijackThis.exe[2672] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 00380C0C
    .text C:\Documents and Settings\Zohreh Majd\My Documents\Downloads\HijackThis.exe[2672] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 00380E10
    .text C:\Documents and Settings\Zohreh Majd\My Documents\Downloads\HijackThis.exe[2672] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 003801F8
    .text C:\Documents and Settings\Zohreh Majd\My Documents\Downloads\HijackThis.exe[2672] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 003803FC
    .text C:\Documents and Settings\Zohreh Majd\My Documents\Downloads\HijackThis.exe[2672] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 00380600
    .text C:\WINDOWS\system32\wscntfy.exe[3612] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8
    .text C:\WINDOWS\system32\wscntfy.exe[3612] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
    .text C:\WINDOWS\system32\wscntfy.exe[3612] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC
    .text C:\WINDOWS\system32\wscntfy.exe[3612] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
    .text C:\WINDOWS\system32\wscntfy.exe[3612] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\system32\wscntfy.exe[3612] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 002C0804
    .text C:\WINDOWS\system32\wscntfy.exe[3612] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 002C0600
    .text C:\WINDOWS\system32\wscntfy.exe[3612] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\wscntfy.exe[3612] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\system32\wscntfy.exe[3612] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 002D1014
    .text C:\WINDOWS\system32\wscntfy.exe[3612] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 002D0804
    .text C:\WINDOWS\system32\wscntfy.exe[3612] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 002D0A08
    .text C:\WINDOWS\system32\wscntfy.exe[3612] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 002D0C0C
    .text C:\WINDOWS\system32\wscntfy.exe[3612] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 002D0E10
    .text C:\WINDOWS\system32\wscntfy.exe[3612] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 002D01F8
    .text C:\WINDOWS\system32\wscntfy.exe[3612] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 002D03FC
    .text C:\WINDOWS\system32\wscntfy.exe[3612] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 002D0600
    .text C:\Documents and Settings\Zohreh Majd\My Documents\Downloads\p9emx7ko.exe[3936] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001501F8
    .text C:\Documents and Settings\Zohreh Majd\My Documents\Downloads\p9emx7ko.exe[3936] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
    .text C:\Documents and Settings\Zohreh Majd\My Documents\Downloads\p9emx7ko.exe[3936] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001503FC
    .text C:\Documents and Settings\Zohreh Majd\My Documents\Downloads\p9emx7ko.exe[3936] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
    .text C:\Documents and Settings\Zohreh Majd\My Documents\Downloads\p9emx7ko.exe[3936] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 003C1014
    .text C:\Documents and Settings\Zohreh Majd\My Documents\Downloads\p9emx7ko.exe[3936] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 003C0804
    .text C:\Documents and Settings\Zohreh Majd\My Documents\Downloads\p9emx7ko.exe[3936] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 003C0A08
    .text C:\Documents and Settings\Zohreh Majd\My Documents\Downloads\p9emx7ko.exe[3936] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 003C0C0C
    .text C:\Documents and Settings\Zohreh Majd\My Documents\Downloads\p9emx7ko.exe[3936] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 003C0E10
    .text C:\Documents and Settings\Zohreh Majd\My Documents\Downloads\p9emx7ko.exe[3936] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 003C01F8
    .text C:\Documents and Settings\Zohreh Majd\My Documents\Downloads\p9emx7ko.exe[3936] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 003C03FC
    .text C:\Documents and Settings\Zohreh Majd\My Documents\Downloads\p9emx7ko.exe[3936] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 003C0600
    .text C:\Documents and Settings\Zohreh Majd\My Documents\Downloads\p9emx7ko.exe[3936] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 003D0A08
    .text C:\Documents and Settings\Zohreh Majd\My Documents\Downloads\p9emx7ko.exe[3936] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 003D0804
    .text C:\Documents and Settings\Zohreh Majd\My Documents\Downloads\p9emx7ko.exe[3936] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 003D0600
    .text C:\Documents and Settings\Zohreh Majd\My Documents\Downloads\p9emx7ko.exe[3936] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 003D01F8
    .text C:\Documents and Settings\Zohreh Majd\My Documents\Downloads\p9emx7ko.exe[3936] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 003D03FC

    ---- Devices - GMER 2.1 ----

    Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

    AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\Ip aswRdr.SYS (avast! TDI Redirect Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\Tcp aswRdr.SYS (avast! TDI Redirect Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\Udp aswRdr.SYS (avast! TDI Redirect Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

    ---- Threads - GMER 2.1 ----

    Thread System [4:2744] F077D150

    ---- EOF - GMER 2.1 ----


    Please don't make me run GMER again. That took forever!
     
  2. bingbong123

    bingbong123 Thread Starter

    Joined:
    Feb 18, 2013
    Messages:
    2
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1090027

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice