internet slowed down and comp freezing up...

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

ilaila

Thread Starter
Joined
Oct 29, 2012
Messages
7
Hi there, I just lost the post that i wrote so hopefully there's no repeats. doesn't look like it so far.

I'm on a lousy laptop but it runs fast enough for me usually - pretty fast. i use firefox. Just a couple of weeks ago it suddenly started not loading the page for ages, so stays on original screen for ages. A few times it freezes up too. I'm trying to make sure it's not malware/viruses - and will also be trying to check that no one else is stealing the internet from a different flat.

Here's the info
hijack
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:23:28, on 11/01/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\system32\dldtcoms.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\system32\WTClient.exe
C:\WINDOWS\tsnpstd3.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\Drivers\WTSRV.EXE
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\KORG\KORG USB-MIDI Driver\EsHelper2.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\All Users\Documents\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (file missing)
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [WTClient] WTClient.exe
O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [KORG USB-MIDI Driver] C:\Program Files\KORG\KORG USB-MIDI Driver\EsHelper2.exe /s
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\RunOnce: [SymInstallStub] C:\Documents and Settings\All Users\Application Data\DivX\Symantec\SymInstallStub.exe /partnerid=divx /productlist=nss /staging=false /delay=5 /lang=English /desktopshortcut=1 /startmenushortcut=1 /tasktries=1
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKCU\..\Run: [Xvid] C:\Program Files\Xvid\CheckUpdate.exe
O4 - HKCU\..\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup
O4 - HKCU\..\Run: [] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: completed.lnk = H:\desktop\completed.txt
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} (Java Plug-in 1.6.0_24) -
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: dldt_device - - C:\WINDOWS\system32\dldtcoms.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: ServiceLayer - Unknown owner - D:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\WINDOWS\System32\Drivers\WTSRV.EXE

--
End of file - 7429 bytes


dds
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.10.2
Run by Owner at 19:19:30 on 2013-01-11
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1014.289 [GMT 0:00]
.
.
============== Running Processes ================
.
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\system32\dldtcoms.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\system32\WTClient.exe
C:\WINDOWS\tsnpstd3.exe
C:\WINDOWS\System32\Drivers\WTSRV.EXE
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\KORG\KORG USB-MIDI Driver\EsHelper2.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
mStart Page = about:blank
mWinlogon: SFCDisable = dword:-99
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [KiesPDLR] c:\program files\samsung\kies\external\firmwareupdate\KiesPDLR.exe
uRun: [Xvid] c:\program files\xvid\CheckUpdate.exe
uRun: [KiesAirMessage] c:\program files\samsung\kies\KiesAirMessage.exe -startup
uRun: [] c:\program files\samsung\kies\external\firmwareupdate\KiesPDLR.exe
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [WTClient] WTClient.exe
mRun: [tsnpstd3] c:\windows\tsnpstd3.exe
mRun: [snpstd3] c:\windows\vsnpstd3.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [KORG USB-MIDI Driver] c:\program files\korg\korg usb-midi driver\EsHelper2.exe /s
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRunOnce: [SymInstallStub] c:\documents and settings\all users\application data\divx\symantec\SymInstallStub.exe /partnerid=divx /productlist=nss /staging=false /delay=5 /lang=English /desktopshortcut=1 /startmenushortcut=1 /tasktries=1
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\comple~1.lnk - h:\desktop\completed.txt
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\empowe~1.lnk - c:\acer\empowering technology\eAPLauncher.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: ForceClassicControlPanel = dword:1
mPolicies-Explorer: MaxRecentDocs = dword:18
mPolicies-Explorer: NoSMConfigurePrograms = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Explorer: NoRecentDocsNetHood = dword:1
mPolicies-Explorer: MemCheckBoxInRunDlg = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{3174C620-E8B5-421C-931F-E8631E8A4551} : DHCPNameServer = 192.168.1.254
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\psoexwhp.default\
FF - prefs.js: browser.search.selectedEngine - Linkury Smartbar Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\psoexwhp.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\psoexwhp.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\RadioWMPCore.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin.dll
FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin2.dll
FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin3.dll
FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin4.dll
FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin5.dll
FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin6.dll
FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin7.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_146.dll
FF - ExtSQL: !HIDDEN! 2010-08-07 22:28; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R0 iastor78;iastor78;c:\windows\system32\drivers\iastor78.sys [2009-4-20 308248]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-3-12 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-8-7 361032]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-2-17 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2010-6-29 116608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-8-7 21256]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-7 44808]
R2 dldt_device;dldt_device;c:\windows\system32\dldtcoms.exe -service --> c:\windows\system32\dldtcoms.exe -service [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2012-11-6 83168]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys --> c:\windows\system32\drivers\dgderdrv.sys [?]
S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys --> c:\windows\system32\drivers\ewusbfake.sys [?]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2011-2-4 9216]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2012-1-24 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2012-1-24 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2012-1-24 136808]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2012-11-6 181344]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2013-01-05 17:17:06 -------- d-----w- c:\documents and settings\owner\local settings\application data\Apple Computer
2013-01-02 22:50:12 -------- d-----w- c:\documents and settings\owner\local settings\application data\Sun
2013-01-02 22:45:54 143872 ----a-w- c:\windows\system32\javacpl.cpl
2013-01-02 22:45:38 93640 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-12-13 00:26:34 991744 ------w- c:\windows\system32\dllcache\kernel32.dll
2012-12-13 00:26:25 375296 ------w- c:\windows\system32\dllcache\dpnet.dll
.
==================== Find3M ====================
.
2013-01-09 20:59:43 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-09 20:59:43 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-02 22:45:09 779704 ----a-w- c:\windows\system32\deployJava1.dll
2012-12-16 12:31:02 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-11-13 11:20:36 1875456 ------w- c:\windows\system32\win32k.sys
2012-11-02 02:02:42 375296 ------w- c:\windows\system32\dpnet.dll
2012-11-01 12:17:54 916992 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 12:17:54 43520 ------w- c:\windows\system32\licmgr10.dll
2012-11-01 12:17:54 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-11-01 00:35:34 385024 ------w- c:\windows\system32\html.iec
2012-10-30 22:51:58 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 22:51:07 41224 ----a-w- c:\windows\avastSS.scr
2012-10-26 08:11:10 421200 ----a-w- c:\windows\system32\msvcp100.dll
2012-10-26 08:11:06 773968 ----a-w- c:\windows\system32\msvcr100.dll
2012-10-25 03:12:26 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-10-25 03:12:26 69632 ----a-w- c:\windows\system32\QuickTime.qts
.
============= FINISH: 19:20:12.98 ===============


attach
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 07/08/2010 19:29:03
System Uptime: 11/01/2013 18:34:39 (1 hours ago)
.
Motherboard: Acer | | Acadia
Processor: Intel(R) Celeron(R) CPU 550 @ 2.00GHz | uPGA-478 | 1995/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 32 GiB total, 4.521 GiB free.
D: is FIXED (NTFS) - 31 GiB total, 12.891 GiB free.
E: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Modem Device on High Definition Audio Bus
Device ID: HDAUDIO\FUNC_02&VEN_14F1&DEV_2C06&SUBSYS_10250136&REV_1000\4&2E584385&0&0102
Manufacturer:
Name: Modem Device on High Definition Audio Bus
PNP Device ID: HDAUDIO\FUNC_02&VEN_14F1&DEV_2C06&SUBSYS_10250136&REV_1000\4&2E584385&0&0102
Service:
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
µTorrent
Acer Empowering Technology
Adobe After Effects CS4 Third Party Content
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe Creative Suite 4 Master Collection
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Drive CS4
Adobe Encore CS4 Codecs
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Fonts All
Adobe Illustrator CS4
Adobe Linguistics CS4
Adobe Media Encoder CS4 Exporter
Adobe Media Encoder CS4 Importer
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Premiere Pro CS4 Third Party Content
Adobe Reader 9.5.0
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Soundbooth CS4 Codecs
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Alt-Tab Task Switcher Powertoy for Windows XP
Amazing Slow Downer (remove only)
Any Video Converter 3.1.7
Apple Application Support
Apple Software Update
avast! Free Antivirus
CCleaner
Connect
DivX Setup
Dorgem 2.1.0
FormatFactory 3.0.1
Google Chrome
Google Update Helper
HijackThis 1.99.1
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB981793)
Intel(R) Graphics Media Accelerator Driver
iSpy
Java 7 Update 10
Java Auto Updater
KORG USB-MIDI Driver Tools for Windows
kuler
MediaLooks QuickTime Source 1.7.0.6 (DirectShow Filter)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 1.1 Service Pack 1
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Windows Application Compatibility Database
Mozilla Firefox 17.0.1 (x86 en-US)
Mozilla Maintenance Service
MSI Star Cam 370i
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB973685)
Open Command Prompt Shell Extension (x86-32)
OpenOffice.org 3.3
PC Connectivity Solution
PDF Settings CS4
Photoshop Camera Raw
QuickTime
Realtek High Definition Audio Driver
SAMSUNG USB Driver for Mobile Phones
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Skype™ 5.10
Spybot - Search & Destroy
Suite Shared Configuration CS4
SUPERAntiSpyware
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB955759)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
User Profile Hive Cleanup Service
VC80CRTRedist - 8.0.50727.6195
Vegas Pro 9.0
VLC media player 2.0.4
WebFldrs XP
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Media Format 11 runtime
Windows Media Player 11
Windows Rights Management Client Backwards Compatibility SP2
Windows Rights Management Client with Service Pack 2
WinRAR archiver
Xvid Video Codec
ZTE_1.2059.0.8
.
==== Event Viewer Messages From Past Week ========
.
04/01/2013 14:50:29, error: Service Control Manager [7000] - The StarOpen service failed to start due to the following error: The system cannot find the file specified.
04/01/2013 04:59:12, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8007f0f4: Security Update for Windows XP (KB2481109).
.
==== End Of File ===========================


and ark

GMER 2.0.18444 - http://www.gmer.net
Rootkit scan 2013-01-11 19:31:20
Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 Hitachi_ rev.SB2O 74.53GB
Running: 0olcmtg3.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\fgryypog.sys


---- System - GMER 2.0 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xA97314BA]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xA97DEC22]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0xA9731ED6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xA9773811]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xA973CFA8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xA973CFF4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xA973D176]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xA97731C5]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xA973CF16]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xA973D038]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xA973CF5E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0xA973211C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xA973D130]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0xA973293E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xA9731508]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xA9773ED7]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xA977418D]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xA97361C2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xA9773D42]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xA9773BAD]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xA97DECEA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xA9731170]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xA9731556]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xA9736534]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xA97333A6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xA973CFD2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xA973D016]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xA973D19A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xA9773521]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xA973CF3C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xA9735C3E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xA973D0BA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xA973CF86]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xA9735F14]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xA973D154]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xA97DEE4A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xA9773A28]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xA9733272]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xA977387A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThread [0xA9732DD4]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xA97EB7D2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xA9772838]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xA97315A4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xA97315F2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0xA97327BE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xA97311FA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xA97313AA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xA9773FDE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xA9731350]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0xA9732AF8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0xA9732C54]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xA973141A]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xA98CD640]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0xA9732636]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwUnloadDriver [0xA97DD41C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xA9731640]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwWriteVirtualMemory [0xA9731F1A]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xA97F7E56]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 2.0 ----

.text ntoskrnl.exe!_abnormal_termination + 198 804E2804 4 Bytes [EA, EC, 7D, A9]
.text ntoskrnl.exe!_abnormal_termination + 398 804E2A04 12 Bytes [A4, 15, 73, A9, F2, 15, 73, ...]
.text ntoskrnl.exe!_abnormal_termination + 440 804E2AAC 12 Bytes [F8, 2A, 73, A9, 54, 2C, 73, ...] {CLC ; SUB DH, [EBX-0x57]; PUSH ESP; SUB AL, 0x73; TEST EAX, 0xa973141a}
PAGE ntoskrnl.exe!ObInsertObject 8056513A 5 Bytes JMP A97F6810 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ZwReplyWaitReceivePortEx + 3CC 8056BB88 4 Bytes CALL A9733A77 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntoskrnl.exe!ZwCreateProcessEx 8058304C 7 Bytes JMP A97F7E5A \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ObMakeTemporaryObject 8059EA42 5 Bytes JMP A97F4CF6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text win32k.sys!EngFreeUserMem + 674 BF8098F2 5 Bytes JMP A9737B4C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFreeUserMem + 35D0 BF80C84E 5 Bytes JMP A9737A3C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSurface + 45 BF8138E6 5 Bytes JMP A97379F6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!BRUSHOBJ_pvAllocRbrush + 322E BF81E59B 5 Bytes JMP A9736688 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngMulDiv + 197D BF820CA8 5 Bytes JMP A97370A8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPaint + 11A6 BF82D4A6 5 Bytes JMP A97367C4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngLockSurface + C09 BF82E624 5 Bytes JMP A9737CB6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + 654A BF83D89B 5 Bytes JMP A9737EBE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + BEF8 BF843249 5 Bytes JMP A97378FC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + DB5F BF844EB0 5 Bytes JMP A9736834 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!FONTOBJ_pxoGetXform + B0E8 BF864F60 5 Bytes JMP A9737090 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 350F BF8700AD 5 Bytes JMP A973716A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 5807 BF8723A5 5 Bytes JMP A9736C1E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 5892 BF872430 5 Bytes JMP A9736EE4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 6468 BF873006 5 Bytes JMP A9736670 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + B846 BF8783E4 5 Bytes JMP A9737A86 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnicodeToMultiByteN + 67E7 BF87F607 5 Bytes JMP A9737BFE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetCurrentCodePage + 3651 BF898924 5 Bytes JMP A9736CDE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetCurrentCodePage + 418E BF899461 5 Bytes JMP A9736E9E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetLastError + 1606 BF8B6552 5 Bytes JMP A9737182 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 2862 BF8B9C70 5 Bytes JMP A9737E1C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngAlphaBlend + 1A3D BF8C1C1C 5 Bytes JMP A9736944 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1517 BF8CA0AD 5 Bytes JMP A9736A1C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1797 BF8CA32D 5 Bytes JMP A9736B48 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + 3B3E BF8EBCE7 5 Bytes JMP A973656A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + CB45 BF8F4CEE 5 Bytes JMP A97370C0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 1A40 BF914536 5 Bytes JMP A9736760 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 2614 BF91510A 5 Bytes JMP A97368F0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 4F8D BF917A83 5 Bytes JMP A9736FFE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 192A BF947D12 5 Bytes JMP A9737D74 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
? C:\DOCUME~1\Owner\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 2.0 ----

.text C:\WINDOWS\System32\smss.exe[520] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
.text C:\Program Files\Java\jre7\bin\jqs.exe[620] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 003801F8
.text C:\Program Files\Java\jre7\bin\jqs.exe[620] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
.text C:\Program Files\Java\jre7\bin\jqs.exe[620] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 003803FC
.text C:\Program Files\Java\jre7\bin\jqs.exe[620] KERNEL32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62]
.text C:\Program Files\Java\jre7\bin\jqs.exe[620] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003E1014
.text C:\Program Files\Java\jre7\bin\jqs.exe[620] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003E0804
.text C:\Program Files\Java\jre7\bin\jqs.exe[620] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003E0A08
.text C:\Program Files\Java\jre7\bin\jqs.exe[620] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003E0C0C
.text C:\Program Files\Java\jre7\bin\jqs.exe[620] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003E0E10
.text C:\Program Files\Java\jre7\bin\jqs.exe[620] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003E01F8
.text C:\Program Files\Java\jre7\bin\jqs.exe[620] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003E03FC
.text C:\Program Files\Java\jre7\bin\jqs.exe[620] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003E0600
.text C:\Program Files\Java\jre7\bin\jqs.exe[620] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003F0804
.text C:\Program Files\Java\jre7\bin\jqs.exe[620] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003F0A08
.text C:\Program Files\Java\jre7\bin\jqs.exe[620] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003F0600
.text C:\Program Files\Java\jre7\bin\jqs.exe[620] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003F01F8
.text C:\Program Files\Java\jre7\bin\jqs.exe[620] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003F03FC
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[676] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[676] kernel32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62]
.text C:\WINDOWS\system32\WTClient.exe[692] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 003701F8
.text C:\WINDOWS\system32\WTClient.exe[692] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
.text C:\WINDOWS\system32\WTClient.exe[692] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 003703FC
.text C:\WINDOWS\system32\WTClient.exe[692] KERNEL32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62]
.text C:\WINDOWS\tsnpstd3.exe[720] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 003801F8
.text C:\WINDOWS\tsnpstd3.exe[720] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
.text C:\WINDOWS\tsnpstd3.exe[720] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 003803FC
.text C:\WINDOWS\tsnpstd3.exe[720] KERNEL32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[828] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[828] KERNEL32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[852] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[852] kernel32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[896] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[896] kernel32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[908] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[908] kernel32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1064] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1132] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1132] kernel32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1188] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1188] kernel32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1236] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[1304] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 002C01F8
.text C:\WINDOWS\Explorer.EXE[1304] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[1304] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 002C03FC
.text C:\WINDOWS\Explorer.EXE[1304] KERNEL32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[1304] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00381014
.text C:\WINDOWS\Explorer.EXE[1304] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00380804
.text C:\WINDOWS\Explorer.EXE[1304] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00380A08
.text C:\WINDOWS\Explorer.EXE[1304] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00380C0C
.text C:\WINDOWS\Explorer.EXE[1304] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00380E10
.text C:\WINDOWS\Explorer.EXE[1304] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003801F8
.text C:\WINDOWS\Explorer.EXE[1304] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003803FC
.text C:\WINDOWS\Explorer.EXE[1304] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00380600
.text C:\WINDOWS\Explorer.EXE[1304] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 02F80804
.text C:\WINDOWS\Explorer.EXE[1304] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 02F80A08
.text C:\WINDOWS\Explorer.EXE[1304] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 02F80600
.text C:\WINDOWS\Explorer.EXE[1304] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 02F801F8
.text C:\WINDOWS\Explorer.EXE[1304] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 02F803FC
.text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1412] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 003801F8
.text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1412] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
.text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1412] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 003803FC
.text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1412] KERNEL32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62]
.text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1412] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 008C1014
.text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1412] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 008C0804
.text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1412] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 008C0A08
.text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1412] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 008C0C0C
.text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1412] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 008C0E10
.text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1412] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 008C01F8
.text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1412] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 008C03FC
.text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1412] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 008C0600
.text C:\WINDOWS\vsnpstd3.exe[1424] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 003701F8
.text C:\WINDOWS\vsnpstd3.exe[1424] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
.text C:\WINDOWS\vsnpstd3.exe[1424] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 003703FC
.text C:\WINDOWS\vsnpstd3.exe[1424] KERNEL32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1452] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1452] kernel32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1476] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1476] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1476] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\svchost.exe[1476] KERNEL32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1476] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00B41014
.text C:\WINDOWS\system32\svchost.exe[1476] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00B40804
.text C:\WINDOWS\system32\svchost.exe[1476] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00B40A08
.text C:\WINDOWS\system32\svchost.exe[1476] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00B40C0C
.text C:\WINDOWS\system32\svchost.exe[1476] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00B40E10
.text C:\WINDOWS\system32\svchost.exe[1476] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00B401F8
.text C:\WINDOWS\system32\svchost.exe[1476] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00B403FC
.text C:\WINDOWS\system32\svchost.exe[1476] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00B40600
.text C:\WINDOWS\system32\svchost.exe[1504] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1504] kernel32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62]
.text C:\WINDOWS\system32\wuauclt.exe[1596] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 002D01F8
.text C:\WINDOWS\system32\wuauclt.exe[1596] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
.text C:\WINDOWS\system32\wuauclt.exe[1596] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 002D03FC
.text C:\WINDOWS\system32\wuauclt.exe[1596] KERNEL32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62]
.text C:\WINDOWS\system32\wuauclt.exe[1596] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00911014
.text C:\WINDOWS\system32\wuauclt.exe[1596] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00910804
.text C:\WINDOWS\system32\wuauclt.exe[1596] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00910A08
.text C:\WINDOWS\system32\wuauclt.exe[1596] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00910C0C
.text C:\WINDOWS\system32\wuauclt.exe[1596] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00910E10
.text C:\WINDOWS\system32\wuauclt.exe[1596] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 009101F8
.text C:\WINDOWS\system32\wuauclt.exe[1596] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 009103FC
.text C:\WINDOWS\system32\wuauclt.exe[1596] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00910600
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1616] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 003801F8
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1616] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1616] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 003803FC
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1616] KERNEL32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62]
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1692] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1692] kernel32.dll!SetUnhandledExceptionFilter 7C8449B5 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1692] kernel32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1744] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1744] kernel32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62]
.text C:\WINDOWS\system32\dldtcoms.exe[1856] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 003801F8
.text C:\WINDOWS\system32\dldtcoms.exe[1856] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
.text C:\WINDOWS\system32\dldtcoms.exe[1856] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 003803FC
.text C:\WINDOWS\system32\dldtcoms.exe[1856] KERNEL32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62]
.text C:\WINDOWS\system32\dldtcoms.exe[1856] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00F61014
.text C:\WINDOWS\system32\dldtcoms.exe[1856] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00F60804
.text C:\WINDOWS\system32\dldtcoms.exe[1856] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00F60A08
.text C:\WINDOWS\system32\dldtcoms.exe[1856] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00F60C0C
.text C:\WINDOWS\system32\dldtcoms.exe[1856] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00F60E10
.text C:\WINDOWS\system32\dldtcoms.exe[1856] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00F601F8
.text C:\WINDOWS\system32\dldtcoms.exe[1856] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00F603FC
.text C:\WINDOWS\system32\dldtcoms.exe[1856] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00F60600
.text C:\WINDOWS\system32\svchost.exe[1968] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1968] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1968] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\svchost.exe[1968] KERNEL32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1968] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00A71014
.text C:\WINDOWS\system32\svchost.exe[1968] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00A70804
.text C:\WINDOWS\system32\svchost.exe[1968] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00A70A08
.text C:\WINDOWS\system32\svchost.exe[1968] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00A70C0C
.text C:\WINDOWS\system32\svchost.exe[1968] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00A70E10
.text C:\WINDOWS\system32\svchost.exe[1968] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00A701F8
.text C:\WINDOWS\system32\svchost.exe[1968] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00A703FC
.text C:\WINDOWS\system32\svchost.exe[1968] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00A70600
.text C:\Program Files\KORG\KORG USB-MIDI Driver\EsHelper2.exe[2064] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 003801F8
.text C:\Program Files\KORG\KORG USB-MIDI Driver\EsHelper2.exe[2064] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
.text C:\Program Files\KORG\KORG USB-MIDI Driver\EsHelper2.exe[2064] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 003803FC
.text C:\Program Files\KORG\KORG USB-MIDI Driver\EsHelper2.exe[2064] KERNEL32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62]
.text C:\Program Files\KORG\KORG USB-MIDI Driver\EsHelper2.exe[2064] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00A71014
.text C:\Program Files\KORG\KORG USB-MIDI Driver\EsHelper2.exe[2064] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00A70804
.text C:\Program Files\KORG\KORG USB-MIDI Driver\EsHelper2.exe[2064] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00A70A08
.text C:\Program Files\KORG\KORG USB-MIDI Driver\EsHelper2.exe[2064] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00A70C0C
.text C:\Program Files\KORG\KORG USB-MIDI Driver\EsHelper2.exe[2064] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00A70E10
.text C:\Program Files\KORG\KORG USB-MIDI Driver\EsHelper2.exe[2064] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00A701F8
.text C:\Program Files\KORG\KORG USB-MIDI Driver\EsHelper2.exe[2064] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00A703FC
.text C:\Program Files\KORG\KORG USB-MIDI Driver\EsHelper2.exe[2064] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00A70600
.text C:\WINDOWS\system32\igfxtray.exe[2220] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 003801F8
.text C:\WINDOWS\system32\igfxtray.exe[2220] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
.text C:\WINDOWS\system32\igfxtray.exe[2220] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 003803FC
.text C:\WINDOWS\system32\igfxtray.exe[2220] KERNEL32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62]
.text C:\WINDOWS\system32\hkcmd.exe[2284] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 003801F8
.text C:\WINDOWS\system32\hkcmd.exe[2284] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
.text C:\WINDOWS\system32\hkcmd.exe[2284] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 003803FC
.text C:\WINDOWS\system32\hkcmd.exe[2284] KERNEL32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62]
.text C:\WINDOWS\system32\igfxpers.exe[2372] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 003801F8
.text C:\WINDOWS\system32\igfxpers.exe[2372] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
.text C:\WINDOWS\system32\igfxpers.exe[2372] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 003803FC
.text C:\WINDOWS\system32\igfxpers.exe[2372] KERNEL32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62]
.text C:\WINDOWS\system32\igfxsrvc.exe[2452] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 003801F8
.text C:\WINDOWS\system32\igfxsrvc.exe[2452] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
.text C:\WINDOWS\system32\igfxsrvc.exe[2452] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 003803FC
.text C:\WINDOWS\system32\igfxsrvc.exe[2452] KERNEL32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62]
.text C:\WINDOWS\system32\igfxsrvc.exe[2452] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 01210804
.text C:\WINDOWS\system32\igfxsrvc.exe[2452] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 01210A08
.text C:\WINDOWS\system32\igfxsrvc.exe[2452] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 01210600
.text C:\WINDOWS\system32\igfxsrvc.exe[2452] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 012101F8
.text C:\WINDOWS\system32\igfxsrvc.exe[2452] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 012103FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2456] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 003801F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2456] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2456] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 003803FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2456] KERNEL32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2456] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00BB1014
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2456] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00BB0804
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2456] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00BB0A08
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2456] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00BB0C0C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2456] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00BB0E10
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2456] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00BB01F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2456] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00BB03FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2456] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00BB0600
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2544] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 003801F8
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2544] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2544] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 003803FC
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2544] KERNEL32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62]
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2544] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00D31014
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2544] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00D30804
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2544] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00D30A08
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2544] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00D30C0C
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2544] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00D30E10
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2544] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00D301F8
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2544] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00D303FC
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2544] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00D30600
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2544] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00D40804
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2544] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00D40A08
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2544] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00D40600
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2544] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00D401F8
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2544] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 00D403FC
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2708] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 002801F8
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2708] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2708] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 002803FC
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2708] KERNEL32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62]
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2708] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 09D71014
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2708] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 09D70804
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2708] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 09D70A08
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2708] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 09D70C0C
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2708] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 09D70E10
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2708] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 09D701F8
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2708] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 09D703FC
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2708] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 09D70600
.text C:\WINDOWS\System32\alg.exe[3304] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\alg.exe[3304] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[3304] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 002C03FC
.text C:\WINDOWS\System32\alg.exe[3304] KERNEL32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[3548] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\svchost.exe[3548] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[3548] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 002C03FC
.text C:\WINDOWS\System32\svchost.exe[3548] KERNEL32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[3548] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 006F1014
.text C:\WINDOWS\System32\svchost.exe[3548] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 006F0804
.text C:\WINDOWS\System32\svchost.exe[3548] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 006F0A08
.text C:\WINDOWS\System32\svchost.exe[3548] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 006F0C0C
.text C:\WINDOWS\System32\svchost.exe[3548] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 006F0E10
.text C:\WINDOWS\System32\svchost.exe[3548] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 006F01F8
.text C:\WINDOWS\System32\svchost.exe[3548] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 006F03FC
.text C:\WINDOWS\System32\svchost.exe[3548] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 006F0600
.text C:\Documents and Settings\All Users\Documents\Downloads\0olcmtg3.exe[3728] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 003801F8
.text C:\Documents and Settings\All Users\Documents\Downloads\0olcmtg3.exe[3728] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
.text C:\Documents and Settings\All Users\Documents\Downloads\0olcmtg3.exe[3728] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 003803FC
.text C:\Documents and Settings\All Users\Documents\Downloads\0olcmtg3.exe[3728] KERNEL32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62]
.text C:\Documents and Settings\All Users\Documents\Downloads\0olcmtg3.exe[3728] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003F1014
.text C:\Documents and Settings\All Users\Documents\Downloads\0olcmtg3.exe[3728] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003F0804
.text C:\Documents and Settings\All Users\Documents\Downloads\0olcmtg3.exe[3728] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003F0A08
.text C:\Documents and Settings\All Users\Documents\Downloads\0olcmtg3.exe[3728] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003F0C0C
.text C:\Documents and Settings\All Users\Documents\Downloads\0olcmtg3.exe[3728] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003F0E10
.text C:\Documents and Settings\All Users\Documents\Downloads\0olcmtg3.exe[3728] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003F01F8
.text C:\Documents and Settings\All Users\Documents\Downloads\0olcmtg3.exe[3728] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003F03FC
.text C:\Documents and Settings\All Users\Documents\Downloads\0olcmtg3.exe[3728] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003F0600
.text C:\Documents and Settings\All Users\Documents\Downloads\0olcmtg3.exe[3728] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00AC0804
.text C:\Documents and Settings\All Users\Documents\Downloads\0olcmtg3.exe[3728] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00AC0A08
.text C:\Documents and Settings\All Users\Documents\Downloads\0olcmtg3.exe[3728] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00AC0600
.text C:\Documents and Settings\All Users\Documents\Downloads\0olcmtg3.exe[3728] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00AC01F8
.text C:\Documents and Settings\All Users\Documents\Downloads\0olcmtg3.exe[3728] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 00AC03FC
.text C:\Program Files\Mozilla Firefox\firefox.exe[3944] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 01644470 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3944] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
.text C:\Program Files\Mozilla Firefox\firefox.exe[3944] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 002C03FC
.text C:\Program Files\Mozilla Firefox\firefox.exe[3944] KERNEL32.dll!lstrlenW + 43 7C809AEC 7 Bytes JMP 0189047C C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3944] KERNEL32.dll!MapViewOfFileEx + 6A 7C80B9A0 7 Bytes JMP 01890459 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3944] KERNEL32.dll!ValidateLocale + B1D0 7C8449B0 7 Bytes JMP 0164F972 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3944] KERNEL32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62]
.text C:\Program Files\Mozilla Firefox\firefox.exe[3944] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 02260804
.text C:\Program Files\Mozilla Firefox\firefox.exe[3944] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 02260A08
.text C:\Program Files\Mozilla Firefox\firefox.exe[3944] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 02260600
.text C:\Program Files\Mozilla Firefox\firefox.exe[3944] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 022601F8
.text C:\Program Files\Mozilla Firefox\firefox.exe[3944] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 022603FC
.text C:\Program Files\Mozilla Firefox\firefox.exe[3944] GDI32.dll!SetDIBitsToDevice + 20A 77F19E14 7 Bytes JMP 018903DA C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3944] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 02A21014
.text C:\Program Files\Mozilla Firefox\firefox.exe[3944] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 02A20804
.text C:\Program Files\Mozilla Firefox\firefox.exe[3944] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 02A20A08
.text C:\Program Files\Mozilla Firefox\firefox.exe[3944] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 02A20C0C
.text C:\Program Files\Mozilla Firefox\firefox.exe[3944] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 02A20E10
.text C:\Program Files\Mozilla Firefox\firefox.exe[3944] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 02A201F8
.text C:\Program Files\Mozilla Firefox\firefox.exe[3944] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 02A203FC
.text C:\Program Files\Mozilla Firefox\firefox.exe[3944] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 02A20600

---- User IAT/EAT - GMER 2.0 ----

IAT C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[676] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C8F6D0] C:\PROGRA~1\ALWILS~1\Avast5\aswCmnBS.dll (Common functions/AVAST Software)
IAT C:\WINDOWS\system32\services.exe[896] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00390002
IAT C:\WINDOWS\system32\services.exe[896] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00390000
IAT C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1692] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C8F6D0] C:\Program Files\Alwil Software\Avast5\aswCmnBS.dll (Common functions/AVAST Software)

---- EOF - GMER 2.0 ----


so i hope that's ok for now - i use avast, superantispyware, spybotsd resident, i use a tablet which has a couple of funny entries in hijack this, and i use a program called ispy. (just thought that might come up and look dodgy) it's a webcam program for recording motion on web cams. Can't think of anything else useful, its an acer aspire 5315 laptop. I use firefox.
I'm happy to repay for your time by doing you photoshop illustrator favours as i'm quite good at that stuff. X thankyou so much for your time, isla.
 

ilaila

Thread Starter
Joined
Oct 29, 2012
Messages
7
Hello, just putting another note in as recommended by the read this first pages -
my problem still remains, thankyou for any help,
isla
 

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
120,253
Please be careful of your language even if the word is starred out by the filters (or yourself) as this is a family friendly site.

Please visit Combofix Guide & Instructions for instructions for installing the Recovery Console and downloading and running ComboFix.

The only thing different from the instructions there is that when downloading and saving the ComboFix.exe I would like you to rename it to puppy.exe please.

Post the log from ComboFix when you've accomplished that.

Important notes regarding ComboFix:

ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. This can easily be changed once we're finished.

ComboFix also prevents autorun of ALL CDs, floppies and USB devices (don't worry, the keyboard and mouse will still function) to assist with malware removal & increase security. If this is an issue or makes it difficult for you, please let me know. This can be undone manually when we're finished. Read HERE for an article written by dvk01 on why we disable autoruns.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top