Jump to content


 

Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Laptop slowes down locks up.

Started by gamestationoh , Apr 18 2012 03:47 PM

  • Please log in to reply
9 replies to this topic

#1 gamestationoh

gamestationoh

    New Member

  • Members
  • Pip
  • 12 posts

Posted 18 April 2012 - 03:47 PM

Hello

I have a laptop that gets slow and locks up. I have removed multiple viruses and spyware over the last month. Keeps coming back.

Toshiba Satellite A135
Vista Premium Service Pack 2
CPU T2080 1.73ghz
1.5 GB memory
32 bit op system

Using:
Malwarbytes Free
Avast Free

This was the last virus found:

Win32:MalOb-JL (Cryp)

Edited by gamestationoh, 18 April 2012 - 03:47 PM.

 

  • BC Ads
  • BleepingComputer.com

#2 Broni

Broni

    The Coolest BC Computer

  • BC Advisor
  • PipPipPipPipPipPip
  • 27,236 posts
  • Gender:Male
  • Location:Daly City, CA

Posted 18 April 2012 - 03:54 PM

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

====================================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (do NOT change any settings here)
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif



#3 gamestationoh

gamestationoh

    New Member

  • Members
  • Pip
  • 12 posts

Posted 18 April 2012 - 08:03 PM

Results of screen317's Security Check version 0.99.24
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
avast! Free Antivirus
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
TuneUp Utilities Language Pack (en-US)
CCleaner
Java™ 6 Update 31
Java™ SE Runtime Environment 6
Adobe Flash Player 11.2.202.233
Adobe Reader X (10.1.3)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Malwarebytes' Anti-Malware mbamservice.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
``````````End of Log````````````




Farbar Service Scanner Version: 16-04-2012
Ran by madge (administrator) on 18-04-2012 at 21:02:22
Running from "C:\Users\madge\Downloads\New Software"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

#4 gamestationoh

gamestationoh

    New Member

  • Members
  • Pip
  • 12 posts

Posted 18 April 2012 - 08:10 PM

MiniToolBox by Farbar Version: 18-01-2012
Ran by madge (administrator) on 18-04-2012 at 21:06:44
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
ProxyServer: 127.0.0.1:4001

========================= FF Proxy Settings: ==============================

"network.proxy.backup.ftp", ""
"network.proxy.backup.ftp_port", 0
"network.proxy.backup.gopher", ""
"network.proxy.backup.gopher_port", 0
"network.proxy.backup.socks", ""
"network.proxy.backup.socks_port", 0
"network.proxy.backup.ssl", ""
"network.proxy.backup.ssl_port", 0
"network.proxy.ftp", "127.0.0.1"
"network.proxy.ftp_port", 4001
"network.proxy.gopher", "127.0.0.1"
"network.proxy.gopher_port", 4001
"network.proxy.http", "127.0.0.1"
"network.proxy.http_port", 4001
"network.proxy.share_proxy_settings", true
"network.proxy.socks", "127.0.0.1"
"network.proxy.socks_port", 4001
"network.proxy.ssl", "127.0.0.1"
"network.proxy.ssl_port", 4001
"network.proxy.type", 4
========================= Hosts content: =================================

::1 localhost

127.0.0.1 localhost
127.0.0.1 .supercocklol.com
127.0.0.1 www..webloyalty.com
127.0.0.1 007guard.com
127.0.0.1 www.007guard.com
127.0.0.1 008i.com
127.0.0.1 008k.com
127.0.0.1 www.008k.com
127.0.0.1 00hq.com
127.0.0.1 www.00hq.com
127.0.0.1 010402.com
127.0.0.1 032439.com
127.0.0.1 www.032439.com
127.0.0.1 1001-search.info
127.0.0.1 www.1001-search.info
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.100sexlinks.com

There are 8107 more lines starting with "127.0.0.1"

========================= IP Configuration: ================================

Atheros AR5006EG Wireless Network Adapter = Wireless Network Connection (Connected)
Realtek RTL8101E Family PCI-E Fast Ethernet NIC (NDIS 6.0) = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : madge-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : gateway.2wire.net

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : gateway.2wire.net
Description . . . . . . . . . . . : Atheros AR5006EG Wireless Network Adapter
Physical Address. . . . . . . . . : 00-1B-9E-17-3A-3D
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.1.71(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Wednesday, April 18, 2012 8:44:31 PM
Lease Expires . . . . . . . . . . : Thursday, April 19, 2012 8:44:31 PM
Default Gateway . . . . . . . . . : 192.168.1.254
DHCP Server . . . . . . . . . . . : 192.168.1.254
DNS Servers . . . . . . . . . . . : 192.168.1.254
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8101E Family PCI-E Fast Ethernet NIC (NDIS 6.0)
Physical Address. . . . . . . . . : 00-16-D4-FD-2A-DE
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Server: unknown00224865C4E2
Address: 192.168.1.254

Name: google.com
Addresses: 74.125.225.136
74.125.225.137
74.125.225.142
74.125.225.128
74.125.225.129
74.125.225.130
74.125.225.131
74.125.225.132
74.125.225.133
74.125.225.134
74.125.225.135



Pinging google.com [74.125.225.9] with 32 bytes of data:

Reply from 74.125.225.9: bytes=32 time=37ms TTL=52

Reply from 74.125.225.9: bytes=32 time=35ms TTL=52



Ping statistics for 74.125.225.9:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 35ms, Maximum = 37ms, Average = 36ms

Server: unknown00224865C4E2
Address: 192.168.1.254

Name: yahoo.com
Addresses: 98.139.183.24
209.191.122.70
72.30.38.140



Pinging yahoo.com [98.139.183.24] with 32 bytes of data:

Reply from 98.139.183.24: bytes=32 time=141ms TTL=42

Reply from 98.139.183.24: bytes=32 time=72ms TTL=42



Ping statistics for 98.139.183.24:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 72ms, Maximum = 141ms, Average = 106ms

Server: unknown00224865C4E2
Address: 192.168.1.254

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:

Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
9 ...00 1b 9e 17 3a 3d ...... Atheros AR5006EG Wireless Network Adapter
8 ...00 16 d4 fd 2a de ...... Realtek RTL8101E Family PCI-E Fast Ethernet NIC (NDIS 6.0)
1 ........................... Software Loopback Interface 1
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.71 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.71 281
192.168.1.71 255.255.255.255 On-link 192.168.1.71 281
192.168.1.255 255.255.255.255 On-link 192.168.1.71 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.71 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.71 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
1 306 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [48128] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Windows\System32\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 06 C:\Windows\System32\winrnr.dll [19968] (Microsoft Corporation)
Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (04/18/2012 08:45:19 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 16 71.1.168.192.in-addr.arpa. PTR madge-PC.local.

Error: (04/18/2012 08:45:19 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.71:5353 18 71.1.168.192.in-addr.arpa. PTR madge-PC-2.local.

Error: (04/18/2012 04:51:26 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 16 71.1.168.192.in-addr.arpa. PTR madge-PC.local.

Error: (04/18/2012 04:51:26 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.71:5353 18 71.1.168.192.in-addr.arpa. PTR madge-PC-2.local.

Error: (04/18/2012 03:46:21 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\MADGE\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\PWC5DXIE.DEFAULT\CACHE\9> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (04/18/2012 03:46:21 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\MADGE\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\PWC5DXIE.DEFAULT\CACHE\9> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (04/18/2012 03:46:21 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\MADGE\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\PWC5DXIE.DEFAULT\CACHE\8> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (04/18/2012 03:46:21 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\MADGE\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\PWC5DXIE.DEFAULT\CACHE\8> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (04/18/2012 03:46:21 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\MADGE\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\PWC5DXIE.DEFAULT\CACHE\7> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (04/18/2012 03:46:21 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\MADGE\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\PWC5DXIE.DEFAULT\CACHE\7> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)


System errors:
=============
Error: (11/28/2008 01:39:32 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 12:45:22 AM on 11/9/2008 was unexpected.

Error: (11/08/2008 11:07:36 PM) (Source: Service Control Manager) (User: )
Description: Tosrfcom

Error: (11/08/2008 11:07:36 PM) (Source: Service Control Manager) (User: )
Description: Bonjour Service

Error: (11/08/2008 11:06:58 PM) (Source: Service Control Manager) (User: )
Description: AVG Network redirector%%2

Error: (11/08/2008 11:05:42 PM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueueKerberos

Error: (11/08/2008 11:05:29 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 9:53:47 PM on 11/8/2008 was unexpected.

Error: (11/07/2008 03:32:35 PM) (Source: Service Control Manager) (User: )
Description: Tosrfcom

Error: (11/07/2008 03:32:34 PM) (Source: Service Control Manager) (User: )
Description: Bonjour Service

Error: (11/07/2008 03:31:14 PM) (Source: Service Control Manager) (User: )
Description: AVG Network redirector%%2

Error: (11/07/2008 03:30:14 PM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueueKerberos


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

Update for Microsoft Office 2007 (KB2508958)
AAC Decoder (Version: 7.1.0)
Acrobat.com (Version: 0.0.0)
Acrobat.com (Version: 1.1.377)
Adobe AIR (Version: 1.0.4990)
Adobe AIR (Version: 1.0.8.4990)
Adobe Flash Player 11 ActiveX (Version: 11.2.202.233)
Adobe Flash Player 11 Plugin (Version: 11.2.202.233)
Adobe Photoshop 7.0 (Version: 7.0)
Adobe Reader X (10.1.3) (Version: 10.1.3)
Adobe Shockwave Player (Version: 10.1.4.20)
aioprnt (Version: 5.3.1.0)
aioscnnr (Version: 6.2.3.10)
aioscnnr (Version: 7.3.4.0)
Apple Application Support (Version: 2.1.7)
Apple Mobile Device Support (Version: 5.1.1.4)
Apple Software Update (Version: 2.1.3.127)
ArcSoft Print Creations - Album Page
ArcSoft Print Creations - Funhouse
ArcSoft Print Creations - Greeting Card
ArcSoft Print Creations - Photo Book
ArcSoft Print Creations - Photo Calendar
ArcSoft Print Creations - Scrapbook
ArcSoft Print Creations - Slimline Card
ArcSoft Print Creations (Version: 2.6.255.207)
Atheros Driver Installation Program (Version: 5.0)
AutoUpdate (Version: 1.1)
avast! Free Antivirus (Version: 7.0.1426.0)
Blue Iris (Version: 2.42.00)
Bluetooth Stack for Windows by Toshiba (Version: v5.00.10(T))
Bonjour (Version: 3.0.0.10)
C4USelfUpdater (Version: 1.00.0000)
CCleaner (Version: 3.14)
CCScore (Version: 7.00.0000.0001)
CD/DVD Drive Acoustic Silencer (Version: 2.00.02)
center (Version: 6.2.5.0)
Combined Community Codec Pack 2008-09-21 16:18 (Version: 2008.09.21.0)
ConvertXtoDVD 3.4.7.121 (Version: 3.4.7.121)
Desktop Dialer
DivX Codec (Version: 6.8.5)
DivX Converter (Version: 7.0.0)
DivX Player (Version: 7.0.0)
DivX Plus DirectShow Filters
DivX Version Checker (Version: 7.0.0.19)
DivX Web Player (Version: 1.4.2)
doPDF 7.2 printer
DVD MovieFactory for TOSHIBA (Version: 5.3)
EPSON Printer Software
ESSBrwr (Version: 7.01.0000.0001)
ESSCDBK (Version: 7.01.0000.0002)
ESScore (Version: 7.01.0000.0012)
essentials (Version: 6.0.14.0)
ESSgui (Version: 7.01.0000.0002)
ESSini (Version: 7.01.0000.0002)
ESSPCD (Version: 7.01.0000.0001)
ESSPDock (Version: 6.03.0001.0004)
ESSTOOLS (Version: 5.00.0000.0004)
essvatgt (Version: 7.01.0000.0001)
GetDiz 4.2 (Version: 4.2)
getPlus® for Adobe (Version: 1.5.2.35)
Google Chrome (Version: 18.0.1025.162)
Google Desktop (Version: 5.7.0806.10245)
Google Earth (Version: 4.2.181.2634)
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer (Version: 4.0.0.002)
Google Update Helper (Version: 1.3.21.111)
H.264 Decoder (Version: 1.0.0)
iCloud (Version: 1.0.2.17)
ImgBurn (Version: 2.5.4.0)
Intel® Graphics Media Accelerator Driver
iTunes (Version: 10.6.0.40)
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 31 (Version: 6.0.310)
Java™ SE Runtime Environment 6 (Version: 1.6.0.0)
kgcbaby (Version: 5.03.0000.0002)
kgchday (Version: 5.03.0000.0002)
kgchlwn (Version: 5.03.0000.0002)
kgcinvt (Version: 5.03.0000.0003)
kgckids (Version: 5.03.0000.0002)
kgcmove (Version: 5.03.0000.0003)
kgcvday (Version: 5.03.0000.0002)
Kodak AIO Printer (Version: 7.3.4.0)
KODAK AiO Software (Version: 7.3.8.20)
Kodak EasyShare software
Malwarebytes Anti-Malware version 1.60.1.1000 (Version: 1.60.1.1000)
Masque IGT Slots Little Green Men (Version: 1.0.1)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Corporation (Version: 9.1.0.0)
Microsoft LifeCam (Version: 3.60.253.0)
Microsoft Money Essentials (Version: 16)
Microsoft Money Shared Libraries (Version: 16.0.0.705)
Microsoft Office 2007 Primary Interop Assemblies (Version: 12.0.4518.1014)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel Viewer (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word Viewer 2003 (Version: 11.0.8173.0)
Microsoft Silverlight (Version: 4.1.10111.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Visual Studio 2005 Tools for Office Runtime (Version: 8.0.60940.0)
Microsoft Works (Version: 08.05.0818)
Microsoft XML Parser (Version: 8.20.8730.4)
MKV Splitter (Version: 1.0.0)
MobileMe Control Panel (Version: 3.1.8.0)
Mozilla Firefox 11.0 (x86 en-US) (Version: 11.0)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
Nero Burning ROM 10 (Version: 10.5.10300)
Nero BurningROM 10 Help (CHM) (Version: 10.5.10100)
Nero BurnRights 10 (Version: 4.2.10300.0.102)
Nero BurnRights 10 Help (CHM) (Version: 10.5.10000)
Nero Control Center 10 (Version: 10.2.10600.0.6)
Nero ControlCenter 10 Help (CHM) (Version: 10.5.10000)
Nero Core Components 10 (Version: 2.0.17400.8.2)
Nero Update (Version: 1.0.0018)
ocr (Version: 6.2.3.50)
OfotoXMI (Version: 7.01.0000.0001)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
PandoraRecovery (Remove Only)
Portrait Professional Studio 9.0 (Version: 9.0)
PreReq (Version: 6.2.3.0)
QuickTime (Version: 7.71.80.42)
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista (Version: 1.00.0000)
Realtek High Definition Audio Driver (Version: 6.0.1.5322)
SeaTools for Windows (Version: 1.2.0.5)
SFR (Version: 7.01.0000.0003)
SHASTA (Version: 7.01.0000.0001)
skin0001 (Version: 7.01.0000.0003)
SKINXSDK (Version: 7.01.0000.0001)
staticcr (Version: 7.01.0000.0005)
Synaptics Pointing Device Driver (Version: 12.2.11.0)
Texas Instruments PCIxx21/x515/xx12 drivers. (Version: 1.23.0000)
TIPCI (Version: 1.23.0000)
tooltips (Version: 7.01.0000.0001)
TOSHIBA Assist (Version: 2.00.00)
TOSHIBA ConfigFree (Version: 7.00.21)
TOSHIBA Disc Creator (Version: 2.0.0.0a)
TOSHIBA Extended Tiles for Windows Mobility Center (Version: 1.00.00)
TOSHIBA Flash Cards Support Utility (Version: 1.45.50.1C)
TOSHIBA Game Console
TOSHIBA Hardware Setup (Version: 1.45.50.8C)
TOSHIBA Media Center Game Console
Toshiba Registration (Version: 1.00.0000)
TOSHIBA SD Memory Utilities (Version: 1.6)
TOSHIBA Software Modem
TOSHIBA Software Upgrades (Version: 4.0)
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password (Version: 1.45.50.5C)
TOSHIBA Value Added Package (Version: 1.0.8)
TuneUp Utilities Language Pack (en-US) (Version: 10.0.4320.15)
TurboTax 2009
TurboTax 2009 WinBizFedFormset (Version: 009.000.0915)
TurboTax 2009 WinBizReleaseEngine (Version: 009.000.0236)
TurboTax 2009 WinBizTaxSupport (Version: 009.000.0167)
TurboTax 2009 WinPerFedFormset (Version: 009.000.2881)
TurboTax 2009 WinPerReleaseEngine (Version: 009.000.0328)
TurboTax 2009 WinPerTaxSupport (Version: 009.000.0245)
TurboTax 2009 wohiper (Version: 009.000.0853)
TurboTax 2009 wrapper (Version: 009.000.0145)
TurboTax 2010
TurboTax 2010 WinBizFedFormset (Version: 010.000.1695)
TurboTax 2010 WinBizReleaseEngine (Version: 010.000.0287)
TurboTax 2010 WinBizTaxSupport (Version: 010.000.1122)
TurboTax 2010 WinPerFedFormset (Version: 010.000.5821)
TurboTax 2010 WinPerReleaseEngine (Version: 010.000.0501)
TurboTax 2010 WinPerTaxSupport (Version: 010.000.0222)
TurboTax 2010 wohiper (Version: 010.000.1608)
TurboTax 2010 wrapper (Version: 010.000.0157)
TurboTax 2011
TurboTax 2011 WinBizFedFormset (Version: 011.000.1793)
TurboTax 2011 WinBizReleaseEngine (Version: 011.000.0487)
TurboTax 2011 WinBizTaxSupport (Version: 011.000.1323)
TurboTax 2011 WinPerFedFormset (Version: 011.000.2999)
TurboTax 2011 WinPerReleaseEngine (Version: 011.000.0495)
TurboTax 2011 WinPerTaxSupport (Version: 011.000.0214)
TurboTax 2011 wohiper (Version: 011.000.1629)
TurboTax 2011 wohsbpm (Version: 011.000.0377)
TurboTax 2011 wrapper (Version: 011.000.0121)
TurboTax Business 2009
TurboTax Business 2010
TurboTax Business 2011
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Utility Common Driver (Version: 0.0.50.4C)
VC 9.0 Runtime (Version: 1.0.0)
VC80CRTRedist - 8.0.50727.762 (Version: 1.0.0)
Video Snapshot and Thumbnail Maker 1.5.1 TRIAL
VLC media player 1.1.10 (Version: 1.1.10)
VPRINTOL (Version: 7.01.0000.0001)
Windows Live installer (Version: 12.0.1471.1025)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
Windows Vista Upgrade Advisor (Version: 1.0.4)
WinDVD for TOSHIBA (Version: 8.0-B6.107)
WinRAR archiver
WIRELESS (Version: 7.01.0000.0001)

========================= Devices: ================================

Name: isatap.Belkin
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


========================= Memory info: ===================================

Percentage of memory in use: 55%
Total physical RAM: 1525.38 MB
Available physical RAM: 673.27 MB
Total Pagefile: 3316.57 MB
Available Pagefile: 2312.2 MB
Total Virtual: 2047.88 MB
Available Virtual: 1940.03 MB

========================= Partitions: =====================================

1 Drive c: (SQ004286V02) (Fixed) (Total:110.32 GB) (Free:25.3 GB) NTFS

========================= Users: ========================================

User accounts for \\MADGE-PC

Administrator Guest madge


**** End of log ****

#5 gamestationoh

gamestationoh

    New Member

  • Members
  • Pip
  • 12 posts

Posted 18 April 2012 - 08:36 PM

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.18.07

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
madge :: MADGE-PC [administrator]

Protection: Disabled

4/18/2012 9:24:16 PM
mbam-log-2012-04-18 (21-24-16).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 198504
Time elapsed: 8 minute(s), 20 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#6 gamestationoh

gamestationoh

    New Member

  • Members
  • Pip
  • 12 posts

Posted 18 April 2012 - 09:04 PM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-18 21:48:26
-----------------------------
21:48:26.175 OS Version: Windows 6.0.6002 Service Pack 2
21:48:26.175 Number of processors: 2 586 0xE0C
21:48:26.175 ComputerName: MADGE-PC UserName: madge
21:48:28.125 Initialize success
21:48:29.139 AVAST engine defs: 12041802
21:49:02.242 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
21:49:02.258 Disk 0 Vendor: TOSHIBA_MK1237GSX DL130M Size: 114473MB BusType: 3
21:49:02.289 Disk 0 MBR read successfully
21:49:02.305 Disk 0 MBR scan
21:49:02.305 Disk 0 Windows VISTA default MBR code
21:49:02.336 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
21:49:02.336 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 112972 MB offset 3074048
21:49:02.352 Disk 0 scanning sectors +234440704
21:49:02.414 Disk 0 scanning C:\Windows\system32\drivers
21:49:18.560 Service scanning
21:49:57.488 Modules scanning
21:50:11.241 Disk 0 trace - called modules:
21:50:11.266 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys
21:50:11.636 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85016780]
21:50:11.643 3 CLASSPNP.SYS[8749f8b3] -> nt!IofCallDriver -> [0x84efe918]
21:50:11.651 5 acpi.sys[82e436bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x84edb678]
21:50:12.475 AVAST engine scan C:\Windows
21:50:18.825 AVAST engine scan C:\Windows\system32
21:56:25.116 AVAST engine scan C:\Windows\system32\drivers
21:56:46.262 AVAST engine scan C:\Users\madge
22:02:45.967 Disk 0 MBR has been saved successfully to "C:\Users\madge\Desktop\MBR.dat"
22:02:45.982 The log file has been saved successfully to "C:\Users\madge\Desktop\aswMBR.txt"

#7 Broni

Broni

    The Coolest BC Computer

  • BC Advisor
  • PipPipPipPipPipPip
  • 27,236 posts
  • Gender:Male
  • Location:Daly City, CA

Posted 18 April 2012 - 09:24 PM

All looks clean so far.

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif



#8 gamestationoh

gamestationoh

    New Member

  • Members
  • Pip
  • 12 posts

Posted 23 April 2012 - 08:40 PM

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-04-23 21:36:04
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 TOSHIBA_MK1237GSX rev.DL130M
Running: gmer.exe; Driver: C:\Users\madge\AppData\Local\Temp\uwloypod.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x8D141DF8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0x8D14285E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x8D1472E4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x8D147330]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x8D147422]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x8D147252]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x8D147374]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x8D14729A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x8D1473DC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x8D141E44]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x8D141AD6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x8D141E90]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x8D144D1C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x8D142B02]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x8D14730E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x8D147352]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x8D147446]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x8D147278]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x8D1473AE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x8D1472C2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x8D147400]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x8D1429CE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x8D141EDC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x8D141F28]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x8D141B46]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x8D141CEA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x8D141C92]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x8D141D5A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x8D141F74]

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!KeInsertQueue + 2FD 824A68F4 4 Bytes [F8, 1D, 14, 8D]
.text ntoskrnl.exe!KeInsertQueue + 381 824A6978 4 Bytes [5E, 28, 14, 8D]
.text ntoskrnl.exe!KeInsertQueue + 3C1 824A69B8 8 Bytes [E4, 72, 14, 8D, 30, 73, 14, ...]
.text ntoskrnl.exe!KeInsertQueue + 3CD 824A69C4 4 Bytes [22, 74, 14, 8D] {AND DH, [ESP+EDX-0x73]}
.text ntoskrnl.exe!KeInsertQueue + 3E5 824A69DC 4 Bytes [52, 72, 14, 8D]
.text ...
PAGE ntoskrnl.exe!ZwReplyWaitReceivePortEx + 110 8262655F 4 Bytes CALL 8D1431B5 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntoskrnl.exe!ZwAlpcSendWaitReceivePort + 121 82654013 4 Bytes CALL 8D1431CB \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateRectRgn + 4537 8183FC70 5 Bytes JMP 8D14567C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngEraseSurface + 104A 8184FE7E 5 Bytes JMP 8D14570C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + C20 81858ED9 5 Bytes JMP 8D1462EA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngTransparentBlt + 4A1 81859CC5 5 Bytes JMP 8D146450 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngTransparentBlt + 8C03 81862427 5 Bytes JMP 8D144D52 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 616 8186337E 5 Bytes JMP 8D1460BA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XFORMOBJ_iGetXform + 30F6 8186EAB7 5 Bytes JMP 8D145536 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XFORMOBJ_iGetXform + 4569 8186FF2A 5 Bytes JMP 8D144F84 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XFORMOBJ_iGetXform + 46B8 81870079 5 Bytes JMP 8D1457E6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XFORMOBJ_iGetXform + 4C4D 8187060E 5 Bytes JMP 8D1457FE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngMapFontFileFD + 119EE 81889A85 3 Bytes JMP 8D145384 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngMapFontFileFD + 119F2 81889A89 1 Byte [0B]
.text win32k.sys!EngMapFontFileFD + 11A42 81889AD9 5 Bytes JMP 8D145562 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 377F 818B0ABE 5 Bytes JMP 8D145F8C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 60DE 818B341D 5 Bytes JMP 8D144E4E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngMulDiv + 4D3F 818B9D6E 5 Bytes JMP 8D144FF4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBlt + 2B42 818C420C 5 Bytes JMP 8D1464F2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStrokePath + 5FF 818C70F4 5 Bytes JMP 8D144E66 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngLpkInstalled + 1D73 818D0F17 5 Bytes JMP 8D14607C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngAlphaBlend + B973 818E14A0 5 Bytes JMP 8D145724 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngNineGrid + 8C4 818E5692 5 Bytes JMP 8D146232 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngNineGrid + 6F65 818EBD33 5 Bytes JMP 8D146036 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCopyBits + B0F 818EF4CA 5 Bytes JMP 8D146180 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!STROBJ_vEnumStart + 4728 818F6DE9 5 Bytes JMP 8D144F22 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + E80 81915384 5 Bytes JMP 8D1451AC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!CLIPOBJ_bEnum + 248 8191AC02 5 Bytes JMP 8D1450B0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 26D9 8191E73A 5 Bytes JMP 8D1463A8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 375D 81936B04 5 Bytes JMP 8D14573C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngLineTo + A0F 8193CC47 3 Bytes JMP 8D145104 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngLineTo + A13 8193CC4B 1 Byte [0B]
.text win32k.sys!EngLineTo + D229 81949461 5 Bytes JMP 8D1452E4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngLineTo + 10C9A 8194CED2 5 Bytes JMP 8D145248 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[248] kernel32.dll!GetBinaryTypeW + 70 77852467 1 Byte [62]
.text C:\Program Files\Bonjour\mDNSResponder.exe[624] kernel32.dll!GetBinaryTypeW + 70 77852467 1 Byte [62]
.text C:\Windows\system32\csrss.exe[632] KERNEL32.dll!GetBinaryTypeW + 70 77852467 1 Byte [62]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[640] kernel32.dll!GetBinaryTypeW + 70 77852467 1 Byte [62]
.text C:\Windows\system32\csrss.exe[676] KERNEL32.dll!GetBinaryTypeW + 70 77852467 1 Byte [62]
.text ...
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1664] kernel32.dll!SetUnhandledExceptionFilter 7782A8C5 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1664] kernel32.dll!GetBinaryTypeW + 70 77852467 1 Byte [62]
.text C:\Windows\System32\spoolsv.exe[1776] kernel32.dll!GetBinaryTypeW + 70 77852467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1800] kernel32.dll!GetBinaryTypeW + 70 77852467 1 Byte [62]
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1948] kernel32.dll!GetBinaryTypeW + 70 77852467 1 Byte [62]
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1960] kernel32.dll!GetBinaryTypeW + 70 77852467 1 Byte [62]
.text ...

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\system32\services.exe[764] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00060002
IAT C:\Windows\system32\services.exe[764] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW] 00060000
IAT C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1664] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [73C6F6A0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software)
IAT C:\Windows\Explorer.EXE[3344] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74C87817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3344] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74CDA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3344] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [74C8BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3344] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [74C7F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3344] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74C875E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3344] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [74C7E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3344] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74CB8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3344] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [74C8DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3344] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [74C7FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3344] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [74C7FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3344] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74C771CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3344] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [74D0CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3344] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [74CAC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3344] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [74C7D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3344] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74C76853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3344] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [74C7687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3344] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74C82AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Program Files\AVAST Software\Avast\AvastUI.exe[3788] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [73C6F6A0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

#9 Broni

Broni

    The Coolest BC Computer

  • BC Advisor
  • PipPipPipPipPipPip
  • 27,236 posts
  • Gender:Male
  • Location:Daly City, CA

Posted 23 April 2012 - 08:43 PM

I don't see anything malicious.

I suggest you start new topic in Windows forum.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif



#10 gamestationoh

gamestationoh

    New Member

  • Members
  • Pip
  • 12 posts

Posted 23 April 2012 - 08:53 PM

Thank you!
Back to Am I infected? What do I do?


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Am I infected? What do I do?
  4. Privacy Policy
  5. Rules ·