Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

strange behaviour


  • Please log in to reply
9 replies to this topic

#1 goved

goved

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:03:14 PM

Posted 25 November 2011 - 04:17 AM

hi,i have something in my PC that doesn't allow to work properly.Some parts of start menu disappeared,the screen is blue-it has a picture on the desktop,some office documents can't be opened,when i'm at the chat room the PC "talk alone" using my nick name i just watching it,tried to scan with MBAM but it doesn't start.I use Windows XP/Pro version 2002,SP3,have two accounts-administrative one and user one and now can't start a safe mode with second one.Any help?

Edited by hamluis, 25 November 2011 - 05:13 AM.
Moved from XP to Am i Infected.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,176 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:14 PM

Posted 25 November 2011 - 03:42 PM

This infection family will also hide all the files on your computer from being seen. To make your files visible again, please download the following program to your desktop:

Unhide.exe

Once the program has been downloaded, double-click on the Unhide.exe icon on your desktop and allow the program to run. This program will remove the +H, or hidden, attribute from all the files on your hard drives. If there are any files that were purposely hidden by you, you will need to hide them again after this tool is run.

Reboot into Safe Mode with Networking
How to enter safe mode(XP/Vista)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode with Networking using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.


>>>> Download this file and doubleclick on it to run it. Allow the information to be merged with the registry.

RKill....

Download and Run RKill
  • Please download RKill by Grinler from one of the 4 links below and save it to your desktop.

    Link 1
    Link 2
    Link 3
    Link 4

  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply

Do not reboot your computer after running rkill as the malware programs will start again. Or if rebooting is required run it again.


If you continue having problems running rkill.com, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.



Next run Superantisypware (SAS):

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.


Now reboot to Normal and run MBAM (MalwareBytes):

Please download Malwarebytes Anti-Malware and save it to your desktop.
Download Link 1
Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

Troubleshoot Malwarebytes' Anti-Malware

Please ask any needed questions,post logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 goved

goved
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:03:14 PM

Posted 26 November 2011 - 06:43 AM

Hi,thanks for response,i still can't open the recycle bin,blue screen,can't create a new office document,i think my PC works a bit faster.MBAM didn't find anything as my first attempt cpl of days ago.It was a problem during downloading MBAM from the links-the browser redirected me to an error page and i got it from MBAM.com site.
i followed all the steps,there are my logs:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8245

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

26.11.2011 г. 13:39:19
mbam-log-2011-11-26 (13-39-19).txt

Scan type: Quick scan
Objects scanned: 179571
Time elapsed: 2 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


and SAS report


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/26/2011 at 12:15 PM

Application Version : 5.0.1136

Core Rules Database Version : 7988
Trace Rules Database Version: 5800

Scan type : Quick Scan
Total Scan Time : 00:01:22

Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned : 280
Memory threats detected : 0
Registry items scanned : 31876
Registry threats detected : 126
File items scanned : 6355
File threats detected : 2

Security.HiJack[ImageFileExecutionOptions]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DOTNET3.EXE
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DOTNET3.EXE#Debugger
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DOTNET3[1].EXE
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DOTNET3[1].EXE#Debugger
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DOTNET3[2].EXE
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DOTNET3[2].EXE#Debugger
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DOTNETFX.EXE
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DOTNETFX.EXE#Debugger
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DOTNETFX3.EXE
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DOTNETFX3.EXE#Debugger
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DOTNETFX30SP1SETUP.EXE
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DOTNETFX30SP1SETUP.EXE#Debugger
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DOTNETFX30SP1SETUP[1].EXE
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DOTNETFX30SP1SETUP[1].EXE#Debugger
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DOTNETFX30SP1SETUP[2].EXE
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DOTNETFX30SP1SETUP[2].EXE#Debugger
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DOTNETFX35.EXE
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DOTNETFX35.EXE#Debugger
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DOTNETFX35SETUP.EXE
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DOTNETFX35SETUP.EXE#Debugger
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DOTNETFX35SETUP[1].EXE
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DOTNETFX35SETUP[1].EXE#Debugger
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DOTNETFX35SETUP[2].EXE
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DOTNETFX35SETUP[2].EXE#Debugger
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DOTNETFX35[1].EXE
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DOTNETFX35[1].EXE#Debugger
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DOTNETFX35[2].EXE
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DOTNETFX35[2].EXE#Debugger
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DOTNETFX3SETUP.EXE
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DOTNETFX3SETUP.EXE#Debugger
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DOTNETFX3SETUP[1].EXE
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DOTNETFX3SETUP[1].EXE#Debugger
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DOTNETFX3SETUP[2].EXE
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DOTNETFX3SETUP[2].EXE#Debugger
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DOTNETFX3[1].EXE
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DOTNETFX3[1].EXE#Debugger
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DOTNETFX3[2].EXE
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DOTNETFX3[2].EXE#Debugger
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DOTNETFX3_IA64.EXE
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DOTNETFX3_IA64.EXE#Debugger
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DOTNETFX3_IA64[1].EXE
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DOTNETFX3_IA64[1].EXE#Debugger
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DOTNETFX3_IA64[2].EXE
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DOTNETFX3_IA64[2].EXE#Debugger
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DOTNETFX3_X64.EXE
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DOTNETFX3_X64.EXE#Debugger
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DOTNETFX3_X64[1].EXE
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DOTNETFX3_X64[1].EXE#Debugger
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DOTNETFX3_X64[2].EXE
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DOTNETFX3_X64[2].EXE#Debugger
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DOTNETFX[1].EXE
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DOTNETFX[1].EXE#Debugger
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DOTNETFX[2].EXE
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DOTNETFX[2].EXE#Debugger
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NETFX20SP1_IA64.EXE
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NETFX20SP1_IA64.EXE#Debugger
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NETFX20SP1_IA64[1].EXE
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NETFX20SP1_IA64[1].EXE#Debugger
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NETFX20SP1_IA64[2].EXE
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NETFX20SP1_IA64[2].EXE#Debugger
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NETFX20SP1_X64.EXE
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NETFX20SP1_X64.EXE#Debugger
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NETFX20SP1_X64[1].EXE
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NETFX20SP1_X64[1].EXE#Debugger
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NETFX20SP1_X64[2].EXE
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NETFX20SP1_X64[2].EXE#Debugger
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NETFX20SP1_X86.EXE
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NETFX20SP1_X86.EXE#Debugger
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NETFX20SP1_X86[1].EXE
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NETFX20SP1_X86[1].EXE#Debugger
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NETFX20SP1_X86[2].EXE
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NETFX20SP1_X86[2].EXE#Debugger
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NETFX20SP2_IA64.EXE
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NETFX20SP2_IA64.EXE#Debugger
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NETFX20SP2_IA64[1].EXE
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NETFX20SP2_IA64[1].EXE#Debugger
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NETFX20SP2_IA64[2].EXE
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NETFX20SP2_IA64[2].EXE#Debugger
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NETFX20SP2_X64.EXE
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NETFX20SP2_X64.EXE#Debugger
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NETFX20SP2_X64[1].EXE
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NETFX20SP2_X64[1].EXE#Debugger
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NETFX20SP2_X64[2].EXE
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NETFX20SP2_X64[2].EXE#Debugger
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NETFX20SP2_X86.EXE
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NETFX20SP2_X86.EXE#Debugger
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NETFX20SP2_X86[1].EXE
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NETFX20SP2_X86[1].EXE#Debugger
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NETFX20SP2_X86[2].EXE
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NETFX20SP2_X86[2].EXE#Debugger
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NETFX30SP1_X64.EXE
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NETFX30SP1_X64.EXE#Debugger
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NETFX30SP1_X64[1].EXE
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NETFX30SP1_X64[1].EXE#Debugger
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NETFX30SP1_X64[2].EXE
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NETFX30SP1_X64[2].EXE#Debugger
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NETFX30SP1_X86.EXE
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NETFX30SP1_X86.EXE#Debugger
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NETFX30SP1_X86[1].EXE
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NETFX30SP1_X86[1].EXE#Debugger
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NETFX30SP1_X86[2].EXE
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NETFX30SP1_X86[2].EXE#Debugger
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NETFX35_IA64.EXE
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NETFX35_IA64.EXE#Debugger
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NETFX35_IA64[1].EXE
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NETFX35_IA64[1].EXE#Debugger
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NETFX35_IA64[2].EXE
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NETFX35_IA64[2].EXE#Debugger
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NETFX35_X64.EXE
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NETFX35_X64.EXE#Debugger
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NETFX35_X64[1].EXE
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NETFX35_X64[1].EXE#Debugger
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NETFX35_X64[2].EXE
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NETFX35_X64[2].EXE#Debugger
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NETFX35_X86.EXE
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NETFX35_X86.EXE#Debugger
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NETFX35_X86[1].EXE
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NETFX35_X86[1].EXE#Debugger
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NETFX35_X86[2].EXE
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NETFX35_X86[2].EXE#Debugger
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NETFX64.EXE
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NETFX64.EXE#Debugger
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NETFX64[1].EXE
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NETFX64[1].EXE#Debugger
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NETFX64[2].EXE
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NETFX64[2].EXE#Debugger

Adware.Tracking Cookie
.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\USER1\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\USER1\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/26/2011 at 12:41 PM

Application Version : 5.0.1136

Core Rules Database Version : 7988
Trace Rules Database Version: 5800

Scan type : Complete Scan
Total Scan Time : 00:19:06

Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned : 251
Memory threats detected : 0
Registry items scanned : 36385
Registry threats detected : 0
File items scanned : 33830
File threats detected : 60

Adware.Tracking Cookie
.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\USER2\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.msnportal.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\USER2\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\DOCUMENTS AND SETTINGS\USER2\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\DOCUMENTS AND SETTINGS\USER2\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.h.atdmt.com [ C:\DOCUMENTS AND SETTINGS\USER2\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.h.atdmt.com [ C:\DOCUMENTS AND SETTINGS\USER2\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\DOCUMENTS AND SETTINGS\USER2\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.h.atdmt.com [ C:\DOCUMENTS AND SETTINGS\USER2\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.h.atdmt.com [ C:\DOCUMENTS AND SETTINGS\USER2\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.c.atdmt.com [ C:\DOCUMENTS AND SETTINGS\USER2\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.c.atdmt.com [ C:\DOCUMENTS AND SETTINGS\USER2\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\USER2\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\USER2\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\USER2\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\USER2\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\USER2\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\USER2\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\USER2\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.microsoftsto.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\USER2\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.kontera.com [ C:\DOCUMENTS AND SETTINGS\USER2\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
counter.search.bg [ C:\DOCUMENTS AND SETTINGS\USER2\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\USER2\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\USER2\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\DOCUMENTS AND SETTINGS\USER2\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.c.atdmt.com [ C:\DOCUMENTS AND SETTINGS\USER2\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.c.atdmt.com [ C:\DOCUMENTS AND SETTINGS\USER2\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.c.atdmt.com [ C:\DOCUMENTS AND SETTINGS\USER2\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.c.atdmt.com [ C:\DOCUMENTS AND SETTINGS\USER2\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\USER2\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.smartadserver.com [ C:\DOCUMENTS AND SETTINGS\USER2\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.smartadserver.com [ C:\DOCUMENTS AND SETTINGS\USER2\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.smartadserver.com [ C:\DOCUMENTS AND SETTINGS\USER2\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.smartadserver.com [ C:\DOCUMENTS AND SETTINGS\USER2\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.smartadserver.com [ C:\DOCUMENTS AND SETTINGS\USER2\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.yadro.ru [ C:\DOCUMENTS AND SETTINGS\USER2\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.yadro.ru [ C:\DOCUMENTS AND SETTINGS\USER2\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\USER2\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.statcounter.com [ C:\DOCUMENTS AND SETTINGS\USER2\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.specificclick.net [ C:\DOCUMENTS AND SETTINGS\USER2\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.zanox.com [ C:\DOCUMENTS AND SETTINGS\USER2\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\USER2\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\USER2\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\USER2\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adxpose.com [ C:\DOCUMENTS AND SETTINGS\USER2\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zanox.com [ C:\DOCUMENTS AND SETTINGS\USER2\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ghmedia.com [ C:\DOCUMENTS AND SETTINGS\USER2\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.247realmedia.com [ C:\DOCUMENTS AND SETTINGS\USER2\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\USER2\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.cmpmedica.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\USER2\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.www.burstnet.com [ C:\DOCUMENTS AND SETTINGS\USER2\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.burstnet.com [ C:\DOCUMENTS AND SETTINGS\USER2\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.burstnet.com [ C:\DOCUMENTS AND SETTINGS\USER2\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.martiniadnetwork.com [ C:\DOCUMENTS AND SETTINGS\USER2\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.martiniadnetwork.com [ C:\DOCUMENTS AND SETTINGS\USER2\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.martiniadnetwork.com [ C:\DOCUMENTS AND SETTINGS\USER2\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\USER2\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\USER2\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ads.lbimedia.com [ C:\DOCUMENTS AND SETTINGS\USER2\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.solvemedia.com [ C:\DOCUMENTS AND SETTINGS\USER2\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.solvemedia.com [ C:\DOCUMENTS AND SETTINGS\USER2\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

Edited by goved, 26 November 2011 - 09:13 AM.


#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,176 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:14 PM

Posted 26 November 2011 - 10:30 PM

Good,how's the Start menu?

Run these 2 now and see how it running after.
Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.





I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 goved

goved
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:03:14 PM

Posted 27 November 2011 - 06:10 AM

Well,i had a problems during following your steps.After i ran MiniToolsBox and report was created i wasn't able to apply it to the forum.When i do copy and try to paste here-nothing appears,just white empty field even i can't write any letter.I saved report as an attachement to my e-mail and now i'm writing from another computer and hope to send the report.Hope to be complete.It is strange but i saw many accounts in the report.I have only two-User1 and User2.User1 is admministrative,User2 i use only for surffing and office work.Where the rest came from i have no idea.Still have blue screen when i use User2 account and all of the shortcuts at the start menu missing.Does something in my PC try to hide or modify my attempts for recovery? Eset scanner didn't find anything.
There is my log made by MiniToolBox:
MiniToolBox by Farbar
Ran by User1 (administrator) on 27-11-2011 at 10:41:44
Microsoft Windows XP Service Pack 3 (X86)

***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================


127.0.0.1 localhost

========================= IP Configuration: ================================

NVIDIA nForce Networking Controller = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : pc1

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : slvn.ddns.bulsat.com



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : slvn.ddns.bulsat.com

Description . . . . . . . . . . . : NVIDIA nForce Networking Controller

Physical Address. . . . . . . . . : 00-19-66-87-32-25

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.0.114

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.0.1

DHCP Server . . . . . . . . . . . : 192.168.0.1

DNS Servers . . . . . . . . . . . : 46.40.72.9

192.168.0.1

Lease Obtained. . . . . . . . . . : 27 Ноември 2011 г. 10:38:10

Lease Expires . . . . . . . . . . : 04 Декември 2011 г. 10:38:10

DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 46.40.72.9

Name: google.com
Addresses: 74.125.39.106, 74.125.39.99, 74.125.39.103, 74.125.39.104
74.125.39.147, 74.125.39.105



Pinging google.com [74.125.39.106] with 32 bytes of data:



Reply from 74.125.39.106: bytes=32 time=49ms TTL=55

Reply from 74.125.39.106: bytes=32 time=49ms TTL=55



Ping statistics for 74.125.39.106:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 49ms, Maximum = 49ms, Average = 49ms

DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 46.40.72.9

Name: yahoo.com
Addresses: 209.191.122.70, 72.30.2.43, 98.137.149.56, 98.139.180.149



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:



Reply from 209.191.122.70: bytes=32 time=175ms TTL=45

Reply from 209.191.122.70: bytes=32 time=175ms TTL=45



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 175ms, Maximum = 175ms, Average = 175ms

DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 46.40.72.9

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Request timed out.

Request timed out.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 19 66 87 32 25 ...... NVIDIA nForce Networking Controller - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.114 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.0.0 255.255.255.0 192.168.0.114 192.168.0.114 20
192.168.0.114 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.0.255 255.255.255.255 192.168.0.114 192.168.0.114 20
224.0.0.0 240.0.0.0 192.168.0.114 192.168.0.114 20
255.255.255.255 255.255.255.255 192.168.0.114 192.168.0.114 1
Default Gateway: 192.168.0.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)


========================= Event log errors: ===============================

Application errors:
==================
Error: (10/06/2011 09:50:12 AM) (Source: Microsoft Management Console) (User: )
Description: mmc.exe5.2.3790.4136ntdll.dll5.1.2600.5512000109f9

Error: (10/03/2011 00:30:19 PM) (Source: Userenv) (User: SYSTEM)SYSTEM
Description: Windows ended GPO processing because the computer shut down or the user logged off.

Error: (07/22/2011 03:20:47 PM) (Source: MsiInstaller) (User: User2)User2
Description: Product: Skype™ 5.3 -- Error 1321. The Installer has insufficient privileges to modify this file: C:\Program Files\Skype\Phone\Skype.exe.

Error: (07/21/2011 10:50:39 AM) (Source: Google Update) (User: SYSTEM)SYSTEM
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://tools.google.com/service/update2
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0

Error: (07/21/2011 09:50:38 AM) (Source: Google Update) (User: SYSTEM)SYSTEM
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://tools.google.com/service/update2
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0

Error: (07/21/2011 08:50:37 AM) (Source: Google Update) (User: SYSTEM)SYSTEM
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://tools.google.com/service/update2
Trying config:
source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0

Error: (07/21/2011 07:50:36 AM) (Source: Google Update) (User: SYSTEM)SYSTEM
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://tools.google.com/service/update2
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0

Error: (07/11/2011 02:05:04 PM) (Source: MsiInstaller) (User: User2)User2
Description: Product: Skype™ 5.3 -- Error 1321. The Installer has insufficient privileges to modify this file: C:\Program Files\Skype\Phone\Skype.exe.

Error: (07/07/2011 07:47:00 AM) (Source: Google Update) (User: SYSTEM)SYSTEM
Description: Network Request Error.
Error: 0x80042194. Http status code: 404.
Url=https://tools.google.com/service/update2
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80042194. Http status code 404.

Error: (07/04/2011 02:47:14 PM) (Source: Google Update) (User: SYSTEM)SYSTEM
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://tools.google.com/service/update2
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0


System errors:
=============
Error: (11/26/2011 01:08:57 PM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (11/26/2011 00:22:47 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Aavmker4
AmdK8
aswSnx
aswSP
aswTdi
Fips
SASDIFSV
SASKUTIL

Error: (11/26/2011 00:21:35 PM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (11/26/2011 00:17:30 PM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (11/26/2011 11:57:41 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Aavmker4
AmdK8
aswSnx
aswSP
aswTdi
Fips

Error: (11/26/2011 11:56:30 AM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (10/26/2011 10:18:38 AM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).

Error: (10/20/2011 00:01:23 PM) (Source: 0) (User: )
Description: 0.0.0.0:2869

Error: (10/20/2011 00:01:21 PM) (Source: 0) (User: )
Description: 0.0.0.0:2869

Error: (10/17/2011 00:41:52 PM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 59 minutes.
NtpClient has no source of accurate time.


Microsoft Office Sessions:
=========================
Error: (10/06/2011 09:50:12 AM) (Source: Microsoft Management Console)(User: )
Description: mmc.exe5.2.3790.4136ntdll.dll5.1.2600.5512000109f9

Error: (10/03/2011 00:30:19 PM) (Source: Userenv)(User: SYSTEM)SYSTEM
Description:

Error: (07/22/2011 03:20:47 PM) (Source: MsiInstaller)(User: User2)User2
Description: Product: Skype™ 5.3 -- Error 1321. The Installer has insufficient privileges to modify this file: C:\Program Files\Skype\Phone\Skype.exe.(NULL)(NULL)(NULL)

Error: (07/21/2011 10:50:39 AM) (Source: Google Update)(User: SYSTEM)SYSTEM
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://tools.google.com/service/update2
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0

Error: (07/21/2011 09:50:38 AM) (Source: Google Update)(User: SYSTEM)SYSTEM
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://tools.google.com/service/update2
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0

Error: (07/21/2011 08:50:37 AM) (Source: Google Update)(User: SYSTEM)SYSTEM
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://tools.google.com/service/update2
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0

Error: (07/21/2011 07:50:36 AM) (Source: Google Update)(User: SYSTEM)SYSTEM
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://tools.google.com/service/update2
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config:
source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0

Error: (07/11/2011 02:05:04 PM) (Source: MsiInstaller)(User: User2)User2
Description: Product: Skype™ 5.3 -- Error 1321. The Installer has insufficient privileges to modify this file: C:\Program Files\Skype\Phone\Skype.exe.(NULL)(NULL)(NULL)

Error: (07/07/2011 07:47:00 AM) (Source: Google Update)(User: SYSTEM)SYSTEM
Description: Network Request Error.
Error: 0x80042194. Http status code: 404.
Url=https://tools.google.com/service/update2
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80042194. Http status code 404.

Error: (07/04/2011 02:47:14 PM) (Source: Google Update)(User: SYSTEM)SYSTEM
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://tools.google.com/service/update2
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0


=========================== Installed Programs ============================

Асистент за влизане на Windows Live (Version: 5.000.818.5)
Инструмент за качване на Windows Live (Version: 14.0.8014.1029)
µTorrent (Version: 2.2.1)
32 Bit HP CIO Components Installer (Version: 1.0.0)
470_Help (Version: 1.00.0000)
470_Readme (Version: 1.00.0000)
7-Zip 9.20
Adobe Flash Player 10 ActiveX (Version: 10.2.153.1)
Adobe Flash Player 10 Plugin (Version: 10.2.153.1)
Adobe Reader X (10.0.1) (Version: 10.0.1)
avast! Free Antivirus (Version: 6.0.1091.0)
BPD_HPSU (Version: 1.00.0000)
BPDSoftware (Version: 50.0.165.000)
BPDSoftware_Ini (Version: 1.00.0000)
BufferChm (Version: 90.0.146.000)
Bulgarian (Phonetic) - REAL (Version: 1.0.3.40)
CCleaner (Version: 3.06)
CustomerResearchQFolder (Version: 1.00.0000)
Defraggler (Version: 2.04)
DeviceDiscovery (Version: 90.0.205.000)
DeviceManagementQFolder (Version: 1.00.0000)
eSupportQFolder (Version: 1.00.0000)
Google Chrome (Version: 15.0.874.121)
Google SketchUp 8 (Version: 3.0.3117)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Update Helper (Version: 1.3.21.79)
H470 (Version: 50.0.165.000)
HP Customer Participation Program 9.0 (Version: 9.0)
HP Imaging Device Functions 9.0 (Version: 9.0)
HP Officejet H470 Series (Version: 1.0)
HP Solution Center 9.0 (Version: 9.0)
HPProductAssistant (Version: 90.0.146.000)
Java Auto Updater (Version: 2.0.3.1)
Java™ 6 Update 24 (Version: 6.0.240)
K-Lite Codec Pack 7.0.0 (Full) (Version: 7.0.0)
Malwarebytes' Anti-Malware version 1.51.2.1300 (Version: 1.51.2.1300)
MarketResearch (Version: 90.0.146.000)
Microsoft .NET Framework 2.0 Client Service Pack 2 (Version: 3.5.30729)
Microsoft .NET Framework 3.0 Client Service Pack 2 (Version: 3.5.30729)
Microsoft .NET Framework 3.5 Client Service Pack 1 (Version: 3.5.30729)
Microsoft .NET Framework Client Profile (Version: 3.5)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003 (Version: 11.0.7969.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Mozilla Firefox 4.0 (x86 bg) (Version: 4.0)
MPM (Version: 1.00.0000)
MSVCRT (Version: 14.0.1468.721)
NVIDIA Drivers
Opera 11.10 (Version: 11.10.2092)
Picasa 3 (Version: 3.8)
ProductContext (Version: 50.0.165.000)
Realtek High Definition Audio Driver (Version: 5.10.0.5286)
Recuva (Version: 1.40)
SA Dictionary 2010 Beta 1 (Version: 6.10.1)
Segoe UI (Version: 14.0.4327.805)
Skype Toolbars (Version: 5.3.7280)
Skype™ 5.3 (Version: 5.3.108)
SolutionCenter (Version: 90.0.146.000)
StarCam Clip (Version: 5.16.0.301)
Status (Version: 90.0.146.000)
SUPERAntiSpyware (Version: 5.0.1136)
Toolbox (Version: 90.0.146.000)
Total Commander (Remove or Repair) (Version: 7.56a)
TrayApp (Version: 90.0.146.000)
WebFldrs XP (Version: 9.50.7523)
WebReg (Version: 90.0.146.000)
Winamp (Version: 5.601 )
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0) (Version: 05/27/2006 1.3.2.0)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live Messenger (Version: 14.0.8117.0416)
Windows Media Format 11 runtime
Windows Media Player 11
WinRAR 4.00 (32-битова версия) (Version: 4.00.0)

========================= Memory info: ===================================

Percentage of memory in use: 30%
Total physical RAM: 1791.23 MB
Available physical RAM: 1236.6 MB
Total Pagefile: 3686 MB
Available Pagefile: 3223.06 MB
Total Virtual: 2047.88 MB
Available Virtual: 1973.46 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:19.53 GB) (Free:13.07 GB) NTFS
2 Drive d: () (Fixed) (Total:576.64 GB) (Free:442 GB) NTFS

========================= Users: ========================================

User accounts for \\PC1

Administrator Guest HelpAssistant
SUPPORT_388945a0 User1 User2

========================= Minidump Files ==================================

No minidump file found

**** End of log ****

P.S. I wrote this post twice-my fist was edited by someone and part of the post was deleted.I put the missing part again.

Edited by goved, 27 November 2011 - 12:04 PM.


#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,176 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:14 PM

Posted 27 November 2011 - 01:23 PM

Do you speak Russian? There are some apps in Russian on here.

Lets take one more look.

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 goved

goved
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:03:14 PM

Posted 28 November 2011 - 05:07 AM

yes,i could manage apps in Russian,i ran Gmer and there is my log:
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-11-28 11:09:16
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP5T0L0-14 WDC_WD6400AAKS-08A7B0 rev.01.03B01
Running: 7eplg53x.exe; Driver: C:\DOCUME~1\User1\LOCALS~1\Temp\pxtdapow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xB60A2202]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xB6108C48]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xB60C66A1]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xB60A47F0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xB60A4848]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xB60A495E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xB60C6055]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xB60A4746]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xB60A4898]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xB60A479A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xB60A490C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xB60A2226]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xB60C6D67]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xB60C701D]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xB60A4BE2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xB60C6BD2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xB60C6A3D]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xB6108CF8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xB60A1FF0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xB60A224A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xB60A4D56]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xB60A2CDA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xB60A4820]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xB60A4870]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xB60A4988]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xB60C63B1]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xB60A4772]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xB60A4A1A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xB60A48D8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xB60A47C8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xB60A4AFE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xB60A4936]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xB6108D90]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xB60C68B8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xB60A2BA0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xB60C670A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xB6111CAE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xB60C56C8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xB60A226E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xB60A2292]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xB60A204A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xB60A2186]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xB60C6E6E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xB60A2162]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xB60A21AA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xB60A22B6]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xB611E762]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2C8C 80504518 5 Bytes [98, 48, 0A, B6, 9A]
.text ntkrnlpa.exe!ZwCallbackReturn + 2C92 8050451E 2 Bytes [0A, B6]
.text ntkrnlpa.exe!ZwCallbackReturn + 2DB8 80504644 5 Bytes [D8, 48, 0A, B6, C8] {FMUL DWORD [EAX+0xa]; MOV DH, 0xc8}
.text ntkrnlpa.exe!ZwCallbackReturn + 2DBE 8050464A 2 Bytes [0A, B6]
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 805A648C 4 Bytes CALL B60A3335 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC512 5 Bytes JMP B611A11E \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 805C2F96 5 Bytes JMP B611BBBC \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D1136 7 Bytes JMP B611E766 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xBA052360, 0x2456AE, 0xE8000020]
.text win32k.sys!EngFreeUserMem + 674 BF809FDF 5 Bytes JMP B60A5CA2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSurface + 45 BF8138FE 5 Bytes JMP B60A5BAE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!BRUSHOBJ_pvAllocRbrush + 320C BF81E743 5 Bytes JMP B60A4E70 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngSetLastError + 7657 BF82868B 5 Bytes JMP B60A4F34 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateBitmap + 698 BF838560 5 Bytes JMP B60A5E0C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateBitmap + BB6 BF838A7E 5 Bytes JMP B60A5B1E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateBitmap + 3605 BF83B4CD 5 Bytes JMP B60A6014 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateBitmap + D9AB BF845873 5 Bytes JMP B60A4FA4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngMultiByteToWideChar + 2F20 BF8527E0 5 Bytes JMP B60A4E58 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngMultiByteToWideChar + 84B4 BF857D74 5 Bytes JMP B60A5F72 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 23AD BF873983 5 Bytes JMP B60A5D54 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBlt + 37BB BF87882D 5 Bytes JMP B60A5BD8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetCurrentCodePage + 413A BF890AD9 5 Bytes JMP B60A52FE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 4B52 BF8B3770 5 Bytes JMP B60A5180 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 4BDD BF8B37FB 5 Bytes JMP B60A5326 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngAlphaBlend + 9286 BF8C31E7 5 Bytes JMP B60A503E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_bCloseFigure + 19CE BF8ED991 5 Bytes JMP B60A4D8C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_bCloseFigure + D4C6 BF8F9489 5 Bytes JMP B60A50AE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_bCloseFigure + D746 BF8F9709 5 Bytes JMP B60A50E8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 1994 BF912612 5 Bytes JMP B60A4EF0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 2568 BF9131E6 5 Bytes JMP B60A5008 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 4F29 BF915BA7 5 Bytes JMP B60A5440 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 1931 BF9438F8 5 Bytes JMP B60A5ECA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\svchost.exe[164] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[164] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[164] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[164] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[164] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 002B1014
.text C:\WINDOWS\System32\svchost.exe[164] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\svchost.exe[164] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\svchost.exe[164] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\System32\svchost.exe[164] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 002B0E10
.text C:\WINDOWS\System32\svchost.exe[164] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\svchost.exe[164] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\svchost.exe[164] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\svchost.exe[164] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\System32\svchost.exe[164] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\System32\svchost.exe[164] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\System32\svchost.exe[164] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\svchost.exe[164] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\svchost.exe[260] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[260] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[260] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[260] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[260] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[260] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[260] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[260] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[260] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[260] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[260] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[260] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[260] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[260] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[260] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[260] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[260] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\System32\alg.exe[592] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\alg.exe[592] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[592] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\alg.exe[592] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[592] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\alg.exe[592] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\alg.exe[592] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\alg.exe[592] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\alg.exe[592] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\alg.exe[592] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 002C1014
.text C:\WINDOWS\System32\alg.exe[592] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 002C0804
.text C:\WINDOWS\System32\alg.exe[592] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 002C0A08
.text C:\WINDOWS\System32\alg.exe[592] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\System32\alg.exe[592] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 002C0E10
.text C:\WINDOWS\System32\alg.exe[592] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\alg.exe[592] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 002C03FC
.text C:\WINDOWS\System32\alg.exe[592] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 002C0600
.text C:\WINDOWS\System32\smss.exe[672] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[720] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[720] KERNEL32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[744] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000701F8
.text C:\WINDOWS\system32\winlogon.exe[744] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[744] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000703FC
.text C:\WINDOWS\system32\winlogon.exe[744] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[744] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\winlogon.exe[744] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\winlogon.exe[744] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\winlogon.exe[744] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\winlogon.exe[744] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\winlogon.exe[744] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\winlogon.exe[744] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\winlogon.exe[744] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\winlogon.exe[744] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\winlogon.exe[744] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\winlogon.exe[744] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\winlogon.exe[744] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\winlogon.exe[744] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\services.exe[788] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\services.exe[788] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[788] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\services.exe[788] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[788] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\services.exe[788] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\services.exe[788] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\services.exe[788] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\services.exe[788] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\services.exe[788] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\services.exe[788] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\services.exe[788] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\services.exe[788] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\services.exe[788] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\services.exe[788] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\services.exe[788] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\services.exe[788] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\lsass.exe[800] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\lsass.exe[800] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[800] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\lsass.exe[800] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[800] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\lsass.exe[800] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\lsass.exe[800] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\lsass.exe[800] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\lsass.exe[800] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\lsass.exe[800] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\lsass.exe[800] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\lsass.exe[800] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\lsass.exe[800] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\lsass.exe[800] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\lsass.exe[800] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\lsass.exe[800] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\lsass.exe[800] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\svchost.exe[964] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[964] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[964] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[964] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[964] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[964] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[964] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[964] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[964] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[964] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[964] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[964] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[964] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[964] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[964] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[964] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\svchost.exe[1012] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1012] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1012] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1012] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1012] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1012] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1012] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1012] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1012] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1012] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1012] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1012] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1012] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1012] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1012] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1012] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\System32\svchost.exe[1052] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[1052] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1052] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[1052] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1052] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 002B1014
.text C:\WINDOWS\System32\svchost.exe[1052] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\svchost.exe[1052] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\svchost.exe[1052] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\System32\svchost.exe[1052] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 002B0E10
.text C:\WINDOWS\System32\svchost.exe[1052] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\svchost.exe[1052] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\svchost.exe[1052] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\svchost.exe[1052] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\System32\svchost.exe[1052] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\System32\svchost.exe[1052] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\System32\svchost.exe[1052] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\svchost.exe[1052] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\svchost.exe[1160] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1160] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1160] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1160] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1160] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1160] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1160] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1160] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1160] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1160] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1160] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1160] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1160] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1160] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1160] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1160] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\svchost.exe[1196] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1196] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1196] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1196] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 002C1014
.text C:\WINDOWS\system32\svchost.exe[1196] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1196] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1196] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\system32\svchost.exe[1196] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 002C0E10
.text C:\WINDOWS\system32\svchost.exe[1196] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1196] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\svchost.exe[1196] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1196] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
.text C:\WINDOWS\system32\svchost.exe[1196] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
.text C:\WINDOWS\system32\svchost.exe[1196] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
.text C:\WINDOWS\system32\svchost.exe[1196] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
.text C:\WINDOWS\system32\svchost.exe[1196] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1392] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1392] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1392] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1708] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\spoolsv.exe[1708] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1708] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\spoolsv.exe[1708] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1708] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\spoolsv.exe[1708] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\spoolsv.exe[1708] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\spoolsv.exe[1708] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\spoolsv.exe[1708] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\spoolsv.exe[1708] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\spoolsv.exe[1708] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\spoolsv.exe[1708] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\spoolsv.exe[1708] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\spoolsv.exe[1708] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\spoolsv.exe[1708] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\spoolsv.exe[1708] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\spoolsv.exe[1708] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1804] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001501F8
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1804] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1804] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001503FC
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1804] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1804] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1804] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1804] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1804] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1804] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1804] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 003A1014
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1804] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 003A0804
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1804] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 003A0A08
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1804] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 003A0C0C
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1804] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 003A0E10
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1804] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 003A01F8
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1804] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 003A03FC
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1804] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 003A0600
.text C:\WINDOWS\system32\svchost.exe[1860] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1860] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1860] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1860] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1860] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1860] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1860] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1860] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1860] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1860] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1860] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1860] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1860] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1860] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1860] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1860] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1860] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\Program Files\Java\jre6\bin\jqs.exe[1896] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001501F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[1896] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1896] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001503FC
.text C:\Program Files\Java\jre6\bin\jqs.exe[1896] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1896] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 00391014
.text C:\Program Files\Java\jre6\bin\jqs.exe[1896] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 00390804
.text C:\Program Files\Java\jre6\bin\jqs.exe[1896] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 00390A08
.text C:\Program Files\Java\jre6\bin\jqs.exe[1896] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 00390C0C
.text C:\Program Files\Java\jre6\bin\jqs.exe[1896] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 00390E10
.text C:\Program Files\Java\jre6\bin\jqs.exe[1896] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 003901F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[1896] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 003903FC
.text C:\Program Files\Java\jre6\bin\jqs.exe[1896] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 00390600
.text C:\Program Files\Java\jre6\bin\jqs.exe[1896] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\Java\jre6\bin\jqs.exe[1896] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\Java\jre6\bin\jqs.exe[1896] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\Java\jre6\bin\jqs.exe[1896] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[1896] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\WINDOWS\System32\svchost.exe[1972] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[1972] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1972] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[1972] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1972] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 002B1014
.text C:\WINDOWS\System32\svchost.exe[1972] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\svchost.exe[1972] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\svchost.exe[1972] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\System32\svchost.exe[1972] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 002B0E10
.text C:\WINDOWS\System32\svchost.exe[1972] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\svchost.exe[1972] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\svchost.exe[1972] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\svchost.exe[1972] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\System32\svchost.exe[1972] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\System32\svchost.exe[1972] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\System32\svchost.exe[1972] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\svchost.exe[1972] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\nvsvc32.exe[2040] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001401F8
.text C:\WINDOWS\system32\nvsvc32.exe[2040] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\system32\nvsvc32.exe[2040] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001403FC
.text C:\WINDOWS\system32\nvsvc32.exe[2040] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\nvsvc32.exe[2040] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text C:\WINDOWS\system32\nvsvc32.exe[2040] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text C:\WINDOWS\system32\nvsvc32.exe[2040] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text C:\WINDOWS\system32\nvsvc32.exe[2040] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text C:\WINDOWS\system32\nvsvc32.exe[2040] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text C:\WINDOWS\system32\nvsvc32.exe[2040] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 00391014
.text C:\WINDOWS\system32\nvsvc32.exe[2040] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 00390804
.text C:\WINDOWS\system32\nvsvc32.exe[2040] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 00390A08
.text C:\WINDOWS\system32\nvsvc32.exe[2040] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 00390C0C
.text C:\WINDOWS\system32\nvsvc32.exe[2040] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 00390E10
.text C:\WINDOWS\system32\nvsvc32.exe[2040] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 003901F8
.text C:\WINDOWS\system32\nvsvc32.exe[2040] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 003903FC
.text C:\WINDOWS\system32\nvsvc32.exe[2040] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 00390600
.text C:\WINDOWS\system32\wscntfy.exe[2368] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\wscntfy.exe[2368] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\system32\wscntfy.exe[2368] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\wscntfy.exe[2368] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\wscntfy.exe[2368] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
.text C:\WINDOWS\system32\wscntfy.exe[2368] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
.text C:\WINDOWS\system32\wscntfy.exe[2368] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
.text C:\WINDOWS\system32\wscntfy.exe[2368] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
.text C:\WINDOWS\system32\wscntfy.exe[2368] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
.text C:\WINDOWS\system32\wscntfy.exe[2368] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 002E1014
.text C:\WINDOWS\system32\wscntfy.exe[2368] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 002E0804
.text C:\WINDOWS\system32\wscntfy.exe[2368] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 002E0A08
.text C:\WINDOWS\system32\wscntfy.exe[2368] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 002E0C0C
.text C:\WINDOWS\system32\wscntfy.exe[2368] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 002E0E10
.text C:\WINDOWS\system32\wscntfy.exe[2368] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 002E01F8
.text C:\WINDOWS\system32\wscntfy.exe[2368] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 002E03FC
.text C:\WINDOWS\system32\wscntfy.exe[2368] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 002E0600
.text C:\WINDOWS\Explorer.EXE[2444] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8
.text C:\WINDOWS\Explorer.EXE[2444] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[2444] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC
.text C:\WINDOWS\Explorer.EXE[2444] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[2444] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 002C1014
.text C:\WINDOWS\Explorer.EXE[2444] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 002C0804
.text C:\WINDOWS\Explorer.EXE[2444] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 002C0A08
.text C:\WINDOWS\Explorer.EXE[2444] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\Explorer.EXE[2444] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 002C0E10
.text C:\WINDOWS\Explorer.EXE[2444] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 002C01F8
.text C:\WINDOWS\Explorer.EXE[2444] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 002C03FC
.text C:\WINDOWS\Explorer.EXE[2444] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 002C0600
.text C:\WINDOWS\Explorer.EXE[2444] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
.text C:\WINDOWS\Explorer.EXE[2444] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
.text C:\WINDOWS\Explorer.EXE[2444] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
.text C:\WINDOWS\Explorer.EXE[2444] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
.text C:\WINDOWS\Explorer.EXE[2444] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
.text C:\WINDOWS\RTHDCPL.EXE[2636] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001401F8
.text C:\WINDOWS\RTHDCPL.EXE[2636] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\RTHDCPL.EXE[2636] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001403FC
.text C:\WINDOWS\RTHDCPL.EXE[2636] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\RTHDCPL.EXE[2636] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 00381014
.text C:\WINDOWS\RTHDCPL.EXE[2636] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 00380804
.text C:\WINDOWS\RTHDCPL.EXE[2636] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 00380A08
.text C:\WINDOWS\RTHDCPL.EXE[2636] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 00380C0C
.text C:\WINDOWS\RTHDCPL.EXE[2636] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 00380E10
.text C:\WINDOWS\RTHDCPL.EXE[2636] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 003801F8
.text C:\WINDOWS\RTHDCPL.EXE[2636] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 003803FC
.text C:\WINDOWS\RTHDCPL.EXE[2636] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 00380600
.text C:\WINDOWS\RTHDCPL.EXE[2636] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\WINDOWS\RTHDCPL.EXE[2636] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\WINDOWS\RTHDCPL.EXE[2636] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\WINDOWS\RTHDCPL.EXE[2636] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\WINDOWS\RTHDCPL.EXE[2636] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[2684] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[2684] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2692] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001501F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2692] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2692] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001503FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2692] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2692] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 003A1014
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2692] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 003A0804
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2692] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 003A0A08
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2692] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 003A0C0C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2692] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 003A0E10
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2692] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 003A01F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2692] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 003A03FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2692] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 003A0600
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2692] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003B0804
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2692] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003B0A08
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2692] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003B0600
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2692] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003B01F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2692] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003B03FC
.text C:\WINDOWS\tsnpstd3.exe[2708] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001501F8
.text C:\WINDOWS\tsnpstd3.exe[2708] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\tsnpstd3.exe[2708] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001503FC
.text C:\WINDOWS\tsnpstd3.exe[2708] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\tsnpstd3.exe[2708] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\WINDOWS\tsnpstd3.exe[2708] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\WINDOWS\tsnpstd3.exe[2708] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\WINDOWS\tsnpstd3.exe[2708] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\WINDOWS\tsnpstd3.exe[2708] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\WINDOWS\tsnpstd3.exe[2708] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 003A1014
.text C:\WINDOWS\tsnpstd3.exe[2708] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 003A0804
.text C:\WINDOWS\tsnpstd3.exe[2708] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 003A0A08
.text C:\WINDOWS\tsnpstd3.exe[2708] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 003A0C0C
.text C:\WINDOWS\tsnpstd3.exe[2708] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 003A0E10
.text C:\WINDOWS\tsnpstd3.exe[2708] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 003A01F8
.text C:\WINDOWS\tsnpstd3.exe[2708] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 003A03FC
.text C:\WINDOWS\tsnpstd3.exe[2708] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 003A0600
.text C:\WINDOWS\vsnpstd3.exe[2724] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001401F8
.text C:\WINDOWS\vsnpstd3.exe[2724] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\vsnpstd3.exe[2724] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001403FC
.text C:\WINDOWS\vsnpstd3.exe[2724] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\vsnpstd3.exe[2724] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text C:\WINDOWS\vsnpstd3.exe[2724] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text C:\WINDOWS\vsnpstd3.exe[2724] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text C:\WINDOWS\vsnpstd3.exe[2724] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text C:\WINDOWS\vsnpstd3.exe[2724] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text C:\WINDOWS\vsnpstd3.exe[2724] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 00391014
.text C:\WINDOWS\vsnpstd3.exe[2724] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 00390804
.text C:\WINDOWS\vsnpstd3.exe[2724] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 00390A08
.text C:\WINDOWS\vsnpstd3.exe[2724] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 00390C0C
.text C:\WINDOWS\vsnpstd3.exe[2724] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 00390E10
.text C:\WINDOWS\vsnpstd3.exe[2724] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 003901F8
.text C:\WINDOWS\vsnpstd3.exe[2724] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 003903FC
.text C:\WINDOWS\vsnpstd3.exe[2724] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 00390600
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2732] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001401F8
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2732] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2732] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001403FC
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2732] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2732] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2732] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2732] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2732] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2732] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2732] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 00391014
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2732] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 00390804
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2732] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 00390A08
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2732] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 00390C0C
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2732] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 00390E10
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2732] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 003901F8
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2732] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 003903FC
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2732] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 00390600
.text C:\WINDOWS\system32\ctfmon.exe[2740] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000A01F8
.text C:\WINDOWS\system32\ctfmon.exe[2740] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[2740] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000A03FC
.text C:\WINDOWS\system32\ctfmon.exe[2740] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[2740] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 002C1014
.text C:\WINDOWS\system32\ctfmon.exe[2740] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\ctfmon.exe[2740] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\ctfmon.exe[2740] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\system32\ctfmon.exe[2740] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 002C0E10
.text C:\WINDOWS\system32\ctfmon.exe[2740] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\ctfmon.exe[2740] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\ctfmon.exe[2740] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\ctfmon.exe[2740] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
.text C:\WINDOWS\system32\ctfmon.exe[2740] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
.text C:\WINDOWS\system32\ctfmon.exe[2740] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
.text C:\WINDOWS\system32\ctfmon.exe[2740] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
.text C:\WINDOWS\system32\ctfmon.exe[2740] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2812] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001501F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2812] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2812] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001503FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2812] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2812] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 00391014
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2812] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 00390804
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2812] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 00390A08
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2812] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 00390C0C
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2812] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 00390E10
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2812] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 003901F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2812] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 003903FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2812] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 00390600
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2812] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2812] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2812] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2812] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2812] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\Documents and Settings\User1\Desktop\7eplg53x.exe[2852] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\Documents and Settings\User1\Desktop\7eplg53x.exe[2852] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3316] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001501F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3316] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3316] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001503FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3316] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3316] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3316] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3316] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3316] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3316] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3316] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 003A1014
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3316] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 003A0804
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3316] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 003A0A08
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3316] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 003A0C0C
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3316] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 003A0E10
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3316] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 003A01F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3316] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 003A03FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3316] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 003A0600
.text C:\WINDOWS\system32\wuauclt.exe[3976] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000A01F8
.text C:\WINDOWS\system32\wuauclt.exe[3976] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\system32\wuauclt.exe[3976] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000A03FC
.text C:\WINDOWS\system32\wuauclt.exe[3976] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\wuauclt.exe[3976] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
.text C:\WINDOWS\system32\wuauclt.exe[3976] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
.text C:\WINDOWS\system32\wuauclt.exe[3976] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
.text C:\WINDOWS\system32\wuauclt.exe[3976] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
.text C:\WINDOWS\system32\wuauclt.exe[3976] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
.text C:\WINDOWS\system32\wuauclt.exe[3976] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 002E1014
.text C:\WINDOWS\system32\wuauclt.exe[3976] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 002E0804
.text C:\WINDOWS\system32\wuauclt.exe[3976] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 002E0A08
.text C:\WINDOWS\system32\wuauclt.exe[3976] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 002E0C0C
.text C:\WINDOWS\system32\wuauclt.exe[3976] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 002E0E10
.text C:\WINDOWS\system32\wuauclt.exe[3976] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 002E01F8
.text C:\WINDOWS\system32\wuauclt.exe[3976] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 002E03FC
.text C:\WINDOWS\system32\wuauclt.exe[3976] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 002E0600

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[788] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 005E0002
IAT C:\WINDOWS\system32\services.exe[788] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 005E0000

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- EOF - GMER 1.0.15 ----

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,176 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:14 PM

Posted 28 November 2011 - 10:39 PM

Ok,Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.


We need to repair some of windows' internal registration settings
  • Please download Dial-A-Fix from one of the following mirrors:
  • Extract the zip file to your desktop.
  • Double click Dial-a-Fix.exe to start the program.
  • Press the green double checkmark box (Looks like this: Posted Image)
  • UNcheck "Empty Temp Folders", as well as "Adjust Time/Date" in the prep section. The prep section should then look like this:
    Posted Image
  • When the window looks like this, press the GO button in the bottom of the window.
    Posted Image
  • Exit/Close Dial-A-Fix

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 goved

goved
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:03:14 PM

Posted 29 November 2011 - 05:13 AM

there is a log, i checked User1 account:i saw a different reports
Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 3 x86
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
avast! Free Antivirus
ESET Online Scanner v3
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
CCleaner
Java™ 6 Update 24
Out of date Java installed!
Adobe Flash Player ( 10.2.153.1) Flash Player Out of Date!
Adobe Reader X (10.0.1) Adobe Reader Out of Date!
Mozilla Firefox (x86 bg..)
````````````````````````````````
Process Check:
objlist.exe by Laurent

AVAST Software Avast AvastSvc.exe
AVAST Software Avast avastUI.exe
``````````End of Log````````````

i put here log user2 account:
Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 3 x86
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
avast! Free Antivirus
ESET Online Scanner v3
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
CCleaner
Java™ 6 Update 24
Out of date Java installed!
Adobe Flash Player ( 10.2.153.1) Flash Player Out of Date!
Adobe Reader X (10.0.1) Adobe Reader Out of Date!
Mozilla Firefox (x86 bg..)
````````````````````````````````
Process Check:
objlist.exe by Laurent

system32 AvastSvc.exe -?-
``````````End of Log````````````

and there is a log from Dial-a-fix:

Notes about this log:
1) "->" denotes an external command being executed, and "-> (number)" indicates
the return code from the previous command
2) Not all external command return codes are accurate, or useful
3) Sometimes commands return 0 (no error) even when they fail or crash
4) If an error occurs while registering an object, please send an email to:
dial-a-fix@DjLizard.net and include a copy of this log

DAF version: v0.60.0.24

--- System info ---
OS: Microsoft Windows XP Service Pack 3
IE version: 7.0.5730.13
MPC: 55274-640
CPU: AMD Athlon™ 64 X2 Dual Core Processor 4200+ (~2220MHz)
CPU: CPU is 64-bit or has 64-bit extensions
CPU: 2 CPU cores present
BIOS: 09.4.2008 г.
Memory (approx): 1791MB
Uptime: 0 hour(s)
Current directory: C:\DOCUME~1\User1\LOCALS~1\Temp\Rar$EX17.736\Dial-a-fix-v0.60.0.24
---

29.11.2011 г. 12:35:56 -- Dial-a-fix : [v0.60.0.24] -- started
12:35:56 | Policy scan started
12:35:56 | Policy scan ended - no restrictive policies were found
--- MSI ---
12:36:03 | Registered: C:\WINDOWS\system32\msi.dll
--- Windows Update ---
--- Registration: Windows Update/Automatic Update DLLs ---
12:36:12 | Unregistered: C:\WINDOWS\system32\msxml.dll
12:36:12 | Registered: C:\WINDOWS\system32\msxml.dll
12:36:12 | Unregistered: C:\WINDOWS\system32\msxml2.dll
12:36:13 | Registered: C:\WINDOWS\system32\msxml2.dll
12:36:14 | Unregistered: C:\WINDOWS\system32\msxml3.dll
12:36:14 | Registered: C:\WINDOWS\system32\msxml3.dll
12:36:14 | Unregistered: C:\WINDOWS\system32\qmgr.dll
12:36:14 | Registered: C:\WINDOWS\system32\qmgr.dll
12:36:14 | Unregistered: C:\WINDOWS\system32\qmgrprxy.dll
12:36:14 | Registered: C:\WINDOWS\system32\qmgrprxy.dll
12:36:14 | Unregistered: C:\WINDOWS\system32\winhttp.dll
12:36:14 | Registered: C:\WINDOWS\system32\winhttp.dll
12:36:14 | Registered: C:\WINDOWS\system32\wuapi.dll
12:36:14 | Unregistered: C:\WINDOWS\system32\wuaueng.dll
12:36:15 | Registered: C:\WINDOWS\system32\wuaueng.dll
12:36:15 | Unregistered: C:\WINDOWS\system32\wuaueng1.dll
12:36:15 | Registered: C:\WINDOWS\system32\wuaueng1.dll
12:36:15 | Unregistered: C:\WINDOWS\system32\wucltui.dll
12:36:15 | Registered: C:\WINDOWS\system32\wucltui.dll
12:36:15 | Unregistered: C:\WINDOWS\system32\wups.dll
12:36:15 | Registered: C:\WINDOWS\system32\wups.dll
12:36:15 | Unregistered: C:\WINDOWS\system32\wuweb.dll
12:36:15 | Registered: C:\WINDOWS\system32\wuweb.dll
12:36:15 | Registered: C:\WINDOWS\system32\ole32.dll
--- SSL/HTTPS/Cryptography ---
12:36:25 | Executed 'cmd.exe /c rmdir /q /s C:\WINDOWS\system32\Catroot2'
--- Registration: SSL/HTTPS/Cryptography ---
12:36:30 | Unregistered: C:\WINDOWS\system32\cryptdlg.dll
12:36:30 | Registered: C:\WINDOWS\system32\cryptdlg.dll
12:36:30 | Unregistered: C:\WINDOWS\system32\cryptui.dll
12:36:30 | Registered: C:\WINDOWS\system32\cryptui.dll
12:36:30 | Unregistered: C:\WINDOWS\system32\cryptext.dll
12:36:30 | Registered: C:\WINDOWS\system32\cryptext.dll
12:36:30 | Unregistered: C:\WINDOWS\system32\dssenh.dll
12:36:30 | Registered: C:\WINDOWS\system32\dssenh.dll
12:36:30 | Unregistered: C:\WINDOWS\system32\gpkcsp.dll
12:36:30 | Registered: C:\WINDOWS\system32\gpkcsp.dll
12:36:30 | Unregistered: C:\WINDOWS\system32\initpki.dll
12:36:46 | Registered: C:\WINDOWS\system32\initpki.dll
12:36:46 | Unregistered: C:\WINDOWS\system32\licdll.dll
12:36:46 | Registered: C:\WINDOWS\system32\licdll.dll
12:36:46 | Unregistered: C:\WINDOWS\system32\mssign32.dll
12:36:46 | Registered: C:\WINDOWS\system32\mssign32.dll
12:36:46 | Unregistered: C:\WINDOWS\system32\mssip32.dll
12:36:47 | Registered: C:\WINDOWS\system32\mssip32.dll
12:36:47 | Unregistered: C:\WINDOWS\system32\scardssp.dll
12:36:47 | Registered: C:\WINDOWS\system32\scardssp.dll
12:36:47 | Unregistered: C:\WINDOWS\system32\sccbase.dll
12:36:47 | Registered: C:\WINDOWS\system32\sccbase.dll
12:36:47 | Unregistered: C:\WINDOWS\system32\scecli.dll
12:36:47 | Registered: C:\WINDOWS\system32\scecli.dll
12:36:47 | Unregistered: C:\WINDOWS\system32\softpub.dll
12:36:47 | Registered: C:\WINDOWS\system32\softpub.dll
12:36:47 | Unregistered: C:\WINDOWS\system32\slbcsp.dll
12:36:48 | Registered: C:\WINDOWS\system32\slbcsp.dll
12:36:48 | Unregistered: C:\WINDOWS\system32\regwizc.dll
12:36:48 | Registered: C:\WINDOWS\system32\regwizc.dll
12:36:48 | Unregistered: C:\WINDOWS\system32\rsaenh.dll
12:36:48 | Registered: C:\WINDOWS\system32\rsaenh.dll
12:36:48 | Unregistered: C:\WINDOWS\system32\winhttp.dll
12:36:48 | Registered: C:\WINDOWS\system32\winhttp.dll
12:36:48 | Unregistered: C:\WINDOWS\system32\wintrust.dll
12:36:48 | Registered: C:\WINDOWS\system32\wintrust.dll
--- Registration: ActiveX controls/codecs ---
12:36:48 | Registered: C:\WINDOWS\system32\acelpdec.ax
12:36:48 | Registered: C:\WINDOWS\system32\actxprxy.dll
12:36:48 | Registered: C:\WINDOWS\system32\asctrls.ocx
12:36:48 | Registered: C:\WINDOWS\system32\daxctle.ocx
12:36:48 | Registered: C:\WINDOWS\system32\hhctrl.ocx
12:36:49 | Registered: C:\WINDOWS\system32\l3codecx.ax
12:36:49 | Registered: C:\WINDOWS\system32\licmgr10.dll
12:36:49 | Registered: C:\WINDOWS\system32\mpg4ds32.ax
12:36:50 | Registered: C:\WINDOWS\system32\msdxm.ocx
12:36:50 | Registered: C:\WINDOWS\system32\proctexe.ocx
12:36:50 | Registered: C:\WINDOWS\system32\tdc.ocx
12:36:50 | Registered: C:\WINDOWS\system32\wshom.ocx
--- Registration: Control Panel applets ---
12:36:51 | DllInstalled: C:\WINDOWS\system32\inetcpl.cpl
12:36:51 | DllInstalled: C:\WINDOWS\system32\nusrmgr.cpl
12:36:51 | Registered: C:\WINDOWS\system32\nusrmgr.cpl
--- Registration: Direct[X|Draw|Show|Media] ---
12:36:52 | Registered: C:\WINDOWS\system32\quartz.dll
12:36:52 | Registered: C:\WINDOWS\system32\danim.dll
12:36:52 | Registered: C:\WINDOWS\system32\dmscript.dll
12:36:52 | Registered: C:\WINDOWS\system32\dmstyle.dll
12:36:52 | Registered: C:\WINDOWS\system32\dxmasf.dll
12:36:52 | Registered: C:\WINDOWS\system32\dxtmsft.dll
12:36:52 | Registered: C:\WINDOWS\system32\dxtrans.dll
12:36:52 | Registered: C:\WINDOWS\system32\sbe.dll
--- Registration: Programming cores/runtimes ---
12:36:52 | Registered: C:\WINDOWS\system32\atl.dll
12:36:52 | Registered: C:\WINDOWS\system32\corpol.dll
12:36:52 | Registered: C:\WINDOWS\system32\jscript.dll
12:36:52 | Registered: C:\WINDOWS\system32\dispex.dll
12:36:52 | Registered: C:\WINDOWS\system32\scrrun.dll
12:36:52 | Registered: C:\WINDOWS\system32\scrobj.dll
12:36:52 | Registered: C:\WINDOWS\system32\vbscript.dll
12:36:52 | Registered: C:\WINDOWS\system32\wshext.dll
--- Registration: Explorer/IE/OE/shell/WMP ---
12:36:53 | Registered: C:\WINDOWS\system32\activeds.dll
12:36:53 | Registered: C:\WINDOWS\system32\audiodev.dll
12:36:53 | Registered: C:\WINDOWS\system32\browsewm.dll
12:36:53 | Registered: C:\WINDOWS\system32\cabview.dll
12:36:53 | Registered: C:\WINDOWS\system32\cdfview.dll
12:36:53 | Registered: C:\WINDOWS\system32\clbcatex.dll
12:36:53 | Registered: C:\WINDOWS\system32\clbcatq.dll
12:36:53 | Registered: C:\WINDOWS\system32\comcat.dll
12:36:53 | Registered: C:\WINDOWS\system32\cscui.dll
12:36:53 | Registered: C:\WINDOWS\system32\credui.dll
12:36:53 | Registered: C:\WINDOWS\system32\datime.dll
12:36:53 | Registered: C:\WINDOWS\system32\devmgr.dll
12:36:53 | Registered: C:\WINDOWS\system32\dfsshlex.dll
12:36:54 | Registered: C:\WINDOWS\system32\dmdlgs.dll
12:36:54 | Registered: C:\WINDOWS\system32\dmdskmgr.dll
12:36:54 | Registered: C:\WINDOWS\system32\dmloader.dll
12:36:54 | Registered: C:\WINDOWS\system32\dmocx.dll
12:36:54 | Registered: C:\WINDOWS\system32\dmview.ocx
12:36:54 | DllInstalled: C:\WINDOWS\system32\dsuiext.dll
12:36:54 | Registered: C:\WINDOWS\system32\dsuiext.dll
12:36:54 | DllInstalled: C:\WINDOWS\system32\dsquery.dll
12:36:54 | Registered: C:\WINDOWS\system32\dsquery.dll
12:36:54 | Registered: C:\WINDOWS\system32\dskquoui.dll
12:36:54 | Registered: C:\WINDOWS\system32\els.dll
12:36:54 | Registered: C:\WINDOWS\system32\es.dll
12:36:54 | Registered: C:\WINDOWS\system32\fontext.dll
12:36:54 | Registered: C:\WINDOWS\system32\hlink.dll
12:36:54 | Registered: C:\WINDOWS\system32\hnetcfg.dll
12:36:54 | Registered: C:\WINDOWS\system32\iedkcs32.dll
12:36:54 | Registered: C:\WINDOWS\system32\iepeers.dll
12:36:55 | Registered: C:\WINDOWS\system32\ils.dll
12:36:55 | Registered: C:\WINDOWS\system32\inetcfg.dll
12:36:55 | Registered: C:\WINDOWS\system32\inetcomm.dll
12:36:55 | Registered: C:\WINDOWS\system32\laprxy.dll
12:36:55 | Registered: C:\WINDOWS\system32\lmrt.dll
12:36:55 | Registered: C:\WINDOWS\system32\mlang.dll
12:36:56 | Registered: C:\WINDOWS\system32\mmcndmgr.dll
12:36:56 | Registered: C:\WINDOWS\system32\mmcshext.dll
12:36:56 | Registered: C:\WINDOWS\system32\mscoree.dll
12:36:56 | Registered: C:\WINDOWS\system32\mshtmled.dll
12:36:56 | Registered: C:\WINDOWS\system32\msoeacct.dll
12:36:56 | Registered: C:\WINDOWS\system32\msr2c.dll
12:36:56 | DllInstalled: C:\WINDOWS\system32\mydocs.dll
12:36:56 | Registered: C:\WINDOWS\system32\mydocs.dll
12:36:56 | Registered: C:\WINDOWS\system32\mstime.dll
12:36:56 | Registered: C:\WINDOWS\system32\netcfgx.dll
12:36:56 | DllInstalled: C:\WINDOWS\system32\netplwiz.dll
12:36:57 | Registered: C:\WINDOWS\system32\netplwiz.dll
12:36:57 | Registered: C:\WINDOWS\system32\netman.dll
12:36:57 | Registered: C:\WINDOWS\system32\netshell.dll
12:36:57 | Registered: C:\WINDOWS\system32\ntmsevt.dll
12:36:57 | Registered: C:\WINDOWS\system32\ntmsmgr.dll
12:36:57 | DllInstalled: C:\WINDOWS\system32\ntmssvc.dll
12:36:57 | Registered: C:\WINDOWS\system32\ntmssvc.dll
12:36:57 | DllInstalled: C:\WINDOWS\system32\occache.dll
12:36:57 | Registered: C:\WINDOWS\system32\occache.dll
12:36:57 | Registered: C:\WINDOWS\system32\ole32.dll
12:36:57 | Registered: C:\WINDOWS\system32\oleaut32.dll
12:36:57 | Registered: C:\WINDOWS\system32\oleacc.dll
12:36:57 | Registered: C:\WINDOWS\system32\olepro32.dll
12:36:57 | DllInstalled: C:\WINDOWS\system32\photowiz.dll
12:36:57 | Registered: C:\WINDOWS\system32\photowiz.dll
12:36:57 | Registered: C:\WINDOWS\system32\remotepg.dll
12:36:57 | Registered: C:\WINDOWS\system32\rpcrt4.dll
12:36:57 | Registered: C:\WINDOWS\system32\rshx32.dll
12:36:58 | Registered: C:\WINDOWS\system32\sendmail.dll
12:36:58 | Registered: C:\WINDOWS\system32\slayerxp.dll
12:36:58 | Registered: C:\WINDOWS\system32\shell32.dll
12:37:00 | DllInstalled: C:\WINDOWS\system32\shell32.dll
12:37:00 | Registered: C:\WINDOWS\system32\shmedia.dll
12:37:00 | DllInstalled: C:\WINDOWS\system32\shimgvw.dll
12:37:01 | Registered: C:\WINDOWS\system32\shimgvw.dll
12:37:01 | DllInstalled: C:\WINDOWS\system32\shsvcs.dll
12:37:01 | Registered: C:\WINDOWS\system32\shsvcs.dll
12:37:01 | Registered: C:\WINDOWS\system32\srclient.dll
12:37:01 | Unregistered: C:\WINDOWS\system32\stobject.dll
12:37:01 | Registered: C:\WINDOWS\system32\stobject.dll
12:37:01 | Registered: C:\WINDOWS\system32\twext.dll
12:37:01 | DllInstalled: C:\WINDOWS\system32\urlmon.dll
12:37:01 | Registered: C:\WINDOWS\system32\urlmon.dll
12:37:01 | Registered: C:\WINDOWS\system32\userenv.dll
12:37:01 | Registered: C:\WINDOWS\system32\winhttp.dll
12:37:01 | DllInstalled: C:\WINDOWS\system32\wininet.dll
12:37:01 | Registered: C:\WINDOWS\system32\zipfldr.dll
12:37:01 | Registered: C:\Program Files\Common Files\system\Ole DB\msdadc.dll
12:37:01 | Registered: C:\Program Files\Common Files\system\Ole DB\msdaenum.dll
12:37:01 | Registered: C:\Program Files\Common Files\system\Ole DB\msdaer.dll
12:37:01 | Registered: C:\Program Files\Common Files\system\Ole DB\msdaipp.dll
12:37:01 | Registered: C:\Program Files\Common Files\system\Ole DB\msdaora.dll
12:37:01 | Registered: C:\Program Files\Common Files\system\Ole DB\msdaosp.dll
12:37:01 | Registered: C:\Program Files\Common Files\system\Ole DB\msdaps.dll
12:37:02 | Registered: C:\Program Files\Common Files\system\Ole DB\msdasc.dll
12:37:02 | Registered: C:\Program Files\Common Files\system\Ole DB\msdasql.dll
12:37:02 | Registered: C:\Program Files\Common Files\system\Ole DB\msdatt.dll
12:37:02 | Registered: C:\Program Files\Common Files\system\Ole DB\msdaurl.dll
12:37:02 | Registered: C:\Program Files\Common Files\system\Ole DB\msdmeng.dll
12:37:02 | Registered: C:\Program Files\Common Files\system\Ole DB\msdmine.dll
12:37:02 | Registered: C:\Program Files\Common Files\system\Ole DB\msmdcb80.dll
12:37:02 | Registered: C:\Program Files\Common Files\system\Ole DB\msmdgd80.dll
12:37:02 | Registered: C:\Program Files\Common Files\system\Ole DB\msolap80.dll
12:37:03 | Registered: C:\Program Files\Common Files\system\Ole DB\msolui80.dll
12:37:03 | Registered: C:\Program Files\Common Files\system\Ole DB\msxactps.dll
12:37:03 | Registered: C:\Program Files\Common Files\system\Ole DB\oledb32.dll
12:37:03 | Registered: C:\Program Files\Common Files\system\Ole DB\oledb32r.dll
12:37:03 | Registered: C:\Program Files\Common Files\system\Ole DB\sqloledb.dll
12:37:03 | Registered: C:\Program Files\Common Files\system\Ole DB\sqlxmlx.dll

must i check User2 account with Dial-a-fix?When i try to open recycle bin icon it says The properties for this item are not available and gives an options-Open,Explore,Open CCleaner,Starting CCleaner,Create Shortcut,Properties

Edited by goved, 29 November 2011 - 06:10 AM.


#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,176 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:14 PM

Posted 30 November 2011 - 10:17 PM

User 2 may not have Admin rights... You can run it if it'll run there.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users