Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

malwarebytes acting suspicious


  • Please log in to reply
9 replies to this topic

#1 eno-spreads-magic

eno-spreads-magic

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:02 AM

Posted 23 February 2012 - 09:57 AM

hi
I have issues with my computer that i believed fixed but have come back.
I ran superantispyware and quarantined - Trojan.Agent/Gen-fareit and multiple adware tracking cookies.
But when i tried to run malwarebytes the program froze, which i thought id heard could be an infection taking control of the program.
i uninstalled malwarebytes and once complete i tried to update it which immediately closes and i have to open it again.
Anyway i just ignored the update and tried a normal scan..this too forces the program to close!!
Im sorry if this issue has already been covered, i did look but couldn't find an exact same issue thread.
Can you help? maybe i have a root-kit or something?
Thanks for your time

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:02 AM

Posted 23 February 2012 - 10:21 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)


Please download GMER from here(doesnot work on 64 bit OS)

http://www2.gmer.net/download.php

Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.

GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)

If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
Now click the Scan button. If you see a rootkit warning window, click OK.
When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
Click the Copy button and paste the results into your next reply.


Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

#3 eno-spreads-magic

eno-spreads-magic
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:02 AM

Posted 24 February 2012 - 08:10 AM

Hi
Thanks for the very quick reply and help, I have downloaded and ran said programs and here are logs -

11:24:28.0437 3804 TDSS rootkit removing tool 2.7.14.0 Feb 22 2012 16:54:49
11:24:28.0562 3804 ============================================================
11:24:28.0562 3804 Current date / time: 2012/02/24 11:24:28.0562
11:24:28.0562 3804 SystemInfo:
11:24:28.0562 3804
11:24:28.0562 3804 OS Version: 5.1.2600 ServicePack: 3.0
11:24:28.0562 3804 Product type: Workstation
11:24:28.0562 3804 ComputerName: SPECKLED-B87335
11:24:28.0562 3804 UserName: Us
11:24:28.0562 3804 Windows directory: I:\WINDOWS
11:24:28.0562 3804 System windows directory: I:\WINDOWS
11:24:28.0562 3804 Processor architecture: Intel x86
11:24:28.0562 3804 Number of processors: 1
11:24:28.0562 3804 Page size: 0x1000
11:24:28.0562 3804 Boot type: Normal boot
11:24:28.0562 3804 ============================================================
11:24:30.0343 3804 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
11:24:30.0437 3804 \Device\Harddisk0\DR0:
11:24:30.0437 3804 MBR used
11:24:30.0437 3804 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950A5C1
11:24:30.0515 3804 Initialize success
11:24:30.0515 3804 ============================================================
11:24:47.0921 3880 ============================================================
11:24:47.0921 3880 Scan started
11:24:47.0921 3880 Mode: Manual; TDLFS;
11:24:47.0921 3880 ============================================================
11:24:49.0015 3880 Aavmker4 (b6de0336f9f4b687b4ff57939f7b657a) I:\WINDOWS\system32\drivers\Aavmker4.sys
11:24:49.0015 3880 Aavmker4 - ok
11:24:49.0046 3880 Abiosdsk - ok
11:24:49.0062 3880 abp480n5 - ok
11:24:49.0171 3880 ACPI (8fd99680a539792a30e97944fdaecf17) I:\WINDOWS\system32\DRIVERS\ACPI.sys
11:24:49.0187 3880 ACPI - ok
11:24:49.0250 3880 ACPIEC (9859c0f6936e723e4892d7141b1327d5) I:\WINDOWS\system32\drivers\ACPIEC.sys
11:24:49.0265 3880 ACPIEC - ok
11:24:49.0281 3880 adpu160m - ok
11:24:49.0359 3880 aec (8bed39e3c35d6a489438b8141717a557) I:\WINDOWS\system32\drivers\aec.sys
11:24:49.0421 3880 aec - ok
11:24:49.0500 3880 AFD (1e44bc1e83d8fd2305f8d452db109cf9) I:\WINDOWS\System32\drivers\afd.sys
11:24:49.0515 3880 AFD - ok
11:24:49.0625 3880 Aha154x - ok
11:24:49.0671 3880 aic78u2 - ok
11:24:49.0703 3880 aic78xx - ok
11:24:49.0906 3880 ALCXSENS (ba88534a3ceb6161e7432438b9ea4f54) I:\WINDOWS\system32\drivers\ALCXSENS.SYS
11:24:50.0062 3880 ALCXSENS - ok
11:24:50.0171 3880 ALCXWDM (6725434f5eb0a975b7716d68566e5d86) I:\WINDOWS\system32\drivers\ALCXWDM.SYS
11:24:50.0343 3880 ALCXWDM - ok
11:24:50.0390 3880 AliIde - ok
11:24:50.0406 3880 amsint - ok
11:24:50.0453 3880 asc - ok
11:24:50.0500 3880 asc3350p - ok
11:24:50.0531 3880 asc3550 - ok
11:24:50.0625 3880 aswFsBlk (054df24c92b55427e0757cfff160e4f2) I:\WINDOWS\system32\drivers\aswFsBlk.sys
11:24:50.0625 3880 aswFsBlk - ok
11:24:50.0656 3880 aswMon2 (ef0e9ad83380724bd6fbbb51d2d0f5b8) I:\WINDOWS\system32\drivers\aswMon2.sys
11:24:50.0671 3880 aswMon2 - ok
11:24:50.0750 3880 aswRdr (352d5a48ebab35a7693b048679304831) I:\WINDOWS\system32\drivers\aswRdr.sys
11:24:50.0765 3880 aswRdr - ok
11:24:50.0890 3880 aswSnx (8d34d2b24297e27d93e847319abfdec4) I:\WINDOWS\system32\drivers\aswSnx.sys
11:24:50.0953 3880 aswSnx - ok
11:24:51.0078 3880 aswSP (010012597333da1f46c3243f33f8409e) I:\WINDOWS\system32\drivers\aswSP.sys
11:24:51.0125 3880 aswSP - ok
11:24:51.0203 3880 aswTdi (f9f84364416658e9786235904d448d37) I:\WINDOWS\system32\drivers\aswTdi.sys
11:24:51.0218 3880 aswTdi - ok
11:24:51.0296 3880 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) I:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:24:51.0312 3880 AsyncMac - ok
11:24:51.0375 3880 atapi (9f3a2f5aa6875c72bf062c712cfa2674) I:\WINDOWS\system32\DRIVERS\atapi.sys
11:24:51.0375 3880 atapi - ok
11:24:51.0406 3880 Atdisk - ok
11:24:51.0453 3880 Atmarpc (9916c1225104ba14794209cfa8012159) I:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:24:51.0468 3880 Atmarpc - ok
11:24:51.0546 3880 audstub (d9f724aa26c010a217c97606b160ed68) I:\WINDOWS\system32\DRIVERS\audstub.sys
11:24:51.0562 3880 audstub - ok
11:24:51.0656 3880 Beep (da1f27d85e0d1525f6621372e7b685e9) I:\WINDOWS\system32\drivers\Beep.sys
11:24:51.0656 3880 Beep - ok
11:24:51.0875 3880 catchme - ok
11:24:51.0953 3880 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) I:\WINDOWS\system32\drivers\cbidf2k.sys
11:24:51.0968 3880 cbidf2k - ok
11:24:52.0078 3880 CCDECODE (0be5aef125be881c4f854c554f2b025c) I:\WINDOWS\system32\DRIVERS\CCDECODE.sys
11:24:52.0109 3880 CCDECODE - ok
11:24:52.0187 3880 cd20xrnt - ok
11:24:52.0234 3880 Cdaudio (c1b486a7658353d33a10cc15211a873b) I:\WINDOWS\system32\drivers\Cdaudio.sys
11:24:52.0234 3880 Cdaudio - ok
11:24:52.0312 3880 Cdfs (c885b02847f5d2fd45a24e219ed93b32) I:\WINDOWS\system32\drivers\Cdfs.sys
11:24:52.0328 3880 Cdfs - ok
11:24:52.0375 3880 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) I:\WINDOWS\system32\DRIVERS\cdrom.sys
11:24:52.0390 3880 Cdrom - ok
11:24:52.0406 3880 Changer - ok
11:24:52.0484 3880 CmdIde - ok
11:24:52.0531 3880 Cpqarray - ok
11:24:52.0562 3880 dac2w2k - ok
11:24:52.0593 3880 dac960nt - ok
11:24:52.0640 3880 Disk (044452051f3e02e7963599fc8f4f3e25) I:\WINDOWS\system32\DRIVERS\disk.sys
11:24:52.0656 3880 Disk - ok
11:24:52.0718 3880 dmboot (d992fe1274bde0f84ad826acae022a41) I:\WINDOWS\system32\drivers\dmboot.sys
11:24:52.0750 3880 dmboot - ok
11:24:52.0781 3880 dmio (7c824cf7bbde77d95c08005717a95f6f) I:\WINDOWS\system32\drivers\dmio.sys
11:24:52.0781 3880 dmio - ok
11:24:52.0843 3880 dmload (e9317282a63ca4d188c0df5e09c6ac5f) I:\WINDOWS\system32\drivers\dmload.sys
11:24:52.0843 3880 dmload - ok
11:24:52.0921 3880 DMusic (8a208dfcf89792a484e76c40e5f50b45) I:\WINDOWS\system32\drivers\DMusic.sys
11:24:52.0953 3880 DMusic - ok
11:24:53.0031 3880 dpti2o - ok
11:24:53.0078 3880 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) I:\WINDOWS\system32\drivers\drmkaud.sys
11:24:53.0093 3880 drmkaud - ok
11:24:53.0187 3880 Fastfat (38d332a6d56af32635675f132548343e) I:\WINDOWS\system32\drivers\Fastfat.sys
11:24:53.0203 3880 Fastfat - ok
11:24:53.0281 3880 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) I:\WINDOWS\system32\drivers\Fdc.sys
11:24:53.0296 3880 Fdc - ok
11:24:53.0359 3880 Fips (d45926117eb9fa946a6af572fbe1caa3) I:\WINDOWS\system32\drivers\Fips.sys
11:24:53.0375 3880 Fips - ok
11:24:53.0421 3880 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) I:\WINDOWS\system32\drivers\Flpydisk.sys
11:24:53.0421 3880 Flpydisk - ok
11:24:53.0515 3880 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) I:\WINDOWS\system32\drivers\fltmgr.sys
11:24:53.0531 3880 FltMgr - ok
11:24:53.0625 3880 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) I:\WINDOWS\system32\drivers\Fs_Rec.sys
11:24:53.0640 3880 Fs_Rec - ok
11:24:53.0687 3880 Ftdisk (6ac26732762483366c3969c9e4d2259d) I:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:24:53.0703 3880 Ftdisk - ok
11:24:53.0765 3880 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) I:\WINDOWS\system32\DRIVERS\msgpc.sys
11:24:53.0781 3880 Gpc - ok
11:24:53.0859 3880 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) I:\WINDOWS\system32\DRIVERS\hidusb.sys
11:24:53.0890 3880 HidUsb - ok
11:24:53.0984 3880 hpn - ok
11:24:54.0062 3880 HPZid412 (30ca91e657cede2f95359d6ef186f650) I:\WINDOWS\system32\DRIVERS\HPZid412.sys
11:24:54.0062 3880 HPZid412 - ok
11:24:54.0171 3880 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) I:\WINDOWS\system32\DRIVERS\HPZipr12.sys
11:24:54.0171 3880 HPZipr12 - ok
11:24:54.0203 3880 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) I:\WINDOWS\system32\DRIVERS\HPZius12.sys
11:24:54.0203 3880 HPZius12 - ok
11:24:54.0265 3880 HTTP (f80a415ef82cd06ffaf0d971528ead38) I:\WINDOWS\system32\Drivers\HTTP.sys
11:24:54.0296 3880 HTTP - ok
11:24:54.0328 3880 i2omgmt - ok
11:24:54.0359 3880 i2omp - ok
11:24:54.0453 3880 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) I:\WINDOWS\system32\DRIVERS\i8042prt.sys
11:24:54.0468 3880 i8042prt - ok
11:24:54.0531 3880 Imapi (083a052659f5310dd8b6a6cb05edcf8e) I:\WINDOWS\system32\DRIVERS\imapi.sys
11:24:54.0546 3880 Imapi - ok
11:24:54.0609 3880 ini910u - ok
11:24:54.0640 3880 IntelIde - ok
11:24:54.0718 3880 intelppm (8c953733d8f36eb2133f5bb58808b66b) I:\WINDOWS\system32\DRIVERS\intelppm.sys
11:24:54.0718 3880 intelppm - ok
11:24:54.0812 3880 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) I:\WINDOWS\system32\drivers\ip6fw.sys
11:24:54.0828 3880 Ip6Fw - ok
11:24:54.0890 3880 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) I:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:24:54.0906 3880 IpFilterDriver - ok
11:24:54.0968 3880 IpInIp (b87ab476dcf76e72010632b5550955f5) I:\WINDOWS\system32\DRIVERS\ipinip.sys
11:24:54.0984 3880 IpInIp - ok
11:24:55.0093 3880 IpNat (cc748ea12c6effde940ee98098bf96bb) I:\WINDOWS\system32\DRIVERS\ipnat.sys
11:24:55.0093 3880 IpNat - ok
11:24:55.0171 3880 IPSec (23c74d75e36e7158768dd63d92789a91) I:\WINDOWS\system32\DRIVERS\ipsec.sys
11:24:55.0187 3880 IPSec - ok
11:24:55.0234 3880 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) I:\WINDOWS\system32\DRIVERS\irenum.sys
11:24:55.0250 3880 IRENUM - ok
11:24:55.0312 3880 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) I:\WINDOWS\system32\DRIVERS\isapnp.sys
11:24:55.0328 3880 isapnp - ok
11:24:55.0390 3880 Kbdclass (463c1ec80cd17420a542b7f36a36f128) I:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:24:55.0406 3880 Kbdclass - ok
11:24:55.0468 3880 kmixer (692bcf44383d056aed41b045a323d378) I:\WINDOWS\system32\drivers\kmixer.sys
11:24:55.0484 3880 kmixer - ok
11:24:55.0562 3880 KSecDD (b467646c54cc746128904e1654c750c1) I:\WINDOWS\system32\drivers\KSecDD.sys
11:24:55.0562 3880 KSecDD - ok
11:24:55.0625 3880 lbrtfdc - ok
11:24:55.0703 3880 MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) I:\WINDOWS\system32\drivers\mbamswissarmy.sys
11:24:55.0718 3880 MBAMSwissArmy - ok
11:24:55.0812 3880 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) I:\WINDOWS\system32\drivers\mnmdd.sys
11:24:55.0828 3880 mnmdd - ok
11:24:55.0890 3880 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) I:\WINDOWS\system32\drivers\Modem.sys
11:24:55.0890 3880 Modem - ok
11:24:55.0968 3880 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) I:\WINDOWS\system32\DRIVERS\mouclass.sys
11:24:55.0968 3880 Mouclass - ok
11:24:56.0093 3880 mouhid (b1c303e17fb9d46e87a98e4ba6769685) I:\WINDOWS\system32\DRIVERS\mouhid.sys
11:24:56.0109 3880 mouhid - ok
11:24:56.0265 3880 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) I:\WINDOWS\system32\drivers\MountMgr.sys
11:24:56.0265 3880 MountMgr - ok
11:24:56.0343 3880 mraid35x - ok
11:24:56.0609 3880 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) I:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:24:56.0625 3880 MRxDAV - ok
11:24:56.0765 3880 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) I:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:24:56.0781 3880 MRxSmb - ok
11:24:56.0953 3880 Msfs (c941ea2454ba8350021d774daf0f1027) I:\WINDOWS\system32\drivers\Msfs.sys
11:24:56.0953 3880 Msfs - ok
11:24:57.0031 3880 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) I:\WINDOWS\system32\drivers\MSKSSRV.sys
11:24:57.0046 3880 MSKSSRV - ok
11:24:57.0093 3880 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) I:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:24:57.0109 3880 MSPCLOCK - ok
11:24:57.0140 3880 MSPQM (bad59648ba099da4a17680b39730cb3d) I:\WINDOWS\system32\drivers\MSPQM.sys
11:24:57.0156 3880 MSPQM - ok
11:24:57.0187 3880 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) I:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:24:57.0203 3880 mssmbios - ok
11:24:57.0250 3880 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) I:\WINDOWS\system32\drivers\MSTEE.sys
11:24:57.0265 3880 MSTEE - ok
11:24:57.0343 3880 Mup (de6a75f5c270e756c5508d94b6cf68f5) I:\WINDOWS\system32\drivers\Mup.sys
11:24:57.0359 3880 Mup - ok
11:24:57.0437 3880 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) I:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
11:24:57.0453 3880 NABTSFEC - ok
11:24:57.0593 3880 NDIS (1df7f42665c94b825322fae71721130d) I:\WINDOWS\system32\drivers\NDIS.sys
11:24:57.0609 3880 NDIS - ok
11:24:57.0671 3880 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) I:\WINDOWS\system32\DRIVERS\NdisIP.sys
11:24:57.0687 3880 NdisIP - ok
11:24:57.0750 3880 NdisTapi (0109c4f3850dfbab279542515386ae22) I:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:24:57.0765 3880 NdisTapi - ok
11:24:57.0875 3880 Ndisuio (f927a4434c5028758a842943ef1a3849) I:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:24:57.0890 3880 Ndisuio - ok
11:24:57.0953 3880 NdisWan (edc1531a49c80614b2cfda43ca8659ab) I:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:24:57.0953 3880 NdisWan - ok
11:24:58.0031 3880 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) I:\WINDOWS\system32\drivers\NDProxy.sys
11:24:58.0062 3880 NDProxy - ok
11:24:58.0156 3880 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) I:\WINDOWS\system32\DRIVERS\netbios.sys
11:24:58.0171 3880 NetBIOS - ok
11:24:58.0296 3880 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) I:\WINDOWS\system32\DRIVERS\netbt.sys
11:24:58.0296 3880 NetBT - ok
11:24:58.0437 3880 Npfs (3182d64ae053d6fb034f44b6def8034a) I:\WINDOWS\system32\drivers\Npfs.sys
11:24:58.0437 3880 Npfs - ok
11:24:58.0484 3880 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) I:\WINDOWS\system32\drivers\Ntfs.sys
11:24:58.0500 3880 Ntfs - ok
11:24:58.0578 3880 Null (73c1e1f395918bc2c6dd67af7591a3ad) I:\WINDOWS\system32\drivers\Null.sys
11:24:58.0593 3880 Null - ok
11:24:58.0671 3880 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) I:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:24:58.0671 3880 NwlnkFlt - ok
11:24:58.0734 3880 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) I:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:24:58.0734 3880 NwlnkFwd - ok
11:24:58.0812 3880 Parport (5575faf8f97ce5e713d108c2a58d7c7c) I:\WINDOWS\system32\DRIVERS\parport.sys
11:24:58.0828 3880 Parport - ok
11:24:58.0921 3880 PartMgr (beb3ba25197665d82ec7065b724171c6) I:\WINDOWS\system32\drivers\PartMgr.sys
11:24:58.0921 3880 PartMgr - ok
11:24:59.0000 3880 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) I:\WINDOWS\system32\drivers\ParVdm.sys
11:24:59.0000 3880 ParVdm - ok
11:24:59.0109 3880 PCI (a219903ccf74233761d92bef471a07b1) I:\WINDOWS\system32\DRIVERS\pci.sys
11:24:59.0125 3880 PCI - ok
11:24:59.0187 3880 PCIDump - ok
11:24:59.0218 3880 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) I:\WINDOWS\system32\DRIVERS\pciide.sys
11:24:59.0218 3880 PCIIde - ok
11:24:59.0281 3880 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) I:\WINDOWS\system32\drivers\Pcmcia.sys
11:24:59.0281 3880 Pcmcia - ok
11:24:59.0312 3880 PDCOMP - ok
11:24:59.0343 3880 PDFRAME - ok
11:24:59.0375 3880 PDRELI - ok
11:24:59.0406 3880 PDRFRAME - ok
11:24:59.0437 3880 perc2 - ok
11:24:59.0515 3880 perc2hib - ok
11:24:59.0625 3880 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) I:\WINDOWS\system32\DRIVERS\raspptp.sys
11:24:59.0640 3880 PptpMiniport - ok
11:24:59.0687 3880 PSched (09298ec810b07e5d582cb3a3f9255424) I:\WINDOWS\system32\DRIVERS\psched.sys
11:24:59.0718 3880 PSched - ok
11:24:59.0750 3880 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) I:\WINDOWS\system32\DRIVERS\ptilink.sys
11:24:59.0750 3880 Ptilink - ok
11:24:59.0812 3880 PxHelp20 (0457e25bb122b854e267cf552dcdc370) I:\WINDOWS\system32\Drivers\PxHelp20.sys
11:24:59.0812 3880 PxHelp20 - ok
11:24:59.0906 3880 ql1080 - ok
11:24:59.0968 3880 Ql10wnt - ok
11:24:59.0984 3880 ql12160 - ok
11:25:00.0015 3880 ql1240 - ok
11:25:00.0046 3880 ql1280 - ok
11:25:00.0109 3880 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) I:\WINDOWS\system32\DRIVERS\rasacd.sys
11:25:00.0140 3880 RasAcd - ok
11:25:00.0250 3880 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) I:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:25:00.0250 3880 Rasl2tp - ok
11:25:00.0312 3880 RasPppoe (5bc962f2654137c9909c3d4603587dee) I:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:25:00.0312 3880 RasPppoe - ok
11:25:00.0359 3880 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) I:\WINDOWS\system32\DRIVERS\raspti.sys
11:25:00.0375 3880 Raspti - ok
11:25:00.0453 3880 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) I:\WINDOWS\system32\DRIVERS\rdbss.sys
11:25:00.0468 3880 Rdbss - ok
11:25:00.0531 3880 RDPCDD (4912d5b403614ce99c28420f75353332) I:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:25:00.0531 3880 RDPCDD - ok
11:25:00.0671 3880 rdpdr (15cabd0f7c00c47c70124907916af3f1) I:\WINDOWS\system32\DRIVERS\rdpdr.sys
11:25:00.0750 3880 rdpdr - ok
11:25:00.0890 3880 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) I:\WINDOWS\system32\drivers\RDPWD.sys
11:25:00.0890 3880 RDPWD - ok
11:25:01.0015 3880 redbook (f828dd7e1419b6653894a8f97a0094c5) I:\WINDOWS\system32\DRIVERS\redbook.sys
11:25:01.0015 3880 redbook - ok
11:25:01.0171 3880 rtl8139 (d507c1400284176573224903819ffda3) I:\WINDOWS\system32\DRIVERS\RTL8139.SYS
11:25:01.0187 3880 rtl8139 - ok
11:25:01.0281 3880 s115bus (e1ab463b36a7ef31d8a73a97a9b57afa) I:\WINDOWS\system32\DRIVERS\s115bus.sys
11:25:01.0296 3880 s115bus - ok
11:25:01.0343 3880 s115mgmt (eb02ab4ca8bccecfde236cad8fc6e135) I:\WINDOWS\system32\DRIVERS\s115mgmt.sys
11:25:01.0343 3880 s115mgmt - ok
11:25:01.0375 3880 s115obex (089869db9ffd2ac807fa87fe82ac7761) I:\WINDOWS\system32\DRIVERS\s115obex.sys
11:25:01.0390 3880 s115obex - ok
11:25:01.0531 3880 SASDIFSV (39763504067962108505bff25f024345) I:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
11:25:01.0562 3880 SASDIFSV - ok
11:25:01.0593 3880 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) I:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
11:25:01.0593 3880 SASKUTIL - ok
11:25:01.0703 3880 Secdrv (90a3935d05b494a5a39d37e71f09a677) I:\WINDOWS\system32\DRIVERS\secdrv.sys
11:25:01.0718 3880 Secdrv - ok
11:25:01.0781 3880 serenum (0f29512ccd6bead730039fb4bd2c85ce) I:\WINDOWS\system32\DRIVERS\serenum.sys
11:25:01.0796 3880 serenum - ok
11:25:01.0828 3880 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) I:\WINDOWS\system32\DRIVERS\serial.sys
11:25:01.0843 3880 Serial - ok
11:25:01.0906 3880 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) I:\WINDOWS\system32\drivers\Sfloppy.sys
11:25:01.0921 3880 Sfloppy - ok
11:25:01.0984 3880 Simbad - ok
11:25:02.0062 3880 SiS315 (21f008471170f16393479f08d38628e4) I:\WINDOWS\system32\DRIVERS\sisgrp.sys
11:25:02.0078 3880 SiS315 - ok
11:25:02.0156 3880 SiSkp (2df5907ded7f620414abf4c3b80004da) I:\WINDOWS\system32\DRIVERS\srvkp.sys
11:25:02.0171 3880 SiSkp - ok
11:25:02.0281 3880 SLIP (866d538ebe33709a5c9f5c62b73b7d14) I:\WINDOWS\system32\DRIVERS\SLIP.sys
11:25:02.0312 3880 SLIP - ok
11:25:02.0343 3880 Sparrow - ok
11:25:02.0453 3880 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) I:\WINDOWS\system32\drivers\splitter.sys
11:25:02.0468 3880 splitter - ok
11:25:02.0515 3880 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) I:\WINDOWS\system32\DRIVERS\sr.sys
11:25:02.0531 3880 sr - ok
11:25:02.0687 3880 Srv (47ddfc2f003f7f9f0592c6874962a2e7) I:\WINDOWS\system32\DRIVERS\srv.sys
11:25:02.0718 3880 Srv - ok
11:25:02.0812 3880 streamip (77813007ba6265c4b6098187e6ed79d2) I:\WINDOWS\system32\DRIVERS\StreamIP.sys
11:25:02.0828 3880 streamip - ok
11:25:02.0890 3880 swenum (3941d127aef12e93addf6fe6ee027e0f) I:\WINDOWS\system32\DRIVERS\swenum.sys
11:25:02.0890 3880 swenum - ok
11:25:02.0984 3880 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) I:\WINDOWS\system32\drivers\swmidi.sys
11:25:03.0000 3880 swmidi - ok
11:25:03.0046 3880 symc810 - ok
11:25:03.0078 3880 symc8xx - ok
11:25:03.0140 3880 sym_hi - ok
11:25:03.0171 3880 sym_u3 - ok
11:25:03.0218 3880 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) I:\WINDOWS\system32\drivers\sysaudio.sys
11:25:03.0218 3880 sysaudio - ok
11:25:03.0468 3880 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) I:\WINDOWS\system32\DRIVERS\tcpip.sys
11:25:03.0468 3880 Tcpip - ok
11:25:03.0578 3880 TDPIPE (6471a66807f5e104e4885f5b67349397) I:\WINDOWS\system32\drivers\TDPIPE.sys
11:25:03.0593 3880 TDPIPE - ok
11:25:03.0640 3880 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) I:\WINDOWS\system32\drivers\TDTCP.sys
11:25:03.0640 3880 TDTCP - ok
11:25:03.0718 3880 TermDD (88155247177638048422893737429d9e) I:\WINDOWS\system32\DRIVERS\termdd.sys
11:25:03.0750 3880 TermDD - ok
11:25:03.0812 3880 TosIde - ok
11:25:03.0890 3880 uagp35 (d85938f272d1bcf3db3a31fc0a048928) I:\WINDOWS\system32\DRIVERS\uagp35.sys
11:25:03.0906 3880 uagp35 - ok
11:25:03.0968 3880 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) I:\WINDOWS\system32\drivers\Udfs.sys
11:25:03.0968 3880 Udfs - ok
11:25:04.0015 3880 ultra - ok
11:25:04.0171 3880 Update (402ddc88356b1bac0ee3dd1580c76a31) I:\WINDOWS\system32\DRIVERS\update.sys
11:25:04.0187 3880 Update - ok
11:25:04.0265 3880 USBAAPL - ok
11:25:04.0312 3880 usbaudio (e919708db44ed8543a7c017953148330) I:\WINDOWS\system32\drivers\usbaudio.sys
11:25:04.0328 3880 usbaudio - ok
11:25:04.0406 3880 usbccgp (173f317ce0db8e21322e71b7e60a27e8) I:\WINDOWS\system32\DRIVERS\usbccgp.sys
11:25:04.0406 3880 usbccgp - ok
11:25:04.0453 3880 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) I:\WINDOWS\system32\DRIVERS\usbehci.sys
11:25:04.0484 3880 usbehci - ok
11:25:04.0531 3880 usbhub (1ab3cdde553b6e064d2e754efe20285c) I:\WINDOWS\system32\DRIVERS\usbhub.sys
11:25:04.0531 3880 usbhub - ok
11:25:04.0562 3880 usbohci (0daecce65366ea32b162f85f07c6753b) I:\WINDOWS\system32\DRIVERS\usbohci.sys
11:25:04.0578 3880 usbohci - ok
11:25:04.0625 3880 usbprint (a717c8721046828520c9edf31288fc00) I:\WINDOWS\system32\DRIVERS\usbprint.sys
11:25:04.0625 3880 usbprint - ok
11:25:04.0671 3880 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) I:\WINDOWS\system32\DRIVERS\usbscan.sys
11:25:04.0687 3880 usbscan - ok
11:25:04.0750 3880 usbstor (a32426d9b14a089eaa1d922e0c5801a9) I:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:25:04.0781 3880 usbstor - ok
11:25:04.0875 3880 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) I:\WINDOWS\System32\drivers\vga.sys
11:25:04.0890 3880 VgaSave - ok
11:25:04.0906 3880 ViaIde - ok
11:25:04.0984 3880 VolSnap (4c8fcb5cc53aab716d810740fe59d025) I:\WINDOWS\system32\drivers\VolSnap.sys
11:25:05.0000 3880 VolSnap - ok
11:25:05.0468 3880 VX1000 (2fbf9e882fc28a315a86aa1f831c144e) I:\WINDOWS\system32\DRIVERS\VX1000.sys
11:25:05.0703 3880 VX1000 - ok
11:25:05.0890 3880 Wanarp (e20b95baedb550f32dd489265c1da1f6) I:\WINDOWS\system32\DRIVERS\wanarp.sys
11:25:05.0921 3880 Wanarp - ok
11:25:06.0046 3880 WDICA - ok
11:25:06.0156 3880 wdmaud (6768acf64b18196494413695f0c3a00f) I:\WINDOWS\system32\drivers\wdmaud.sys
11:25:06.0171 3880 wdmaud - ok
11:25:06.0421 3880 WSTCODEC (c98b39829c2bbd34e454150633c62c78) I:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
11:25:06.0437 3880 WSTCODEC - ok
11:25:06.0546 3880 WudfPf (f15feafffbb3644ccc80c5da584e6311) I:\WINDOWS\system32\DRIVERS\WudfPf.sys
11:25:06.0562 3880 WudfPf - ok
11:25:06.0750 3880 WudfRd (28b524262bce6de1f7ef9f510ba3985b) I:\WINDOWS\system32\DRIVERS\wudfrd.sys
11:25:06.0765 3880 WudfRd - ok
11:25:06.0843 3880 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
11:25:07.0265 3880 \Device\Harddisk0\DR0 - ok
11:25:07.0281 3880 Boot (0x1200) (302e3b3bc8b050366681a1286c790dc0) \Device\Harddisk0\DR0\Partition0
11:25:07.0281 3880 \Device\Harddisk0\DR0\Partition0 - ok
11:25:07.0281 3880 ============================================================
11:25:07.0281 3880 Scan finished
11:25:07.0281 3880 ============================================================
11:25:07.0328 3684 Detected object count: 0
11:25:07.0328 3684 Actual detected object count: 0
11:25:14.0031 3204 Deinitialize success



gmer log -




GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-02-24 12:35:51
Windows 5.1.2600 Service Pack 3
Running: ggdej3b0.exe; Driver: I:\DOCUME~1\Us\LOCALS~1\Temp\ffadrpog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xF1D5CFC4]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xF1DC1510]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xF1D806A9]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xF1D5F456]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xF1D5F4AE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xF1D5F5C4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xF1D8005D]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xF1D5F3AC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xF1D5F4FE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xF1D5F400]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xF1D5F572]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xF1D5CFE8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xF1D80D6F]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xF1D81025]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xF1D5F848]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xF1D80BDA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xF1D80A45]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xF1DC15C0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xF1D5CDB2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xF1D5D00C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xF1D5F9BC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xF1D5DAA4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xF1D5F486]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xF1D5F4D6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xF1D5F5EE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xF1D803B9]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xF1D5F3D8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xF1D5F680]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xF1D5F53E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xF1D5F42E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xF1D5F764]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xF1D5F59C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xF1DC1658]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xF1D808C0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xF1D5D96A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xF1D80712]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xF1DC99E6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xF1D7F6D0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xF1D5D030]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xF1D5D054]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xF1D5CE0C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xF1D5CF48]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xF1D80E76]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xF1D5CF24]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xF1D5CF6C]
SSDT \??\I:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xF1EF5640]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xF1D5D078]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xF1DD57A2]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + 140 804E27AC 4 Bytes CALL 943FFD80
.text ntoskrnl.exe!_abnormal_termination + 271 804E28DD 3 Bytes [16, DC, F1] {PUSH SS; FDIVR ST(1), ST}
PAGE ntoskrnl.exe!ObInsertObject 805650BA 5 Bytes JMP F1DD415C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ZwReplyWaitReceivePortEx + 3CC 8056BB08 4 Bytes CALL F1D5E00F \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntoskrnl.exe!ZwCreateProcessEx 8058124C 7 Bytes JMP F1DD57A6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ObMakeTemporaryObject 805A038B 5 Bytes JMP F1DD269C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
init I:\WINDOWS\system32\drivers\ALCXSENS.SYS entry point in "init" section [0xF725F900]
.text win32k.sys!EngSetLastError + 79A8 BF8240CD 5 Bytes JMP F1D5FB9A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!FONTOBJ_pxoGetXform + 84ED BF851755 5 Bytes JMP F1D5FAD6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 3581 BF85E2E4 5 Bytes JMP F1D5FDE6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 360C BF85E36F 5 Bytes JMP F1D5FFBC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + 88 BF85F5E2 5 Bytes JMP F1D5FABE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetCurrentCodePage + 4128 BF873D00 5 Bytes JMP F1D5FF76 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCopyBits + 4DEC BF89D970 5 Bytes JMP F1D5FC0A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngEraseSurface + A9E0 BF8C1EF0 5 Bytes JMP F1D5FCA4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1517 BF8CA352 5 Bytes JMP F1D5FD14 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1797 BF8CA5D2 5 Bytes JMP F1D5FD4E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + 3B3E BF8EC027 5 Bytes JMP F1D5F9F2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 19DF BF91353B 5 Bytes JMP F1D5FB56 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 25B3 BF91410F 5 Bytes JMP F1D5FC6E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 4F2C BF916A88 5 Bytes JMP F1D600D6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

---- User code sections - GMER 1.0.15 ----

.text I:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[212] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text I:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[212] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text I:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[212] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text I:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[212] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text I:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[212] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text I:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[212] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text I:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[212] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text I:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[212] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text I:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[212] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text I:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[212] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text I:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[212] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text I:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[212] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text I:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[212] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text I:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[212] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text I:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[212] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text I:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[212] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text I:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[212] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text I:\WINDOWS\system32\sistray.exe[244] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text I:\WINDOWS\system32\sistray.exe[244] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text I:\WINDOWS\system32\sistray.exe[244] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text I:\WINDOWS\system32\sistray.exe[244] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text I:\WINDOWS\system32\sistray.exe[244] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003B1014
.text I:\WINDOWS\system32\sistray.exe[244] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003B0804
.text I:\WINDOWS\system32\sistray.exe[244] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003B0A08
.text I:\WINDOWS\system32\sistray.exe[244] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003B0C0C
.text I:\WINDOWS\system32\sistray.exe[244] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003B0E10
.text I:\WINDOWS\system32\sistray.exe[244] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003B01F8
.text I:\WINDOWS\system32\sistray.exe[244] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003B03FC
.text I:\WINDOWS\system32\sistray.exe[244] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003B0600
.text I:\WINDOWS\system32\sistray.exe[244] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003C0804
.text I:\WINDOWS\system32\sistray.exe[244] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003C0A08
.text I:\WINDOWS\system32\sistray.exe[244] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003C0600
.text I:\WINDOWS\system32\sistray.exe[244] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003C01F8
.text I:\WINDOWS\system32\sistray.exe[244] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003C03FC
.text I:\Program Files\Bonjour\mDNSResponder.exe[272] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text I:\Program Files\Bonjour\mDNSResponder.exe[272] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text I:\Program Files\Bonjour\mDNSResponder.exe[272] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text I:\Program Files\Bonjour\mDNSResponder.exe[272] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text I:\Program Files\Bonjour\mDNSResponder.exe[272] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text I:\Program Files\Bonjour\mDNSResponder.exe[272] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text I:\Program Files\Bonjour\mDNSResponder.exe[272] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text I:\Program Files\Bonjour\mDNSResponder.exe[272] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text I:\Program Files\Bonjour\mDNSResponder.exe[272] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text I:\Program Files\Bonjour\mDNSResponder.exe[272] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text I:\Program Files\Bonjour\mDNSResponder.exe[272] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text I:\Program Files\Bonjour\mDNSResponder.exe[272] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text I:\Program Files\Bonjour\mDNSResponder.exe[272] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text I:\Program Files\Bonjour\mDNSResponder.exe[272] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text I:\Program Files\Bonjour\mDNSResponder.exe[272] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text I:\Program Files\Bonjour\mDNSResponder.exe[272] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text I:\Program Files\Bonjour\mDNSResponder.exe[272] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text I:\Program Files\Java\jre6\bin\jqs.exe[376] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text I:\Program Files\Java\jre6\bin\jqs.exe[376] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text I:\Program Files\Java\jre6\bin\jqs.exe[376] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text I:\Program Files\Java\jre6\bin\jqs.exe[376] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text I:\Program Files\Java\jre6\bin\jqs.exe[376] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text I:\Program Files\Java\jre6\bin\jqs.exe[376] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text I:\Program Files\Java\jre6\bin\jqs.exe[376] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text I:\Program Files\Java\jre6\bin\jqs.exe[376] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text I:\Program Files\Java\jre6\bin\jqs.exe[376] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text I:\Program Files\Java\jre6\bin\jqs.exe[376] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text I:\Program Files\Java\jre6\bin\jqs.exe[376] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text I:\Program Files\Java\jre6\bin\jqs.exe[376] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text I:\Program Files\Java\jre6\bin\jqs.exe[376] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text I:\Program Files\Java\jre6\bin\jqs.exe[376] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text I:\Program Files\Java\jre6\bin\jqs.exe[376] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text I:\Program Files\Java\jre6\bin\jqs.exe[376] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text I:\Program Files\Java\jre6\bin\jqs.exe[376] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text I:\WINDOWS\System32\smss.exe[484] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text I:\WINDOWS\system32\csrss.exe[548] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text I:\WINDOWS\system32\csrss.exe[548] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text I:\WINDOWS\system32\winlogon.exe[572] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000701F8
.text I:\WINDOWS\system32\winlogon.exe[572] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text I:\WINDOWS\system32\winlogon.exe[572] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000703FC
.text I:\WINDOWS\system32\winlogon.exe[572] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text I:\WINDOWS\system32\winlogon.exe[572] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text I:\WINDOWS\system32\winlogon.exe[572] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text I:\WINDOWS\system32\winlogon.exe[572] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text I:\WINDOWS\system32\winlogon.exe[572] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text I:\WINDOWS\system32\winlogon.exe[572] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text I:\WINDOWS\system32\winlogon.exe[572] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text I:\WINDOWS\system32\winlogon.exe[572] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text I:\WINDOWS\system32\winlogon.exe[572] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text I:\WINDOWS\system32\winlogon.exe[572] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text I:\WINDOWS\system32\winlogon.exe[572] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text I:\WINDOWS\system32\winlogon.exe[572] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text I:\WINDOWS\system32\winlogon.exe[572] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text I:\WINDOWS\system32\winlogon.exe[572] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text I:\WINDOWS\system32\services.exe[616] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text I:\WINDOWS\system32\services.exe[616] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text I:\WINDOWS\system32\services.exe[616] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text I:\WINDOWS\system32\services.exe[616] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text I:\WINDOWS\system32\services.exe[616] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text I:\WINDOWS\system32\services.exe[616] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text I:\WINDOWS\system32\services.exe[616] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text I:\WINDOWS\system32\services.exe[616] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text I:\WINDOWS\system32\services.exe[616] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text I:\WINDOWS\system32\services.exe[616] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text I:\WINDOWS\system32\services.exe[616] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text I:\WINDOWS\system32\services.exe[616] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text I:\WINDOWS\system32\services.exe[616] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text I:\WINDOWS\system32\services.exe[616] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text I:\WINDOWS\system32\services.exe[616] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text I:\WINDOWS\system32\services.exe[616] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text I:\WINDOWS\system32\services.exe[616] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text I:\WINDOWS\system32\lsass.exe[628] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text I:\WINDOWS\system32\lsass.exe[628] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text I:\WINDOWS\system32\lsass.exe[628] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text I:\WINDOWS\system32\lsass.exe[628] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text I:\WINDOWS\system32\lsass.exe[628] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text I:\WINDOWS\system32\lsass.exe[628] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text I:\WINDOWS\system32\lsass.exe[628] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text I:\WINDOWS\system32\lsass.exe[628] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text I:\WINDOWS\system32\lsass.exe[628] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text I:\WINDOWS\system32\lsass.exe[628] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text I:\WINDOWS\system32\lsass.exe[628] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text I:\WINDOWS\system32\lsass.exe[628] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text I:\WINDOWS\system32\lsass.exe[628] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text I:\WINDOWS\system32\lsass.exe[628] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text I:\WINDOWS\system32\lsass.exe[628] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text I:\WINDOWS\system32\lsass.exe[628] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text I:\WINDOWS\system32\lsass.exe[628] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text I:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[748] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text I:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[748] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text I:\WINDOWS\system32\svchost.exe[780] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text I:\WINDOWS\system32\svchost.exe[780] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text I:\WINDOWS\system32\svchost.exe[780] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text I:\WINDOWS\system32\svchost.exe[780] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text I:\WINDOWS\system32\svchost.exe[780] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text I:\WINDOWS\system32\svchost.exe[780] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text I:\WINDOWS\system32\svchost.exe[780] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text I:\WINDOWS\system32\svchost.exe[780] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text I:\WINDOWS\system32\svchost.exe[780] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text I:\WINDOWS\system32\svchost.exe[780] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text I:\WINDOWS\system32\svchost.exe[780] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text I:\WINDOWS\system32\svchost.exe[780] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text I:\WINDOWS\system32\svchost.exe[780] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text I:\WINDOWS\system32\svchost.exe[780] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text I:\WINDOWS\system32\svchost.exe[780] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text I:\WINDOWS\system32\svchost.exe[780] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text I:\WINDOWS\system32\svchost.exe[780] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text I:\WINDOWS\system32\svchost.exe[828] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text I:\WINDOWS\system32\svchost.exe[828] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text I:\WINDOWS\system32\svchost.exe[828] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text I:\WINDOWS\system32\svchost.exe[828] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text I:\WINDOWS\system32\svchost.exe[828] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text I:\WINDOWS\system32\svchost.exe[828] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text I:\WINDOWS\system32\svchost.exe[828] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text I:\WINDOWS\system32\svchost.exe[828] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text I:\WINDOWS\system32\svchost.exe[828] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text I:\WINDOWS\system32\svchost.exe[828] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text I:\WINDOWS\system32\svchost.exe[828] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text I:\WINDOWS\system32\svchost.exe[828] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text I:\WINDOWS\system32\svchost.exe[828] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text I:\WINDOWS\system32\svchost.exe[828] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text I:\WINDOWS\system32\svchost.exe[828] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text I:\WINDOWS\system32\svchost.exe[828] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text I:\WINDOWS\system32\svchost.exe[828] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text I:\WINDOWS\System32\svchost.exe[896] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text I:\WINDOWS\System32\svchost.exe[896] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text I:\WINDOWS\System32\svchost.exe[896] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text I:\WINDOWS\System32\svchost.exe[896] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text I:\WINDOWS\System32\svchost.exe[896] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text I:\WINDOWS\System32\svchost.exe[896] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text I:\WINDOWS\System32\svchost.exe[896] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text I:\WINDOWS\System32\svchost.exe[896] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text I:\WINDOWS\System32\svchost.exe[896] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text I:\WINDOWS\System32\svchost.exe[896] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text I:\WINDOWS\System32\svchost.exe[896] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text I:\WINDOWS\System32\svchost.exe[896] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text I:\WINDOWS\System32\svchost.exe[896] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text I:\WINDOWS\System32\svchost.exe[896] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text I:\WINDOWS\System32\svchost.exe[896] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text I:\WINDOWS\System32\svchost.exe[896] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text I:\WINDOWS\System32\svchost.exe[896] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text I:\WINDOWS\system32\svchost.exe[996] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text I:\WINDOWS\system32\svchost.exe[996] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text I:\WINDOWS\system32\svchost.exe[996] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text I:\WINDOWS\system32\svchost.exe[996] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text I:\WINDOWS\system32\svchost.exe[996] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text I:\WINDOWS\system32\svchost.exe[996] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text I:\WINDOWS\system32\svchost.exe[996] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text I:\WINDOWS\system32\svchost.exe[996] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text I:\WINDOWS\system32\svchost.exe[996] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text I:\WINDOWS\system32\svchost.exe[996] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text I:\WINDOWS\system32\svchost.exe[996] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text I:\WINDOWS\system32\svchost.exe[996] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text I:\WINDOWS\system32\svchost.exe[996] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text I:\WINDOWS\system32\svchost.exe[996] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text I:\WINDOWS\system32\svchost.exe[996] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text I:\WINDOWS\system32\svchost.exe[996] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text I:\WINDOWS\system32\svchost.exe[996] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text I:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1212] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text I:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1212] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text I:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1212] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text I:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text I:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text I:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text I:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text I:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text I:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text I:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text I:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text I:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text I:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text I:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text I:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text I:\WINDOWS\system32\svchost.exe[1240] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text I:\WINDOWS\system32\svchost.exe[1240] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text I:\WINDOWS\system32\svchost.exe[1240] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text I:\WINDOWS\system32\svchost.exe[1240] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text I:\WINDOWS\system32\svchost.exe[1240] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text I:\WINDOWS\system32\HPZipm12.exe[1496] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text I:\WINDOWS\system32\HPZipm12.exe[1496] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text I:\WINDOWS\system32\HPZipm12.exe[1496] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text I:\WINDOWS\system32\HPZipm12.exe[1496] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text I:\WINDOWS\system32\HPZipm12.exe[1496] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00381014
.text I:\WINDOWS\system32\HPZipm12.exe[1496] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00380804
.text I:\WINDOWS\system32\HPZipm12.exe[1496] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00380A08
.text I:\WINDOWS\system32\HPZipm12.exe[1496] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00380C0C
.text I:\WINDOWS\system32\HPZipm12.exe[1496] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00380E10
.text I:\WINDOWS\system32\HPZipm12.exe[1496] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003801F8
.text I:\WINDOWS\system32\HPZipm12.exe[1496] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003803FC
.text I:\WINDOWS\system32\HPZipm12.exe[1496] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00380600
.text I:\WINDOWS\system32\HPZipm12.exe[1496] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text I:\WINDOWS\system32\HPZipm12.exe[1496] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text I:\WINDOWS\system32\HPZipm12.exe[1496] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text I:\WINDOWS\system32\HPZipm12.exe[1496] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text I:\WINDOWS\system32\HPZipm12.exe[1496] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text I:\WINDOWS\Explorer.EXE[1528] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text I:\WINDOWS\Explorer.EXE[1528] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text I:\WINDOWS\Explorer.EXE[1528] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text I:\WINDOWS\Explorer.EXE[1528] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text I:\WINDOWS\Explorer.EXE[1528] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text I:\WINDOWS\Explorer.EXE[1528] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text I:\WINDOWS\Explorer.EXE[1528] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text I:\WINDOWS\Explorer.EXE[1528] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text I:\WINDOWS\Explorer.EXE[1528] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text I:\WINDOWS\Explorer.EXE[1528] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text I:\WINDOWS\Explorer.EXE[1528] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text I:\WINDOWS\Explorer.EXE[1528] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text I:\WINDOWS\Explorer.EXE[1528] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
.text I:\WINDOWS\Explorer.EXE[1528] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
.text I:\WINDOWS\Explorer.EXE[1528] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
.text I:\WINDOWS\Explorer.EXE[1528] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
.text I:\WINDOWS\Explorer.EXE[1528] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
.text I:\WINDOWS\system32\spoolsv.exe[1764] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text I:\WINDOWS\system32\spoolsv.exe[1764] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text I:\WINDOWS\system32\spoolsv.exe[1764] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text I:\WINDOWS\system32\spoolsv.exe[1764] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text I:\WINDOWS\system32\spoolsv.exe[1764] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text I:\WINDOWS\system32\spoolsv.exe[1764] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text I:\WINDOWS\system32\spoolsv.exe[1764] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text I:\WINDOWS\system32\spoolsv.exe[1764] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text I:\WINDOWS\system32\spoolsv.exe[1764] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text I:\WINDOWS\system32\spoolsv.exe[1764] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text I:\WINDOWS\system32\spoolsv.exe[1764] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text I:\WINDOWS\system32\spoolsv.exe[1764] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text I:\WINDOWS\system32\spoolsv.exe[1764] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text I:\WINDOWS\system32\spoolsv.exe[1764] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text I:\WINDOWS\system32\spoolsv.exe[1764] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text I:\WINDOWS\system32\spoolsv.exe[1764] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text I:\WINDOWS\system32\spoolsv.exe[1764] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text I:\WINDOWS\SOUNDMAN.EXE[1948] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text I:\WINDOWS\SOUNDMAN.EXE[1948] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text I:\WINDOWS\SOUNDMAN.EXE[1948] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text I:\WINDOWS\SOUNDMAN.EXE[1948] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text I:\WINDOWS\SOUNDMAN.EXE[1948] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text I:\WINDOWS\SOUNDMAN.EXE[1948] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text I:\WINDOWS\SOUNDMAN.EXE[1948] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text I:\WINDOWS\SOUNDMAN.EXE[1948] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text I:\WINDOWS\SOUNDMAN.EXE[1948] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text I:\WINDOWS\SOUNDMAN.EXE[1948] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text I:\WINDOWS\SOUNDMAN.EXE[1948] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text I:\WINDOWS\SOUNDMAN.EXE[1948] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text I:\WINDOWS\SOUNDMAN.EXE[1948] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text I:\WINDOWS\SOUNDMAN.EXE[1948] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text I:\WINDOWS\SOUNDMAN.EXE[1948] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text I:\WINDOWS\SOUNDMAN.EXE[1948] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text I:\WINDOWS\SOUNDMAN.EXE[1948] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text I:\Program Files\Alwil Software\Avast5\avastUI.exe[1956] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text I:\Program Files\Alwil Software\Avast5\avastUI.exe[1956] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text I:\WINDOWS\vVX1000.exe[1992] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text I:\WINDOWS\vVX1000.exe[1992] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text I:\WINDOWS\vVX1000.exe[1992] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text I:\WINDOWS\vVX1000.exe[1992] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text I:\WINDOWS\vVX1000.exe[1992] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text I:\WINDOWS\vVX1000.exe[1992] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text I:\WINDOWS\vVX1000.exe[1992] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text I:\WINDOWS\vVX1000.exe[1992] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text I:\WINDOWS\vVX1000.exe[1992] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text I:\WINDOWS\vVX1000.exe[1992] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
.text I:\WINDOWS\vVX1000.exe[1992] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
.text I:\WINDOWS\vVX1000.exe[1992] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
.text I:\WINDOWS\vVX1000.exe[1992] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
.text I:\WINDOWS\vVX1000.exe[1992] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
.text I:\WINDOWS\vVX1000.exe[1992] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
.text I:\WINDOWS\vVX1000.exe[1992] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
.text I:\WINDOWS\vVX1000.exe[1992] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
.text I:\Documents and Settings\Us\My Documents\Downloads\ggdej3b0.exe[2224] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text I:\Documents and Settings\Us\My Documents\Downloads\ggdej3b0.exe[2224] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text I:\Documents and Settings\Us\My Documents\Downloads\ggdej3b0.exe[2224] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text I:\Documents and Settings\Us\My Documents\Downloads\ggdej3b0.exe[2224] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text I:\Documents and Settings\Us\My Documents\Downloads\ggdej3b0.exe[2224] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003E1014
.text I:\Documents and Settings\Us\My Documents\Downloads\ggdej3b0.exe[2224] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003E0804
.text I:\Documents and Settings\Us\My Documents\Downloads\ggdej3b0.exe[2224] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003E0A08
.text I:\Documents and Settings\Us\My Documents\Downloads\ggdej3b0.exe[2224] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003E0C0C
.text I:\Documents and Settings\Us\My Documents\Downloads\ggdej3b0.exe[2224] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003E0E10
.text I:\Documents and Settings\Us\My Documents\Downloads\ggdej3b0.exe[2224] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003E01F8
.text I:\Documents and Settings\Us\My Documents\Downloads\ggdej3b0.exe[2224] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003E03FC
.text I:\Documents and Settings\Us\My Documents\Downloads\ggdej3b0.exe[2224] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003E0600
.text I:\Documents and Settings\Us\My Documents\Downloads\ggdej3b0.exe[2224] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003F0804
.text I:\Documents and Settings\Us\My Documents\Downloads\ggdej3b0.exe[2224] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003F0A08
.text I:\Documents and Settings\Us\My Documents\Downloads\ggdej3b0.exe[2224] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003F0600
.text I:\Documents and Settings\Us\My Documents\Downloads\ggdej3b0.exe[2224] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003F01F8
.text I:\Documents and Settings\Us\My Documents\Downloads\ggdej3b0.exe[2224] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003F03FC
.text I:\WINDOWS\system32\wscntfy.exe[2308] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text I:\WINDOWS\system32\wscntfy.exe[2308] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text I:\WINDOWS\system32\wscntfy.exe[2308] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text I:\WINDOWS\system32\wscntfy.exe[2308] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text I:\WINDOWS\system32\wscntfy.exe[2308] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
.text I:\WINDOWS\system32\wscntfy.exe[2308] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
.text I:\WINDOWS\system32\wscntfy.exe[2308] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
.text I:\WINDOWS\system32\wscntfy.exe[2308] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
.text I:\WINDOWS\system32\wscntfy.exe[2308] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
.text I:\WINDOWS\system32\wscntfy.exe[2308] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002E1014
.text I:\WINDOWS\system32\wscntfy.exe[2308] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002E0804
.text I:\WINDOWS\system32\wscntfy.exe[2308] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002E0A08
.text I:\WINDOWS\system32\wscntfy.exe[2308] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002E0C0C
.text I:\WINDOWS\system32\wscntfy.exe[2308] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002E0E10
.text I:\WINDOWS\system32\wscntfy.exe[2308] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002E01F8
.text I:\WINDOWS\system32\wscntfy.exe[2308] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002E03FC
.text I:\WINDOWS\system32\wscntfy.exe[2308] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002E0600
.text I:\WINDOWS\system32\svchost.exe[2488] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text I:\WINDOWS\system32\svchost.exe[2488] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text I:\WINDOWS\system32\svchost.exe[2488] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text I:\WINDOWS\system32\svchost.exe[2488] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text I:\WINDOWS\system32\svchost.exe[2488] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text I:\WINDOWS\system32\svchost.exe[2488] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text I:\WINDOWS\system32\svchost.exe[2488] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text I:\WINDOWS\system32\svchost.exe[2488] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text I:\WINDOWS\system32\svchost.exe[2488] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text I:\WINDOWS\system32\svchost.exe[2488] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text I:\WINDOWS\system32\svchost.exe[2488] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text I:\WINDOWS\system32\svchost.exe[2488] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text I:\WINDOWS\system32\svchost.exe[2488] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text I:\WINDOWS\system32\svchost.exe[2488] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text I:\WINDOWS\system32\svchost.exe[2488] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text I:\WINDOWS\system32\svchost.exe[2488] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text I:\WINDOWS\system32\svchost.exe[2488] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text I:\WINDOWS\System32\alg.exe[2612] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text I:\WINDOWS\System32\alg.exe[2612] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text I:\WINDOWS\System32\alg.exe[2612] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text I:\WINDOWS\System32\alg.exe[2612] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text I:\WINDOWS\System32\alg.exe[2612] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002B0804
.text I:\WINDOWS\System32\alg.exe[2612] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002B0A08
.text I:\WINDOWS\System32\alg.exe[2612] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002B0600
.text I:\WINDOWS\System32\alg.exe[2612] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002B01F8
.text I:\WINDOWS\System32\alg.exe[2612] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002B03FC
.text I:\WINDOWS\System32\alg.exe[2612] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text I:\WINDOWS\System32\alg.exe[2612] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text I:\WINDOWS\System32\alg.exe[2612] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text I:\WINDOWS\System32\alg.exe[2612] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text I:\WINDOWS\System32\alg.exe[2612] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text I:\WINDOWS\System32\alg.exe[2612] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text I:\WINDOWS\System32\alg.exe[2612] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text I:\WINDOWS\System32\alg.exe[2612] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text I:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2928] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text I:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2928] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text I:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2928] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text I:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2928] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text I:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2928] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text I:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2928] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text I:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2928] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text I:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2928] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text I:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2928] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text I:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2928] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text I:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2928] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text I:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2928] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text I:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2928] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text I:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2928] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text I:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2928] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text I:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2928] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text I:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2928] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text I:\Program Files\Mozilla Firefox\firefox.exe[3600] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 01255B60 I:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text I:\Program Files\Mozilla Firefox\firefox.exe[3600] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text I:\Program Files\Mozilla Firefox\firefox.exe[3600] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text I:\Program Files\Mozilla Firefox\firefox.exe[3600] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text I:\Program Files\Mozilla Firefox\firefox.exe[3600] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
.text I:\Program Files\Mozilla Firefox\firefox.exe[3600] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
.text I:\Program Files\Mozilla Firefox\firefox.exe[3600] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
.text I:\Program Files\Mozilla Firefox\firefox.exe[3600] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
.text I:\Program Files\Mozilla Firefox\firefox.exe[3600] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
.text I:\Program Files\Mozilla Firefox\firefox.exe[3600] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 02E71014
.text I:\Program Files\Mozilla Firefox\firefox.exe[3600] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 02E70804
.text I:\Program Files\Mozilla Firefox\firefox.exe[3600] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 02E70A08
.text I:\Program Files\Mozilla Firefox\firefox.exe[3600] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 02E70C0C
.text I:\Program Files\Mozilla Firefox\firefox.exe[3600] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 02E70E10
.text I:\Program Files\Mozilla Firefox\firefox.exe[3600] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 02E701F8
.text I:\Program Files\Mozilla Firefox\firefox.exe[3600] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 02E703FC
.text I:\Program Files\Mozilla Firefox\firefox.exe[3600] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 02E70600

---- User IAT/EAT - GMER 1.0.15 ----

IAT I:\WINDOWS\system32\services.exe[616] @ I:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 005E0002
IAT I:\WINDOWS\system32\services.exe[616] @ I:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 005E0000

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk1\DR2 sector 00: rootkit-like behavior

---- EOF - GMER 1.0.15 ----



Asw log -



aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-02-24 12:36:52
-----------------------------
12:36:52.781 OS Version: Windows 5.1.2600 Service Pack 3
12:36:52.781 Number of processors: 1 586 0x409
12:36:52.781 ComputerName: SPECKLED-B87335 UserName: Us
12:36:53.750 Initialize success
12:36:54.500 AVAST engine defs: 12022300
12:37:46.546 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-5
12:37:46.546 Disk 0 Vendor: ST3808110AS 3.AAE Size: 76319MB BusType: 3
12:37:46.546 Device \Driver\usbstor -> DriverStartIo USBSTOR.SYS f795cf26
12:37:46.593 Disk 1 MBR read successfully
12:37:46.593 Disk 1 MBR scan
12:37:46.593 Disk 1 Windows XP default MBR code
12:37:46.593 Disk 1 MBR hidden
12:37:46.593 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76308 MB offset 63
12:37:46.765 Disk 1 scanning I:\WINDOWS\system32\drivers
12:38:40.984 Service scanning
12:38:53.687 Modules scanning
12:39:48.046 Disk 1 trace - called modules:
12:39:48.046 ntoskrnl.exe CLASSPNP.SYS disk.sys hal.dll
12:39:48.546 1 nt!IofCallDriver -> \Device\Harddisk1\DR2[0x85c9ea90]
12:39:48.843 AVAST engine scan I:\WINDOWS
12:40:24.093 AVAST engine scan I:\WINDOWS\system32
12:50:56.546 AVAST engine scan I:\WINDOWS\system32\drivers
12:52:16.843 AVAST engine scan I:\Documents and Settings\Us
13:07:02.812 AVAST engine scan I:\Documents and Settings\All Users
13:07:22.859 Scan finished successfully
13:07:39.000 Disk 1 MBR has been saved successfully to "I:\Documents and Settings\Us\Desktop\MBR.dat"
13:07:39.015 The log file has been saved successfully to "I:\Documents and Settings\Us\Desktop\aswMBR.txt"

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:02 AM

Posted 24 February 2012 - 08:13 AM

That looks suspicious

Disk \Device\Harddisk1\DR2 sector 00: rootkit-like behavior

12:37:46.593 Disk 1 MBR hidden


Download

FIXTDSS

Launch it ,It may ask for restart,reboot the PC

On reboot let me know what it finds

#5 eno-spreads-magic

eno-spreads-magic
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:02 AM

Posted 24 February 2012 - 09:19 AM

It just said tidserv? has not been found on this machine, then when i ok'd that it said complete, so i pressed cancel and it said all files had not been checked do i really want to quit? so i said no and it closed anyway.
It did appear to have been completed

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:02 AM

Posted 24 February 2012 - 09:28 AM

Download

http://download.bleepingcomputer.com/rootrepeal/MBRCheck.exe

Download MBRCheck.exe to your Desktop. Run the application.

If no infection is found, it will produce a report on the desktop. Post that report in your next reply.

If an infection is found, you will be presented with the following dialog:

Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Type N and press Enter. A report will be produced on the desktop. Post that report in your next reply.

#7 eno-spreads-magic

eno-spreads-magic
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:02 AM

Posted 24 February 2012 - 07:29 PM

Thanks
here is log

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x000001fc

Kernel Drivers (total 125):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EF000 \WINDOWS\system32\hal.dll
0xF7ABB000 \WINDOWS\system32\KDCOM.DLL
0xF79CB000 \WINDOWS\system32\BOOTVID.dll
0xF756C000 ACPI.sys
0xF7ABD000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF755B000 pci.sys
0xF75BB000 isapnp.sys
0xF7B83000 pciide.sys
0xF7843000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF75CB000 MountMgr.sys
0xF753C000 ftdisk.sys
0xF7ABF000 dmload.sys
0xF7516000 dmio.sys
0xF784B000 PartMgr.sys
0xF75DB000 VolSnap.sys
0xF74FE000 atapi.sys
0xF75EB000 disk.sys
0xF75FB000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF74DE000 fltmgr.sys
0xF74CC000 sr.sys
0xF760B000 PxHelp20.sys
0xF74B5000 KSecDD.sys
0xF7428000 Ntfs.sys
0xF73FB000 NDIS.sys
0xF761B000 uagp35.sys
0xF73E1000 Mup.sys
0xF764B000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF7359000 \SystemRoot\system32\DRIVERS\sisgrp.sys
0xF7345000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF765B000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF766B000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF767B000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF7322000 \SystemRoot\system32\DRIVERS\ks.sys
0xF728B000 \SystemRoot\system32\drivers\ALCXWDM.SYS
0xF7267000 \SystemRoot\system32\drivers\portcls.sys
0xF768B000 \SystemRoot\system32\drivers\drmk.sys
0xF7205000 \SystemRoot\system32\drivers\ALCXSENS.SYS
0xF78DB000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xF71E1000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF78E3000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF78EB000 \SystemRoot\system32\DRIVERS\RTL8139.SYS
0xF769B000 \SystemRoot\system32\DRIVERS\serial.sys
0xF7A87000 \SystemRoot\system32\DRIVERS\serenum.sys
0xF71CD000 \SystemRoot\system32\DRIVERS\parport.sys
0xF76AB000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF78F3000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF7C91000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF76BB000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7A8B000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF71B6000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF76CB000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF76DB000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF78FB000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF71A5000 \SystemRoot\system32\DRIVERS\psched.sys
0xF76EB000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF7903000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF790B000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF7175000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF76FB000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7913000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7AE9000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF7077000 \SystemRoot\system32\DRIVERS\update.sys
0xF7AAF000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF771B000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF775B000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7AEF000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF7AF1000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7BC6000 \SystemRoot\System32\Drivers\Null.SYS
0xF7AF3000 \SystemRoot\System32\Drivers\Beep.SYS
0xF793B000 \SystemRoot\System32\drivers\vga.sys
0xF7AF5000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7AF7000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF7943000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF794B000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7A53000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xF1FB0000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xF1F57000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF776B000 \SystemRoot\System32\Drivers\aswTdi.SYS
0xF1F2F000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF7953000 \SystemRoot\System32\Drivers\aswRdr.SYS
0xF1F0D000 \SystemRoot\System32\drivers\afd.sys
0xF777B000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF7A5F000 \SystemRoot\system32\DRIVERS\srvkp.sys
0xF1EEB000 \??\I:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0xF795B000 \??\I:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xF1EC0000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xF1E50000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF778B000 \SystemRoot\System32\Drivers\Fips.SYS
0xF1E2A000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF779B000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF7A7F000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF77AB000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF7963000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF796B000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xF7973000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xF1DB7000 \SystemRoot\System32\Drivers\aswSP.SYS
0xF1D4A000 \SystemRoot\System32\Drivers\aswSnx.SYS
0xF7AA3000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xF798B000 \SystemRoot\System32\Drivers\Aavmker4.SYS
0xF1C8A000 \SystemRoot\system32\DRIVERS\usbscan.sys
0xF78A3000 \SystemRoot\system32\DRIVERS\usbprint.sys
0xF78B3000 \SystemRoot\system32\DRIVERS\HPZius12.sys
0xF7115000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xF7105000 \SystemRoot\system32\DRIVERS\HPZid412.sys
0xF1C82000 \SystemRoot\system32\DRIVERS\HPZipr12.sys
0xF1C6A000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7B73000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF1FFF000 \SystemRoot\System32\drivers\Dxapi.sys
0xF78C3000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7C88000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\SiSGRV.dll
0xBF13D000 \SystemRoot\System32\ATMFD.DLL
0xF1C3A000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0xF1B32000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xF19B0000 \SystemRoot\System32\Drivers\aswMon2.SYS
0xF16CB000 \SystemRoot\system32\drivers\wdmaud.sys
0xF1860000 \SystemRoot\system32\drivers\sysaudio.sys
0xF7B01000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xF1438000 \SystemRoot\system32\DRIVERS\srv.sys
0xF1015000 \SystemRoot\System32\Drivers\HTTP.sys
0xF0748000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 30):
0 System Idle Process
4 System
484 I:\WINDOWS\system32\smss.exe
540 csrss.exe
564 I:\WINDOWS\system32\winlogon.exe
608 I:\WINDOWS\system32\services.exe
620 I:\WINDOWS\system32\lsass.exe
780 I:\WINDOWS\system32\svchost.exe
824 svchost.exe
892 I:\WINDOWS\system32\svchost.exe
984 svchost.exe
1208 I:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1492 I:\WINDOWS\explorer.exe
1772 I:\WINDOWS\system32\spoolsv.exe
1988 I:\Program Files\Bonjour\mDNSResponder.exe
2032 I:\Program Files\Java\jre6\bin\jqs.exe
224 I:\WINDOWS\system32\HPZipm12.exe
516 I:\WINDOWS\system32\svchost.exe
1860 alg.exe
2584 I:\WINDOWS\soundman.exe
2592 I:\Program Files\Alwil Software\Avast5\AvastUI.exe
2628 I:\WINDOWS\vVX1000.exe
2680 I:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
2720 I:\WINDOWS\system32\sistray.exe
2880 I:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
2952 svchost.exe
3124 I:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
3596 I:\Program Files\Mozilla Firefox\firefox.exe
536 I:\WINDOWS\system32\wscntfy.exe
1896 I:\Documents and Settings\Us\Desktop\MBRCheck.exe

\\.\I: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: ST3808110AS, Rev: 3.AAE

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:02 AM

Posted 26 February 2012 - 09:31 PM

Download

ESET online scanner


Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

Boot the PC into safemode with networking

Download

http://www.malwarebytes.org/mbam-clean.exe

Run the uninstaller,Restart the PC,install mbam and try to run a scan again

good luck

#9 eno-spreads-magic

eno-spreads-magic
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:02 AM

Posted 06 March 2012 - 08:25 AM

Hi
Thanks very much for al your help
I have done what you said and the first programs scan found 0 infected and i couldnt find a way to post log for that one.
Tried the second suggestion and problem still exists -
When i start mbam it tells me my definitions are out by 52days and if i try to update it force closes
i tried to run a scan without updating again and force closes. this is a bit weird dont you think?

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:02 AM

Posted 08 March 2012 - 05:41 AM

We need to take a deeper look

Read the guide here on preparing logs

http://www.bleepingcomputer.com/forums/topic34773.html

and create a topic here

http://www.bleepingcomputer.com/forums/forum22.html

Good luck




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users