Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help. There is something creepy going on...


  • This topic is locked This topic is locked
16 replies to this topic

#1 Jeff_whoa

Jeff_whoa

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:11:45 PM

Posted 22 July 2012 - 03:14 PM

This is the continuation of a thread that was started here: I had formatted this unit and placed a fresh XP install on it. I am only running a few apps on it, as it has been dedicated solely for music production. I had not finished configuring it for its new job and hadn't sat down with it for awhile. I had just installed Dropbox and was going to restart to finish installing my Windows Updates. After restarting, my computer said that Dropbox could not connect to the internet. When I open a browser and click a bookmark, it immediately tells me that it cannot display that site. After attempting uninstall/reinstall/reboots and such with Dropbox, I attempted to open Norton Security and run a test. Norton however did nothing when I clicked the link on my desktop and I noticed that it was no longer showing in my system tray. I tried to repair it from add/remove programs, but add/remove said that it appeared that Norton Security had already been uninstalled. Very creepy. After running various network tests at the advice of Broni (thank you), I was referred to start a new thread on this section. Below you will find the results for DDS and GMER after running Defogger.

-----------------------------------------------

DDS RESULTS
-----------------------------------------------


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Jeff at 11:07:45 on 2012-07-22
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.461 [GMT -4:00]
.
AV: Norton Security Suite *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Norton Security Suite *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Gizmo\gservice.exe
C:\Program Files\Norton Utilities\NPROTECT.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Speed Disk\nopdb.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\5.2.0.13\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\5.2.0.13\ips\IPSBHO.DLL
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\engine\5.2.0.13\coIEPlg.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [<NO NAME>]
uRun: [StartCCC] c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [GizmoDriveDelegate] "c:\program files\gizmo\gizmo.exe" /RemountStartupImages
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\gizmo.lnk - c:\program files\gizmo\gizmo.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1334191277218
TCP: Interfaces\{032F0F40-012D-4C70-A53C-06FF65C4F7FE} : NameServer = 68.87.74.166,68.87.68.166
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\jeff\application data\mozilla\firefox\profiles\1f7hsh1i.default\
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0502010.003\symds.sys [2012-5-20 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0502010.003\symefa.sys [2012-5-20 744568]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-7-18 721000]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-7-18 353688]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\bashdefs\20120531.001\BHDrvx86.sys [2012-6-5 821880]
R1 GizmoDrv;Gizmo Device Driver;c:\windows\system32\drivers\gizmodrv.sys [2012-4-28 25488]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0502010.003\ironx86.sys [2012-5-20 136312]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-7-18 21256]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-7-18 44808]
R2 Gizmo Central;Gizmo Central;c:\program files\gizmo\gservice.exe [2012-4-28 34728]
R2 NProtectService;Norton Unerase Protection;c:\program files\norton utilities\NPROTECT.EXE [2012-7-19 135168]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-6-7 106656]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\ipsdefs\20120608.001\IDSXpx86.sys [2012-6-8 356792]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-7-18 136176]
S2 N360;Norton Security Suite;c:\program files\norton security suite\engine\5.2.1.3\ccsvchst.exe [2012-5-20 130008]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-7-18 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-6-5 113120]
S3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\virusdefs\20120609.016\NAVENG.SYS [2012-6-9 87928]
S3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\virusdefs\20120609.016\NAVEX15.SYS [2012-6-9 1589752]
S3 PRESONUS_AUDIOBOX_MIDI;Presonus AudioBox WDM MIDI Device;c:\windows\system32\drivers\psabusbm.sys [2012-4-15 31864]
S3 PRESONUS_AUDIOBOX_USB;Presonus AudioBox USB driver;c:\windows\system32\drivers\psabusbu.sys [2012-4-15 401016]
S3 PRESONUS_AUDIOBOX_WDM;Presonus AudioBox USB WDM;c:\windows\system32\drivers\psabusba.sys [2012-4-15 40568]
.
=============== Created Last 30 ================
.
2012-07-20 17:41:46 -------- d-----w- c:\documents and settings\jeff\application data\SUPERAntiSpyware.com
2012-07-20 17:40:48 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-07-20 17:40:48 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2012-07-20 15:57:10 -------- d-----w- c:\documents and settings\jeff\application data\Malwarebytes
2012-07-20 15:56:47 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-07-20 15:56:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-20 15:56:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-20 03:04:06 -------- d-----w- c:\documents and settings\jeff\application data\Symantec
2012-07-20 03:03:02 94208 ----a-w- c:\windows\system32\msstkprp.dll
2012-07-20 03:03:00 -------- d-----w- c:\program files\Speed Disk
2012-07-20 03:02:04 -------- d-----w- c:\documents and settings\jeff\WINDOWS
2012-07-20 03:00:41 -------- d-----w- c:\documents and settings\all users\application data\Symantec
2012-07-20 02:58:49 34354 ----a-w- c:\windows\system32\drivers\NPDRIVER.SYS
2012-07-20 02:58:47 368912 ----a-w- c:\windows\system32\VBAR332.DLL
2012-07-20 02:58:47 24848 ----a-w- c:\windows\system32\MSJTER35.DLL
2012-07-20 02:58:46 570128 ----a-w- c:\program files\common files\microsoft shared\dao\DAO350.DLL
2012-07-20 02:58:46 31744 ----a-w- c:\windows\system32\S32STAT.DLL
2012-07-20 02:58:46 252176 ----a-w- c:\windows\system32\MSRD2X35.DLL
2012-07-20 02:58:46 123664 ----a-w- c:\windows\system32\MSJINT35.DLL
2012-07-20 02:58:46 1046288 ----a-w- c:\windows\system32\MSJET35.DLL
2012-07-20 02:58:42 617472 ----a-w- c:\windows\system32\COMCTL32.NU6
2012-07-20 02:58:42 -------- d-----w- c:\program files\Norton Utilities
2012-07-20 02:57:43 306688 ----a-w- c:\windows\IsUninst.exe
2012-07-19 22:38:37 -------- d-----w- c:\windows\pss
2012-07-19 22:10:00 -------- d-----w- c:\documents and settings\jeff\local settings\application data\Google
2012-07-18 20:25:21 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-07-18 20:23:48 41224 ----a-w- c:\windows\avastSS.scr
2012-07-18 18:42:30 770384 ----a-w- c:\program files\mozilla firefox\msvcr100.dll
2012-07-18 18:42:30 421200 ----a-w- c:\program files\mozilla firefox\msvcp100.dll
2012-07-18 18:26:34 -------- d-----w- c:\documents and settings\jeff\application data\Dropbox
.
==================== Find3M ====================
.
2012-06-13 13:19:59 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 17:13:02 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-05 17:13:02 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-05 15:50:25 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 19:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 19:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 19:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 19:18:58 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 19:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-11 14:42:33 43520 ------w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42:33 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38:02 385024 ------w- c:\windows\system32\html.iec
2012-05-07 04:38:19 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
2012-05-07 04:38:19 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-05-04 13:12:30 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32:19 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-28 18:05:16 25488 ----a-w- c:\windows\system32\drivers\gizmodrv.sys
.
============= FINISH: 11:14:13.98 ===============


-------------------------------------------------

GMER RESULTS

--------------------------------------------------

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-07-22 15:42:27
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST980815A rev.3.ADE
Running: b2qrjhf4.exe; Driver: C:\DOCUME~1\Jeff\LOCALS~1\Temp\fwldapoc.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xACDBD536]
SSDT 868E6C38 ZwAlertResumeThread
SSDT 868E7360 ZwAlertThread
SSDT 86921B78 ZwAllocateVirtualMemory
SSDT 869C61D8 ZwAssignProcessToJobObject
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xACDFDC31]
SSDT 86A6E3E8 ZwConnectPort
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xACDC8D7A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xACDC8DC6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xACDC8F48]
SSDT \??\C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xB21AE710]
SSDT 86B44F28 ZwCreateMutant
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xACDC8E0A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xACDC8D30]
SSDT 867BB2E0 ZwCreateSymbolicLinkObject
SSDT 86A7A118 ZwCreateThread
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xACDC8F02]
SSDT 869ACFD0 ZwDebugActiveProcess
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xACDBD584]
SSDT \??\C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xB21AE990]
SSDT \??\C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xB21AEEF0]
SSDT 867C8BC0 ZwDuplicateObject
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xACDFE162]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xACDFDFCD]
SSDT 8680D750 ZwFreeVirtualMemory
SSDT 868E2600 ZwImpersonateAnonymousToken
SSDT 868E6B60 ZwImpersonateThread
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xACDBD1EC]
SSDT 86A758E8 ZwMapViewOfSection
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xACDBD5D2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xACDC22A8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xACDBF292]
SSDT 869A8970 ZwOpenEvent
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xACDC8DE8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xACDC8F6C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xACDFD941]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xACDC8D0E]
SSDT 8681AE50 ZwOpenProcess
SSDT 86A861A0 ZwOpenProcessToken
SSDT 869AA580 ZwOpenSection
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xACDC8D58]
SSDT 86819570 ZwOpenThread
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xACDC8F26]
SSDT 867BC3D8 ZwProtectVirtualMemory
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xACDFDE48]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xACDBF15E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xACDFDC9A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThread [0xACDBED08]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xACE72338]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xACDFCC58]
SSDT 868E7438 ZwResumeThread
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xACDBD620]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xACDBD66E]
SSDT 86A90C28 ZwSetContextThread
SSDT 867ADCB8 ZwSetInformationProcess
SSDT 869AC568 ZwSetSystemInformation
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xACDBD426]
SSDT \??\C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xB21AF140]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xACDBD3CC]
SSDT 869AAA80 ZwSuspendProcess
SSDT 86A7B930 ZwSuspendThread
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xACDBD496]
SSDT 86ABA788 ZwTerminateProcess
SSDT 85E611D0 ZwTerminateThread
SSDT 86AA02D8 ZwUnmapViewOfSection
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xACDBD6BC]
SSDT 86812570 ZwWriteVirtualMemory

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xACE7E744]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 23F8 80501C08 4 Bytes [E8, E3, A6, 86]
.text ntkrnlpa.exe!ZwCallbackReturn + 2444 80501C54 20 Bytes [0A, 8E, DC, AC, 30, 8D, DC, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 2478 80501C88 4 Bytes [90, E9, 1A, B2]
.text ntkrnlpa.exe!ZwCallbackReturn + 252C 80501D3C 8 Bytes [E8, 58, A7, 86, D2, D5, DB, ...] {CALL 0xffffffffd286a75d; AAD 0xdb; LODSB }
.text ntkrnlpa.exe!ZwCallbackReturn + 26C8 80501ED8 12 Bytes [20, D6, DB, AC, 6E, D6, DB, ...]
.text ...
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 8059B8D6 4 Bytes CALL ACDBF943 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805B1D9E 5 Bytes JMP ACE7B61C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 805B8C16 5 Bytes JMP ACE7D0FE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805C74C0 7 Bytes JMP ACE7E748 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
? SYMDS.SYS The system cannot find the file specified. !
? SYMEFA.SYS The system cannot find the file specified. !
.text win32k.sys!EngFreeUserMem + 674 BF80992D 5 Bytes JMP ACDC38C0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFreeUserMem + 35D0 BF80C889 5 Bytes JMP ACDC37B0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSurface + 45 BF813921 5 Bytes JMP ACDC376A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngSetLastError + 79A8 BF8240FB 5 Bytes JMP ACDC2538 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateBitmap + F9C BF828A65 5 Bytes JMP ACDC3A2A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + 2C50 BF8314B0 5 Bytes JMP ACDC3C32 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + B687 BF839EE7 5 Bytes JMP ACDC3670 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!FONTOBJ_pxoGetXform + 84ED BF851775 5 Bytes JMP ACDC23FC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 3581 BF85E314 5 Bytes JMP ACDC2992 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 360C BF85E39F 5 Bytes JMP ACDC2C58 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + 5457 BF8649E1 5 Bytes JMP ACDC37FA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetCurrentCodePage + 35FB BF8731DB 5 Bytes JMP ACDC2A52 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetCurrentCodePage + 4138 BF873D18 5 Bytes JMP ACDC2C12 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetLastError + 1606 BF890E16 5 Bytes JMP ACDC2EF6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 26EE BF8943C1 5 Bytes JMP ACDC3972 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBltROP + 583 BF894E99 5 Bytes JMP ACDC3B90 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCopyBits + 4DF7 BF89D7E3 5 Bytes JMP ACDC25A8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngEraseSurface + A9E0 BF8C1D20 5 Bytes JMP ACDC26B8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1517 BF8CA1B1 5 Bytes JMP ACDC2790 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1797 BF8CA431 5 Bytes JMP ACDC28BC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 1A2F BF9142E4 5 Bytes JMP ACDC24D4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 2603 BF914EB8 5 Bytes JMP ACDC2664 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 4F7C BF917831 5 Bytes JMP ACDC2D72 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 1947 BF947980 5 Bytes JMP ACDC3AE8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\wuauclt.exe[248] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A01F8
.text C:\WINDOWS\system32\wuauclt.exe[248] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\wuauclt.exe[248] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000A03FC
.text C:\WINDOWS\system32\wuauclt.exe[248] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\wuauclt.exe[248] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\system32\wuauclt.exe[248] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\wuauclt.exe[248] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\wuauclt.exe[248] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\system32\wuauclt.exe[248] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\system32\wuauclt.exe[248] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\wuauclt.exe[248] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\wuauclt.exe[248] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\wuauclt.exe[248] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
.text C:\WINDOWS\system32\wuauclt.exe[248] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
.text C:\WINDOWS\system32\wuauclt.exe[248] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
.text C:\WINDOWS\system32\wuauclt.exe[248] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
.text C:\WINDOWS\system32\wuauclt.exe[248] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[332] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[332] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[332] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[504] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[504] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[768] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[768] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\smss.exe[1032] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[1052] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[1052] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[1092] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[1092] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[1092] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[1092] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[1092] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[1092] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[1092] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[1092] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[1092] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[1092] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[1092] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[1092] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[1092] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[1092] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[1092] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[1092] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[1092] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\csrss.exe[1112] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[1112] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[1152] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[1152] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[1196] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[1196] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[1208] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[1208] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1368] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1368] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[1388] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[1388] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1404] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Google\Update\GoogleUpdate.exe[1420] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Google\Update\GoogleUpdate.exe[1420] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Google\Update\GoogleUpdate.exe[1420] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Google\Update\GoogleUpdate.exe[1420] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Google\Update\GoogleUpdate.exe[1420] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Google\Update\GoogleUpdate.exe[1420] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Google\Update\GoogleUpdate.exe[1420] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Google\Update\GoogleUpdate.exe[1420] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Google\Update\GoogleUpdate.exe[1420] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Google\Update\GoogleUpdate.exe[1420] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Google\Update\GoogleUpdate.exe[1420] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Google\Update\GoogleUpdate.exe[1420] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Google\Update\GoogleUpdate.exe[1420] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\Google\Update\GoogleUpdate.exe[1420] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\Google\Update\GoogleUpdate.exe[1420] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\Google\Update\GoogleUpdate.exe[1420] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\Google\Update\GoogleUpdate.exe[1420] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\WINDOWS\system32\svchost.exe[1488] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1488] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[1524] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\alg.exe[1524] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[1524] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\alg.exe[1524] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[1524] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\alg.exe[1524] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\alg.exe[1524] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\alg.exe[1524] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\alg.exe[1524] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\alg.exe[1524] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\System32\alg.exe[1524] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\System32\alg.exe[1524] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\System32\alg.exe[1524] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\System32\alg.exe[1524] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\System32\alg.exe[1524] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\alg.exe[1524] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\System32\alg.exe[1524] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text C:\WINDOWS\System32\svchost.exe[1564] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1564] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1628] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1628] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1732] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1732] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[1768] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[1768] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1840] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1840] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1880] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1880] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1880] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1880] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1880] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1880] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1880] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1880] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1880] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1880] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1880] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1880] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1880] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1880] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1880] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1880] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1880] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
.text C:\WINDOWS\system32\svchost.exe[1980] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1980] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Documents and Settings\Jeff\Desktop\b2qrjhf4.exe[2092] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Documents and Settings\Jeff\Desktop\b2qrjhf4.exe[2092] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Gizmo\gservice.exe[2644] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\Gizmo\gservice.exe[2644] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Gizmo\gservice.exe[2644] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\Gizmo\gservice.exe[2644] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Gizmo\gservice.exe[2644] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00381014
.text C:\Program Files\Gizmo\gservice.exe[2644] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00380804
.text C:\Program Files\Gizmo\gservice.exe[2644] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00380A08
.text C:\Program Files\Gizmo\gservice.exe[2644] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00380C0C
.text C:\Program Files\Gizmo\gservice.exe[2644] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00380E10
.text C:\Program Files\Gizmo\gservice.exe[2644] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003801F8
.text C:\Program Files\Gizmo\gservice.exe[2644] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003803FC
.text C:\Program Files\Gizmo\gservice.exe[2644] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00380600
.text C:\Program Files\Gizmo\gservice.exe[2644] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\Program Files\Gizmo\gservice.exe[2644] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\Program Files\Gizmo\gservice.exe[2644] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\Program Files\Gizmo\gservice.exe[2644] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\Program Files\Gizmo\gservice.exe[2644] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\Program Files\Apoint\Apoint.exe[3024] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\Apoint\Apoint.exe[3024] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Apoint\Apoint.exe[3024] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\Apoint\Apoint.exe[3024] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Apoint\Apoint.exe[3024] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text C:\Program Files\Apoint\Apoint.exe[3024] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text C:\Program Files\Apoint\Apoint.exe[3024] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text C:\Program Files\Apoint\Apoint.exe[3024] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text C:\Program Files\Apoint\Apoint.exe[3024] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text C:\Program Files\Apoint\Apoint.exe[3024] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Apoint\Apoint.exe[3024] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Apoint\Apoint.exe[3024] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Apoint\Apoint.exe[3024] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Apoint\Apoint.exe[3024] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Apoint\Apoint.exe[3024] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Apoint\Apoint.exe[3024] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Apoint\Apoint.exe[3024] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[3044] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[3044] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[3044] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[3044] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[3044] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 007F1014
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[3044] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 007F0804
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[3044] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 007F0A08
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[3044] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 007F0C0C
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[3044] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 007F0E10
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[3044] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 007F01F8
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[3044] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 007F03FC
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[3044] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 007F0600
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[3044] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00800804
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[3044] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00800A08
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[3044] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00800600
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[3044] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 008001F8
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[3044] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 008003FC
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3060] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3060] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3060] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3060] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3060] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00731014
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3060] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00730804
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3060] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00730A08
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3060] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00730C0C
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3060] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00730E10
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3060] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 007301F8
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3060] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 007303FC
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3060] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00730600
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3060] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00740804
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3060] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00740A08
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3060] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00740600
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3060] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 007401F8
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3060] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 007403FC
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[3088] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[3088] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[3088] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[3088] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[3088] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[3088] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[3088] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[3088] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[3088] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[3088] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[3088] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[3088] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[3088] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[3088] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[3088] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[3088] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[3088] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[3100] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[3100] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Norton Utilities\NPROTECT.EXE[3256] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\Norton Utilities\NPROTECT.EXE[3256] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Norton Utilities\NPROTECT.EXE[3256] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\Norton Utilities\NPROTECT.EXE[3256] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Norton Utilities\NPROTECT.EXE[3256] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text C:\Program Files\Norton Utilities\NPROTECT.EXE[3256] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text C:\Program Files\Norton Utilities\NPROTECT.EXE[3256] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text C:\Program Files\Norton Utilities\NPROTECT.EXE[3256] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text C:\Program Files\Norton Utilities\NPROTECT.EXE[3256] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text C:\Program Files\Norton Utilities\NPROTECT.EXE[3256] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Norton Utilities\NPROTECT.EXE[3256] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Norton Utilities\NPROTECT.EXE[3256] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Norton Utilities\NPROTECT.EXE[3256] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Norton Utilities\NPROTECT.EXE[3256] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Norton Utilities\NPROTECT.EXE[3256] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Norton Utilities\NPROTECT.EXE[3256] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Norton Utilities\NPROTECT.EXE[3256] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Apoint\Apntex.exe[3328] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\Apoint\Apntex.exe[3328] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Apoint\Apntex.exe[3328] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\Apoint\Apntex.exe[3328] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Apoint\Apntex.exe[3328] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text C:\Program Files\Apoint\Apntex.exe[3328] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text C:\Program Files\Apoint\Apntex.exe[3328] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text C:\Program Files\Apoint\Apntex.exe[3328] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text C:\Program Files\Apoint\Apntex.exe[3328] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text C:\WINDOWS\system32\ctfmon.exe[3384] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A01F8
.text C:\WINDOWS\system32\ctfmon.exe[3384] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[3384] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000A03FC
.text C:\WINDOWS\system32\ctfmon.exe[3384] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[3384] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\system32\ctfmon.exe[3384] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\ctfmon.exe[3384] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\ctfmon.exe[3384] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\system32\ctfmon.exe[3384] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\system32\ctfmon.exe[3384] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\ctfmon.exe[3384] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\ctfmon.exe[3384] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\ctfmon.exe[3384] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
.text C:\WINDOWS\system32\ctfmon.exe[3384] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
.text C:\WINDOWS\system32\ctfmon.exe[3384] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
.text C:\WINDOWS\system32\ctfmon.exe[3384] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
.text C:\WINDOWS\system32\ctfmon.exe[3384] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3448] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3448] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3448] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3448] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3448] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00381014
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3448] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00380804
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3448] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00380A08
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3448] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00380C0C
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3448] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00380E10
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3448] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003801F8
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3448] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003803FC
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3448] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00380600
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3448] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3448] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3448] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3448] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3448] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[3504] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[3504] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[3504] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[3504] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[3504] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00651014
.text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[3504] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00650804
.text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[3504] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00650A08
.text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[3504] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00650C0C
.text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[3504] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00650E10
.text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[3504] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 006501F8
.text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[3504] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 006503FC
.text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[3504] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00650600
.text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[3504] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00660804
.text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[3504] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00660A08
.text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[3504] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00660600
.text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[3504] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 006601F8
.text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[3504] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 006603FC
.text C:\Program Files\Speed Disk\nopdb.exe[3732] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\Speed Disk\nopdb.exe[3732] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Speed Disk\nopdb.exe[3732] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\Speed Disk\nopdb.exe[3732] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Speed Disk\nopdb.exe[3732] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text C:\Program Files\Speed Disk\nopdb.exe[3732] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text C:\Program Files\Speed Disk\nopdb.exe[3732] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text C:\Program Files\Speed Disk\nopdb.exe[3732] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text C:\Program Files\Speed Disk\nopdb.exe[3732] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text C:\Program Files\Speed Disk\nopdb.exe[3732] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Speed Disk\nopdb.exe[3732] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Speed Disk\nopdb.exe[3732] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Speed Disk\nopdb.exe[3732] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Speed Disk\nopdb.exe[3732] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Speed Disk\nopdb.exe[3732] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Speed Disk\nopdb.exe[3732] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Speed Disk\nopdb.exe[3732] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\WINDOWS\system32\SearchIndexer.exe[3920] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000D01F8
.text C:\WINDOWS\system32\SearchIndexer.exe[3920] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\SearchIndexer.exe[3920] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000D03FC
.text C:\WINDOWS\system32\SearchIndexer.exe[3920] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text C:\WINDOWS\system32\SearchIndexer.exe[3920] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\SearchIndexer.exe[3920] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00311014
.text C:\WINDOWS\system32\SearchIndexer.exe[3920] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\SearchIndexer.exe[3920] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\SearchIndexer.exe[3920] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00310C0C
.text C:\WINDOWS\system32\SearchIndexer.exe[3920] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00310E10
.text C:\WINDOWS\system32\SearchIndexer.exe[3920] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\SearchIndexer.exe[3920] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003103FC
.text C:\WINDOWS\system32\SearchIndexer.exe[3920] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\SearchIndexer.exe[3920] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00320804
.text C:\WINDOWS\system32\SearchIndexer.exe[3920] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00320A08
.text C:\WINDOWS\system32\SearchIndexer.exe[3920] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00320600
.text C:\WINDOWS\system32\SearchIndexer.exe[3920] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003201F8
.text C:\WINDOWS\system32\SearchIndexer.exe[3920] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003203FC

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip AswRdr.SYS (avast! TDI Redirect Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp AswRdr.SYS (avast! TDI Redirect Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp AswRdr.SYS (avast! TDI Redirect Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp AswRdr.SYS (avast! TDI Redirect Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- Files - GMER 1.0.15 ----

File C:\RECYCLER\NPROTECT\00004630 2576 bytes

---- EOF - GMER 1.0.15 ----

BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,743 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:45 AM

Posted 27 July 2012 - 03:15 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/461935 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows, you should not bother creating a GMER log.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,743 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:45 AM

Posted 01 August 2012 - 03:20 PM

Hello again!

I haven't heard from you in 5 days. Therefore, I am going to assume that you no longer need our help, and close this topic.

If you do still need help, please send a Private Message to any Moderator within the next five days. Be sure to include a link to your topic in your Private Message.

Thank you for using Bleeping Computer, and have a great day!

#4 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:45 PM

Posted 01 August 2012 - 03:49 PM

This topic has been re-opened at the request of the person who originally posted.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:45 AM

Posted 02 August 2012 - 08:30 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

If you have a CD Emulator Software (Daemon Tools, Alcohol etc) installed, the drivers this software uses can interfere with the Anti-Rootkit tools we use. These interferences can take a few forms, like GMER crashing or causing BSODs, or Rootkit scans produces large amounts of FPs and general dross. This 'dross' often makes it hard to differentiate between genuine malicious Rootkits, and the legitimate drivers used by CM Emulators.

Disable the CD emulators....

Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed. Or when this computer is clean.

HOW TO: Enable the CD Emulators... < restore only when we are finished.

To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

Your Emulation drivers are now re-enabled.
===

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please post the logs for my review.

#6 Jeff_whoa

Jeff_whoa
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:11:45 PM

Posted 06 August 2012 - 11:09 AM

Thanks for your help. It has taken longer than expected to post. I should have the logs finished by the end of the day.

#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:45 AM

Posted 12 August 2012 - 08:55 AM

Are you still with me?

#8 Jeff_whoa

Jeff_whoa
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:11:45 PM

Posted 12 August 2012 - 09:08 AM

Yes. Unfortunately the computer in question was the only one I had access to this week and it won't access the net at the moment. (I am on my phone right now. ) I have everything on a jump drive and try and get to another computer to post later today. Thanks for your patience.

#9 Jeff_whoa

Jeff_whoa
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:11:45 PM

Posted 12 August 2012 - 05:50 PM

Ok. Here they are.
----------------------------------------------------------------


17:35:56.0664 1344 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
17:35:56.0929 1344 ============================================================
17:35:56.0929 1344 Current date / time: 2012/08/10 17:35:56.0929
17:35:56.0929 1344 SystemInfo:
17:35:56.0929 1344
17:35:56.0929 1344 OS Version: 5.1.2600 ServicePack: 3.0
17:35:56.0929 1344 Product type: Workstation
17:35:56.0929 1344 ComputerName: PROPHET
17:35:56.0929 1344 UserName: Jeff
17:35:56.0929 1344 Windows directory: C:\WINDOWS
17:35:56.0929 1344 System windows directory: C:\WINDOWS
17:35:56.0929 1344 Processor architecture: Intel x86
17:35:56.0929 1344 Number of processors: 1
17:35:56.0929 1344 Page size: 0x1000
17:35:56.0929 1344 Boot type: Normal boot
17:35:56.0929 1344 ============================================================
17:35:59.0460 1344 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
17:35:59.0507 1344 Drive \Device\Harddisk1\DR4 - Size: 0x774488000 (29.82 Gb), SectorSize: 0x200, Cylinders: 0xF34, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
17:35:59.0507 1344 ============================================================
17:35:59.0507 1344 \Device\Harddisk0\DR0:
17:35:59.0553 1344 MBR partitions:
17:35:59.0553 1344 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950A5C1
17:35:59.0553 1344 \Device\Harddisk1\DR4:
17:35:59.0553 1344 MBR partitions:
17:35:59.0553 1344 \Device\Harddisk1\DR4\Partition0: MBR, Type 0xC, StartLBA 0x20, BlocksNum 0x3BA9F9F
17:35:59.0553 1344 ============================================================
17:35:59.0725 1344 C: <-> \Device\Harddisk0\DR0\Partition0
17:35:59.0725 1344 ============================================================
17:35:59.0725 1344 Initialize success
17:35:59.0725 1344 ============================================================
17:41:26.0920 3112 ============================================================
17:41:26.0920 3112 Scan started
17:41:26.0920 3112 Mode: Manual;
17:41:26.0920 3112 ============================================================
17:41:27.0701 3112 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
17:41:27.0748 3112 !SASCORE - ok
17:41:28.0294 3112 Aavmker4 (0b27ae82c113d3687024d18459440426) C:\WINDOWS\system32\drivers\Aavmker4.sys
17:41:28.0294 3112 Aavmker4 - ok
17:41:28.0310 3112 Abiosdsk - ok
17:41:28.0310 3112 abp480n5 - ok
17:41:28.0482 3112 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:41:28.0576 3112 ACPI - ok
17:41:28.0654 3112 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
17:41:28.0669 3112 ACPIEC - ok
17:41:28.0669 3112 adpu160m - ok
17:41:28.0763 3112 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
17:41:28.0826 3112 aec - ok
17:41:28.0919 3112 AegisP (375eb0b97e3950adef3633c27a82438b) C:\WINDOWS\system32\DRIVERS\AegisP.sys
17:41:28.0919 3112 AegisP - ok
17:41:29.0060 3112 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
17:41:29.0138 3112 AFD - ok
17:41:29.0138 3112 Aha154x - ok
17:41:29.0154 3112 aic78u2 - ok
17:41:29.0169 3112 aic78xx - ok
17:41:29.0263 3112 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
17:41:29.0279 3112 Alerter - ok
17:41:29.0325 3112 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
17:41:29.0341 3112 ALG - ok
17:41:29.0341 3112 AliIde - ok
17:41:29.0357 3112 amsint - ok
17:41:29.0482 3112 ApfiltrService (aeb775a2bae0f392ba6adc0bb706233a) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
17:41:29.0544 3112 ApfiltrService - ok
17:41:29.0700 3112 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
17:41:29.0794 3112 AppMgmt - ok
17:41:29.0888 3112 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
17:41:29.0919 3112 Arp1394 - ok
17:41:29.0935 3112 asc - ok
17:41:29.0935 3112 asc3350p - ok
17:41:29.0950 3112 asc3550 - ok
17:41:30.0216 3112 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
17:41:30.0232 3112 aspnet_state - ok
17:41:30.0325 3112 aswFsBlk (1c1f3d6dddc046c920c493a779649f66) C:\WINDOWS\system32\drivers\aswFsBlk.sys
17:41:30.0341 3112 aswFsBlk - ok
17:41:30.0435 3112 aswMon2 (9e912fe7b41650701ef2b227aca440f3) C:\WINDOWS\system32\drivers\aswMon2.sys
17:41:30.0497 3112 aswMon2 - ok
17:41:30.0544 3112 AswRdr (982e275d1c5801042fe94209fb0160fb) C:\WINDOWS\system32\drivers\AswRdr.sys
17:41:30.0560 3112 AswRdr - ok
17:41:30.0919 3112 aswSnx (73dbcf808e00580f2a47f93dd9b03876) C:\WINDOWS\system32\drivers\aswSnx.sys
17:41:31.0263 3112 aswSnx - ok
17:41:31.0497 3112 aswSP (6cbd7d3a33f498d09c831cdd732da2e0) C:\WINDOWS\system32\drivers\aswSP.sys
17:41:31.0669 3112 aswSP - ok
17:41:31.0700 3112 aswTdi (7109a9aa551f37cd168c02368465957e) C:\WINDOWS\system32\drivers\aswTdi.sys
17:41:31.0731 3112 aswTdi - ok
17:41:31.0747 3112 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:41:31.0762 3112 AsyncMac - ok
17:41:31.0825 3112 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
17:41:31.0825 3112 atapi - ok
17:41:31.0825 3112 Atdisk - ok
17:41:32.0106 3112 Ati HotKey Poller (abc57a6f6070baf9786c318f59f29f0b) C:\WINDOWS\system32\Ati2evxx.exe
17:41:32.0294 3112 Ati HotKey Poller - ok
17:41:33.0043 3112 ati2mtag (03621f7f968ff63713943405deb777f9) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
17:41:33.0606 3112 ati2mtag - ok
17:41:33.0731 3112 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:41:33.0746 3112 Atmarpc - ok
17:41:33.0840 3112 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
17:41:33.0856 3112 AudioSrv - ok
17:41:33.0934 3112 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
17:41:33.0934 3112 audstub - ok
17:41:34.0121 3112 avast! Antivirus (2f7c0f3e39c45e0127fb78b2f18a41f3) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
17:41:34.0153 3112 avast! Antivirus - ok
17:41:34.0262 3112 bcm4sbxp (78123f44be9e4768852a3a017e02d637) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
17:41:34.0278 3112 bcm4sbxp - ok
17:41:34.0371 3112 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
17:41:34.0371 3112 Beep - ok
17:41:35.0012 3112 BHDrvx86 (a503d32ae26f77cb942aed530112edaa) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120531.001\BHDrvx86.sys
17:41:35.0402 3112 BHDrvx86 - ok
17:41:35.0668 3112 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
17:41:35.0855 3112 BITS - ok
17:41:35.0980 3112 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
17:41:36.0012 3112 Browser - ok
17:41:36.0027 3112 bvrp_pci - ok
17:41:36.0105 3112 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
17:41:36.0121 3112 cbidf2k - ok
17:41:36.0121 3112 cd20xrnt - ok
17:41:36.0152 3112 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
17:41:36.0152 3112 Cdaudio - ok
17:41:36.0261 3112 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
17:41:36.0293 3112 Cdfs - ok
17:41:36.0340 3112 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:41:36.0371 3112 Cdrom - ok
17:41:36.0371 3112 Changer - ok
17:41:36.0449 3112 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
17:41:36.0449 3112 CiSvc - ok
17:41:36.0527 3112 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
17:41:36.0543 3112 ClipSrv - ok
17:41:36.0871 3112 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:41:36.0918 3112 clr_optimization_v2.0.50727_32 - ok
17:41:36.0980 3112 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
17:41:36.0996 3112 CmBatt - ok
17:41:37.0011 3112 CmdIde - ok
17:41:37.0074 3112 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
17:41:37.0074 3112 Compbatt - ok
17:41:37.0089 3112 COMSysApp - ok
17:41:37.0105 3112 Cpqarray - ok
17:41:37.0246 3112 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
17:41:37.0277 3112 CryptSvc - ok
17:41:37.0292 3112 dac2w2k - ok
17:41:37.0308 3112 dac960nt - ok
17:41:37.0589 3112 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
17:41:37.0808 3112 DcomLaunch - ok
17:41:38.0089 3112 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
17:41:38.0152 3112 Dhcp - ok
17:41:38.0183 3112 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
17:41:38.0199 3112 Disk - ok
17:41:38.0214 3112 dmadmin - ok
17:41:38.0714 3112 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
17:41:39.0198 3112 dmboot - ok
17:41:39.0292 3112 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
17:41:39.0370 3112 dmio - ok
17:41:39.0417 3112 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
17:41:39.0417 3112 dmload - ok
17:41:39.0480 3112 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
17:41:39.0480 3112 dmserver - ok
17:41:39.0526 3112 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
17:41:39.0558 3112 DMusic - ok
17:41:39.0651 3112 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
17:41:39.0683 3112 Dnscache - ok
17:41:39.0808 3112 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
17:41:39.0886 3112 Dot3svc - ok
17:41:39.0901 3112 dpti2o - ok
17:41:39.0948 3112 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
17:41:39.0964 3112 drmkaud - ok
17:41:40.0026 3112 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
17:41:40.0058 3112 EapHost - ok
17:41:40.0401 3112 eeCtrl (fce87ba643d5e9a8b6e0378508d1b22d) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
17:41:40.0573 3112 eeCtrl - ok
17:41:40.0667 3112 EraserUtilRebootDrv (115dc729465a8c386615207f28875255) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
17:41:40.0714 3112 EraserUtilRebootDrv - ok
17:41:40.0807 3112 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
17:41:40.0807 3112 ERSvc - ok
17:41:40.0932 3112 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
17:41:40.0995 3112 Eventlog - ok
17:41:41.0198 3112 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
17:41:41.0323 3112 EventSystem - ok
17:41:41.0713 3112 EvtEng (4c6fa3fd55087b7c35707068723a1710) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
17:41:42.0041 3112 EvtEng - ok
17:41:42.0416 3112 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
17:41:42.0479 3112 Fastfat - ok
17:41:42.0651 3112 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
17:41:42.0713 3112 FastUserSwitchingCompatibility - ok
17:41:42.0823 3112 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
17:41:42.0838 3112 Fdc - ok
17:41:42.0901 3112 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
17:41:42.0916 3112 Fips - ok
17:41:42.0932 3112 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
17:41:42.0948 3112 Flpydisk - ok
17:41:43.0057 3112 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
17:41:43.0104 3112 FltMgr - ok
17:41:43.0291 3112 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
17:41:43.0322 3112 FontCache3.0.0.0 - ok
17:41:43.0369 3112 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:41:43.0369 3112 Fs_Rec - ok
17:41:43.0463 3112 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:41:43.0510 3112 Ftdisk - ok
17:41:43.0604 3112 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
17:41:43.0635 3112 GEARAspiWDM - ok
17:41:43.0729 3112 Gizmo Central (b1c9b932f5a728800ab9c2c88c92594a) C:\Program Files\Gizmo\gservice.exe
17:41:43.0744 3112 Gizmo Central - ok
17:41:43.0822 3112 GizmoDrv (e48da656df32eda6e5b9d06e3d410b49) C:\WINDOWS\system32\drivers\GizmoDrv.sys
17:41:43.0838 3112 GizmoDrv - ok
17:41:43.0932 3112 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:41:43.0947 3112 Gpc - ok
17:41:43.0979 3112 gupdate - ok
17:41:43.0994 3112 gupdatem - ok
17:41:44.0135 3112 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
17:41:44.0150 3112 helpsvc - ok
17:41:44.0166 3112 HidServ - ok
17:41:44.0244 3112 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
17:41:44.0275 3112 hkmsvc - ok
17:41:44.0291 3112 hpn - ok
17:41:44.0463 3112 HSFHWICH (a84bbbdd125d370593004f6429f8445c) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
17:41:44.0572 3112 HSFHWICH - ok
17:41:45.0150 3112 HSF_DPV (b678fa91cf4a1c19b462d8db04cd02ab) C:\WINDOWS\system32\DRIVERS\HSF_DPV.SYS
17:41:45.0634 3112 HSF_DPV - ok
17:41:45.0838 3112 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
17:41:46.0009 3112 HTTP - ok
17:41:46.0119 3112 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
17:41:46.0134 3112 HTTPFilter - ok
17:41:46.0150 3112 i2omgmt - ok
17:41:46.0150 3112 i2omp - ok
17:41:46.0291 3112 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:41:46.0322 3112 i8042prt - ok
17:41:46.0915 3112 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:41:47.0384 3112 idsvc - ok
17:41:47.0775 3112 IDSxpx86 (c924bf6d42b3d9292268ff1998596bd1) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120608.001\IDSxpx86.sys
17:41:47.0946 3112 IDSxpx86 - ok
17:41:48.0150 3112 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
17:41:48.0181 3112 Imapi - ok
17:41:48.0337 3112 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
17:41:48.0431 3112 ImapiService - ok
17:41:48.0446 3112 ini910u - ok
17:41:48.0462 3112 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
17:41:48.0462 3112 IntelIde - ok
17:41:48.0556 3112 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:41:48.0571 3112 intelppm - ok
17:41:48.0603 3112 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
17:41:48.0634 3112 Ip6Fw - ok
17:41:48.0696 3112 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:41:48.0727 3112 IpFilterDriver - ok
17:41:48.0806 3112 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:41:48.0821 3112 IpInIp - ok
17:41:48.0962 3112 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:41:49.0071 3112 IpNat - ok
17:41:49.0212 3112 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:41:49.0243 3112 IPSec - ok
17:41:49.0274 3112 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
17:41:49.0290 3112 IRENUM - ok
17:41:49.0337 3112 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:41:49.0352 3112 isapnp - ok
17:41:49.0384 3112 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:41:49.0399 3112 Kbdclass - ok
17:41:49.0524 3112 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
17:41:49.0602 3112 kmixer - ok
17:41:49.0712 3112 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
17:41:49.0759 3112 KSecDD - ok
17:41:49.0899 3112 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
17:41:49.0962 3112 lanmanserver - ok
17:41:50.0118 3112 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
17:41:50.0212 3112 lanmanworkstation - ok
17:41:50.0212 3112 lbrtfdc - ok
17:41:50.0305 3112 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
17:41:50.0321 3112 LmHosts - ok
17:41:50.0415 3112 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
17:41:50.0430 3112 mdmxsdk - ok
17:41:50.0493 3112 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
17:41:50.0524 3112 Messenger - ok
17:41:50.0586 3112 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
17:41:50.0586 3112 mnmdd - ok
17:41:50.0696 3112 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
17:41:50.0727 3112 mnmsrvc - ok
17:41:50.0821 3112 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
17:41:50.0836 3112 Modem - ok
17:41:50.0868 3112 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:41:50.0899 3112 Mouclass - ok
17:41:50.0930 3112 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
17:41:50.0961 3112 MountMgr - ok
17:41:51.0164 3112 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
17:41:51.0243 3112 MozillaMaintenance - ok
17:41:51.0258 3112 mraid35x - ok
17:41:51.0399 3112 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:41:51.0493 3112 MRxDAV - ok
17:41:51.0758 3112 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:41:51.0961 3112 MRxSmb - ok
17:41:51.0992 3112 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
17:41:52.0008 3112 MSDTC - ok
17:41:52.0024 3112 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
17:41:52.0039 3112 Msfs - ok
17:41:52.0039 3112 MSIServer - ok
17:41:52.0149 3112 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:41:52.0149 3112 MSKSSRV - ok
17:41:52.0164 3112 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:41:52.0164 3112 MSPCLOCK - ok
17:41:52.0242 3112 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
17:41:52.0242 3112 MSPQM - ok
17:41:52.0274 3112 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:41:52.0289 3112 mssmbios - ok
17:41:52.0430 3112 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
17:41:52.0492 3112 Mup - ok
17:41:52.0805 3112 N360 (e78a365cc3e0fbfc018a33dce01909f8) C:\Program Files\Norton Security Suite\Engine\5.2.1.3\ccSvcHst.exe
17:41:52.0914 3112 N360 - ok
17:41:53.0117 3112 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
17:41:53.0258 3112 napagent - ok
17:41:53.0555 3112 NAVENG (f11033730b38260b6892e837c457fb4b) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120609.016\NAVENG.SYS
17:41:53.0617 3112 NAVENG - ok
17:41:54.0383 3112 NAVEX15 (4e4e7c0259d3bb97de24a636c0e06aba) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120609.016\NAVEX15.SYS
17:41:55.0132 3112 NAVEX15 - ok
17:41:55.0632 3112 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
17:41:55.0726 3112 NDIS - ok
17:41:55.0788 3112 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:41:55.0820 3112 NdisTapi - ok
17:41:55.0835 3112 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:41:55.0851 3112 Ndisuio - ok
17:41:55.0913 3112 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:41:55.0960 3112 NdisWan - ok
17:41:56.0054 3112 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
17:41:56.0085 3112 NDProxy - ok
17:41:56.0179 3112 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
17:41:56.0195 3112 NetBIOS - ok
17:41:56.0288 3112 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
17:41:56.0382 3112 NetBT - ok
17:41:56.0491 3112 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
17:41:56.0570 3112 NetDDE - ok
17:41:56.0570 3112 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
17:41:56.0585 3112 NetDDEdsdm - ok
17:41:56.0632 3112 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:41:56.0648 3112 Netlogon - ok
17:41:56.0773 3112 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
17:41:56.0866 3112 Netman - ok
17:41:57.0069 3112 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:41:57.0179 3112 NetTcpPortSharing - ok
17:41:57.0273 3112 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
17:41:57.0304 3112 NIC1394 - ok
17:41:57.0507 3112 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
17:41:57.0663 3112 Nla - ok
17:41:57.0804 3112 NPDriver (a0738dec9cb6128e05bf9ab00c635b19) C:\WINDOWS\system32\Drivers\NPDRIVER.SYS
17:41:57.0851 3112 NPDriver - ok
17:41:57.0929 3112 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
17:41:57.0960 3112 Npfs - ok
17:41:58.0241 3112 NProtectService (93cbfd618f2416703f1e3db7c2a7d979) C:\Program Files\Norton Utilities\NPROTECT.EXE
17:41:58.0319 3112 NProtectService - ok
17:41:58.0616 3112 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
17:41:58.0866 3112 Ntfs - ok
17:41:58.0960 3112 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:41:58.0960 3112 NtLmSsp - ok
17:41:59.0225 3112 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
17:41:59.0475 3112 NtmsSvc - ok
17:41:59.0538 3112 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
17:41:59.0553 3112 Null - ok
17:41:59.0631 3112 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:41:59.0647 3112 NwlnkFlt - ok
17:41:59.0678 3112 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:41:59.0694 3112 NwlnkFwd - ok
17:41:59.0803 3112 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
17:41:59.0834 3112 ohci1394 - ok
17:41:59.0897 3112 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
17:41:59.0928 3112 Parport - ok
17:41:59.0944 3112 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
17:41:59.0959 3112 PartMgr - ok
17:42:00.0038 3112 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
17:42:00.0038 3112 ParVdm - ok
17:42:00.0084 3112 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
17:42:00.0131 3112 PCI - ok
17:42:00.0131 3112 PCIDump - ok
17:42:00.0178 3112 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
17:42:00.0178 3112 PCIIde - ok
17:42:00.0303 3112 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
17:42:00.0350 3112 Pcmcia - ok
17:42:00.0366 3112 PDCOMP - ok
17:42:00.0366 3112 PDFRAME - ok
17:42:00.0381 3112 PDRELI - ok
17:42:00.0397 3112 PDRFRAME - ok
17:42:00.0397 3112 perc2 - ok
17:42:00.0412 3112 perc2hib - ok
17:42:00.0569 3112 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
17:42:00.0569 3112 PlugPlay - ok
17:42:00.0584 3112 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:42:00.0584 3112 PolicyAgent - ok
17:42:00.0678 3112 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:42:00.0709 3112 PptpMiniport - ok
17:42:00.0803 3112 PRESONUS_AUDIOBOX_MIDI (ed7f742b0eacf745afb5b2fe5baec618) C:\WINDOWS\system32\drivers\psabusbm.sys
17:42:00.0819 3112 PRESONUS_AUDIOBOX_MIDI - ok
17:42:01.0053 3112 PRESONUS_AUDIOBOX_USB (dd02c038c7a24dd23aaa75595bec80ba) C:\WINDOWS\system32\Drivers\psabusbu.sys
17:42:01.0256 3112 PRESONUS_AUDIOBOX_USB - ok
17:42:01.0287 3112 PRESONUS_AUDIOBOX_WDM (08ac58a2bc1084e6eb4800b98368ccaa) C:\WINDOWS\system32\drivers\psabusba.sys
17:42:01.0303 3112 PRESONUS_AUDIOBOX_WDM - ok
17:42:01.0303 3112 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:42:01.0319 3112 ProtectedStorage - ok
17:42:01.0428 3112 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
17:42:01.0475 3112 PSched - ok
17:42:01.0568 3112 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:42:01.0584 3112 Ptilink - ok
17:42:01.0584 3112 ql1080 - ok
17:42:01.0600 3112 Ql10wnt - ok
17:42:01.0600 3112 ql12160 - ok
17:42:01.0615 3112 ql1240 - ok
17:42:01.0615 3112 ql1280 - ok
17:42:01.0647 3112 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:42:01.0647 3112 RasAcd - ok
17:42:01.0740 3112 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
17:42:01.0803 3112 RasAuto - ok
17:42:01.0865 3112 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:42:01.0897 3112 Rasl2tp - ok
17:42:02.0068 3112 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
17:42:02.0209 3112 RasMan - ok
17:42:02.0256 3112 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:42:02.0271 3112 RasPppoe - ok
17:42:02.0350 3112 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
17:42:02.0365 3112 Raspti - ok
17:42:02.0521 3112 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:42:02.0615 3112 Rdbss - ok
17:42:02.0631 3112 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:42:02.0646 3112 RDPCDD - ok
17:42:02.0849 3112 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:42:02.0959 3112 rdpdr - ok
17:42:03.0099 3112 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
17:42:03.0177 3112 RDPWD - ok
17:42:03.0349 3112 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
17:42:03.0443 3112 RDSessMgr - ok
17:42:03.0506 3112 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
17:42:03.0537 3112 redbook - ok
17:42:03.0849 3112 RegSrvc (8ac155995f5d10fc0d3ad949a1a68075) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
17:42:04.0068 3112 RegSrvc - ok
17:42:04.0130 3112 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
17:42:04.0162 3112 RemoteAccess - ok
17:42:04.0302 3112 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
17:42:04.0333 3112 RemoteRegistry - ok
17:42:04.0474 3112 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
17:42:04.0505 3112 RpcLocator - ok
17:42:04.0755 3112 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
17:42:04.0771 3112 RpcSs - ok
17:42:04.0880 3112 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
17:42:04.0958 3112 RSVP - ok
17:42:05.0505 3112 S24EventMonitor (131d50f081d2e29ebd1365b21f6b9736) C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
17:42:05.0943 3112 S24EventMonitor - ok
17:42:06.0052 3112 s24trans (e2c6abcbefb1d44f6aaeb1cd5d6062d4) C:\WINDOWS\system32\DRIVERS\s24trans.sys
17:42:06.0067 3112 s24trans - ok
17:42:06.0146 3112 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:42:06.0146 3112 SamSs - ok
17:42:06.0239 3112 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
17:42:06.0255 3112 SASDIFSV - ok
17:42:06.0302 3112 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
17:42:06.0333 3112 SASKUTIL - ok
17:42:06.0458 3112 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
17:42:06.0521 3112 SCardSvr - ok
17:42:06.0692 3112 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
17:42:06.0786 3112 Schedule - ok
17:42:06.0849 3112 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
17:42:06.0895 3112 sdbus - ok
17:42:06.0927 3112 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:42:06.0942 3112 Secdrv - ok
17:42:07.0020 3112 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
17:42:07.0052 3112 seclogon - ok
17:42:07.0099 3112 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
17:42:07.0130 3112 SENS - ok
17:42:07.0223 3112 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
17:42:07.0255 3112 Serial - ok
17:42:07.0333 3112 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
17:42:07.0348 3112 Sfloppy - ok
17:42:07.0598 3112 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
17:42:07.0833 3112 SharedAccess - ok
17:42:08.0098 3112 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
17:42:08.0114 3112 ShellHWDetection - ok
17:42:08.0130 3112 Simbad - ok
17:42:08.0130 3112 Sparrow - ok
17:42:08.0395 3112 Speed Disk service (8a3a2f3956bbc551a31c734bcd77419d) C:\Program Files\Speed Disk\nopdb.exe
17:42:08.0489 3112 Speed Disk service - ok
17:42:08.0583 3112 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
17:42:08.0583 3112 splitter - ok
17:42:08.0692 3112 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
17:42:08.0739 3112 Spooler - ok
17:42:08.0817 3112 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
17:42:08.0848 3112 sr - ok
17:42:08.0957 3112 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
17:42:09.0114 3112 srservice - ok
17:42:09.0504 3112 SRTSP (83726cf02eced69138948083e06b6eac) C:\WINDOWS\System32\Drivers\N360\0502010.003\SRTSP.SYS
17:42:09.0770 3112 SRTSP - ok
17:42:09.0832 3112 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\WINDOWS\system32\drivers\N360\0502010.003\SRTSPX.SYS
17:42:09.0848 3112 SRTSPX - ok
17:42:10.0129 3112 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
17:42:10.0317 3112 Srv - ok
17:42:10.0426 3112 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
17:42:10.0473 3112 SSDPSRV - ok
17:42:10.0660 3112 STAC97 (305cc42945a713347f978d78566113f3) C:\WINDOWS\system32\drivers\STAC97.sys
17:42:10.0785 3112 STAC97 - ok
17:42:11.0020 3112 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
17:42:11.0238 3112 stisvc - ok
17:42:11.0316 3112 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
17:42:11.0332 3112 swenum - ok
17:42:11.0426 3112 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
17:42:11.0457 3112 swmidi - ok
17:42:11.0457 3112 SwPrv - ok
17:42:11.0473 3112 symc810 - ok
17:42:11.0488 3112 symc8xx - ok
17:42:11.0738 3112 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\WINDOWS\system32\drivers\N360\0502010.003\SYMDS.SYS
17:42:11.0894 3112 SymDS - ok
17:42:12.0285 3112 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\WINDOWS\system32\drivers\N360\0502010.003\SYMEFA.SYS
17:42:12.0675 3112 SymEFA - ok
17:42:12.0894 3112 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\Program Files\Symantec\SYMEVENT.SYS
17:42:12.0957 3112 SymEvent - ok
17:42:13.0113 3112 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\WINDOWS\system32\drivers\N360\0502010.003\Ironx86.SYS
17:42:13.0175 3112 SymIRON - ok
17:42:13.0394 3112 SYMTDI (336cace58f0359d5cbb1ae6b8a2fb205) C:\WINDOWS\System32\Drivers\N360\0502010.003\SYMTDI.SYS
17:42:13.0566 3112 SYMTDI - ok
17:42:13.0566 3112 sym_hi - ok
17:42:13.0581 3112 sym_u3 - ok
17:42:13.0660 3112 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
17:42:13.0691 3112 sysaudio - ok
17:42:13.0785 3112 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
17:42:13.0910 3112 SysmonLog - ok
17:42:14.0097 3112 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
17:42:14.0269 3112 TapiSrv - ok
17:42:14.0550 3112 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:42:14.0737 3112 Tcpip - ok
17:42:14.0831 3112 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
17:42:14.0831 3112 TDPIPE - ok
17:42:14.0862 3112 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
17:42:14.0878 3112 TDTCP - ok
17:42:14.0909 3112 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
17:42:14.0925 3112 TermDD - ok
17:42:15.0144 3112 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
17:42:15.0300 3112 TermService - ok
17:42:15.0440 3112 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
17:42:15.0456 3112 Themes - ok
17:42:15.0550 3112 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
17:42:15.0612 3112 TlntSvr - ok
17:42:15.0612 3112 TosIde - ok
17:42:15.0706 3112 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
17:42:15.0768 3112 TrkWks - ok
17:42:15.0815 3112 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
17:42:15.0862 3112 Udfs - ok
17:42:15.0878 3112 UIUSys - ok
17:42:15.0893 3112 ultra - ok
17:42:16.0159 3112 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
17:42:16.0362 3112 Update - ok
17:42:16.0487 3112 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
17:42:16.0596 3112 upnphost - ok
17:42:16.0643 3112 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
17:42:16.0659 3112 UPS - ok
17:42:16.0784 3112 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
17:42:16.0815 3112 usbaudio - ok
17:42:16.0846 3112 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:42:16.0893 3112 usbccgp - ok
17:42:16.0971 3112 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:42:17.0003 3112 usbehci - ok
17:42:17.0096 3112 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:42:17.0128 3112 usbhub - ok
17:42:17.0159 3112 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:42:17.0190 3112 USBSTOR - ok
17:42:17.0331 3112 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:42:17.0346 3112 usbuhci - ok
17:42:17.0409 3112 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
17:42:17.0409 3112 VgaSave - ok
17:42:17.0424 3112 ViaIde - ok
17:42:17.0502 3112 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
17:42:17.0518 3112 VolSnap - ok
17:42:17.0737 3112 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
17:42:18.0174 3112 VSS - ok
17:42:19.0315 3112 w29n51 (d6006de6a6ed423d8016a03bc50cbe6b) C:\WINDOWS\system32\DRIVERS\w29n51.sys
17:42:20.0424 3112 w29n51 - ok
17:42:20.0924 3112 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
17:42:21.0064 3112 W32Time - ok
17:42:21.0267 3112 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:42:21.0283 3112 Wanarp - ok
17:42:21.0299 3112 WDICA - ok
17:42:21.0392 3112 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
17:42:21.0439 3112 wdmaud - ok
17:42:21.0548 3112 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
17:42:21.0611 3112 WebClient - ok
17:42:22.0048 3112 winachsf (0c5b9cf1bdf998750d9c5eeb5f8c55ac) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
17:42:22.0408 3112 winachsf - ok
17:42:22.0626 3112 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
17:42:22.0736 3112 winmgmt - ok
17:42:23.0064 3112 WLANKEEPER (8880769b9f88918e27f8e7332aa1aa01) C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
17:42:23.0189 3112 WLANKEEPER - ok
17:42:23.0267 3112 WmdmPmSN (c7e39ea41233e9f5b86c8da3a9f1e4a8) C:\WINDOWS\system32\mspmsnsv.dll
17:42:23.0298 3112 WmdmPmSN - ok
17:42:23.0704 3112 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
17:42:23.0985 3112 Wmi - ok
17:42:24.0126 3112 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
17:42:24.0189 3112 WmiApSrv - ok
17:42:24.0345 3112 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
17:42:24.0392 3112 wscsvc - ok
17:42:24.0392 3112 WSearch - ok
17:42:24.0438 3112 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
17:42:24.0454 3112 wuauserv - ok
17:42:24.0782 3112 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
17:42:25.0016 3112 WZCSVC - ok
17:42:25.0110 3112 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
17:42:25.0188 3112 xmlprov - ok
17:42:25.0235 3112 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
17:42:25.0985 3112 \Device\Harddisk0\DR0 - ok
17:42:26.0001 3112 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR4
17:42:26.0001 3112 \Device\Harddisk1\DR4 - ok
17:42:26.0016 3112 Boot (0x1200) (efe107f56a057152f8dff92f39b15696) \Device\Harddisk0\DR0\Partition0
17:42:26.0016 3112 \Device\Harddisk0\DR0\Partition0 - ok
17:42:26.0032 3112 Boot (0x1200) (cbe3dee81bbc2479699b6b48b8992d0a) \Device\Harddisk1\DR4\Partition0
17:42:26.0032 3112 \Device\Harddisk1\DR4\Partition0 - ok
17:42:26.0032 3112 ============================================================
17:42:26.0032 3112 Scan finished
17:42:26.0032 3112 ============================================================
17:42:26.0048 0788 Detected object count: 0
17:42:26.0048 0788 Actual detected object count: 0
17:43:52.0341 0692 Deinitialize success


-------------------------------------------------------------------------------------------------






aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-10 17:50:25
-----------------------------
17:50:25.959 OS Version: Windows 5.1.2600 Service Pack 3
17:50:25.959 Number of processors: 1 586 0xD08
17:50:25.959 ComputerName: PROPHET UserName: Jeff
17:50:28.833 Initialize success
17:50:33.051 AVAST engine defs: 12070300
17:51:42.288 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
17:51:42.288 Disk 0 Vendor: ST980815A 3.ADE Size: 76319MB BusType: 3
17:51:42.397 Disk 0 MBR read successfully
17:51:42.397 Disk 0 MBR scan
17:51:42.397 Disk 0 Windows XP default MBR code
17:51:42.429 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76308 MB offset 63
17:51:42.460 Disk 0 scanning sectors +156280320
17:51:42.788 Disk 0 scanning C:\WINDOWS\system32\drivers
17:52:50.540 Service scanning
17:53:39.594 Modules scanning
17:54:51.408 Disk 0 trace - called modules:
17:54:51.455 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys
17:54:51.455 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86dcbab8]
17:54:51.455 3 CLASSPNP.SYS[f767bfd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86d2fd98]
17:54:53.064 AVAST engine scan C:\WINDOWS
17:55:31.213 AVAST engine scan C:\WINDOWS\system32
18:05:23.630 AVAST engine scan C:\WINDOWS\system32\drivers
18:06:46.630 AVAST engine scan C:\Documents and Settings\Jeff
18:09:20.119 AVAST engine scan C:\Documents and Settings\All Users
18:12:23.088 Scan finished successfully
18:20:00.794 Disk 0 MBR has been saved successfully to "E:\nasdaq\MBR.dat"
18:20:00.825 The log file has been saved successfully to "E:\nasdaq\aswMBR.txt"




-----------------------------------------------------------------------





NOTE: There was nothing to cure or skip on the TDSS test.

Attached Files

  • Attached File  MBR.zip   499bytes   0 downloads


#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:45 AM

Posted 13 August 2012 - 07:43 AM

The logs are clean. Please continue.

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Close any open browsers, and all other programs working. Make sure you save your file if working on a document.
  • Do not install any other programs until this if fixed.[/b]
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Third party programs if not up to date can be the cause of infiltration an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please post the logs and let me know if the problem persists.

#11 nasdaq

nasdaq

  • Malware Response Team
  • 40,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:45 AM

Posted 19 August 2012 - 08:11 AM

Do you really want to continue with this?

#12 Jeff_whoa

Jeff_whoa
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:11:45 PM

Posted 23 August 2012 - 06:31 AM

Sorry. At the moment I have no net access except from my phone. The troubled machine won't connect. I will see if I can paste from my phone or somewhere else today.

#13 nasdaq

nasdaq

  • Malware Response Team
  • 40,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:45 AM

Posted 23 August 2012 - 08:28 AM

Forget about ComboFix for now.
Try to post the result of this scan.

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


#14 nasdaq

nasdaq

  • Malware Response Team
  • 40,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:45 AM

Posted 29 August 2012 - 10:02 AM

Are you still with me.

#15 Jeff_whoa

Jeff_whoa
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:11:45 PM

Posted 29 August 2012 - 01:54 PM

Belw are the Farber results.pasted from my phone. If it seems as though a line is missing, let me know and I'll reattempt.



Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
ATTENTION!=====> Unable to retrieve HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\\EnableFirewall value. The value does not exist.


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
AegisP(9) aswTdi(10) Gpc(3) IPSec(5) NetBT(6) PSched(7) s24trans(8) SYMTDI(11) Tcpip(4)
0x0B00000005000000010000000200000003000000040000000A0000000B00000006000000070000000800000009000000
IpSec Tag value is correct.

**** End of log ****




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users