Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

works OK in safe mode but regular mode. nogood


  • This topic is locked This topic is locked
6 replies to this topic

#1 salguy

salguy

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:12:22 AM

Posted 02 November 2012 - 09:21 PM

"http://www.bleepingcomputer.com/forums/topic473449.html"
hello. When It is startup up in regular mode I have to move fast, I got it to run sfc /scannow this morning. I tried to system restore but the only restore point is today.the calendar won't to last month. So thats out. still when I double click on a program or internet explorer the hourglas stays there forever. Any ideas would be great.. thanks SAL

BC AdBot (Login to Remove)

 


#2 salguy

salguy
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:12:22 AM

Posted 06 November 2012 - 10:36 AM

well, thanks anyway. but too late. now I can't do anything in safe mode. There is CDP1 On bottom left of taskbar. When I try to do anything it says An access denied error was retured while attempting to change a service. And also now It says the operation could not be completed due to low memory or harddrive space. I have plenty of both. SAL

#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,323 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:22 AM

Posted 06 November 2012 - 09:55 PM

Hello, can you not do the Preparation Guide that was mentioned in that other topic?


Can you boot in Normal Mode?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 salguy

salguy
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:12:22 AM

Posted 07 November 2012 - 10:49 AM

Thank you for reply boopme. I'm sorry. I misunderstood or something. I thought do not post any scans unless told to do so.I am not a computer guy at all. I just wrote this long reply and put gmer on it and I don't see any attachment or browse anywhere so I lost the reply. I am useing a laptop so I can reply.I download programs on stick and run them.I ran gmer in regular mode,but dds starts then freezes. I rad dds in safe mode. When I try to get on line. I get navigation canceled or the operation could not be completed due to low memory or harddrive space. both are fine.
error dccvs I downloaded security space pro 7.0 ran it. it was a waste and now i can't get rid of it. Thanks for any help SAL
DDS (Ver_2012-11-05.02) - NTFS_x86 NETWORK
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.7.2
Run by Administrator at 9:14:58 on 2012-11-07
.
============== Running Processes ================
.
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://msn.com/
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [AOL Fast Start] "c:\program files\aol 9.5\AOL.EXE" -b
uRun: [Tucan] "c:\documents and settings\sal\desktop\PAVARK.exe" /Monitor
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil32_11_3_300_271_ActiveX.exe -update activex
uRunOnce: [adawarebp] reg.exe delete "HKCU\Software\AppDataLow\Software\adawarebp" /f
uRunOnce: [adawarebp_XP] reg.exe delete "HKCU\Software\adawarebp" /f
uRunOnce: [adawarebp_DATA_FOLDER] cmd.exe /c rmdir "c:\documents and settings\all users\application data\Ad-Aware Browsing Protection" /s /q
uRunOnce: [adawarebp_INSTALL_FOLDER] cmd.exe /c rmdir "c:\documents and settings\administrator\local settings\application data\adawarebp" /s /q
uRunOnce: [Report] C:\AdwCleaner[S1].txt
mRun: [SpIDerAgent] "c:\program files\drweb\spideragent.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoResolveTrack = dword:1
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
TCP: NameServer = 192.168.1.254 192.168.1.254
TCP: Interfaces\{875F0608-04DF-4455-B52D-C95F902A3BDD} : DHCPNameServer = 192.168.1.254 192.168.1.254
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {56F9679E-7826-4C84-81F3-532071A8BCC5} - <orphaned>
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
.
============= FINISH: 9:15:29.89 ===============
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-11-07 02:29:36
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e WDC_WD800JD-75JNA0 rev.05.01C05
Running: xr0j9qjh.exe; Driver: C:\DOCUME~1\SAL\LOCALS~1\Temp\fglyyaog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xA95C44BA]
SSDT dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.) ZwAllocateVirtualMemory [0xF73DDEDE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0xA95C4ED6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xA9606811]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xA95CFFA8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xA95CFFF4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xA95D0176]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xA96061C5]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xA95CFF16]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xA95D0038]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xA95CFF5E]
SSDT dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.) ZwCreateThread [0xF73E0632]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xA95D0130]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0xA95C593E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xA95C4508]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xA9606ED7]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xA960718D]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xA95C91C2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xA9606D42]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xA9606BAD]
SSDT dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.) ZwFreeVirtualMemory [0xF73DE25C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xA95C4170]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xA95C4556]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xA95C9534]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xA95C63A6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xA95CFFD2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xA95D0016]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xA95D019A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xA9606521]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xA95CFF3C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xA95C8C3E]
SSDT dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.) ZwOpenSection [0xF73DDC12]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xA95CFF86]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xA95C8F14]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xA95D0154]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xA9699E4A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xA9606A28]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xA95C6272]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xA960687A]
SSDT dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.) ZwQueueApcThread [0xF73E07C4]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xA96A67D2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xA9605838]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xA95C45A4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xA95C45F2]
SSDT dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.) ZwSetContextThread [0xF73E0864]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xA95C41FA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xA95C43AA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xA9606FDE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xA95C4350]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0xA95C5AF8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0xA95C5C54]
SSDT dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.) ZwSystemDebugControl [0xF73DDAD8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateProcess [0xA95C54D4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0xA95C5636]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwUnloadDriver [0xA969841C]
SSDT \??\C:\WINDOWS\system32\Drivers\uphcleanhlp.sys ZwUnloadKey [0xA8EAA75C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xA95C4640]
SSDT dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.) ZwWriteVirtualMemory [0xF73DE3A0]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xA96B2E56]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 23C8 80501C18 2 Bytes [D6, 4E] {SALC ; DEC ESI}
.text ntkrnlpa.exe!ZwCallbackReturn + 2564 80501DB4 2 Bytes [3E, 8C]
.text ntkrnlpa.exe!ZwCallbackReturn + 257C 80501DCC 2 Bytes [14, 8F] {ADC AL, 0x8f}
.text ntkrnlpa.exe!ZwCallbackReturn + 26C8 80501F18 12 Bytes [A4, 45, 5C, A9, F2, 45, 5C, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 2770 80501FC0 2 Bytes [F8, 5A] {CLC ; POP EDX}
.text ...
.text ntkrnlpa.exe!ObfDereferenceObject 80522BA2 7 Bytes [B8, 44, F8, 83, F7, FF, E0] {MOV EAX, 0xf783f844; JMP EAX}
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 8059B956 4 Bytes CALL A95C6A77 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!MmMapViewOfSection 805A73EA 7 Bytes [B8, D0, F2, 83, F7, FF, E0] {MOV EAX, 0xf783f2d0; JMP EAX}
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805B1E1E 5 Bytes JMP A96AFCF6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObCreateObject 805B6F1C 7 Bytes [B8, 12, F2, 83, F7, FF, E0] {MOV EAX, 0xf783f212; JMP EAX}
PAGE ntkrnlpa.exe!ObInsertObject 805B8C96 7 Bytes JMP A96B1810 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805C7540 7 Bytes JMP A96B2E5A \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
init C:\WINDOWS\system32\drivers\senfilt.sys entry point in "init" section [0xF701FF80]
.text win32k.sys!EngFreeUserMem + 674 BF80991D 5 Bytes JMP A95CAB4C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFreeUserMem + 35D0 BF80C879 5 Bytes JMP A95CAA3C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSurface + 45 BF813911 5 Bytes JMP A95CA9F6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!BRUSHOBJ_pvAllocRbrush + 11D3 BF81C57B 5 Bytes JMP A95CA0A8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngSetLastError + 79A8 BF8240EB 5 Bytes JMP A95C97C4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateBitmap + F9C BF828A55 5 Bytes JMP A95CACB6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + 2C50 BF8314A0 5 Bytes JMP A95CAEBE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + B687 BF839ED7 5 Bytes JMP A95CA8FC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!FONTOBJ_pxoGetXform + 84ED BF851765 5 Bytes JMP A95C9688 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + F17 BF85BC8A 5 Bytes JMP A95CA16A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 3581 BF85E2F4 5 Bytes JMP A95C9C1E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 360C BF85E37F 5 Bytes JMP A95C9EE4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + 88 BF85F5F0 5 Bytes JMP A95C9670 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + 5457 BF8649BF 5 Bytes JMP A95CAA86 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetCurrentCodePage + 35FB BF8731B9 5 Bytes JMP A95C9CDE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetCurrentCodePage + 4138 BF873CF6 5 Bytes JMP A95C9E9E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetLastError + 1606 BF890DF1 5 Bytes JMP A95CA182 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 26EE BF89439B 5 Bytes JMP A95CABFE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBltROP + 583 BF894E73 5 Bytes JMP A95CAE1C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCopyBits + 3862 BF89C226 5 Bytes JMP A95CA090 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCopyBits + 4DF7 BF89D7BB 5 Bytes JMP A95C9834 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngEraseSurface + A9E8 BF8C1D00 5 Bytes JMP A95C9944 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1517 BF8CA191 5 Bytes JMP A95C9A1C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1797 BF8CA411 5 Bytes JMP A95C9B48 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + 3B33 BF8EBDCC 5 Bytes JMP A95C956A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + CB47 BF8F4DE0 5 Bytes JMP A95CA0C0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 1A2F BF9142F4 5 Bytes JMP A95C9760 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 2603 BF914EC8 5 Bytes JMP A95C98F0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 4F7C BF917841 5 Bytes JMP A95C9FFE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 1947 BF947973 3 Bytes JMP A95CAD74 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 194B BF947977 1 Byte [E9]
? C:\WINDOWS\system32\Drivers\uphcleanhlp.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[168] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003801F8
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[168] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[168] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003803FC
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[168] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Java\jre7\bin\jqs.exe[300] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003801F8
.text C:\Program Files\Java\jre7\bin\jqs.exe[300] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Java\jre7\bin\jqs.exe[300] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003803FC
.text C:\Program Files\Java\jre7\bin\jqs.exe[300] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Java\jre7\bin\jqs.exe[300] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003B1014
.text C:\Program Files\Java\jre7\bin\jqs.exe[300] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003B0804
.text C:\Program Files\Java\jre7\bin\jqs.exe[300] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003B0A08
.text C:\Program Files\Java\jre7\bin\jqs.exe[300] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003B0C0C
.text C:\Program Files\Java\jre7\bin\jqs.exe[300] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003B0E10
.text C:\Program Files\Java\jre7\bin\jqs.exe[300] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003B01F8
.text C:\Program Files\Java\jre7\bin\jqs.exe[300] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003B03FC
.text C:\Program Files\Java\jre7\bin\jqs.exe[300] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003B0600
.text C:\Program Files\Java\jre7\bin\jqs.exe[300] user32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003E0804
.text C:\Program Files\Java\jre7\bin\jqs.exe[300] user32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003E0A08
.text C:\Program Files\Java\jre7\bin\jqs.exe[300] user32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003E0600
.text C:\Program Files\Java\jre7\bin\jqs.exe[300] user32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003E01F8
.text C:\Program Files\Java\jre7\bin\jqs.exe[300] user32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003E03FC
.text C:\WINDOWS\system32\HPZipm12.exe[496] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003701F8
.text C:\WINDOWS\system32\HPZipm12.exe[496] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\HPZipm12.exe[496] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003703FC
.text C:\WINDOWS\system32\HPZipm12.exe[496] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\smss.exe[620] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Secunia\PSI\PSIA.exe[652] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003801F8
.text C:\Program Files\Secunia\PSI\PSIA.exe[652] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Secunia\PSI\PSIA.exe[652] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003803FC
.text C:\Program Files\Secunia\PSI\PSIA.exe[652] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Secunia\PSI\PSIA.exe[652] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 010A1014
.text C:\Program Files\Secunia\PSI\PSIA.exe[652] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 010A0804
.text C:\Program Files\Secunia\PSI\PSIA.exe[652] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 010A0A08
.text C:\Program Files\Secunia\PSI\PSIA.exe[652] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 010A0C0C
.text C:\Program Files\Secunia\PSI\PSIA.exe[652] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 010A0E10
.text C:\Program Files\Secunia\PSI\PSIA.exe[652] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 010A01F8
.text C:\Program Files\Secunia\PSI\PSIA.exe[652] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 010A03FC
.text C:\Program Files\Secunia\PSI\PSIA.exe[652] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 010A0600
.text C:\WINDOWS\System32\svchost.exe[668] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\svchost.exe[668] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[668] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 002C03FC
.text C:\WINDOWS\System32\svchost.exe[668] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[668] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00A61014
.text C:\WINDOWS\System32\svchost.exe[668] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00A60804
.text C:\WINDOWS\System32\svchost.exe[668] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00A60A08
.text C:\WINDOWS\System32\svchost.exe[668] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00A60C0C
.text C:\WINDOWS\System32\svchost.exe[668] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00A60E10
.text C:\WINDOWS\System32\svchost.exe[668] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00A601F8
.text C:\WINDOWS\System32\svchost.exe[668] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00A603FC
.text C:\WINDOWS\System32\svchost.exe[668] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00A60600
.text C:\WINDOWS\system32\csrss.exe[688] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[688] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[712] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[712] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[756] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[756] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[768] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[768] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[924] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[924] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[968] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\UPHClean\uphclean.exe[1056] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003801F8
.text C:\Program Files\UPHClean\uphclean.exe[1056] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\UPHClean\uphclean.exe[1056] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003803FC
.text C:\Program Files\UPHClean\uphclean.exe[1056] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1064] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1064] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\SearchIndexer.exe[1120] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\SearchIndexer.exe[1120] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\SearchIndexer.exe[1120] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\SearchIndexer.exe[1120] KERNEL32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text C:\WINDOWS\system32\SearchIndexer.exe[1120] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\SearchIndexer.exe[1120] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00951014
.text C:\WINDOWS\system32\SearchIndexer.exe[1120] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00950804
.text C:\WINDOWS\system32\SearchIndexer.exe[1120] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00950A08
.text C:\WINDOWS\system32\SearchIndexer.exe[1120] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00950C0C
.text C:\WINDOWS\system32\SearchIndexer.exe[1120] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00950E10
.text C:\WINDOWS\system32\SearchIndexer.exe[1120] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 009501F8
.text C:\WINDOWS\system32\SearchIndexer.exe[1120] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 009503FC
.text C:\WINDOWS\system32\SearchIndexer.exe[1120] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00950600
.text C:\WINDOWS\system32\SearchIndexer.exe[1120] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 011F0804
.text C:\WINDOWS\system32\SearchIndexer.exe[1120] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 011F0A08
.text C:\WINDOWS\system32\SearchIndexer.exe[1120] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 011F0600
.text C:\WINDOWS\system32\SearchIndexer.exe[1120] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 011F01F8
.text C:\WINDOWS\system32\SearchIndexer.exe[1120] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 011F03FC
.text C:\WINDOWS\System32\svchost.exe[1136] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1136] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1288] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1288] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1436] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1436] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1436] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1488] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1488] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[2012] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\svchost.exe[2012] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[2012] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 002C03FC
.text C:\WINDOWS\System32\svchost.exe[2012] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[2012] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00B31014
.text C:\WINDOWS\System32\svchost.exe[2012] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00B30804
.text C:\WINDOWS\System32\svchost.exe[2012] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00B30A08
.text C:\WINDOWS\System32\svchost.exe[2012] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00B30C0C
.text C:\WINDOWS\System32\svchost.exe[2012] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00B30E10
.text C:\WINDOWS\System32\svchost.exe[2012] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00B301F8
.text C:\WINDOWS\System32\svchost.exe[2012] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00B303FC
.text C:\WINDOWS\System32\svchost.exe[2012] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00B30600
.text C:\WINDOWS\System32\alg.exe[2268] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\alg.exe[2268] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[2268] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 002C03FC
.text C:\WINDOWS\System32\alg.exe[2268] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\AOL\1295804831\ee\aolsoftware.exe[3032] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003801F8
.text C:\Program Files\Common Files\AOL\1295804831\ee\aolsoftware.exe[3032] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\AOL\1295804831\ee\aolsoftware.exe[3032] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003803FC
.text C:\Program Files\Common Files\AOL\1295804831\ee\aolsoftware.exe[3032] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\AOL\1295804831\ee\aolsoftware.exe[3032] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 01F01014
.text C:\Program Files\Common Files\AOL\1295804831\ee\aolsoftware.exe[3032] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 01F00804
.text C:\Program Files\Common Files\AOL\1295804831\ee\aolsoftware.exe[3032] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 01F00A08
.text C:\Program Files\Common Files\AOL\1295804831\ee\aolsoftware.exe[3032] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 01F00C0C
.text C:\Program Files\Common Files\AOL\1295804831\ee\aolsoftware.exe[3032] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 01F00E10
.text C:\Program Files\Common Files\AOL\1295804831\ee\aolsoftware.exe[3032] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 01F001F8
.text C:\Program Files\Common Files\AOL\1295804831\ee\aolsoftware.exe[3032] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 01F003FC
.text C:\Program Files\Common Files\AOL\1295804831\ee\aolsoftware.exe[3032] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 01F00600
.text C:\Program Files\Common Files\AOL\1295804831\ee\aolsoftware.exe[3032] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 01D60804
.text C:\Program Files\Common Files\AOL\1295804831\ee\aolsoftware.exe[3032] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 01D60A08
.text C:\Program Files\Common Files\AOL\1295804831\ee\aolsoftware.exe[3032] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 01D60600
.text C:\Program Files\Common Files\AOL\1295804831\ee\aolsoftware.exe[3032] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 01D601F8
.text C:\Program Files\Common Files\AOL\1295804831\ee\aolsoftware.exe[3032] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 01D603FC
.text C:\WINDOWS\Explorer.EXE[3680] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 002C01F8
.text C:\WINDOWS\Explorer.EXE[3680] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[3680] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 002C03FC
.text C:\WINDOWS\Explorer.EXE[3680] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[3680] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00371014
.text C:\WINDOWS\Explorer.EXE[3680] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00370804
.text C:\WINDOWS\Explorer.EXE[3680] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00370A08
.text C:\WINDOWS\Explorer.EXE[3680] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00370C0C
.text C:\WINDOWS\Explorer.EXE[3680] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00370E10
.text C:\WINDOWS\Explorer.EXE[3680] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003701F8
.text C:\WINDOWS\Explorer.EXE[3680] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003703FC
.text C:\WINDOWS\Explorer.EXE[3680] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00370600
.text C:\WINDOWS\Explorer.EXE[3680] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 01F40804
.text C:\WINDOWS\Explorer.EXE[3680] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 01F40A08
.text C:\WINDOWS\Explorer.EXE[3680] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 01F40600
.text C:\WINDOWS\Explorer.EXE[3680] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 01F401F8
.text C:\WINDOWS\Explorer.EXE[3680] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 01F403FC
.text E:\xr0j9qjh.exe[4112] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003801F8
.text E:\xr0j9qjh.exe[4112] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text E:\xr0j9qjh.exe[4112] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003803FC
.text E:\xr0j9qjh.exe[4112] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text E:\xr0j9qjh.exe[4112] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003E1014
.text E:\xr0j9qjh.exe[4112] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003E0804
.text E:\xr0j9qjh.exe[4112] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003E0A08
.text E:\xr0j9qjh.exe[4112] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003E0C0C
.text E:\xr0j9qjh.exe[4112] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003E0E10
.text E:\xr0j9qjh.exe[4112] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003E01F8
.text E:\xr0j9qjh.exe[4112] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003E03FC
.text E:\xr0j9qjh.exe[4112] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003E0600
.text E:\xr0j9qjh.exe[4112] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003F0804
.text E:\xr0j9qjh.exe[4112] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003F0A08
.text E:\xr0j9qjh.exe[4112] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003F0600
.text E:\xr0j9qjh.exe[4112] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003F01F8
.text E:\xr0j9qjh.exe[4112] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003F03FC
.text C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[4852] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003701F8
.text C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[4852] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[4852] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003703FC
.text C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[4852] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[4852] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 009B1014
.text C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[4852] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 009B0804
.text C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[4852] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 009B0A08
.text C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[4852] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 009B0C0C
.text C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[4852] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 009B0E10
.text C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[4852] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 009B01F8
.text C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[4852] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 009B03FC
.text C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[4852] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 009B0600
.text C:\Program Files\AOL 9.5\shellmon.exe[5172] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 002C01F8
.text C:\Program Files\AOL 9.5\shellmon.exe[5172] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\AOL 9.5\shellmon.exe[5172] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 002C03FC
.text C:\Program Files\AOL 9.5\shellmon.exe[5172] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\AOL 9.5\shellmon.exe[5172] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 008F1014
.text C:\Program Files\AOL 9.5\shellmon.exe[5172] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 008F0804
.text C:\Program Files\AOL 9.5\shellmon.exe[5172] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 008F0A08
.text C:\Program Files\AOL 9.5\shellmon.exe[5172] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 008F0C0C
.text C:\Program Files\AOL 9.5\shellmon.exe[5172] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 008F0E10
.text C:\Program Files\AOL 9.5\shellmon.exe[5172] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 008F01F8
.text C:\Program Files\AOL 9.5\shellmon.exe[5172] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 008F03FC
.text C:\Program Files\AOL 9.5\shellmon.exe[5172] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 008F0600
.text C:\Program Files\AOL 9.5\shellmon.exe[5172] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00900804
.text C:\Program Files\AOL 9.5\shellmon.exe[5172] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00900A08
.text C:\Program Files\AOL 9.5\shellmon.exe[5172] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00900600
.text C:\Program Files\AOL 9.5\shellmon.exe[5172] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 009001F8
.text C:\Program Files\AOL 9.5\shellmon.exe[5172] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 009003FC
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[5336] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[5336] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[5380] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 002D01F8
.text C:\WINDOWS\system32\ctfmon.exe[5380] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[5380] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 002D03FC
.text C:\WINDOWS\system32\ctfmon.exe[5380] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[5380] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 009E1014
.text C:\WINDOWS\system32\ctfmon.exe[5380] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 009E0804
.text C:\WINDOWS\system32\ctfmon.exe[5380] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 009E0A08
.text C:\WINDOWS\system32\ctfmon.exe[5380] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 009E0C0C
.text C:\WINDOWS\system32\ctfmon.exe[5380] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 009E0E10
.text C:\WINDOWS\system32\ctfmon.exe[5380] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 009E01F8
.text C:\WINDOWS\system32\ctfmon.exe[5380] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 009E03FC
.text C:\WINDOWS\system32\ctfmon.exe[5380] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 009E0600
.text C:\Program Files\AOL 9.5\waol.exe[5592] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 004A01F8
.text C:\Program Files\AOL 9.5\waol.exe[5592] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\AOL 9.5\waol.exe[5592] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 004A03FC
.text C:\Program Files\AOL 9.5\waol.exe[5592] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\AOL 9.5\waol.exe[5592] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00AD1014
.text C:\Program Files\AOL 9.5\waol.exe[5592] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00AD0804
.text C:\Program Files\AOL 9.5\waol.exe[5592] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00AD0A08
.text C:\Program Files\AOL 9.5\waol.exe[5592] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00AD0C0C
.text C:\Program Files\AOL 9.5\waol.exe[5592] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00AD0E10
.text C:\Program Files\AOL 9.5\waol.exe[5592] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00AD01F8
.text C:\Program Files\AOL 9.5\waol.exe[5592] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00AD03FC
.text C:\Program Files\AOL 9.5\waol.exe[5592] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00AD0600
.text C:\Program Files\AOL 9.5\waol.exe[5592] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 04E90804
.text C:\Program Files\AOL 9.5\waol.exe[5592] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 04E90A08
.text C:\Program Files\AOL 9.5\waol.exe[5592] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 04E90600
.text C:\Program Files\AOL 9.5\waol.exe[5592] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 04E901F8
.text C:\Program Files\AOL 9.5\waol.exe[5592] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 04E903FC

---- Devices - GMER 1.0.15 ----

Device aswSP.SYS (avast! self protection module/AVAST Software)
Device Ntfs.sys (NT File System Driver/Microsoft Corporation)

AttachedDevice dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)

Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Ip dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device tcpip.sys (TCP/IP Protocol Driver/Microsoft Corporation)

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

#5 salguy

salguy
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:12:22 AM

Posted 07 November 2012 - 11:01 AM

Hi not sure .
==== Installed Programs ======================
.
.
==== End Of File ===========================
what i sent.

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,323 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:22 AM

Posted 07 November 2012 - 03:02 PM

Hello salguy,as per step 9 of the Prep Guide you will create a new topic... There you will post the DDS and you can attach there also,thanks.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,323 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:22 AM

Posted 07 November 2012 - 10:51 PM

New topic is now here..

http://www.bleepingcomputer.com/forums/topic474450.html


Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRL Team member is already assisting you and not open the thread to respond.

The current wait time is 1 - 2 days and ALL logs are answered.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

To avoid confusion, I am closing this topic.

Edited by boopme, 07 November 2012 - 10:53 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users