Solved Many Functions Going Haywire.

[Resolved] Many Functions Going Haywire.

24 July

Strange activity with screamer-radio.

I then did Avast virus scan. It showed one infection: Win32atched-AJD [Trj]

Avast then did a root scan. Many files were corrupted some infected, but I could not repair or delete them. The only thing that worked was a "move to chest."

Then on restart the desktop looked as if it had restored to an earlier point because files I had deleted or moved reappeared.

RESTORE MALFUNCTION: I attempted 3 restore points. The computer reported that none of them was successful.

MALWAREBYTES MALFUNCTION: I then updated malwarebytes. Then when I started a scan, it told me my version was 20 days outmoded even though I had just installed the update.

EDIT: MY SECOND ATTEMPT TO UPDATE MALWAREBYTES WORKED.

 

MALWAREBYTES QUICK SCAN


Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.24.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
user account :: VALUED-7B9600FA [administrator]

7/23/2012 10:47:44 PM
mbam-log-2012-07-23 (22-47-44).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 202084
Time elapsed: 16 minute(s), 27 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-07-24 01:25:05
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Maxtor_4D080H4 rev.DAH017K0
Running: klwsooee.exe; Driver: C:\DOCUME~1\USERAC~1\LOCALS~1\Temp\kfacrkog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xF2F95536]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xF303E7BA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0xF2F95F52]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xF2FD5C31]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xF2FA0D7A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xF2FA0DC6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xF2FA0F48]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xF2FD55E5]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xF2FA0CE8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xF2FA0E0A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xF2FA0D30]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0xF2F96146]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xF2FA0F02]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0xF2F968CA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xF2F95584]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xF2FD62F7]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xF2FD65AD]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xF2F99F36]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xF2FD6162]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xF2FD5FCD]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xF303E89E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xF2F951EC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xF2F955D2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xF2F9A2A8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xF2F97292]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xF2FA0DA4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xF2FA0DE8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xF2FA0F6C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xF2FD5941]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xF2FA0D0E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xF2F99AAC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xF2FA0E8C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xF2FA0D58]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xF2F99CDE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xF2FA0F26]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xF303EA1E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xF2FD5E48]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xF2F9715E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xF2FD5C9A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThread [0xF2F96D08]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xF304A338]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xF2FD4C58]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xF2F95620]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xF2F9566E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0xF2F9674A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xF2F95276]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xF2F95426]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xF2FD63FE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xF2F953CC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0xF2F96A2C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0xF2F96B88]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xF2F95496]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateProcess [0xF2F96468]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0xF2F965CA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xF2F956BC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwWriteVirtualMemory [0xF2F95F96]

INT 0x62 ? 873D0CB8
INT 0x82 ? 873D0CB8
INT 0x94 ? 87144CB8

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xF3056744]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + F8 804E2764 4 Bytes CALL 9A412175
.text ntoskrnl.exe!_abnormal_termination + 198 804E2804 4 Bytes CALL F1AF1B0C
.text ntoskrnl.exe!_abnormal_termination + 270 804E28DC 4 Bytes JMP 9974F303
.text ntoskrnl.exe!_abnormal_termination + 398 804E2A04 12 Bytes [20, 56, F9, F2, 6E, 56, F9, ...]
.text ntoskrnl.exe!_abnormal_termination + 440 804E2AAC 12 Bytes [2C, 6A, F9, F2, 88, 6B, F9, ...]
PAGE ntoskrnl.exe!ZwReplyWaitReceivePortEx + 3CC 8056BB88 4 Bytes CALL F2F97943 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text sptd.sys F76F8000 32 Bytes [E0, 16, 6F, 80, 5E, 67, 6F, ...]
.text sptd.sys F76F8024 424 Bytes [25, 77, 50, 80, C4, B7, 54, ...]
.text sptd.sys F76F81D4 4 Bytes [F3, A5, 6A, 4D] {REP MOVSD ; PUSH 0x4d}
.text sptd.sys F76F81DC 1 Byte [02]
.text sptd.sys F76F81E0 1 Byte [21]

END FIRST SECTION GMER LOG

 

START 2ND SECTION GMER LOG


.text ...
.sptd2 C:\WINDOWS\system32\drivers\sptd.sys entry point in ".sptd2" section [0xF77A29E3]
? C:\WINDOWS\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process.
.text USBPORT.SYS!DllUnload F67998AC 5 Bytes JMP 871441C8
.text win32k.sys!EngFreeUserMem + 674 BF80992D 5 Bytes JMP F2F9B8C0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFreeUserMem + 35D0 BF80C889 5 Bytes JMP F2F9B7B0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSurface + 45 BF813921 5 Bytes JMP F2F9B76A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!BRUSHOBJ_pvAllocRbrush + 11D3 BF81C58B 5 Bytes JMP F2F9AE1C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngSetLastError + 79A8 BF8240FB 5 Bytes JMP F2F9A538 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateBitmap + F9C BF828A65 5 Bytes JMP F2F9BA2A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + 2C50 BF8314B0 5 Bytes JMP F2F9BC32 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + B687 BF839EE7 5 Bytes JMP F2F9B670 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!FONTOBJ_pxoGetXform + 84ED BF851775 5 Bytes JMP F2F9A3FC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + F17 BF85BCAA 5 Bytes JMP F2F9AEDE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 3581 BF85E314 5 Bytes JMP F2F9A992 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 360C BF85E39F 5 Bytes JMP F2F9AC58 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + 88 BF85F612 5 Bytes JMP F2F9A3E4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + 5457 BF8649E1 5 Bytes JMP F2F9B7FA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetCurrentCodePage + 35FB BF8731DB 5 Bytes JMP F2F9AA52 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetCurrentCodePage + 4138 BF873D18 5 Bytes JMP F2F9AC12 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetLastError + 1606 BF890E16 5 Bytes JMP F2F9AEF6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 26EE BF8943C1 5 Bytes JMP F2F9B972 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBltROP + 583 BF894E99 5 Bytes JMP F2F9BB90 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCopyBits + 3862 BF89C24E 5 Bytes JMP F2F9AE04 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCopyBits + 4DF7 BF89D7E3 5 Bytes JMP F2F9A5A8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngEraseSurface + A9E0 BF8C1D20 5 Bytes JMP F2F9A6B8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1517 BF8CA1B1 5 Bytes JMP F2F9A790 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1797 BF8CA431 5 Bytes JMP F2F9A8BC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + 3AFB BF8EBDB4 5 Bytes JMP F2F9A2DE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + CB0D BF8F4DC6 5 Bytes JMP F2F9AE34 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 1A2F BF9142E4 5 Bytes JMP F2F9A4D4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 2603 BF914EB8 5 Bytes JMP F2F9A664 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 4F7C BF917831 5 Bytes JMP F2F9AD72 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 1947 BF947980 5 Bytes JMP F2F9BAE8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\svchost.exe[260] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[260] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[260] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[260] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[260] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\System32\svchost.exe[260] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\svchost.exe[260] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\svchost.exe[260] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\System32\svchost.exe[260] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\System32\svchost.exe[260] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\svchost.exe[260] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\svchost.exe[260] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\svchost.exe[260] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\System32\svchost.exe[260] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\System32\svchost.exe[260] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\System32\svchost.exe[260] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\svchost.exe[260] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\System32\smss.exe[516] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Documents and Settings\user account\Desktop\klwsooee.exe[544] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Documents and Settings\user account\Desktop\klwsooee.exe[544] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[568] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[568] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[592] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[592] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[636] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[636] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[648] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[648] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[824] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[824] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[868] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[868] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[928] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[928] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[928] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[928] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[928] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\System32\svchost.exe[928] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\svchost.exe[928] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\svchost.exe[928] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\System32\svchost.exe[928] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\System32\svchost.exe[928] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\svchost.exe[928] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\svchost.exe[928] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\svchost.exe[928] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\System32\svchost.exe[928] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\System32\svchost.exe[928] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\System32\svchost.exe[928] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\svchost.exe[928] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\System32\svchost.exe[936] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[936] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1032] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1032] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[1152] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[1152] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[1152] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[1152] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[1152] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[1152] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[1152] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[1152] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[1152] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[1152] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[1152] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[1152] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[1152] user32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003E0804
.text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[1152] user32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003E0A08
.text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[1152] user32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003E0600
.text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[1152] user32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003E01F8
.text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[1152] user32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003E03FC
.text C:\WINDOWS\system32\svchost.exe[1160] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1300] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1300] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1300] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[1384] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[1384] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1476] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1476] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1852] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000501F8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1852] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1852] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000503FC
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1852] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1852] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003D1014
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1852] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003D0804
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1852] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003D0A08
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1852] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003D0C0C
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1852] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003D0E10
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1852] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003D01F8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1852] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003D03FC
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1852] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003D0600
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1852] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003E0804
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1852] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003E0A08
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1852] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003E0600
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1852] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003E01F8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1852] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003E03FC
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1988] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1988] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1988] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1988] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1988] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00381014
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1988] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00380804
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1988] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00380A08
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1988] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00380C0C
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1988] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00380E10
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1988] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003801F8
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1988] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003803FC
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1988] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00380600
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1988] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1988] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1988] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1988] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8


END 2ND SECTION GMER LOG

========================================================

 

START 3RD SECTION GMER LOG




.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1988] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\WINDOWS\system32\nvsvc32.exe[2020] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\WINDOWS\system32\nvsvc32.exe[2020] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\nvsvc32.exe[2020] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\WINDOWS\system32\nvsvc32.exe[2020] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\nvsvc32.exe[2020] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text C:\WINDOWS\system32\nvsvc32.exe[2020] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text C:\WINDOWS\system32\nvsvc32.exe[2020] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text C:\WINDOWS\system32\nvsvc32.exe[2020] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text C:\WINDOWS\system32\nvsvc32.exe[2020] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text C:\WINDOWS\system32\nvsvc32.exe[2020] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\WINDOWS\system32\nvsvc32.exe[2020] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\WINDOWS\system32\nvsvc32.exe[2020] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\WINDOWS\system32\nvsvc32.exe[2020] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\WINDOWS\system32\nvsvc32.exe[2020] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\WINDOWS\system32\nvsvc32.exe[2020] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\WINDOWS\system32\nvsvc32.exe[2020] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\WINDOWS\system32\nvsvc32.exe[2020] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\WINDOWS\System32\alg.exe[2064] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\alg.exe[2064] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[2064] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\alg.exe[2064] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[2064] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\alg.exe[2064] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\alg.exe[2064] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\alg.exe[2064] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\alg.exe[2064] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\alg.exe[2064] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\System32\alg.exe[2064] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\System32\alg.exe[2064] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\System32\alg.exe[2064] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\System32\alg.exe[2064] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\System32\alg.exe[2064] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\alg.exe[2064] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\System32\alg.exe[2064] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text C:\WINDOWS\System32\WScript.exe[2256] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\WINDOWS\System32\WScript.exe[2256] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\WScript.exe[2256] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\WINDOWS\System32\WScript.exe[2256] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\WScript.exe[2256] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00371014
.text C:\WINDOWS\System32\WScript.exe[2256] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00370804
.text C:\WINDOWS\System32\WScript.exe[2256] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00370A08
.text C:\WINDOWS\System32\WScript.exe[2256] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00370C0C
.text C:\WINDOWS\System32\WScript.exe[2256] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00370E10
.text C:\WINDOWS\System32\WScript.exe[2256] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003701F8
.text C:\WINDOWS\System32\WScript.exe[2256] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003703FC
.text C:\WINDOWS\System32\WScript.exe[2256] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00370600
.text C:\WINDOWS\System32\WScript.exe[2256] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text C:\WINDOWS\System32\WScript.exe[2256] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text C:\WINDOWS\System32\WScript.exe[2256] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text C:\WINDOWS\System32\WScript.exe[2256] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text C:\WINDOWS\System32\WScript.exe[2256] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe[2272] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe[2272] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe[2272] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe[2272] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe[2272] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe[2272] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe[2272] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe[2272] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe[2272] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe[2272] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe[2272] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe[2272] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe[2272] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe[2272] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe[2272] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe[2272] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe[2272] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\WINDOWS\system32\wscntfy.exe[2284] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\wscntfy.exe[2284] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[2320] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[2320] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[2320] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[2320] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[2320] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[2320] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[2320] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[2320] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[2320] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[2320] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[2320] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[2320] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[2320] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[2320] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[2320] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[2320] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[2320] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
.text C:\WINDOWS\System32\spool\drivers\w32x86\3\WrtMon.exe[2372] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\WINDOWS\System32\spool\drivers\w32x86\3\WrtMon.exe[2372] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\spool\drivers\w32x86\3\WrtMon.exe[2372] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\WINDOWS\System32\spool\drivers\w32x86\3\WrtMon.exe[2372] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\spool\drivers\w32x86\3\WrtMon.exe[2372] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00381014
.text C:\WINDOWS\System32\spool\drivers\w32x86\3\WrtMon.exe[2372] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00380804
.text C:\WINDOWS\System32\spool\drivers\w32x86\3\WrtMon.exe[2372] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00380A08
.text C:\WINDOWS\System32\spool\drivers\w32x86\3\WrtMon.exe[2372] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00380C0C
.text C:\WINDOWS\System32\spool\drivers\w32x86\3\WrtMon.exe[2372] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00380E10
.text C:\WINDOWS\System32\spool\drivers\w32x86\3\WrtMon.exe[2372] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003801F8
.text C:\WINDOWS\System32\spool\drivers\w32x86\3\WrtMon.exe[2372] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003803FC
.text C:\WINDOWS\System32\spool\drivers\w32x86\3\WrtMon.exe[2372] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00380600
.text C:\WINDOWS\System32\spool\drivers\w32x86\3\WrtMon.exe[2372] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\WINDOWS\System32\spool\drivers\w32x86\3\WrtMon.exe[2372] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\WINDOWS\System32\spool\drivers\w32x86\3\WrtMon.exe[2372] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\WINDOWS\System32\spool\drivers\w32x86\3\WrtMon.exe[2372] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\WINDOWS\System32\spool\drivers\w32x86\3\WrtMon.exe[2372] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\WINDOWS\System32\spool\drivers\w32x86\3\WrtProc.exe[2464] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\WINDOWS\System32\spool\drivers\w32x86\3\WrtProc.exe[2464] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\spool\drivers\w32x86\3\WrtProc.exe[2464] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\WINDOWS\System32\spool\drivers\w32x86\3\WrtProc.exe[2464] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\spool\drivers\w32x86\3\WrtProc.exe[2464] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00381014
.text C:\WINDOWS\System32\spool\drivers\w32x86\3\WrtProc.exe[2464] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00380804
.text C:\WINDOWS\System32\spool\drivers\w32x86\3\WrtProc.exe[2464] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00380A08
.text C:\WINDOWS\System32\spool\drivers\w32x86\3\WrtProc.exe[2464] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00380C0C
.text C:\WINDOWS\System32\spool\drivers\w32x86\3\WrtProc.exe[2464] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00380E10
.text C:\WINDOWS\System32\spool\drivers\w32x86\3\WrtProc.exe[2464] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003801F8
.text C:\WINDOWS\System32\spool\drivers\w32x86\3\WrtProc.exe[2464] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003803FC
.text C:\WINDOWS\System32\spool\drivers\w32x86\3\WrtProc.exe[2464] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00380600
.text C:\WINDOWS\System32\spool\drivers\w32x86\3\WrtProc.exe[2464] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\WINDOWS\System32\spool\drivers\w32x86\3\WrtProc.exe[2464] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\WINDOWS\System32\spool\drivers\w32x86\3\WrtProc.exe[2464] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\WINDOWS\System32\spool\drivers\w32x86\3\WrtProc.exe[2464] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\WINDOWS\System32\spool\drivers\w32x86\3\WrtProc.exe[2464] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe[2468] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe[2468] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe[2468] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe[2468] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe[2468] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe[2468] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe[2468] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe[2468] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe[2468] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe[2468] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe[2468] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe[2468] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe[2468] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe[2468] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe[2468] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe[2468] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe[2468] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[2568] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[2568] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\RUNDLL32.EXE[2704] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\RUNDLL32.EXE[2704] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\RUNDLL32.EXE[2704] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\RUNDLL32.EXE[2704] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\RUNDLL32.EXE[2704] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\RUNDLL32.EXE[2704] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\RUNDLL32.EXE[2704] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\RUNDLL32.EXE[2704] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\RUNDLL32.EXE[2704] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\RUNDLL32.EXE[2704] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\system32\RUNDLL32.EXE[2704] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\RUNDLL32.EXE[2704] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\RUNDLL32.EXE[2704] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\system32\RUNDLL32.EXE[2704] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\system32\RUNDLL32.EXE[2704] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\RUNDLL32.EXE[2704] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\RUNDLL32.EXE[2704] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2828] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2828] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2828] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2828] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2828] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2828] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2828] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2828] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2828] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2828] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2828] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2828] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2828] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2828] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2828] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2828] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2828] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\Program Files\Pmsb.exe[2852] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\Pmsb.exe[2852] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Pmsb.exe[2852] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\Pmsb.exe[2852] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Pmsb.exe[2852] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00AE1014
.text C:\Program Files\Pmsb.exe[2852] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00AE0804
.text C:\Program Files\Pmsb.exe[2852] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00AE0A08
.text C:\Program Files\Pmsb.exe[2852] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00AE0C0C
.text C:\Program Files\Pmsb.exe[2852] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00AE0E10
.text C:\Program Files\Pmsb.exe[2852] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00AE01F8
.text C:\Program Files\Pmsb.exe[2852] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00AE03FC
.text C:\Program Files\Pmsb.exe[2852] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00AE0600
.text C:\Program Files\Pmsb.exe[2852] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00AF0804
.text C:\Program Files\Pmsb.exe[2852] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00AF0A08
.text C:\Program Files\Pmsb.exe[2852] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00AF0600
.text C:\Program Files\Pmsb.exe[2852] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00AF01F8
.text C:\Program Files\Pmsb.exe[2852] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 00AF03FC
.text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[2888] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[2888] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[2888] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[2888] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[2888] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00500804
.text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[2888] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00500A08
.text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[2888] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00500600
.text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[2888] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 005001F8
.text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[2888] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 005003FC
.text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[2888] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00511014
.text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[2888] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00510804
.text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[2888] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00510A08
.text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[2888] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00510C0C
.text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[2888] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00510E10
.text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[2888] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 005101F8
.text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[2888] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 005103FC
.text C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe[2888] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00510600
.text C:\WINDOWS\system32\ctfmon.exe[2912] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A01F8
.text C:\WINDOWS\system32\ctfmon.exe[2912] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[2912] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000A03FC
.text C:\WINDOWS\system32\ctfmon.exe[2912] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[2912] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\system32\ctfmon.exe[2912] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\ctfmon.exe[2912] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\ctfmon.exe[2912] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\system32\ctfmon.exe[2912] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\system32\ctfmon.exe[2912] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\ctfmon.exe[2912] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\ctfmon.exe[2912] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\ctfmon.exe[2912] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
.text C:\WINDOWS\system32\ctfmon.exe[2912] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
.text C:\WINDOWS\system32\ctfmon.exe[2912] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
.text C:\WINDOWS\system32\ctfmon.exe[2912] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
.text C:\WINDOWS\system32\ctfmon.exe[2912] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
.text C:\Program Files\ooVoo\oovoo.exe[3040] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\ooVoo\oovoo.exe[3040] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\ooVoo\oovoo.exe[3040] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\ooVoo\oovoo.exe[3040] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\ooVoo\oovoo.exe[3040] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\ooVoo\oovoo.exe[3040] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\ooVoo\oovoo.exe[3040] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\ooVoo\oovoo.exe[3040] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\ooVoo\oovoo.exe[3040] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\ooVoo\oovoo.exe[3040] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\ooVoo\oovoo.exe[3040] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\ooVoo\oovoo.exe[3040] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\ooVoo\oovoo.exe[3040] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\ooVoo\oovoo.exe[3040] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\ooVoo\oovoo.exe[3040] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\ooVoo\oovoo.exe[3040] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\ooVoo\oovoo.exe[3040] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\Program Files\Sony\VAIO Action Setup\VAServ.exe[3064] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\Sony\VAIO Action Setup\VAServ.exe[3064] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Sony\VAIO Action Setup\VAServ.exe[3064] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\Sony\VAIO Action Setup\VAServ.exe[3064] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Sony\VAIO Action Setup\VAServ.exe[3064] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003C0804
.text C:\Program Files\Sony\VAIO Action Setup\VAServ.exe[3064] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003C0A08
.text C:\Program Files\Sony\VAIO Action Setup\VAServ.exe[3064] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003C0600
.text C:\Program Files\Sony\VAIO Action Setup\VAServ.exe[3064] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003C01F8
.text C:\Program Files\Sony\VAIO Action Setup\VAServ.exe[3064] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003C03FC
.text C:\Program Files\Sony\VAIO Action Setup\VAServ.exe[3064] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003D1014
.text C:\Program Files\Sony\VAIO Action Setup\VAServ.exe[3064] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003D0804
.text C:\Program Files\Sony\VAIO Action Setup\VAServ.exe[3064] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003D0A08
.text C:\Program Files\Sony\VAIO Action Setup\VAServ.exe[3064] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003D0C0C
.text C:\Program Files\Sony\VAIO Action Setup\VAServ.exe[3064] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003D0E10
.text C:\Program Files\Sony\VAIO Action Setup\VAServ.exe[3064] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003D01F8
.text C:\Program Files\Sony\VAIO Action Setup\VAServ.exe[3064] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003D03FC
.text C:\Program Files\Sony\VAIO Action Setup\VAServ.exe[3064] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003D0600
.text D:\OPENOFFICE\OpenOffice.org 3\program\soffice.exe[3304] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8
.text D:\OPENOFFICE\OpenOffice.org 3\program\soffice.exe[3304] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text D:\OPENOFFICE\OpenOffice.org 3\program\soffice.exe[3304] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC
.text D:\OPENOFFICE\OpenOffice.org 3\program\soffice.exe[3304] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text D:\OPENOFFICE\OpenOffice.org 3\program\soffice.exe[3304] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text D:\OPENOFFICE\OpenOffice.org 3\program\soffice.exe[3304] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text D:\OPENOFFICE\OpenOffice.org 3\program\soffice.exe[3304] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text D:\OPENOFFICE\OpenOffice.org 3\program\soffice.exe[3304] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text D:\OPENOFFICE\OpenOffice.org 3\program\soffice.exe[3304] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text D:\OPENOFFICE\OpenOffice.org 3\program\soffice.exe[3304] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003B1014
.text D:\OPENOFFICE\OpenOffice.org 3\program\soffice.exe[3304] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003B0804
.text D:\OPENOFFICE\OpenOffice.org 3\program\soffice.exe[3304] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003B0A08
.text D:\OPENOFFICE\OpenOffice.org 3\program\soffice.exe[3304] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003B0C0C
.text D:\OPENOFFICE\OpenOffice.org 3\program\soffice.exe[3304] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003B0E10
.text D:\OPENOFFICE\OpenOffice.org 3\program\soffice.exe[3304] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003B01F8
.text D:\OPENOFFICE\OpenOffice.org 3\program\soffice.exe[3304] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003B03FC
.text D:\OPENOFFICE\OpenOffice.org 3\program\soffice.exe[3304] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003B0600
.text D:\OPENOFFICE\OpenOffice.org 3\program\soffice.bin[3724] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000501F8
.text D:\OPENOFFICE\OpenOffice.org 3\program\soffice.bin[3724] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text D:\OPENOFFICE\OpenOffice.org 3\program\soffice.bin[3724] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000503FC
.text D:\OPENOFFICE\OpenOffice.org 3\program\soffice.bin[3724] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text D:\OPENOFFICE\OpenOffice.org 3\program\soffice.bin[3724] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 01540804
.text D:\OPENOFFICE\OpenOffice.org 3\program\soffice.bin[3724] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 01540A08
.text D:\OPENOFFICE\OpenOffice.org 3\program\soffice.bin[3724] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 01540600
.text D:\OPENOFFICE\OpenOffice.org 3\program\soffice.bin[3724] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 015401F8
.text D:\OPENOFFICE\OpenOffice.org 3\program\soffice.bin[3724] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 015403FC
.text D:\OPENOFFICE\OpenOffice.org 3\program\soffice.bin[3724] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 01551014
.text D:\OPENOFFICE\OpenOffice.org 3\program\soffice.bin[3724] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 01550804
.text D:\OPENOFFICE\OpenOffice.org 3\program\soffice.bin[3724] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 01550A08
.text D:\OPENOFFICE\OpenOffice.org 3\program\soffice.bin[3724] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 01550C0C

END 3RD SECTION GMER LOG

 

START 4TH SECTION GMER LOG

.text D:\OPENOFFICE\OpenOffice.org 3\program\soffice.bin[3724] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 01550E10
.text D:\OPENOFFICE\OpenOffice.org 3\program\soffice.bin[3724] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 015501F8
.text D:\OPENOFFICE\OpenOffice.org 3\program\soffice.bin[3724] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 015503FC
.text D:\OPENOFFICE\OpenOffice.org 3\program\soffice.bin[3724] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 01550600
.text c:\progra~1\Support.com\client\bin\tgcmd.exe[3836] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text c:\progra~1\Support.com\client\bin\tgcmd.exe[3836] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text c:\progra~1\Support.com\client\bin\tgcmd.exe[3836] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text c:\progra~1\Support.com\client\bin\tgcmd.exe[3836] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text c:\progra~1\Support.com\client\bin\tgcmd.exe[3836] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00381014
.text c:\progra~1\Support.com\client\bin\tgcmd.exe[3836] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00380804
.text c:\progra~1\Support.com\client\bin\tgcmd.exe[3836] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00380A08
.text c:\progra~1\Support.com\client\bin\tgcmd.exe[3836] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00380C0C
.text c:\progra~1\Support.com\client\bin\tgcmd.exe[3836] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00380E10
.text c:\progra~1\Support.com\client\bin\tgcmd.exe[3836] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003801F8
.text c:\progra~1\Support.com\client\bin\tgcmd.exe[3836] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003803FC
.text c:\progra~1\Support.com\client\bin\tgcmd.exe[3836] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00380600
.text c:\progra~1\Support.com\client\bin\tgcmd.exe[3836] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text c:\progra~1\Support.com\client\bin\tgcmd.exe[3836] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text c:\progra~1\Support.com\client\bin\tgcmd.exe[3836] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text c:\progra~1\Support.com\client\bin\tgcmd.exe[3836] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text c:\progra~1\Support.com\client\bin\tgcmd.exe[3836] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC







---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \WINDOWS\System32\DRIVERS\PCIIDEX.SYS[HAL.dll!WRITE_PORT_ULONG] [F76FA20E] sptd.sys
IAT \WINDOWS\System32\DRIVERS\PCIIDEX.SYS[HAL.dll!READ_PORT_UCHAR] [F76F970C] sptd.sys
IAT \WINDOWS\System32\DRIVERS\PCIIDEX.SYS[HAL.dll!WRITE_PORT_UCHAR] [F76F9EEE] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F76F970C] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F76F98F0] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F76F9832] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F76FA0CC] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F76F9EEE] sptd.sys
IAT \SystemRoot\System32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F770DF56] sptd.sys
IAT \SystemRoot\System32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 871442F8

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[636] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00380002
IAT C:\WINDOWS\system32\services.exe[636] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00380000
IAT C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1300] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C8F6D0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software)
IAT C:\Program Files\AVAST Software\Avast\avastUI.exe[2568] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C8F6D0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software)
IAT C:\Program Files\ooVoo\oovoo.exe[3040] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [00531EA0] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo LLC)
IAT C:\Program Files\ooVoo\oovoo.exe[3040] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [00531B60] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo LLC)
IAT C:\Program Files\ooVoo\oovoo.exe[3040] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [00531DD0] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo LLC)
IAT C:\Program Files\ooVoo\oovoo.exe[3040] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [00531C30] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo LLC)
IAT C:\Program Files\ooVoo\oovoo.exe[3040] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [00531B60] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo LLC)
IAT C:\Program Files\ooVoo\oovoo.exe[3040] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [00531EA0] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo LLC)
IAT C:\Program Files\ooVoo\oovoo.exe[3040] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [00531B60] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo LLC)
IAT C:\Program Files\ooVoo\oovoo.exe[3040] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [00531C30] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo LLC)
IAT C:\Program Files\ooVoo\oovoo.exe[3040] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [00531EA0] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo LLC)
IAT C:\Program Files\ooVoo\oovoo.exe[3040] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [00531B60] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo LLC)
IAT C:\Program Files\ooVoo\oovoo.exe[3040] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [00531C30] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo LLC)
IAT C:\Program Files\ooVoo\oovoo.exe[3040] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [00531EA0] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo LLC)
IAT C:\Program Files\ooVoo\oovoo.exe[3040] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [00531EA0] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo LLC)
IAT C:\Program Files\ooVoo\oovoo.exe[3040] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [00531B60] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo LLC)
IAT C:\Program Files\ooVoo\oovoo.exe[3040] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [00531B60] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo LLC)
IAT C:\Program Files\ooVoo\oovoo.exe[3040] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [00531EA0] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo LLC)
IAT C:\Program Files\ooVoo\oovoo.exe[3040] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [00531DD0] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo LLC)
IAT C:\Program Files\ooVoo\oovoo.exe[3040] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [00531B60] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo LLC)
IAT C:\Program Files\ooVoo\oovoo.exe[3040] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [00531EA0] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo LLC)
IAT C:\Program Files\ooVoo\oovoo.exe[3040] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [00531C30] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo LLC)
IAT C:\Program Files\ooVoo\oovoo.exe[3040] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [00531DD0] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo LLC)
IAT C:\Program Files\ooVoo\oovoo.exe[3040] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [00531B60] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo LLC)
IAT C:\Program Files\ooVoo\oovoo.exe[3040] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [00531EA0] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo LLC)
IAT C:\Program Files\ooVoo\oovoo.exe[3040] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [00531C30] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo LLC)
IAT C:\Program Files\ooVoo\oovoo.exe[3040] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [00531D00] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo LLC)
IAT C:\Program Files\ooVoo\oovoo.exe[3040] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [00531DD0] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo LLC)
IAT C:\Program Files\ooVoo\oovoo.exe[3040] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [00531C30] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo LLC)
IAT C:\Program Files\ooVoo\oovoo.exe[3040] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [00531B60] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo LLC)
IAT C:\Program Files\ooVoo\oovoo.exe[3040] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [00531EA0] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo LLC)
IAT C:\Program Files\ooVoo\oovoo.exe[3040] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetFocus] [00526720] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo LLC)
IAT C:\Program Files\ooVoo\oovoo.exe[3040] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [00531B60] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo LLC)
IAT C:\Program Files\ooVoo\oovoo.exe[3040] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [00531C30] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo LLC)
IAT C:\Program Files\ooVoo\oovoo.exe[3040] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [00531EA0] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo LLC)
IAT C:\Program Files\ooVoo\oovoo.exe[3040] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [00531DD0] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo LLC)
IAT C:\Program Files\ooVoo\oovoo.exe[3040] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [00531D00] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo LLC)
IAT C:\Program Files\ooVoo\oovoo.exe[3040] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetFocus] [00526720] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo LLC)
IAT C:\Program Files\ooVoo\oovoo.exe[3040] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetScrollInfo] [0052B030] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo LLC)
IAT C:\Program Files\ooVoo\oovoo.exe[3040] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetScrollInfo] [0052B140] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo LLC)
IAT C:\Program Files\ooVoo\oovoo.exe[3040] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetScrollPos] [0052B090] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo LLC)
IAT C:\Program Files\ooVoo\oovoo.exe[3040] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [00531EA0] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo LLC)
IAT C:\Program Files\ooVoo\oovoo.exe[3040] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [00531B60] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo LLC)
IAT C:\Program Files\ooVoo\oovoo.exe[3040] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [00531C30] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo LLC)
IAT C:\Program Files\ooVoo\oovoo.exe[3040] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [00531DD0] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo LLC)
IAT C:\Program Files\ooVoo\oovoo.exe[3040] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [00531D00] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo LLC)
IAT C:\Program Files\ooVoo\oovoo.exe[3040] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SetFocus] [00526720] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo LLC)
IAT C:\Program Files\ooVoo\oovoo.exe[3040] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExA] [00531D00] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo LLC)
IAT C:\Program Files\ooVoo\oovoo.exe[3040] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [00531C30] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo LLC)
IAT C:\Program Files\ooVoo\oovoo.exe[3040] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [00531EA0] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo LLC)
IAT C:\Program Files\ooVoo\oovoo.exe[3040] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [00531B60] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo LLC)
IAT C:\Program Files\ooVoo\oovoo.exe[3040] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!SetFocus] [00526720] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo LLC)
IAT C:\Program Files\ooVoo\oovoo.exe[3040] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [00531EA0] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo LLC)
IAT C:\Program Files\ooVoo\oovoo.exe[3040] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [00531B60] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo LLC)
IAT C:\Program Files\ooVoo\oovoo.exe[3040] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [00531D00] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo LLC)
IAT C:\Program Files\ooVoo\oovoo.exe[3040] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [00531DD0] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo LLC)
IAT C:\Program Files\ooVoo\oovoo.exe[3040] @ C:\WINDOWS\system32\IPHLPAPI.DLL [KERNEL32.dll!GetProcAddress] [00531EA0] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo LLC)
IAT C:\Program Files\ooVoo\oovoo.exe[3040] @ C:\WINDOWS\system32\IPHLPAPI.DLL [KERNEL32.dll!LoadLibraryA] [00531B60] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo LLC)
IAT C:\Program Files\ooVoo\oovoo.exe[3040] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [00531B60] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo LLC)
IAT C:\Program Files\ooVoo\oovoo.exe[3040] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [00531EA0] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo LLC)
IAT C:\Program Files\ooVoo\oovoo.exe[3040] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [00531C30] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo LLC)
IAT C:\Program Files\ooVoo\oovoo.exe[3040] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [00531B60] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo LLC)
IAT C:\Program Files\ooVoo\oovoo.exe[3040] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [00531EA0] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo LLC)
IAT C:\Program Files\ooVoo\oovoo.exe[3040] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [00531C30] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo LLC)
IAT C:\Program Files\ooVoo\oovoo.exe[3040] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [00531D00] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo LLC)
IAT C:\Program Files\ooVoo\oovoo.exe[3040] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [00531EA0] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo LLC)
IAT C:\Program Files\ooVoo\oovoo.exe[3040] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [00531B60] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo LLC)
IAT C:\Program Files\ooVoo\oovoo.exe[3040] @ C:\WINDOWS\system32\USERENV.dll [USER32.dll!SetFocus] [00526720] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo LLC)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
Device \FileSystem\Ntfs \Ntfs 873CF1E8

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

Device \Driver\NetBT \Device\NetBT_Tcpip_{DB6DB53C-CC9A-49DE-AC6D-62A5F9FBDEAB} 86D3D1E8

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\usbuhci \Device\USBPDO-0 871431E8
Device \Driver\usbuhci \Device\USBPDO-1 871431E8

AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\Cdrom \Device\CdRom0 872631E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 [F768AB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F768AB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 [F768AB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [F768AB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f [F768AB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\Cdrom \Device\CdRom1 872631E8
Device \Driver\NetBT \Device\NetBt_Wins_Export 86D3D1E8
Device \Driver\NetBT \Device\NetbiosSmb 86D3D1E8

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\usbuhci \Device\USBFDO-0 871431E8
Device \Driver\usbuhci \Device\USBFDO-1 871431E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 86CCD1E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 86CCD1E8
Device \FileSystem\Cdfs \Cdfs 86F6F430

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792

---- EOF - GMER 1.0.15 ----

END GMER LOG

 

MBR LOG


aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-24 10:38:19
-----------------------------
10:38:19.437 OS Version: Windows 5.1.2600 Service Pack 3
10:38:19.437 Number of processors: 1 586 0x102
10:38:19.437 ComputerName: VALUED-7B9600FA UserName: user account
10:38:22.843 Initialize success
10:38:23.031 AVAST engine defs: 12072400
10:38:42.093 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
10:38:42.093 Disk 0 Vendor: Maxtor_4D080H4 DAH017K0 Size: 78167MB BusType: 3
10:38:42.109 Disk 1 \Device\Harddisk1\DR3 -> \Device\00000066
10:38:42.109 Disk 1 Vendor: Sony 0000 Size: 78167MB BusType: 0
10:38:42.218 Disk 0 MBR read successfully
10:38:42.218 Disk 0 MBR scan
10:38:42.218 Disk 0 Windows XP default MBR code
10:38:42.218 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 28670 MB offset 63
10:38:42.218 Disk 0 Partition - 00 0F Extended LBA 49489 MB offset 58717575
10:38:42.296 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 49489 MB offset 58717638
10:38:42.390 Disk 0 scanning sectors +160071660
10:38:42.671 Disk 0 scanning C:\WINDOWS\system32\drivers
10:39:37.000 Service scanning
10:40:12.468 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
10:40:21.406 Modules scanning
10:41:21.921 Disk 0 trace - called modules:
10:41:21.953 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys sptd.sys intelide.sys
10:41:21.953 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87356ab8]
10:41:21.953 3 CLASSPNP.SYS[f788efd7] -> nt!IofCallDriver -> \Device\0000005f[0x87360f18]
10:41:21.953 5 ACPI.sys[f76cf620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8735f940]
10:41:22.781 AVAST engine scan C:\WINDOWS
10:42:01.703 AVAST engine scan C:\WINDOWS\system32
10:58:52.609 AVAST engine scan C:\WINDOWS\system32\drivers
11:00:41.359 AVAST engine scan C:\Documents and Settings\user account
11:03:54.046 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\user account\Desktop\JULY SCANS\MBR.dat "
11:03:54.046 The log file has been saved successfully to "C:\Documents and Settings\user account\Desktop\JULY SCANS\aswMBR.txt "

 

3 questions:

1. the cursor seems to be moving in little jumps instead of smoothly. Should anything be done about this.

2. the aswMBR screen has a button to "Fixl MBR." Should I press this?

3. The only line in yellow on the aswMBR scan was this:

SERVICE SPTD c:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32

Should I try to unlock this driver or repair it in another way?

 

DDS.TXT

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 10.5.1
Run by user account at 11:17:26 on 2012-07-24
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1024.490 [GMT -7:00]
.
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\WScript.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\WrtMon.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\WrtProc.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Pmsb.exe
C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ooVoo\oovoo.exe
C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
D:\OPENOFFICE\OpenOffice.org 3\program\soffice.exe
D:\OPENOFFICE\OpenOffice.org 3\program\soffice.bin
c:\progra~1\Support.com\client\bin\tgcmd.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.ask.com/?l=dis&o=14597
uInternet Settings,ProxyServer = hxxp://proxify.com/proxy.pac:81
uURLSearchHooks: Verizon Toolbar: {f8d96645-337c-419b-8792-b6c126145811} - c:\program files\verizontb\verizonDx.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: Updater For Verizon Toolbar: {96673559-e653-4cdc-8923-f89347a952c0} - c:\program files\verizontb\auxi\verizonAu.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
BHO: Verizon Toolbar: {f8d96645-337c-419b-8792-b6c126145811} - c:\program files\verizontb\verizonDx.dll
TB: Verizon Toolbar: {f8d96645-337c-419b-8792-b6c126145811} - c:\program files\verizontb\verizonDx.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [Scan Buttons] c:\program files\Pmsb.exe
uRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\MMonitor.exe "
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [ooVoo.exe] c:\program files\oovoo\oovoo.exe /minimized
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [ZTgServerSwitch] c:\program files\support.com\client\lserver\server.vbs
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Share-to-Web Namespace Daemon] c:\program files\hewlett-packard\hp share-to-web\hpgs2wnd.exe
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4.0\OpwareSE4.exe "
mRun: [WrtMon.exe] c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\FirstStart.exe" /OM
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe "
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe "
StartupFolder: c:\docume~1\userac~1\startm~1\programs\startup\openof~1.lnk - d:\openoffice\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vaioac~1.lnk - c:\program files\sony\vaio action setup\VAServ.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/Dcode/ActiveX/MSDcode.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{DB6DB53C-CC9A-49DE-AC6D-62A5F9FBDEAB} : DhcpNameServer = 192.168.1.1
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\user account\application data\mozilla\firefox\profiles\kw863eum.default\
FF - prefs.js: browser.startup.homepage - inbox.com
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\npjpi170_05.dll
FF - plugin: c:\program files\java\jre7\bin\npoji610.dll
FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npwmsdrm.dll
FF - plugin: d:\bin\npdeployJava1.dll
FF - plugin: d:\bin\plugin2\npdeployJava1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\avast software\avast\webrep\FF
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-2-4 721000]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-2-4 353688]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-2-4 21256]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-2-4 44808]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-12-18 655944]
R2 SonyFKC;FAN and Keyboard Control Service;c:\windows\system32\drivers\SonyFKC.sys [2001-12-19 12032]
R2 V7;V7;c:\windows\system32\drivers\V7.SYS [2011-11-30 7196]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-18 22344]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-1-8 136176]
S3 BCM42XX;Broadcom iLine10(tm) Network Adapter Driver;c:\windows\system32\drivers\bcm42xx5.sys [2001-12-14 54271]
S3 cpuz134;cpuz134;\??\c:\docume~1\userac~1\locals~1\temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\userac~1\locals~1\temp\cpuz134\cpuz134_x32.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-1-8 136176]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [2012-2-20 30576]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2012-2-4 27064]
S3 SMBE;Sony MPEG2 Encoder Board (WDM);c:\windows\system32\drivers\Smbe.sys [2001-12-14 593000]
S4 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-6-7 160944]
.
=============== Created Last 30 ================
.
2012-07-24 05:17:59 711240 ----a-w- c:\windows\isRS-000.tmp
2012-07-18 19:58:01 -------- d-----w- c:\documents and settings\user account\local settings\application data\Sun
2012-07-15 03:36:27 203736 ----a-w- c:\program files\mozilla firefox\nspr4.dll
2012-07-14 13:23:37 -------- d-----w- c:\program files\Oracle
2012-07-14 13:23:14 772544 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-07-13 09:41:57 -------- d-----w- C:\MappedFiles
2012-07-07 16:09:19 -------- d-----w- c:\documents and settings\user account\local settings\application data\Temp
2012-07-07 16:09:19 -------- d-----w- c:\documents and settings\user account\local settings\application data\Adobe
2012-07-07 06:18:44 -------- d-----w- c:\windows\Cache
2012-07-07 02:41:05 -------- d-----w- c:\windows\AiOTemp
2012-07-06 13:13:55 57344 ----a-w- c:\windows\system32\CNQI4802.DLL
2012-07-06 13:13:55 143360 ----a-w- c:\windows\system32\CNQL4802.DLL
2012-07-06 13:13:55 106496 ----a-w- c:\windows\system32\cnqo4802.dll
2012-07-06 13:13:54 1298432 ----a-w- c:\windows\system32\CNQC4802.DLL
2012-06-28 15:01:31 -------- d-----w- c:\program files\MSECache
.
==================== Find3M ====================
.
2012-07-06 05:07:08 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-07-06 05:06:20 687544 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-03 20:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-03 16:21:53 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-07-03 16:21:32 41224 ----a-w- c:\windows\avastSS.scr
2012-06-20 05:55:39 14662576 ----a-w- c:\program files\FoxitReader531.0606_enu_Setup.exe
2012-06-13 13:19:59 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50:25 1372672 ------w- c:\windows\system32\msxml6.dll
2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 22:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 22:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 22:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 22:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 22:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 22:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 22:18:58 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 22:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-30 21:07:39 74982768 ----a-w- c:\program files\iTunesSetup.exe
2012-05-19 05:46:05 729320 ----a-w- c:\program files\cbsi-3_2_5_41-10013740.exe
2012-05-16 07:58:35 667136 ----a-w- c:\windows\system32\wininet.dll
2012-05-04 13:12:30 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32:19 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-23 14:55:17 12631561 ----a-w- c:\program files\61.77_win2kxp_english.exe
2012-02-06 01:34:12 316480 ----a-w- c:\program files\FIREFOX.exe
2012-02-04 14:28:59 64207032 ----a-w- c:\program files\AVAST SETUP.exe
2012-02-04 14:15:11 3587688 ----a-w- c:\program files\ccsetup315.exe
2012-02-04 14:12:44 182828 ----a-w- c:\program files\cc_20120204_061204.reg
2012-01-24 08:43:19 60416 ----a-w- c:\program files\UFSE.DLL
2006-10-11 00:24:16 147456 ----a-w- c:\program files\Pmsb.exe
2006-09-27 02:14:22 32768 ----a-w- c:\program files\PMXpsCreator.dll
2006-09-27 02:05:52 31744 ----a-w- c:\program files\XpsCreator.dll
2006-09-26 23:59:32 4022272 ----a-w- c:\program files\Prestopm.exe
2006-09-26 23:58:38 94208 ----a-w- c:\program files\ScanModule.dll
2006-09-26 23:57:02 32768 ----a-w- c:\program files\PMSaveXPS.dll
2006-09-26 23:45:22 81920 ----a-w- c:\program files\PMSave.dll
2006-09-26 21:16:04 868352 ----a-w- c:\program files\SlideBarDLL.dll
2006-09-20 18:09:14 24576 ----a-w- c:\program files\AvalonPage.dll
2006-09-20 17:46:34 61440 ----a-w- c:\program files\NsScanToPdf.exe
2006-09-20 17:36:24 36864 ----a-w- c:\program files\PMSavePdf.dll
2006-09-19 21:54:04 290816 ----a-w- c:\program files\PMPageVW.dll
2006-09-19 18:46:42 40448 ----a-w- c:\program files\PMXpsView.dll
2006-09-19 18:46:42 24576 ----a-w- c:\program files\PMXpsHostView.dll
2006-09-19 01:05:00 1171456 ----a-w- c:\program files\PMView.dll
2006-09-15 16:06:24 151552 ----a-w- c:\program files\PMSearch.dll
2006-09-14 22:07:08 208896 ----a-w- c:\program files\RapDocImg.dll
2006-09-14 22:07:06 98304 ----a-w- c:\program files\PMVLink.dll
2006-09-14 17:44:18 49152 ----a-w- c:\program files\Print.dll
2006-09-14 17:41:44 155648 ----a-w- c:\program files\PMCommon.dll
2006-09-13 16:19:50 323584 ----a-w- c:\program files\iConvert16.dll
2006-09-13 16:17:08 241664 ----a-w- c:\program files\PShow.exe
2006-08-22 16:02:32 180224 ----a-w- c:\program files\PMScnSet.dll
2006-08-21 17:42:24 180307 ----a-w- c:\program files\PMINSO.dll
2006-08-21 16:57:04 253952 ----a-w- c:\program files\PMTree.dll
2006-08-21 16:28:16 45056 ----a-w- c:\program files\PerformOcr.dll
2006-08-01 17:27:04 110592 ----a-w- c:\program files\PDFWriter.dll
2006-07-27 21:32:02 53248 ----a-w- c:\program files\PrnDrvSetup.dll
2006-07-20 00:35:52 126976 ----a-w- c:\program files\OCR.dll
2006-07-11 18:03:06 24576 ----a-w- c:\program files\AutmnXls.dll
2006-07-11 18:02:58 24576 ----a-w- c:\program files\AutmnPpt.dll
2006-07-11 18:02:46 24576 ----a-w- c:\program files\AutmnDoc.dll
2006-06-15 17:09:14 507904 ----a-w- c:\program files\MergePDF.dll
2006-02-27 23:23:06 274516 ----a-w- c:\program files\PMToApp.dll
2006-02-27 23:22:12 28672 ----a-w- c:\program files\NetScanDll.dll
2006-02-22 17:15:26 45056 ----a-w- c:\program files\WriteIfo2Pdf.dll
2006-02-15 23:25:04 49152 ----a-w- c:\program files\NSWia.dll
2006-02-15 23:04:50 98304 ----a-w- c:\program files\NsScan.dll
2006-01-13 03:23:46 249856 ----a-w- c:\program files\PMDB.dll
2006-01-12 22:04:24 397312 ----a-w- c:\program files\pmtwain.dll
2005-09-13 23:10:10 483328 ----a-w- c:\program files\WpdfViewer.exe
2005-09-06 17:47:46 102400 ----a-w- c:\program files\PMApSet.dll
2005-08-15 16:13:50 57344 ----a-w- c:\program files\PMISM.dll
2005-08-08 21:20:20 57344 ----a-w- c:\program files\PMStatus.dll
2005-08-08 16:18:06 303104 ----a-w- c:\program files\PrintFun.exe
2005-07-30 01:10:04 176128 ----a-w- c:\program files\PMImgVW.dll
2005-07-29 01:52:18 114688 ----a-w- c:\program files\Fioall32.dll
2005-07-26 02:53:24 86016 ----a-w- c:\program files\PMProp.dll
2005-07-26 01:02:18 36864 ----a-w- c:\program files\fiopct32.dll
2005-07-26 00:11:22 303104 ----a-w- c:\program files\Fiotif32.dll
2005-07-16 00:04:26 32768 ----a-w- c:\program files\PrintFunLnk.dll
2005-07-16 00:01:08 131072 ----a-w- c:\program files\PMANO.dll
2005-07-14 00:58:20 57344 ----a-w- c:\program files\WriteData2Pdf.dll
2005-07-01 20:14:28 69632 ----a-w- c:\program files\NsSavePdf.exe
2005-06-30 21:55:38 45056 ----a-w- c:\program files\WriteDriver2Pdf.dll
2005-06-08 23:40:12 40960 ----a-w- c:\program files\NsWaitApp.exe
2005-05-26 11:26:24 110592 ----a-w- c:\program files\AutoCrop.dll
2005-05-25 23:51:22 315392 ----a-w- c:\program files\PMAnoSet.dll
2005-04-14 18:39:38 40960 ----a-w- c:\program files\NetFun98.dll
2005-04-14 18:39:28 40960 ----a-w- c:\program files\NetFun2K.dll
2005-04-08 16:28:06 49152 ----a-w- c:\program files\PMSet.dll
2005-04-08 16:25:48 98304 ----a-w- c:\program files\ComClass.dll
2005-03-29 00:31:34 245760 ----a-w- c:\program files\pccrsdk.dll
2005-03-29 00:31:24 65536 ----a-w- c:\program files\dcfr.dll
2005-03-29 00:31:20 122880 ----a-w- c:\program files\dcexport.dll
2005-03-29 00:31:16 331776 ----a-w- c:\program files\imgtool.dll
2005-03-29 00:31:00 172032 ----a-w- c:\program files\post.dll
2005-03-29 00:28:14 327680 ----a-w- c:\program files\Segment.dll
2005-03-29 00:28:02 331776 ----a-w- c:\program files\Recogn.dll
2001-08-18 12:00:00 94784 -csh--w- c:\windows\twain.dll
2008-04-14 00:12:07 50688 --sh--w- c:\windows\twain_32.dll
2011-02-08 13:33:55 978944 --sh--w- c:\windows\system32\mfc42.dll
2008-04-14 00:12:01 57344 --sh--w- c:\windows\system32\msvcirt.dll
2008-04-14 00:12:01 413696 --sh--w- c:\windows\system32\msvcp60.dll
2008-04-14 00:12:01 343040 --sh--w- c:\windows\system32\msvcrt.dll
2010-12-20 17:32:15 551936 --sh--w- c:\windows\system32\oleaut32.dll
2008-04-14 00:12:02 84992 --sh--w- c:\windows\system32\olepro32.dll
2008-04-14 00:12:32 11776 --sh--w- c:\windows\system32\regsvr32.exe
.
============= FINISH: 11:18:33.90 ===============

 

Attach.txt


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 11/30/2011 3:00:29 PM
System Uptime: 7/23/2012 10:18:56 PM (13 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P4B266LM
Processor: Intel(R) Pentium(R) 4 CPU 1.80GHz | mPGA 478 | 1816/100mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 28 GiB total, 10.541 GiB free.
D: is FIXED (NTFS) - 48 GiB total, 46.031 GiB free.
E: is Removable
F: is CDROM ()
G: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP278: 7/6/2012 6:19:39 AM - Installed Presto! PageManager 7.15
RP279: 7/6/2012 7:18:34 PM - Installed hp officejet v series
RP280: 7/6/2012 7:49:59 PM - Installed hp officejet v series
RP281: 7/6/2012 11:20:27 PM - Installed Adobe Reader 6.0.1
RP282: 7/7/2012 8:15:14 AM - Removed Adobe Reader 6.0.1
RP283: 7/7/2012 9:00:51 AM - Installed Adobe Reader X (10.1.3).
RP284: 7/8/2012 2:03:42 PM - System Checkpoint
RP285: 7/9/2012 2:07:29 PM - System Checkpoint
RP286: 7/10/2012 2:40:18 PM - System Checkpoint
RP287: 7/11/2012 3:00:18 AM - Software Distribution Service 3.0
RP288: 7/12/2012 3:35:42 AM - System Checkpoint
RP289: 7/13/2012 3:54:23 AM - System Checkpoint
RP290: 7/14/2012 5:44:10 AM - System Checkpoint
RP291: 7/14/2012 6:22:15 AM - Installed Java(TM) 7 Update 5
RP292: 7/14/2012 6:23:36 AM - Installed JavaFX 2.1.1
RP293: 7/15/2012 6:46:23 AM - System Checkpoint
RP294: 7/16/2012 8:07:18 AM - System Checkpoint
RP295: 7/17/2012 8:43:18 AM - System Checkpoint
RP296: 7/18/2012 9:23:14 AM - System Checkpoint
RP297: 7/19/2012 9:51:36 AM - System Checkpoint
RP298: 7/20/2012 10:50:23 AM - System Checkpoint
RP299: 7/21/2012 12:06:10 PM - System Checkpoint
RP300: 7/22/2012 12:29:15 PM - System Checkpoint
RP301: 7/23/2012 1:04:36 PM - System Checkpoint
RP302: 7/23/2012 9:47:20 PM - Restore Operation
RP303: 7/23/2012 9:53:04 PM - Restore Operation
RP304: 7/23/2012 10:03:37 PM - Restore Operation
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.3)
ArcSoft PhotoStudio 5.5
avast! Free Antivirus
Belarc Advisor 8.2
Canon CanoScan LiDE 600F User Registration
Canon CanoScan Toolbox 5.0
CanoScan LiDE 600F
CCleaner
Compatibility Pack for the 2007 Office system
COWON Media Center - jetAudio Basic VX
DigitalPrint 1.1
doPDF 7.2 printer
DVDExpress
Experience VAIO
FormatFactory 2.95
Foxit Reader
Google Chrome
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
hp instant support
hp officejet v series
HP Photo Printing Software
HP Share-to-Web
ImageStation
ImageStation Demo
ImgBurn
ISO Recorder
Java Auto Updater
Java(TM) 6 Update 13
Java(TM) 6 Update 31
Java(TM) 7 Update 5
JavaFX 2.1.1
Malwarebytes Anti-Malware version 1.62.0.1300
Media Bar 3.2.12
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Corporation
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Word 2002
Microsoft Works 2003 Setup Launcher
Microsoft Works 7.0
Microsoft Works Suite Add-in for Microsoft Word
Motion JPEG Software Decoder
Mozilla Firefox (3.5.19)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Music Visualizer Library 1.2
NVIDIA Drivers
OLYMPUS Master 2
ooVoo
OpenMG Secure Module 3.0.01
OpenOffice.org 3.1
Opera 12.00
PhotoPrinter 2000 Pro
PicoPlayer
PicoPlayer Demo
PicoPlayerSplashScreen
PictureGear 5.1
Presto! PageManager 7.15.14
Quicken 2002 New User Edition
QuickTime
RealJukebox
RealPlayer Basic
Revo Uninstaller Pro 2.5.8
ScanSoft OmniPage SE 4.0
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544521)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2586448)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618444)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647516)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2675157)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2699988)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Skypeâ„¢ 5.10
Smart Capture
SonicStage 1.1.00
SonicStage CD-R Writing Module
Sony Certificate PCH
Sony DV Shared Library
Sony on Yahoo! Essentials
Sony Premium Services VAIO PC Health Check
Support Actions Win2K,WinXP
System Requirements Lab
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2718704)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VAIO Action Setup
VAIO Brezza Wallpaper
VAIO Grid Wallpaper
VAIO Help & Support
VAIO Registration
VAIO Serenus Wallpaper
VAIO Support
Verizon Toolbar
VisualFlow 2.1
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
Works Suite OS Pack
.
==== Event Viewer Messages From Past Week ========
.
7/23/2012 9:16:45 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.
7/23/2012 11:19:17 PM, error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
7/23/2012 11:18:18 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
.
==== End Of File ===========================

 

The scan reports are much shorter this time than for previous scans.

This may be because the only option that work during the avast root scan was the "move to chest." Does this mean many of my files are unusable because they are in the avast virus chest?

Do you think that is the reason the restore function no longer works?

 

I have run the rogue killer scan but there is a message:

"Please look at the different tabs and delete elements with buttons."

I don't see any buttons

but there are two entries in the results box. both have check marks and say "Found" Is this what they want me to delete?

there is no report issued, yet but there is a tab that says report.

which of these tabs should I click?

Should I delete the two objects checked and labeled "found "?

Or should I just click report?

I can send a screen shot.

 

ROGUE KILLER REPORT


RogueKiller V7.6.4 [07/17/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: user account [Admin rights]
Mode: Scan -- Date: 07/24/2012 13:22:37

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 3 ¤¤¤
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (hxxp://proxify.com/proxy.pac:81) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤
IRP[IRP_MJ_CREATE] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xF768AB40)
IRP[IRP_MJ_CLOSE] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xF768AB40)
IRP[IRP_MJ_DEVICE_CONTROL] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xF768AB40)
IRP[IRP_MJ_INTERNAL_DEVICE_CONTROL] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xF768AB40)
IRP[IRP_MJ_SYSTEM_CONTROL] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xF768AB40)
IRP[IRP_MJ_DEVICE_CHANGE] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xF768AB40)

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Maxtor 4D080H4 +++++
--- User ---
[MBR] 1db1ca0fbcc48f6b7d9dfaaf64b66e20
[BSP] cb5c6d4d10172c38b46246562b823fcc : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 28670 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 58717575 | Size: 49489 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt

 

COMBOFIX REPORT

SECTION ONE

ComboFix 12-07-25.04 - user account 07/24/2012 15:40:11.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1024.435 [GMT -7:00]
Running from: c:\documents and settings\user account\Desktop\JULY SCANS\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\cbsi-3_2_5_41-10013740.exe
c:\program files\FoxitReader531.0606_enu_Setup.exe
c:\program files\SHFOLDER.dll
c:\program files\Uninstall.exe
c:\windows\isRS-000.tmp
c:\windows\system32\dllcache\dlimport.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-06-24 to 2012-07-24 )))))))))))))))))))))))))))))))
.
.
2012-07-18 19:58 . 2012-07-18 19:58 -------- d-----w- c:\documents and settings\user account\Local Settings\Application Data\Sun
2012-07-15 03:36 . 2012-07-19 00:24 203736 ----a-w- c:\program files\Mozilla Firefox\nspr4.dll
2012-07-14 13:23 . 2012-07-14 13:23 -------- d-----w- c:\program files\Oracle
2012-07-14 13:23 . 2012-07-14 13:23 -------- d-----w- c:\documents and settings\user account\Application Data\Oracle
2012-07-14 13:23 . 2012-07-06 05:06 772544 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-07-14 12:29 . 2012-07-14 12:29 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2012-07-13 09:41 . 2012-07-13 09:41 -------- d-----w- C:\MappedFiles
2012-07-07 16:09 . 2012-07-07 16:09 -------- d-----w- c:\documents and settings\user account\Local Settings\Application Data\Temp
2012-07-07 16:09 . 2012-07-07 16:09 -------- d-----w- c:\documents and settings\user account\Local Settings\Application Data\Adobe
2012-07-07 11:14 . 2012-07-07 11:14 -------- d-----w- c:\documents and settings\user account\Application Data\AdobeUM
2012-07-07 06:18 . 2012-07-07 06:18 -------- d-----w- c:\windows\Cache
2012-07-07 02:41 . 2012-07-07 02:54 -------- d-----w- c:\windows\AiOTemp
2012-07-06 13:14 . 2012-07-06 13:14 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
2012-07-06 13:13 . 2006-07-20 15:51 57344 ----a-w- c:\windows\system32\CNQI4802.DLL
2012-07-06 13:13 . 2006-07-13 19:51 143360 ----a-w- c:\windows\system32\CNQL4802.DLL
2012-07-06 13:13 . 2006-06-29 14:29 106496 ----a-w- c:\windows\system32\cnqo4802.dll
2012-07-06 13:13 . 2006-07-20 15:51 1298432 ----a-w- c:\windows\system32\CNQC4802.DLL
2012-07-06 13:13 . 2012-07-06 13:13 -------- d--h--w- c:\program files\CanonBJ
2012-06-28 15:01 . 2012-06-28 15:01 -------- d-----w- c:\program files\MSECache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-06 05:07 . 2012-02-12 02:08 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-07-06 05:06 . 2012-02-12 02:08 687544 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-03 20:46 . 2011-12-18 09:37 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-03 16:21 . 2012-02-04 14:31 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-07-03 16:21 . 2012-02-04 14:32 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-07-03 16:21 . 2012-02-04 14:32 353688 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-07-03 16:21 . 2012-02-04 14:31 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-07-03 16:21 . 2012-02-04 14:31 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-07-03 16:21 . 2012-02-04 14:31 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-07-03 16:21 . 2012-02-04 14:31 89624 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-07-03 16:21 . 2012-02-04 14:31 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-07-03 16:21 . 2012-02-04 14:31 41224 ----a-w- c:\windows\avastSS.scr
2012-07-03 16:21 . 2012-02-04 14:31 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-06-13 13:19 . 2001-12-14 19:26 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50 . 2011-12-10 13:14 1372672 ------w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2001-12-14 19:25 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2001-12-14 19:25 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 22:19 . 2009-08-07 03:24 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 22:19 . 2011-12-10 10:33 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 22:19 . 2011-12-10 10:33 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 22:19 . 2011-12-10 10:33 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 22:19 . 2009-08-07 03:24 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 22:19 . 2011-12-10 10:33 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2009-08-07 03:24 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2009-08-07 03:24 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 22:19 . 2001-12-14 20:35 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2001-12-14 19:25 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 22:19 . 2009-08-07 03:24 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 22:19 . 2011-12-10 10:33 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2001-12-14 20:35 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:18 . 2012-04-21 22:54 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 22:18 . 2012-04-21 22:54 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-06-02 22:18 . 2012-04-21 22:54 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-05-31 13:22 . 2001-12-14 19:25 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-30 21:07 . 2012-05-30 20:58 74982768 ----a-w- c:\program files\iTunesSetup.exe
2012-05-16 07:58 . 2002-08-29 15:14 667136 ----a-w- c:\windows\system32\wininet.dll
2012-05-04 13:12 . 2001-12-14 19:25 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32 . 2001-08-17 13:48 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2001-12-14 20:35 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-23 14:55 . 2012-02-23 14:54 12631561 ----a-w- c:\program files\61.77_win2kxp_english.exe
2012-02-06 01:34 . 2012-02-06 01:35 316480 ----a-w- c:\program files\FIREFOX.exe
2012-02-04 14:28 . 2012-02-04 14:21 64207032 ----a-w- c:\program files\AVAST SETUP.exe
2012-02-04 14:15 . 2012-02-04 14:15 3587688 ----a-w- c:\program files\ccsetup315.exe
2012-02-04 14:12 . 2012-02-04 14:12 182828 ----a-w- c:\program files\cc_20120204_061204.reg
2012-01-24 08:43 . 2012-01-18 03:34 60416 ----a-w- c:\program files\UFSE.DLL
2006-10-11 00:24 . 2011-12-03 23:04 147456 ----a-w- c:\program files\Pmsb.exe
2006-09-27 02:14 . 2011-12-03 23:04 32768 ----a-w- c:\program files\PMXpsCreator.dll
2006-09-27 02:05 . 2012-01-18 03:35 31744 ----a-w- c:\program files\XpsCreator.dll
2006-09-26 23:59 . 2011-12-03 23:04 4022272 ----a-w- c:\program files\Prestopm.exe
2006-09-26 23:58 . 2011-12-03 23:04 94208 ----a-w- c:\program files\ScanModule.dll
2006-09-26 23:57 . 2011-12-03 23:04 32768 ----a-w- c:\program files\PMSaveXPS.dll
2006-09-26 23:45 . 2011-12-03 23:04 81920 ----a-w- c:\program files\PMSave.dll
2006-09-26 21:16 . 2011-12-03 23:04 868352 ----a-w- c:\program files\SlideBarDLL.dll
2006-09-20 18:09 . 2011-12-03 23:06 24576 ----a-w- c:\program files\AvalonPage.dll
2006-09-20 17:46 . 2011-12-03 23:04 61440 ----a-w- c:\program files\NsScanToPdf.exe
2006-09-20 17:36 . 2011-12-03 23:04 36864 ----a-w- c:\program files\PMSavePdf.dll
2006-09-19 21:54 . 2011-12-03 23:04 290816 ----a-w- c:\program files\PMPageVW.dll
2006-09-19 18:46 . 2012-01-18 03:35 40448 ----a-w- c:\program files\PMXpsView.dll
2006-09-19 18:46 . 2011-12-03 23:04 24576 ----a-w- c:\program files\PMXpsHostView.dll
2006-09-19 01:05 . 2011-12-03 23:04 1171456 ----a-w- c:\program files\PMView.dll
2006-09-15 16:06 . 2011-12-03 23:04 151552 ----a-w- c:\program files\PMSearch.dll
2006-09-14 22:07 . 2011-12-03 23:04 208896 ----a-w- c:\program files\RapDocImg.dll
2006-09-14 22:07 . 2011-12-03 23:04 98304 ----a-w- c:\program files\PMVLink.dll
2006-09-14 17:44 . 2011-12-03 23:04 49152 ----a-w- c:\program files\Print.dll
2006-09-14 17:41 . 2011-12-09 10:20 155648 ----a-w- c:\program files\PMCommon.dll
2006-09-13 16:19 . 2011-12-03 23:06 323584 ----a-w- c:\program files\iConvert16.dll
2006-09-13 16:17 . 2011-12-03 23:06 241664 ----a-w- c:\program files\PShow.exe
2006-08-22 16:02 . 2011-12-03 23:04 180224 ----a-w- c:\program files\PMScnSet.dll
2006-08-21 17:42 . 2011-12-03 23:04 180307 ----a-w- c:\program files\PMINSO.dll
2006-08-21 16:57 . 2011-12-03 23:04 253952 ----a-w- c:\program files\PMTree.dll
2006-08-21 16:28 . 2011-12-03 23:04 45056 ----a-w- c:\program files\PerformOcr.dll
2006-08-01 17:27 . 2011-12-03 23:04 110592 ----a-w- c:\program files\PDFWriter.dll
2006-07-27 21:32 . 2012-01-18 03:35 53248 ----a-w- c:\program files\PrnDrvSetup.dll
2006-07-20 00:35 . 2011-12-03 23:04 126976 ----a-w- c:\program files\OCR.dll
2006-07-11 18:03 . 2011-12-03 23:04 24576 ----a-w- c:\program files\AutmnXls.dll
2006-07-11 18:02 . 2011-12-03 23:04 24576 ----a-w- c:\program files\AutmnPpt.dll
2006-07-11 18:02 . 2011-12-03 23:04 24576 ----a-w- c:\program files\AutmnDoc.dll
2006-06-15 17:09 . 2011-12-03 23:04 507904 ----a-w- c:\program files\MergePDF.dll
2006-02-27 23:23 . 2011-12-03 23:04 274516 ----a-w- c:\program files\PMToApp.dll
2006-02-27 23:22 . 2011-12-03 23:04 28672 ----a-w- c:\program files\NetScanDll.dll
2006-02-22 17:15 . 2011-12-03 23:04 45056 ----a-w- c:\program files\WriteIfo2Pdf.dll
2006-02-15 23:25 . 2011-12-03 23:04 49152 ----a-w- c:\program files\NSWia.dll
2006-02-15 23:04 . 2011-12-03 23:04 98304 ----a-w- c:\program files\NsScan.dll
2006-01-13 03:23 . 2011-12-03 23:04 249856 ----a-w- c:\program files\PMDB.dll
2006-01-12 22:04 . 2011-12-03 23:05 397312 ----a-w- c:\program files\pmtwain.dll
2005-09-13 23:10 . 2011-12-03 23:04 483328 ----a-w- c:\program files\WpdfViewer.exe
2005-09-06 17:47 . 2011-12-03 23:04 102400 ----a-w- c:\program files\PMApSet.dll
2005-08-15 16:13 . 2011-12-03 23:04 57344 ----a-w- c:\program files\PMISM.dll
2005-08-08 21:20 . 2011-12-03 23:04 57344 ----a-w- c:\program files\PMStatus.dll
2005-08-08 16:18 . 2011-12-03 23:06 303104 ----a-w- c:\program files\PrintFun.exe
2005-07-30 01:10 . 2011-12-03 23:04 176128 ----a-w- c:\program files\PMImgVW.dll
2005-07-29 01:52 . 2011-12-03 23:05 114688 ----a-w- c:\program files\Fioall32.dll
2005-07-26 02:53 . 2011-12-03 23:04 86016 ----a-w- c:\program files\PMProp.dll
2005-07-26 01:02 . 2011-12-03 23:05 36864 ----a-w- c:\program files\fiopct32.dll
2005-07-26 00:11 . 2011-12-03 23:05 303104 ----a-w- c:\program files\Fiotif32.dll
2005-07-16 00:04 . 2011-12-03 23:04 32768 ----a-w- c:\program files\PrintFunLnk.dll
2005-07-16 00:01 . 2011-12-03 23:04 131072 ----a-w- c:\program files\PMANO.dll
2005-07-14 00:58 . 2011-12-03 23:04 57344 ----a-w- c:\program files\WriteData2Pdf.dll
2005-07-01 20:14 . 2011-12-03 23:04 69632 ----a-w- c:\program files\NsSavePdf.exe
2005-06-30 21:55 . 2011-12-03 23:07 45056 ----a-w- c:\program files\WriteDriver2Pdf.dll
2001-08-18 12:00 94784 -csh--w- c:\windows\twain.dll
2008-04-14 00:12 50688 --sh--w- c:\windows\twain_32.dll
2011-02-08 13:33 978944 --sh--w- c:\windows\system32\mfc42.dll
2008-04-14 00:12 57344 --sh--w- c:\windows\system32\msvcirt.dll
2008-04-14 00:12 413696 --sh--w- c:\windows\system32\msvcp60.dll
2008-04-14 00:12 343040 --sh--w- c:\windows\system32\msvcrt.dll
2010-12-20 17:32 551936 --sh--w- c:\windows\system32\oleaut32.dll
2008-04-14 00:12 84992 --sh--w- c:\windows\system32\olepro32.dll
2008-04-14 00:12 11776 --sh--w- c:\windows\system32\regsvr32.exe


END FIRST SECTION COMBOFIX

==============================

 

COMBOFIX SECOND SECTION START


.
.
((((((((((((((((((((((((((((( SnapShot_2012-02-05_04.53.44 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-04-19 05:51 . 2011-04-19 05:51 51024 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_4ddc769f\vcomp90.dll
+ 2007-11-07 09:19 . 2007-11-07 09:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
+ 2011-04-19 05:51 . 2011-04-19 05:51 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90rus.dll
+ 2011-04-19 05:51 . 2011-04-19 05:51 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90kor.dll
+ 2011-04-19 05:51 . 2011-04-19 05:51 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90jpn.dll
+ 2011-04-19 05:51 . 2011-04-19 05:51 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90ita.dll
+ 2011-04-19 05:51 . 2011-04-19 05:51 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90fra.dll
+ 2011-04-19 05:51 . 2011-04-19 05:51 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90esp.dll
+ 2011-04-19 05:51 . 2011-04-19 05:51 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90esn.dll
+ 2011-04-19 05:51 . 2011-04-19 05:51 53584 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90enu.dll
+ 2011-04-19 05:51 . 2011-04-19 05:51 63312 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90deu.dll
+ 2011-04-19 05:51 . 2011-04-19 05:51 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90cht.dll
+ 2011-04-19 05:51 . 2011-04-19 05:51 35664 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90chs.dll
+ 2011-04-19 05:51 . 2011-04-19 05:51 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfcm90u.dll
+ 2011-04-19 05:51 . 2011-04-19 05:51 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfcm90.dll
+ 2011-05-14 03:17 . 2011-05-14 03:17 65536 c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_452bf920\vcomp.dll
+ 2011-05-14 02:45 . 2011-05-14 02:45 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80KOR.dll
+ 2011-05-14 02:45 . 2011-05-14 02:45 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80JPN.dll
+ 2011-05-14 02:45 . 2011-05-14 02:45 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ITA.dll
+ 2011-05-14 02:45 . 2011-05-14 02:45 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80FRA.dll
+ 2011-05-14 02:45 . 2011-05-14 02:45 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ESP.dll
+ 2011-05-14 02:45 . 2011-05-14 02:45 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ENU.dll
+ 2011-05-14 02:45 . 2011-05-14 02:45 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80DEU.dll
+ 2011-05-14 02:45 . 2011-05-14 02:45 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80CHT.dll
+ 2011-05-14 02:45 . 2011-05-14 02:45 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80CHS.dll
+ 2011-05-14 08:06 . 2011-05-14 08:06 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfcm80u.dll
+ 2011-05-14 08:23 . 2011-05-14 08:23 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfcm80.dll
+ 2011-05-14 01:37 . 2011-05-14 01:37 97280 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_a4c618fa\ATL80.dll
- 2012-01-14 21:00 . 2006-03-28 11:23 20992 c:\windows\twain_32\CNQ4802\USDRESUS.DLL
+ 2012-07-06 13:13 . 2006-03-28 11:23 20992 c:\windows\twain_32\CNQ4802\USDRESUS.DLL
- 2012-01-14 21:00 . 2006-06-06 08:57 21504 c:\windows\twain_32\CNQ4802\USDRESRU.DLL
+ 2012-07-06 13:13 . 2006-06-06 08:57 21504 c:\windows\twain_32\CNQ4802\USDRESRU.DLL
- 2012-01-14 21:00 . 2006-06-06 08:57 21504 c:\windows\twain_32\CNQ4802\USDRESPT.DLL
+ 2012-07-06 13:13 . 2006-06-06 08:57 21504 c:\windows\twain_32\CNQ4802\USDRESPT.DLL
+ 2012-07-06 13:13 . 2006-06-06 08:57 21504 c:\windows\twain_32\CNQ4802\USDRESPL.DLL
- 2012-01-14 21:00 . 2006-06-06 08:57 21504 c:\windows\twain_32\CNQ4802\USDRESPL.DLL
+ 2012-07-06 13:13 . 2006-06-06 08:56 20992 c:\windows\twain_32\CNQ4802\USDRESNL.DLL
- 2012-01-14 21:00 . 2006-06-06 08:56 20992 c:\windows\twain_32\CNQ4802\USDRESNL.DLL
+ 2012-07-06 13:13 . 2006-05-24 16:56 20992 c:\windows\twain_32\CNQ4802\USDRESKR.DLL
- 2012-01-14 21:00 . 2006-05-24 16:56 20992 c:\windows\twain_32\CNQ4802\USDRESKR.DLL
+ 2012-07-06 13:13 . 2006-03-28 11:23 20992 c:\windows\twain_32\CNQ4802\USDRESJP.DLL
- 2012-01-14 21:00 . 2006-03-28 11:23 20992 c:\windows\twain_32\CNQ4802\USDRESJP.DLL
- 2012-01-14 21:00 . 2006-06-06 08:57 21504 c:\windows\twain_32\CNQ4802\USDRESIT.DLL
+ 2012-07-06 13:13 . 2006-06-06 08:57 21504 c:\windows\twain_32\CNQ4802\USDRESIT.DLL
- 2012-01-14 21:00 . 2006-06-06 08:57 20992 c:\windows\twain_32\CNQ4802\USDRESHU.DLL
+ 2012-07-06 13:13 . 2006-06-06 08:57 20992 c:\windows\twain_32\CNQ4802\USDRESHU.DLL
+ 2012-07-06 13:13 . 2006-06-06 08:56 21504 c:\windows\twain_32\CNQ4802\USDRESFR.DLL
- 2012-01-14 21:00 . 2006-06-06 08:56 21504 c:\windows\twain_32\CNQ4802\USDRESFR.DLL
+ 2012-07-06 13:13 . 2006-06-06 08:57 21504 c:\windows\twain_32\CNQ4802\USDRESES.DLL
- 2012-01-14 21:00 . 2006-06-06 08:57 21504 c:\windows\twain_32\CNQ4802\USDRESES.DLL
+ 2012-07-06 13:13 . 2006-06-06 08:57 21504 c:\windows\twain_32\CNQ4802\USDRESDE.DLL
- 2012-01-14 21:00 . 2006-06-06 08:57 21504 c:\windows\twain_32\CNQ4802\USDRESDE.DLL
- 2012-01-14 21:00 . 2006-06-06 08:56 20992 c:\windows\twain_32\CNQ4802\USDRESCZ.DLL
+ 2012-07-06 13:13 . 2006-06-06 08:56 20992 c:\windows\twain_32\CNQ4802\USDRESCZ.DLL
- 2012-01-14 21:00 . 2006-05-25 10:28 20992 c:\windows\twain_32\CNQ4802\USDRESCN.DLL
+ 2012-07-06 13:13 . 2006-05-25 10:28 20992 c:\windows\twain_32\CNQ4802\USDRESCN.DLL
- 2012-01-14 21:00 . 2006-01-12 14:22 73728 c:\windows\twain_32\CNQ4802\RSTCOL.DLL
+ 2012-07-06 13:13 . 2006-01-12 14:22 73728 c:\windows\twain_32\CNQ4802\RSTCOL.DLL
+ 2012-07-06 13:13 . 2006-07-19 13:05 36281 c:\windows\twain_32\CNQ4802\IPM.DAT
- 2012-01-14 21:00 . 2006-07-19 13:05 36281 c:\windows\twain_32\CNQ4802\IPM.DAT
- 2012-01-14 21:00 . 2006-04-13 15:43 53248 c:\windows\twain_32\CNQ4802\HSL.DLL
+ 2012-07-06 13:13 . 2006-04-13 15:43 53248 c:\windows\twain_32\CNQ4802\HSL.DLL
- 2012-01-14 21:00 . 2006-02-23 10:39 81920 c:\windows\twain_32\CNQ4802\CUBS.DLL
+ 2012-07-06 13:13 . 2006-02-23 10:39 81920 c:\windows\twain_32\CNQ4802\CUBS.DLL
+ 2012-07-06 13:13 . 2005-04-15 15:34 57344 c:\windows\twain_32\CNQ4802\BaLCo.dll
- 2012-01-14 21:00 . 2005-04-15 15:34 57344 c:\windows\twain_32\CNQ4802\BaLCo.dll
+ 2012-07-06 13:13 . 2006-03-09 16:29 77824 c:\windows\twain_32\CNQ4802\AG.DLL
- 2012-01-14 21:00 . 2006-03-09 16:29 77824 c:\windows\twain_32\CNQ4802\AG.DLL
+ 2012-07-24 05:19 . 2012-07-24 05:19 16384 c:\windows\temp\Perflib_Perfdata_480.dat
+ 2006-09-29 02:56 . 2006-09-29 02:56 55808 c:\windows\system32\WudfSvc.dll
+ 2006-09-29 04:13 . 2006-09-29 04:13 95344 c:\windows\system32\WUDFCoinstaller.dll
+ 2009-01-31 04:35 . 2009-01-31 04:35 38400 c:\windows\system32\wpdshextres.dll
+ 2009-01-31 01:21 . 2009-01-31 01:21 17408 c:\windows\system32\wpdshextautoplay.exe
+ 2009-01-31 04:35 . 2009-01-31 04:35 63488 c:\windows\system32\wpdmtpus.dll
+ 2009-01-31 04:35 . 2009-01-31 04:35 35840 c:\windows\system32\wpdconns.dll
+ 2001-12-14 19:26 . 2009-01-31 04:34 99840 c:\windows\system32\wmpshell.dll
+ 2001-12-14 19:26 . 2009-01-31 04:34 37376 c:\windows\system32\wmdmps.dll
+ 2001-12-14 19:26 . 2009-01-31 04:34 33792 c:\windows\system32\wmdmlog.dll
+ 2012-02-16 02:37 . 2008-04-14 00:12 53760 c:\windows\system32\vfwwdm32.dll
- 2002-08-29 15:14 . 2011-11-01 20:35 37888 c:\windows\system32\url.dll
+ 2002-08-29 15:14 . 2012-04-20 19:29 37888 c:\windows\system32\url.dll
+ 2008-07-30 05:10 . 2008-07-30 05:10 26112 c:\windows\system32\TsWpfWrp.exe
- 2011-12-10 10:13 . 2007-07-28 07:11 26488 c:\windows\system32\spupdsvc.exe
+ 2011-12-10 10:13 . 2007-11-30 11:18 26488 c:\windows\system32\spupdsvc.exe
+ 2012-02-21 03:34 . 2008-07-06 12:06 89088 c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
- 2001-12-14 20:42 . 2010-07-05 13:15 17272 c:\windows\system32\spmsg.dll
+ 2012-02-17 07:15 . 2010-07-05 13:15 17272 c:\windows\system32\spmsg.dll
+ 2012-06-21 20:28 . 2012-06-02 22:19 45080 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.6.7600.256\wups2.dll
+ 2012-06-21 20:28 . 2012-06-02 22:19 35864 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.6.7600.256\wups.dll
+ 2012-02-23 14:58 . 2001-11-01 18:48 57344 c:\windows\system32\ReinstallBackups\0010\DriverFiles\nvsvc32.exe
+ 2012-02-23 14:58 . 2001-11-01 18:48 90112 c:\windows\system32\ReinstallBackups\0010\DriverFiles\nvrsja.dll
+ 2012-02-23 14:58 . 2001-11-01 18:48 86016 c:\windows\system32\ReinstallBackups\0010\DriverFiles\nvinstnt.dll
+ 2012-02-23 14:58 . 2001-11-01 18:48 73728 c:\windows\system32\ReinstallBackups\0010\DriverFiles\nvdmcpl.dll
+ 2010-03-31 08:16 . 2010-03-31 08:16 99176 c:\windows\system32\PresentationHostProxy.dll
+ 2001-12-14 19:25 . 2012-06-13 10:21 69734 c:\windows\system32\perfc009.dat
+ 2012-02-21 03:54 . 2010-12-13 22:37 78704 c:\windows\system32\nx6000res.dll
+ 2004-07-15 19:42 . 2004-07-15 19:42 81920 c:\windows\system32\nvwddi.dll
+ 2004-07-15 19:42 . 2004-07-15 19:42 81920 c:\windows\system32\nvmctray.dll
+ 2004-07-15 19:42 . 2004-07-15 19:42 32256 c:\windows\system32\nvcodins.dll
+ 2004-07-15 19:42 . 2004-07-15 19:42 32256 c:\windows\system32\nvcod.dll
+ 2009-11-07 09:07 . 2009-11-07 09:07 49488 c:\windows\system32\netfxperf.dll
+ 2011-11-30 23:57 . 2000-05-24 17:42 92160 c:\windows\system32\mui\0816\hhctrlui.dll
- 2011-11-30 23:57 . 2000-05-24 18:42 92160 c:\windows\system32\mui\0816\hhctrlui.dll
- 2011-11-30 23:57 . 2000-05-24 18:39 88576 c:\windows\system32\mui\0804\hhctrlui.dll
+ 2011-11-30 23:57 . 2000-05-24 17:39 88576 c:\windows\system32\mui\0804\hhctrlui.dll
+ 2011-11-30 23:57 . 2000-05-24 17:40 89088 c:\windows\system32\mui\042D\hhctrlui.dll
- 2011-11-30 23:57 . 2000-05-24 18:40 89088 c:\windows\system32\mui\042D\hhctrlui.dll
- 2011-11-30 23:57 . 2000-05-24 18:42 89600 c:\windows\system32\mui\0424\hhctrlui.dll
+ 2011-11-30 23:57 . 2000-05-24 17:42 89600 c:\windows\system32\mui\0424\hhctrlui.dll
- 2011-11-30 23:57 . 2000-05-24 18:42 89088 c:\windows\system32\mui\041F\hhctrlui.dll
+ 2011-11-30 23:57 . 2000-05-24 17:42 89088 c:\windows\system32\mui\041F\hhctrlui.dll
- 2011-11-30 23:57 . 2000-05-24 18:42 90112 c:\windows\system32\mui\041D\hhctrlui.dll
+ 2011-11-30 23:57 . 2000-05-24 17:42 90112 c:\windows\system32\mui\041D\hhctrlui.dll
+ 2011-11-30 23:57 . 2000-05-24 17:42 89088 c:\windows\system32\mui\041B\hhctrlui.dll
- 2011-11-30 23:57 . 2000-05-24 18:42 89088 c:\windows\system32\mui\041B\hhctrlui.dll
- 2011-11-30 23:57 . 2000-05-24 18:42 89600 c:\windows\system32\mui\0419\hhctrlui.dll
+ 2011-11-30 23:57 . 2000-05-24 17:42 89600 c:\windows\system32\mui\0419\hhctrlui.dll
+ 2011-11-30 23:57 . 2000-05-24 17:42 91136 c:\windows\system32\mui\0416\hhctrlui.dll
- 2011-11-30 23:57 . 2000-05-24 18:42 91136 c:\windows\system32\mui\0416\hhctrlui.dll
+ 2011-11-30 23:57 . 2000-05-24 17:41 90112 c:\windows\system32\mui\0415\hhctrlui.dll
- 2011-11-30 23:57 . 2000-05-24 18:41 90112 c:\windows\system32\mui\0415\hhctrlui.dll
- 2011-11-30 23:57 . 2000-05-24 18:41 89600 c:\windows\system32\mui\0414\hhctrlui.dll
+ 2011-11-30 23:57 . 2000-05-24 17:41 89600 c:\windows\system32\mui\0414\hhctrlui.dll
+ 2011-11-30 23:57 . 2000-05-24 17:41 91136 c:\windows\system32\mui\0413\hhctrlui.dll
- 2011-11-30 23:57 . 2000-05-24 18:41 91136 c:\windows\system32\mui\0413\hhctrlui.dll
- 2011-11-30 23:57 . 2000-05-24 18:39 88576 c:\windows\system32\mui\0412\hhctrlui.dll
+ 2011-11-30 23:57 . 2000-05-24 17:39 88576 c:\windows\system32\mui\0412\hhctrlui.dll
- 2011-11-30 23:57 . 2000-05-24 18:39 88576 c:\windows\system32\mui\0411\hhctrlui.dll
+ 2011-11-30 23:57 . 2000-05-24 17:39 88576 c:\windows\system32\mui\0411\hhctrlui.dll
- 2011-11-30 23:57 . 2000-05-24 18:41 91648 c:\windows\system32\mui\0410\hhctrlui.dll
+ 2011-11-30 23:57 . 2000-05-24 17:41 91648 c:\windows\system32\mui\0410\hhctrlui.dll
+ 2011-11-30 23:57 . 2000-05-24 17:41 90112 c:\windows\system32\mui\040E\hhctrlui.dll
- 2011-11-30 23:57 . 2000-05-24 18:41 90112 c:\windows\system32\mui\040E\hhctrlui.dll
+ 2011-11-30 23:57 . 2000-05-24 17:41 88576 c:\windows\system32\mui\040D\hhctrlui.dll
- 2011-11-30 23:57 . 2000-05-24 18:41 88576 c:\windows\system32\mui\040D\hhctrlui.dll
- 2011-11-30 23:57 . 2000-05-24 18:41 93184 c:\windows\system32\mui\040C\hhctrlui.dll
+ 2011-11-30 23:57 . 2000-05-24 17:41 93184 c:\windows\system32\mui\040C\hhctrlui.dll
+ 2011-11-30 23:57 . 2000-05-24 17:40 88576 c:\windows\system32\mui\040B\hhctrlui.dll
- 2011-11-30 23:57 . 2000-05-24 18:40 88576 c:\windows\system32\mui\040B\hhctrlui.dll
+ 2011-11-30 23:57 . 2000-05-24 17:40 91136 c:\windows\system32\mui\040A\hhctrlui.dll
- 2011-11-30 23:57 . 2000-05-24 18:40 91136 c:\windows\system32\mui\040A\hhctrlui.dll
- 2011-11-30 23:57 . 2000-05-24 18:24 88576 c:\windows\system32\mui\0409\hhctrlui.dll
+ 2011-11-30 23:57 . 2000-05-24 17:24 88576 c:\windows\system32\mui\0409\hhctrlui.dll
+ 2011-11-30 23:57 . 2000-05-24 17:40 93184 c:\windows\system32\mui\0408\hhctrlui.dll
- 2011-11-30 23:57 . 2000-05-24 18:40 93184 c:\windows\system32\mui\0408\hhctrlui.dll
- 2011-11-30 23:57 . 2000-05-24 18:39 92672 c:\windows\system32\mui\0407\hhctrlui.dll
+ 2011-11-30 23:57 . 2000-05-24 17:39 92672 c:\windows\system32\mui\0407\hhctrlui.dll
- 2011-11-30 23:57 . 2000-05-24 18:40 89088 c:\windows\system32\mui\0406\hhctrlui.dll
+ 2011-11-30 23:57 . 2000-05-24 17:40 89088 c:\windows\system32\mui\0406\hhctrlui.dll
+ 2011-11-30 23:57 . 2000-05-24 17:40 89088 c:\windows\system32\mui\0405\hhctrlui.dll
- 2011-11-30 23:57 . 2000-05-24 18:40 89088 c:\windows\system32\mui\0405\hhctrlui.dll
- 2011-11-30 23:57 . 2000-05-24 18:39 88576 c:\windows\system32\mui\0404\hhctrlui.dll
+ 2011-11-30 23:57 . 2000-05-24 17:39 88576 c:\windows\system32\mui\0404\hhctrlui.dll
- 2011-11-30 23:57 . 2000-05-24 18:40 91136 c:\windows\system32\mui\0403\hhctrlui.dll
+ 2011-11-30 23:57 . 2000-05-24 17:40 91136 c:\windows\system32\mui\0403\hhctrlui.dll
- 2011-11-30 23:57 . 2000-05-24 18:39 89600 c:\windows\system32\mui\0401\hhctrlui.dll
+ 2011-11-30 23:57 . 2000-05-24 17:39 89600 c:\windows\system32\mui\0401\hhctrlui.dll
+ 2011-12-10 10:33 . 2009-01-31 04:33 27136 c:\windows\system32\mspmsnsv.dll
+ 2001-12-14 20:44 . 2002-02-18 18:23 21264 c:\windows\system32\msjdbc10.dll
- 2001-12-14 20:44 . 2001-01-13 02:04 21264 c:\windows\system32\msjdbc10.dll
+ 2008-07-25 19:16 . 2008-07-25 19:16 83968 c:\windows\system32\mscories.dll
+ 2012-05-30 23:49 . 2012-05-30 23:49 35440 c:\windows\system32\mlfcache.dat
+ 2001-12-14 19:25 . 2009-01-31 04:33 11264 c:\windows\system32\LAPRXY.dll
+ 2001-12-14 20:44 . 2002-02-18 18:23 15120 c:\windows\system32\jdbgmgr.exe
- 2001-12-14 20:44 . 2001-01-13 02:04 15120 c:\windows\system32\jdbgmgr.exe
+ 2001-12-14 20:44 . 2002-02-18 18:22 63248 c:\windows\system32\javaprxy.dll
- 2001-12-14 20:44 . 2001-01-13 02:04 63248 c:\windows\system32\javaprxy.dll
+ 2008-07-30 03:24 . 2008-07-30 03:24 97800 c:\windows\system32\infocardapi.dll
+ 2012-03-02 11:40 . 2006-09-05 19:28 38480 c:\windows\system32\IJRMF.exe
- 2011-12-10 10:33 . 2011-11-01 20:35 81920 c:\windows\system32\ieencode.dll
+ 2011-12-10 10:33 . 2012-04-20 19:29 81920 c:\windows\system32\ieencode.dll
+ 2008-07-30 03:24 . 2008-07-30 03:24 11264 c:\windows\system32\icardres.dll
+ 2002-04-26 02:14 . 2002-04-26 02:14 57344 c:\windows\system32\hpousd07.dll
+ 2002-04-26 01:47 . 2002-04-26 01:47 40960 c:\windows\system32\HPOtap07.dll
+ 2002-04-26 01:48 . 2002-04-26 01:48 28672 c:\windows\system32\hpomem07.dll
+ 2002-04-26 01:41 . 2002-04-26 01:41 57344 c:\windows\system32\hpoisn07.dll
+ 2002-04-26 01:41 . 2002-04-26 01:41 94208 c:\windows\system32\hpoipt07.dll
+ 2002-04-26 01:40 . 2002-04-26 01:40 53248 c:\windows\system32\hpoipr07.dll
+ 2002-04-26 01:39 . 2002-04-26 01:39 57344 c:\windows\system32\hpoipm07.exe
+ 2002-04-26 01:39 . 2002-04-26 01:39 61440 c:\windows\system32\hpoinw07.exe
+ 2002-04-26 01:38 . 2002-04-26 01:38 73728 c:\windows\system32\hpoidr07.dll
+ 2002-04-26 02:20 . 2002-04-26 02:20 57344 c:\windows\system32\hpoidm07.dll
+ 2012-02-21 06:14 . 2008-04-14 00:11 21504 c:\windows\system32\hidserv.dll
+ 2003-08-18 21:26 . 2003-08-18 21:26 25872 c:\windows\system32\FM20ENU.DLL
+ 2008-07-30 05:10 . 2008-07-30 05:10 73720 c:\windows\system32\dxva2.dll
+ 2012-02-21 03:54 . 2010-12-13 22:37 30576 c:\windows\system32\DRVSTORE\nx6000_6D6850D7C713367D5BA36B75FE82F52D3E5A14A1\nx6000.sys
+ 2012-02-21 03:54 . 2010-12-13 22:37 78704 c:\windows\system32\DRVSTORE\nx6000_6D6850D7C713367D5BA36B75FE82F52D3E5A14A1\1033\nx6000res.dll
+ 2006-09-29 03:00 . 2006-09-29 03:00 82944 c:\windows\system32\drivers\WudfRd.sys
+ 2006-09-29 02:55 . 2006-09-29 02:55 77568 c:\windows\system32\drivers\WudfPf.sys
+ 2012-02-16 02:38 . 2008-04-13 18:46 19200 c:\windows\system32\drivers\WSTCODEC.SYS
+ 2009-01-31 01:20 . 2009-01-31 01:20 38528 c:\windows\system32\drivers\wpdusb.sys
+ 2012-02-16 02:37 . 2008-04-13 18:45 32128 c:\windows\system32\drivers\usbccgp.sys
+ 2012-02-21 03:56 . 2008-04-13 18:45 60032 c:\windows\system32\drivers\USBAUDIO.sys
+ 2012-02-16 02:38 . 2008-04-13 18:46 15232 c:\windows\system32\drivers\StreamIP.sys
+ 2012-02-16 02:38 . 2008-04-13 18:46 11136 c:\windows\system32\drivers\SLIP.sys
+ 2012-02-21 03:54 . 2010-12-13 22:37 30576 c:\windows\system32\drivers\nx6000.sys
+ 2012-02-16 02:38 . 2008-04-13 18:46 10880 c:\windows\system32\drivers\NdisIP.sys
+ 2012-02-16 02:37 . 2008-04-13 18:46 85248 c:\windows\system32\drivers\NABTSFEC.sys
+ 2002-04-26 01:37 . 2002-04-26 01:37 16016 c:\windows\system32\drivers\hpoipr07.sys
+ 2012-02-16 02:37 . 2008-04-13 18:46 17024 c:\windows\system32\drivers\CCDECODE.sys
+ 2012-01-02 16:27 . 2011-11-22 18:56 23376 c:\windows\system32\dopdfmn7.dll
- 2012-01-02 16:27 . 2011-11-22 19:56 23376 c:\windows\system32\dopdfmn7.dll
- 2012-01-02 16:27 . 2011-11-22 19:56 20816 c:\windows\system32\dopdfmi7.dll
+ 2012-01-02 16:27 . 2011-11-22 18:56 20816 c:\windows\system32\dopdfmi7.dll
+ 2011-12-10 10:33 . 2012-06-02 22:19 35864 c:\windows\system32\dllcache\wups.dll
+ 2001-12-14 20:35 . 2012-06-02 22:19 53784 c:\windows\system32\dllcache\wuauclt.exe
+ 2012-02-16 02:38 . 2008-04-13 18:46 19200 c:\windows\system32\dllcache\wstcodec.sys
+ 2011-12-10 13:16 . 2009-01-31 04:34 99840 c:\windows\system32\dllcache\wmpshell.dll
+ 2011-12-10 13:16 . 2009-01-31 04:30 64512 c:\windows\system32\dllcache\wmplayer.exe
+ 2011-12-10 13:16 . 2009-01-31 04:34 96256 c:\windows\system32\dllcache\wmpband.dll
+ 2011-12-10 13:16 . 2009-01-31 04:34 37376 c:\windows\system32\dllcache\wmdmps.dll
+ 2011-12-10 13:16 . 2009-01-31 04:34 33792 c:\windows\system32\dllcache\wmdmlog.dll
+ 2012-02-16 02:37 . 2008-04-14 00:12 53760 c:\windows\system32\dllcache\vfwwdm32.dll
+ 2012-02-16 02:37 . 2008-04-13 18:45 32128 c:\windows\system32\dllcache\usbccgp.sys
+ 2012-02-21 03:56 . 2008-04-13 18:45 60032 c:\windows\system32\dllcache\usbaudio.sys
+ 2011-09-05 13:56 . 2012-04-20 19:29 37888 c:\windows\system32\dllcache\url.dll
- 2011-09-05 13:56 . 2011-11-01 20:35 37888 c:\windows\system32\dllcache\url.dll
+ 2012-02-16 02:38 . 2008-04-13 18:46 15232 c:\windows\system32\dllcache\streamip.sys
+ 2012-02-16 02:38 . 2008-04-13 18:46 11136 c:\windows\system32\dllcache\slip.sys
+ 2012-02-16 02:38 . 2008-04-13 18:46 10880 c:\windows\system32\dllcache\ndisip.sys
+ 2012-02-16 02:37 . 2008-04-13 18:46 85248 c:\windows\system32\dllcache\nabtsfec.sys
+ 2011-12-10 13:14 . 2009-01-31 04:33 27136 c:\windows\system32\dllcache\mspmsnsv.dll
+ 2011-12-10 13:13 . 2009-01-31 04:33 11264 c:\windows\system32\dllcache\LAPRXY.dll
- 2010-04-16 15:36 . 2011-11-01 20:35 81920 c:\windows\system32\dllcache\ieencode.dll
+ 2010-04-16 15:36 . 2012-04-20 19:29 81920 c:\windows\system32\dllcache\ieencode.dll
+ 2012-02-21 06:14 . 2008-04-14 00:11 21504 c:\windows\system32\dllcache\hidserv.dll
+ 2012-02-21 03:32 . 2008-07-06 12:06 89088 c:\windows\system32\dllcache\filterpipelineprintproc.dll
+ 2001-12-14 19:25 . 2012-06-02 22:19 97304 c:\windows\system32\dllcache\cdm.dll
+ 2012-02-16 02:37 . 2008-04-13 18:46 17024 c:\windows\system32\dllcache\ccdecode.sys
+ 2001-12-14 20:44 . 2002-02-18 18:23 49424 c:\windows\system32\clspack.exe
- 2001-12-14 20:44 . 2001-01-13 02:04 49424 c:\windows\system32\clspack.exe
- 2012-01-14 21:00 . 2006-08-24 09:01 49152 c:\windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4802\RES\DLL\IJInstUS.dll
+ 2012-07-06 13:14 . 2006-08-24 09:01 49152 c:\windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4802\RES\DLL\IJInstUS.dll
- 2012-01-14 21:00 . 2006-08-14 14:59 53248 c:\windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4802\RES\DLL\IJInstRU.dll
+ 2012-07-06 13:14 . 2006-08-14 14:59 53248 c:\windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4802\RES\DLL\IJInstRU.dll
- 2012-01-14 21:00 . 2006-08-22 14:42 53248 c:\windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4802\RES\DLL\IJInstPT.dll
+ 2012-07-06 13:14 . 2006-08-22 14:42 53248 c:\windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4802\RES\DLL\IJInstPT.dll

END COMBOFIX SECOND SECTION
==========================================