matson

Thank You very Much "screen317"

Hi, Ccleaner came out "clean", nothing to worry about. I think the disk is showing some bad signs too, but it's a laptop from 2006 so we will use him for not so important things until he gives up completely...

here the result of the new test : My link I think there is a problem with the disk. it keep changing from DMA or ultra DMA to PIO mode. So, the computer frequently goes black screen and there is no noise coming from the disk. I have to force the reboot and manually revert to DMA mode. I also use resetdma.vbs to revert to DMA mode. I also saw in the result of the test that the size of the restore cluster did not changed despite the fact that I brought it to 3% according to your advice. I don't if it did not change of the test got it wrong...

So, after 3 days!!!! of defrag, it is finally done. (it is just finish). I have followed the recommendations of PCPit and reinstalled what needed to be. but the computer is always long to boot, and is still slow... If I understand the logs, there is no virus but is the bad fragmentation the explanation of the bad behavior?

First the website result of PCtest: http://pcpitstop.com/betapit/sec.asp?conid=24423015 it was a bit complicated to get it done... ESETscan log ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6427 # api_version=3.0.2 # EOSSerial=c750e3add568ac478e8cb3df06a778c3 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-06-20 08:48:32 # local_time=2011-06-20 04:48:32 (-0500, Eastern Daylight Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=79471 # found=0 # cleaned=0 # scan_time=13130 Your securitycheck program log Results of screen317's Security Check version 0.99.14 Windows XP Service Pack 3 Internet Explorer 8 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Enabled! avast! Free Antivirus ESET Online Scanner v3 Adobe After Effects CS3 Presets Antivirus up to date! ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware Java 6 Update 25 Java 6 Update 6 Out of date Java installed! Adobe Flash Player 9 (Out of date Flash Player installed!) Flash Player Out of Date! Adobe Flash Player 10.2.153.1 Mozilla Firefox (3.6.17) Firefox Out of Date! ```````````````````````````````` Process Check: objlist.exe by Laurent AVAST Software Avast AvastSvc.exe AVAST Software Avast avastUI.exe ``````````End of Log````````````

Combofix log ComboFix 11-06-17.04 - Owner 06/18/2011 0:29.3.1 - x86 Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} . . ((((((((((((((((((((((((( Files Created from 2011-05-18 to 2011-06-18 ))))))))))))))))))))))))))))))) . . 2011-06-18 03:59 . 2011-06-18 03:59 -------- d-----w- c:\windows\LastGood 2011-06-06 04:52 . 2011-06-06 04:52 -------- d-sh--w- c:\documents and settings\Movie Watching\IETldCache 2011-06-02 16:30 . 2011-06-02 16:30 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2011-05-20 23:20 . 2011-05-20 23:23 -------- dc-h--w- c:\windows\ie8 . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-05-29 13:11 . 2011-04-05 04:59 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-05-29 13:11 . 2011-04-05 04:59 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-05-10 12:10 . 2011-05-13 01:11 40112 ----a-w- c:\windows\avastSS.scr 2011-05-10 12:10 . 2011-05-13 01:11 199304 ----a-w- c:\windows\system32\aswBoot.exe 2011-05-10 12:03 . 2011-05-13 01:11 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-05-10 12:03 . 2011-05-13 01:11 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys 2011-05-10 12:02 . 2011-05-13 01:11 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2011-05-10 12:02 . 2011-05-13 01:11 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2011-05-10 12:02 . 2011-05-13 01:11 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys 2011-05-10 11:59 . 2011-05-13 01:11 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2011-05-10 11:59 . 2011-05-13 01:11 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2011-05-10 11:59 . 2011-05-13 01:11 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2011-04-14 09:07 . 2010-09-07 21:21 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-04-14 06:40 . 2010-09-02 18:55 73728 ----a-w- c:\windows\system32\javacpl.cpl . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2008-05-13 . 8FCF3A8C83D93FA7BD01574DBD861786 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll . ((((((((((((((((((((((((((((( SnapShot@2011-06-08_02.54.26 ))))))))))))))))))))))))))))))))))))))))) . + 2011-06-14 23:16 . 2011-06-14 23:16 16384 c:\windows\Temp\Perflib_Perfdata_3dc.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-05-10 12:10 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-01-22 40368] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-12-02 344064] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-05-10 3459712] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_3"="advpack.dll" [2009-03-08 128512] . c:\documents and settings\Owner\Start Menu\Programs\Startup\ SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-8-29 360448] . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "DisableNotifications"= 1 (0x1) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= . R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [5/12/2011 9:11 PM 441176] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5/12/2011 9:11 PM 307928] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/12/2011 9:11 PM 19544] R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [8/22/2005 2:06 PM 231424] S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [9/22/2010 2:26 PM 30576] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.2.1 192.168.2.1 FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\3d9ghmci.default\ FF - prefs.js: network.proxy.type - 0 FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} FF - Ext: AutoPager: autopager@mozilla.org - %profile%\extensions\autopager@mozilla.org FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\AVAST Software\Avast\WebRep\FF . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-06-18 00:43 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . . C:\## aswSnx private storage . scan completed successfully hidden files: 1 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Swearware\backup\winsock2\Parameters] @DACL=(02 0000) @SACL= "WinSock_Registry_Version"="2.0" "Current_NameSpace_Catalog"="NameSpace_Catalog5" "Current_Protocol_Catalog"="Protocol_Catalog9" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(1076) c:\windows\system32\Ati2evxx.dll . - - - - - - - > 'explorer.exe'(3504) c:\windows\system32\WININET.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2011-06-18 00:50:34 ComboFix-quarantined-files.txt 2011-06-18 04:50 ComboFix2.txt 2011-06-08 03:01 . Pre-Run: 27,022,544,896 bytes free Post-Run: 27,010,875,392 bytes free . - - End Of File - - 0F8222C80932DF3BCC980FAAFD78164B DDS log . DDS (Ver_2011-06-12.02) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_25 Run by Owner at 0:54:34 on 2011-06-18 . ============== Running Processes =============== . . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: SpywareGuardDLBLOCK.CBrowserHelper: {4a368e80-174f-4872-96b5-0b27ddd11db2} - c:\program files\spywareguard\dlprotect.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab TCP: DhcpNameServer = 192.168.2.1 192.168.2.1 TCP: Interfaces\{4B0E35A4-7C13-4DD1-A3ED-C32AEC4C37FA} : DhcpNameServer = 192.168.2.1 192.168.2.1 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Notify: AtiExtEvent - Ati2evxx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll SEH: SpywareGuard.Handler: {81559c35-8464-49f7-bb0e-07a383bef910} - c:\program files\spywareguard\spywareguard.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\3d9ghmci.default\ FF - prefs.js: network.proxy.type - 0 FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\microsoft\office live\npOLW.dll FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} FF - Ext: AutoPager: autopager@mozilla.org - %profile%\extensions\autopager@mozilla.org FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\avast software\avast\webrep\FF . ============= SERVICES / DRIVERS =============== . R? fsssvc;Windows Live Family Safety Service R? MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver S? aswFsBlk;aswFsBlk S? aswSnx;aswSnx S? aswSP;aswSP S? avast! Antivirus;avast! Antivirus S? fssfltr;fssfltr S? HSFHWATI;HSFHWATI . =============== Created Last 30 ================ . 2011-06-08 02:34:20 98816 ----a-w- c:\windows\sed.exe 2011-06-08 02:34:20 518144 ----a-w- c:\windows\SWREG.exe 2011-06-08 02:34:20 256512 ----a-w- c:\windows\PEV.exe 2011-06-08 02:34:20 208896 ----a-w- c:\windows\MBR.exe 2011-05-20 23:20:43 -------- dc-h--w- c:\windows\ie8 . ==================== Find3M ==================== . 2011-05-29 13:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-05-29 13:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-05-10 12:10:59 40112 ----a-w- c:\windows\avastSS.scr 2011-05-10 12:03:54 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-04-14 09:07:59 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-04-14 06:40:22 73728 ----a-w- c:\windows\system32\javacpl.cpl . ============= FINISH: 1:01:46.34 ===============

Sorry for the bumps... MBAM log Malwarebytes' Anti-Malware 1.51.0.1200 www.malwarebytes.org Database version: 6859 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 6/14/2011 8:05:16 PM mbam-log-2011-06-14 (20-05-16).txt Scan type: Quick scan Objects scanned: 166647 Time elapsed: 29 minute(s), 12 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) DDS log . DDS (Ver_2011-06-12.02) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_25 Run by Owner at 20:11:02 on 2011-06-14 . ============== Running Processes =============== . . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: SpywareGuardDLBLOCK.CBrowserHelper: {4a368e80-174f-4872-96b5-0b27ddd11db2} - c:\program files\spywareguard\dlprotect.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab TCP: DhcpNameServer = 192.168.2.1 192.168.2.1 TCP: Interfaces\{4B0E35A4-7C13-4DD1-A3ED-C32AEC4C37FA} : DhcpNameServer = 192.168.2.1 192.168.2.1 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Notify: AtiExtEvent - Ati2evxx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll SEH: SpywareGuard.Handler: {81559c35-8464-49f7-bb0e-07a383bef910} - c:\program files\spywareguard\spywareguard.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\3d9ghmci.default\ FF - prefs.js: network.proxy.type - 0 FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\microsoft\office live\npOLW.dll FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} FF - Ext: AutoPager: autopager@mozilla.org - %profile%\extensions\autopager@mozilla.org FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\avast software\avast\webrep\FF . ============= SERVICES / DRIVERS =============== . R? fsssvc;Windows Live Family Safety Service R? MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver S? aswFsBlk;aswFsBlk S? aswSnx;aswSnx S? aswSP;aswSP S? avast! Antivirus;avast! Antivirus S? fssfltr;fssfltr S? HSFHWATI;HSFHWATI . =============== Created Last 30 ================ . 2011-06-08 02:34:20 98816 ----a-w- c:\windows\sed.exe 2011-06-08 02:34:20 518144 ----a-w- c:\windows\SWREG.exe 2011-06-08 02:34:20 256512 ----a-w- c:\windows\PEV.exe 2011-06-08 02:34:20 208896 ----a-w- c:\windows\MBR.exe 2011-05-20 23:20:43 -------- dc-h--w- c:\windows\ie8 . ==================== Find3M ==================== . 2011-05-29 13:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-05-29 13:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-05-10 12:10:59 40112 ----a-w- c:\windows\avastSS.scr 2011-05-10 12:03:54 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-04-14 09:07:59 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-04-14 06:40:22 73728 ----a-w- c:\windows\system32\javacpl.cpl . ============= FINISH: 20:19:22.03 ===============

I manage myself to run GMEr the log is in attachment. I am not being helped anywhere else. If nobody can help me please let me know. The confusion on spybot forum came from the fact that two of my 4 machines got infected almost at the same time. I took drastic measures in the household to avoid such situation but the thing is posting another thread gave the impression that I am over "using" the precious time of volunteers. Rest assure guys, I am not using anybody and I'll not blame anybody if you don't want to help me. please can somebody help me? GMER 1.0.15.15640 - http://www.gmer.net Rootkit scan 2011-06-13 01:43:36 Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 TOSHIBA_MK8025GAS rev.KA023H Running: y2movpbj.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\agedqpow.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xB9FC2202] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xBA028CB2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xB9FE66C1] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xB9FC481C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xB9FC4874] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xB9FC498A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xB9FE6075] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xB9FC4772] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xB9FC48C4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xB9FC47C6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xB9FC4938] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xB9FC2226] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xB9FE6D87] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xB9FE703D] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xB9FC4C0E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xB9FE6BF2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xB9FE6A5D] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xBA028D62] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xB9FC1FF0] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xB9FC224A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xB9FC4D82] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xB9FC2CDA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xB9FC484C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xB9FC489C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xB9FC49B4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xB9FE63D1] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xB9FC479E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xB9FC4A46] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xB9FC4904] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xB9FC47F4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xB9FC4B2A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xB9FC4962] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xBA028DFA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xB9FE68D8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xB9FC2BA0] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xB9FE672A] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xBA031E48] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xB9FE56E8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xB9FC226E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xB9FC2292] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xB9FC204A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xB9FC2186] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xB9FE6E8E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xB9FC2162] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xB9FC21AA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xB9FC22B6] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xBA03E902] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 26B4 80501EEC 4 Bytes [E8, 56, FE, B9] PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 8059B8EC 4 Bytes CALL B9FC3335 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805B1DB4 5 Bytes JMP BA03A2BE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ObInsertObject 805B8C2C 5 Bytes JMP BA03BD5C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ZwCreateProcessEx 805C74CC 7 Bytes JMP BA03E906 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) .text win32k.sys!EngFreeUserMem + 674 BF809922 5 Bytes JMP B9FC5CCE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngDeleteSurface + 45 BF813911 5 Bytes JMP B9FC5BDA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngSetLastError + 783B BF824157 5 Bytes JMP B9FC4F60 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateBitmap + F9C BF828CE9 5 Bytes JMP B9FC5E38 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngUnmapFontFileFD + 2C50 BF8316DA 5 Bytes JMP B9FC6040 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngUnmapFontFileFD + B8F2 BF83A37C 5 Bytes JMP B9FC5B4A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCopyBits + 5F35 BF857E69 5 Bytes JMP B9FC4FD0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + 348C BF866FF4 5 Bytes JMP B9FC51AC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + 3517 BF86707F 5 Bytes JMP B9FC5352 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + 3F47 BF867AAF 5 Bytes JMP B9FC4E84 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + AAFC BF86E664 5 Bytes JMP B9FC5C04 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngUnicodeToMultiByteN + 2ED7 BF871F85 5 Bytes JMP B9FC5F9E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGetCurrentCodePage + 411E BF88C9D8 5 Bytes JMP B9FC532A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngTextOut + 4149 BF8B0CBE 5 Bytes JMP B9FC4E9C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreatePalette + 2DBF BF8C26A3 5 Bytes JMP B9FC5D80 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngStretchBltROP + 450 BF8C3048 5 Bytes JMP B9FC506A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngFillPath + 1517 BF8CB4AA 5 Bytes JMP B9FC50DA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngFillPath + 1797 BF8CB72A 5 Bytes JMP B9FC5114 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngDeleteSemaphore + 3B3E BF8ED1B7 5 Bytes JMP B9FC4DB8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 19B2 BF913F1F 5 Bytes JMP B9FC4F1C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 2586 BF914AF3 5 Bytes JMP B9FC5034 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 4EE5 BF917452 5 Bytes JMP B9FC546C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngPlgBlt + 1924 BF945FB0 5 Bytes JMP B9FC5EF6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[240] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[240] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP } .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[240] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[804] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\spoolsv.exe[804] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[804] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\spoolsv.exe[804] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[804] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014 .text C:\WINDOWS\system32\spoolsv.exe[804] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804 .text C:\WINDOWS\system32\spoolsv.exe[804] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08 .text C:\WINDOWS\system32\spoolsv.exe[804] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C .text C:\WINDOWS\system32\spoolsv.exe[804] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10 .text C:\WINDOWS\system32\spoolsv.exe[804] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8 .text C:\WINDOWS\system32\spoolsv.exe[804] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC .text C:\WINDOWS\system32\spoolsv.exe[804] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600 .text C:\WINDOWS\system32\spoolsv.exe[804] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804 .text C:\WINDOWS\system32\spoolsv.exe[804] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08 .text C:\WINDOWS\system32\spoolsv.exe[804] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600 .text C:\WINDOWS\system32\spoolsv.exe[804] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8 .text C:\WINDOWS\system32\spoolsv.exe[804] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[872] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[872] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[872] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[872] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[872] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804 .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[872] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08 .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[872] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600 .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[872] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8 .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[872] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[872] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014 .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[872] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804 .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[872] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08 .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[872] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[872] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10 .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[872] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8 .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[872] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[872] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[896] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[896] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[896] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[896] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[896] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[896] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[896] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[896] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[896] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[896] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[896] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[896] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[896] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003B0804 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[896] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003B0A08 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[896] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003B0600 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[896] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003B01F8 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[896] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003B03FC .text C:\Program Files\AVAST Software\Avast\avastUI.exe[904] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\avastUI.exe[904] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\System32\smss.exe[952] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\SpywareGuard\sgmain.exe[976] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text C:\Program Files\SpywareGuard\sgmain.exe[976] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\SpywareGuard\sgmain.exe[976] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text C:\Program Files\SpywareGuard\sgmain.exe[976] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\SpywareGuard\sgmain.exe[976] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804 .text C:\Program Files\SpywareGuard\sgmain.exe[976] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08 .text C:\Program Files\SpywareGuard\sgmain.exe[976] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600 .text C:\Program Files\SpywareGuard\sgmain.exe[976] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8 .text C:\Program Files\SpywareGuard\sgmain.exe[976] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC .text C:\Program Files\SpywareGuard\sgmain.exe[976] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014 .text C:\Program Files\SpywareGuard\sgmain.exe[976] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804 .text C:\Program Files\SpywareGuard\sgmain.exe[976] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08 .text C:\Program Files\SpywareGuard\sgmain.exe[976] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C .text C:\Program Files\SpywareGuard\sgmain.exe[976] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10 .text C:\Program Files\SpywareGuard\sgmain.exe[976] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8 .text C:\Program Files\SpywareGuard\sgmain.exe[976] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC .text C:\Program Files\SpywareGuard\sgmain.exe[976] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600 .text C:\WINDOWS\system32\csrss.exe[1052] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\csrss.exe[1052] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[1096] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000701F8 .text C:\WINDOWS\system32\winlogon.exe[1096] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[1096] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000703FC .text C:\WINDOWS\system32\winlogon.exe[1096] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[1096] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014 .text C:\WINDOWS\system32\winlogon.exe[1096] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804 .text C:\WINDOWS\system32\winlogon.exe[1096] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08 .text C:\WINDOWS\system32\winlogon.exe[1096] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C .text C:\WINDOWS\system32\winlogon.exe[1096] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10 .text C:\WINDOWS\system32\winlogon.exe[1096] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8 .text C:\WINDOWS\system32\winlogon.exe[1096] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC .text C:\WINDOWS\system32\winlogon.exe[1096] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600 .text C:\WINDOWS\system32\winlogon.exe[1096] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804 .text C:\WINDOWS\system32\winlogon.exe[1096] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08 .text C:\WINDOWS\system32\winlogon.exe[1096] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600 .text C:\WINDOWS\system32\winlogon.exe[1096] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8 .text C:\WINDOWS\system32\winlogon.exe[1096] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC .text C:\WINDOWS\system32\services.exe[1140] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\services.exe[1140] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\services.exe[1140] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\services.exe[1140] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\services.exe[1140] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014 .text C:\WINDOWS\system32\services.exe[1140] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804 .text C:\WINDOWS\system32\services.exe[1140] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08 .text C:\WINDOWS\system32\services.exe[1140] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C .text C:\WINDOWS\system32\services.exe[1140] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10 .text C:\WINDOWS\system32\services.exe[1140] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8 .text C:\WINDOWS\system32\services.exe[1140] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC .text C:\WINDOWS\system32\services.exe[1140] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600 .text C:\WINDOWS\system32\services.exe[1140] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804 .text C:\WINDOWS\system32\services.exe[1140] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08 .text C:\WINDOWS\system32\services.exe[1140] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600 .text C:\WINDOWS\system32\services.exe[1140] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8 .text C:\WINDOWS\system32\services.exe[1140] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC .text C:\WINDOWS\system32\lsass.exe[1152] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\lsass.exe[1152] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\lsass.exe[1152] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\lsass.exe[1152] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\lsass.exe[1152] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014 .text C:\WINDOWS\system32\lsass.exe[1152] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804 .text C:\WINDOWS\system32\lsass.exe[1152] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08 .text C:\WINDOWS\system32\lsass.exe[1152] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C .text C:\WINDOWS\system32\lsass.exe[1152] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10 .text C:\WINDOWS\system32\lsass.exe[1152] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8 .text C:\WINDOWS\system32\lsass.exe[1152] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC .text C:\WINDOWS\system32\lsass.exe[1152] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600 .text C:\WINDOWS\system32\lsass.exe[1152] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804 .text C:\WINDOWS\system32\lsass.exe[1152] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08 .text C:\WINDOWS\system32\lsass.exe[1152] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600 .text C:\WINDOWS\system32\lsass.exe[1152] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8 .text C:\WINDOWS\system32\lsass.exe[1152] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC .text C:\WINDOWS\system32\Ati2evxx.exe[1304] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8 .text C:\WINDOWS\system32\Ati2evxx.exe[1304] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\Ati2evxx.exe[1304] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC .text C:\WINDOWS\system32\Ati2evxx.exe[1304] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\Ati2evxx.exe[1304] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804 .text C:\WINDOWS\system32\Ati2evxx.exe[1304] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08 .text C:\WINDOWS\system32\Ati2evxx.exe[1304] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600 .text C:\WINDOWS\system32\Ati2evxx.exe[1304] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8 .text C:\WINDOWS\system32\Ati2evxx.exe[1304] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC .text C:\WINDOWS\system32\Ati2evxx.exe[1304] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014 .text C:\WINDOWS\system32\Ati2evxx.exe[1304] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804 .text C:\WINDOWS\system32\Ati2evxx.exe[1304] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08 .text C:\WINDOWS\system32\Ati2evxx.exe[1304] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C .text C:\WINDOWS\system32\Ati2evxx.exe[1304] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10 .text C:\WINDOWS\system32\Ati2evxx.exe[1304] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8 .text C:\WINDOWS\system32\Ati2evxx.exe[1304] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC .text C:\WINDOWS\system32\Ati2evxx.exe[1304] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600 .text C:\WINDOWS\system32\svchost.exe[1340] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\svchost.exe[1340] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1340] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\svchost.exe[1340] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1340] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014 .text C:\WINDOWS\system32\svchost.exe[1340] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804 .text C:\WINDOWS\system32\svchost.exe[1340] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08 .text C:\WINDOWS\system32\svchost.exe[1340] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C .text C:\WINDOWS\system32\svchost.exe[1340] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10 .text C:\WINDOWS\system32\svchost.exe[1340] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8 .text C:\WINDOWS\system32\svchost.exe[1340] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC .text C:\WINDOWS\system32\svchost.exe[1340] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600 .text C:\WINDOWS\system32\svchost.exe[1340] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804 .text C:\WINDOWS\system32\svchost.exe[1340] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08 .text C:\WINDOWS\system32\svchost.exe[1340] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600 .text C:\WINDOWS\system32\svchost.exe[1340] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8 .text C:\WINDOWS\system32\svchost.exe[1340] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC .text C:\WINDOWS\system32\svchost.exe[1440] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\svchost.exe[1440] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1440] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\svchost.exe[1440] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1440] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014 .text C:\WINDOWS\system32\svchost.exe[1440] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804 .text C:\WINDOWS\system32\svchost.exe[1440] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08 .text C:\WINDOWS\system32\svchost.exe[1440] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C .text C:\WINDOWS\system32\svchost.exe[1440] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10 .text C:\WINDOWS\system32\svchost.exe[1440] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8 .text C:\WINDOWS\system32\svchost.exe[1440] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC .text C:\WINDOWS\system32\svchost.exe[1440] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600 .text C:\WINDOWS\system32\svchost.exe[1440] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804 .text C:\WINDOWS\system32\svchost.exe[1440] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08 .text C:\WINDOWS\system32\svchost.exe[1440] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600 .text C:\WINDOWS\system32\svchost.exe[1440] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8 .text C:\WINDOWS\system32\svchost.exe[1440] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC .text C:\WINDOWS\System32\svchost.exe[1480] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\System32\svchost.exe[1480] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1480] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\System32\svchost.exe[1480] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1480] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014 .text C:\WINDOWS\System32\svchost.exe[1480] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804 .text C:\WINDOWS\System32\svchost.exe[1480] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08 .text C:\WINDOWS\System32\svchost.exe[1480] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C .text C:\WINDOWS\System32\svchost.exe[1480] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10 .text C:\WINDOWS\System32\svchost.exe[1480] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8 .text C:\WINDOWS\System32\svchost.exe[1480] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC .text C:\WINDOWS\System32\svchost.exe[1480] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600 .text C:\WINDOWS\System32\svchost.exe[1480] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804 .text C:\WINDOWS\System32\svchost.exe[1480] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08 .text C:\WINDOWS\System32\svchost.exe[1480] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600 .text C:\WINDOWS\System32\svchost.exe[1480] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8 .text C:\WINDOWS\System32\svchost.exe[1480] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC .text C:\Program Files\Mozilla Firefox\firefox.exe[1516] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8 .text C:\Program Files\Mozilla Firefox\firefox.exe[1516] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Mozilla Firefox\firefox.exe[1516] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC .text C:\Program Files\Mozilla Firefox\firefox.exe[1516] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Mozilla Firefox\firefox.exe[1516] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 006B1014 .text C:\Program Files\Mozilla Firefox\firefox.exe[1516] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 006B0804 .text C:\Program Files\Mozilla Firefox\firefox.exe[1516] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 006B0A08 .text C:\Program Files\Mozilla Firefox\firefox.exe[1516] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 006B0C0C .text C:\Program Files\Mozilla Firefox\firefox.exe[1516] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 006B0E10 .text C:\Program Files\Mozilla Firefox\firefox.exe[1516] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 006B01F8 .text C:\Program Files\Mozilla Firefox\firefox.exe[1516] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 006B03FC .text C:\Program Files\Mozilla Firefox\firefox.exe[1516] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 006B0600 .text C:\Program Files\Mozilla Firefox\firefox.exe[1516] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 006C0804 .text C:\Program Files\Mozilla Firefox\firefox.exe[1516] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 006C0A08 .text C:\Program Files\Mozilla Firefox\firefox.exe[1516] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 006C0600 .text C:\Program Files\Mozilla Firefox\firefox.exe[1516] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 006C01F8 .text C:\Program Files\Mozilla Firefox\firefox.exe[1516] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 006C03FC .text C:\Program Files\SpywareGuard\sgbhp.exe[1528] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text C:\Program Files\SpywareGuard\sgbhp.exe[1528] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\SpywareGuard\sgbhp.exe[1528] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text C:\Program Files\SpywareGuard\sgbhp.exe[1528] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\SpywareGuard\sgbhp.exe[1528] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804 .text C:\Program Files\SpywareGuard\sgbhp.exe[1528] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08 .text C:\Program Files\SpywareGuard\sgbhp.exe[1528] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600 .text C:\Program Files\SpywareGuard\sgbhp.exe[1528] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8 .text C:\Program Files\SpywareGuard\sgbhp.exe[1528] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC .text C:\Program Files\SpywareGuard\sgbhp.exe[1528] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014 .text C:\Program Files\SpywareGuard\sgbhp.exe[1528] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804 .text C:\Program Files\SpywareGuard\sgbhp.exe[1528] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08 .text C:\Program Files\SpywareGuard\sgbhp.exe[1528] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C .text C:\Program Files\SpywareGuard\sgbhp.exe[1528] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10 .text C:\Program Files\SpywareGuard\sgbhp.exe[1528] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8 .text C:\Program Files\SpywareGuard\sgbhp.exe[1528] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC .text C:\Program Files\SpywareGuard\sgbhp.exe[1528] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600 .text C:\WINDOWS\system32\svchost.exe[1536] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\svchost.exe[1536] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1536] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\svchost.exe[1536] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1536] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014 .text C:\WINDOWS\system32\svchost.exe[1536] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804 .text C:\WINDOWS\system32\svchost.exe[1536] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08 .text C:\WINDOWS\system32\svchost.exe[1536] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C .text C:\WINDOWS\system32\svchost.exe[1536] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10 .text C:\WINDOWS\system32\svchost.exe[1536] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8 .text C:\WINDOWS\system32\svchost.exe[1536] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC .text C:\WINDOWS\system32\svchost.exe[1536] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600 .text C:\WINDOWS\system32\svchost.exe[1536] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804 .text C:\WINDOWS\system32\svchost.exe[1536] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08 .text C:\WINDOWS\system32\svchost.exe[1536] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600 .text C:\WINDOWS\system32\svchost.exe[1536] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8 .text C:\WINDOWS\system32\svchost.exe[1536] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC .text C:\WINDOWS\system32\svchost.exe[1612] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\svchost.exe[1612] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1612] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\svchost.exe[1612] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1612] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014 .text C:\WINDOWS\system32\svchost.exe[1612] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804 .text C:\WINDOWS\system32\svchost.exe[1612] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08 .text C:\WINDOWS\system32\svchost.exe[1612] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C .text C:\WINDOWS\system32\svchost.exe[1612] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10 .text C:\WINDOWS\system32\svchost.exe[1612] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8 .text C:\WINDOWS\system32\svchost.exe[1612] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC .text C:\WINDOWS\system32\svchost.exe[1612] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600 .text C:\WINDOWS\system32\svchost.exe[1612] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804 .text C:\WINDOWS\system32\svchost.exe[1612] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08 .text C:\WINDOWS\system32\svchost.exe[1612] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600 .text C:\WINDOWS\system32\svchost.exe[1612] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8 .text C:\WINDOWS\system32\svchost.exe[1612] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC .text C:\WINDOWS\system32\svchost.exe[1720] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\svchost.exe[1720] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1720] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\svchost.exe[1720] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1720] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014 .text C:\WINDOWS\system32\svchost.exe[1720] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804 .text C:\WINDOWS\system32\svchost.exe[1720] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08 .text C:\WINDOWS\system32\svchost.exe[1720] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C .text C:\WINDOWS\system32\svchost.exe[1720] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10 .text C:\WINDOWS\system32\svchost.exe[1720] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8 .text C:\WINDOWS\system32\svchost.exe[1720] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC .text C:\WINDOWS\system32\svchost.exe[1720] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600 .text C:\WINDOWS\system32\svchost.exe[1720] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804 .text C:\WINDOWS\system32\svchost.exe[1720] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08 .text C:\WINDOWS\system32\svchost.exe[1720] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600 .text C:\WINDOWS\system32\svchost.exe[1720] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8 .text C:\WINDOWS\system32\svchost.exe[1720] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC .text C:\WINDOWS\system32\Ati2evxx.exe[1812] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8 .text C:\WINDOWS\system32\Ati2evxx.exe[1812] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\Ati2evxx.exe[1812] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC .text C:\WINDOWS\system32\Ati2evxx.exe[1812] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\Ati2evxx.exe[1812] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804 .text C:\WINDOWS\system32\Ati2evxx.exe[1812] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08 .text C:\WINDOWS\system32\Ati2evxx.exe[1812] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600 .text C:\WINDOWS\system32\Ati2evxx.exe[1812] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8 .text C:\WINDOWS\system32\Ati2evxx.exe[1812] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC .text C:\WINDOWS\system32\Ati2evxx.exe[1812] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014 .text C:\WINDOWS\system32\Ati2evxx.exe[1812] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804 .text C:\WINDOWS\system32\Ati2evxx.exe[1812] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08 .text C:\WINDOWS\system32\Ati2evxx.exe[1812] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C .text C:\WINDOWS\system32\Ati2evxx.exe[1812] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10 .text C:\WINDOWS\system32\Ati2evxx.exe[1812] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8 .text C:\WINDOWS\system32\Ati2evxx.exe[1812] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC .text C:\WINDOWS\system32\Ati2evxx.exe[1812] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600 .text C:\Program Files\Bonjour\mDNSResponder.exe[1836] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8 .text C:\Program Files\Bonjour\mDNSResponder.exe[1836] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Bonjour\mDNSResponder.exe[1836] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC .text C:\Program Files\Bonjour\mDNSResponder.exe[1836] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Bonjour\mDNSResponder.exe[1836] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00381014 .text C:\Program Files\Bonjour\mDNSResponder.exe[1836] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00380804 .text C:\Program Files\Bonjour\mDNSResponder.exe[1836] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00380A08 .text C:\Program Files\Bonjour\mDNSResponder.exe[1836] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00380C0C .text C:\Program Files\Bonjour\mDNSResponder.exe[1836] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00380E10 .text C:\Program Files\Bonjour\mDNSResponder.exe[1836] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003801F8 .text C:\Program Files\Bonjour\mDNSResponder.exe[1836] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003803FC .text C:\Program Files\Bonjour\mDNSResponder.exe[1836] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00380600 .text C:\Program Files\Bonjour\mDNSResponder.exe[1836] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804 .text C:\Program Files\Bonjour\mDNSResponder.exe[1836] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08 .text C:\Program Files\Bonjour\mDNSResponder.exe[1836] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600 .text C:\Program Files\Bonjour\mDNSResponder.exe[1836] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8 .text C:\Program Files\Bonjour\mDNSResponder.exe[1836] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC .text C:\Program Files\Java\jre6\bin\jqs.exe[1892] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text C:\Program Files\Java\jre6\bin\jqs.exe[1892] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Java\jre6\bin\jqs.exe[1892] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text C:\Program Files\Java\jre6\bin\jqs.exe[1892] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Java\jre6\bin\jqs.exe[1892] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014 .text C:\Program Files\Java\jre6\bin\jqs.exe[1892] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804 .text C:\Program Files\Java\jre6\bin\jqs.exe[1892] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08 .text C:\Program Files\Java\jre6\bin\jqs.exe[1892] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C .text C:\Program Files\Java\jre6\bin\jqs.exe[1892] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10 .text C:\Program Files\Java\jre6\bin\jqs.exe[1892] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8 .text C:\Program Files\Java\jre6\bin\jqs.exe[1892] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC .text C:\Program Files\Java\jre6\bin\jqs.exe[1892] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600 .text C:\Program Files\Java\jre6\bin\jqs.exe[1892] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804 .text C:\Program Files\Java\jre6\bin\jqs.exe[1892] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08 .text C:\Program Files\Java\jre6\bin\jqs.exe[1892] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600 .text C:\Program Files\Java\jre6\bin\jqs.exe[1892] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8 .text C:\Program Files\Java\jre6\bin\jqs.exe[1892] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC .text C:\WINDOWS\Explorer.EXE[2040] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\Explorer.EXE[2040] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[2040] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\Explorer.EXE[2040] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[2040] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014 .text C:\WINDOWS\Explorer.EXE[2040] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804 .text C:\WINDOWS\Explorer.EXE[2040] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08 .text C:\WINDOWS\Explorer.EXE[2040] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C .text C:\WINDOWS\Explorer.EXE[2040] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10 .text C:\WINDOWS\Explorer.EXE[2040] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8 .text C:\WINDOWS\Explorer.EXE[2040] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC .text C:\WINDOWS\Explorer.EXE[2040] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600 .text C:\WINDOWS\Explorer.EXE[2040] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804 .text C:\WINDOWS\Explorer.EXE[2040] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08 .text C:\WINDOWS\Explorer.EXE[2040] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600 .text C:\WINDOWS\Explorer.EXE[2040] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8 .text C:\WINDOWS\Explorer.EXE[2040] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC .text C:\WINDOWS\system32\HPZipm12.exe[2184] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8 .text C:\WINDOWS\system32\HPZipm12.exe[2184] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\HPZipm12.exe[2184] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC .text C:\WINDOWS\system32\HPZipm12.exe[2184] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\HPZipm12.exe[2184] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00381014 .text C:\WINDOWS\system32\HPZipm12.exe[2184] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00380804 .text C:\WINDOWS\system32\HPZipm12.exe[2184] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00380A08 .text C:\WINDOWS\system32\HPZipm12.exe[2184] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00380C0C .text C:\WINDOWS\system32\HPZipm12.exe[2184] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00380E10 .text C:\WINDOWS\system32\HPZipm12.exe[2184] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003801F8 .text C:\WINDOWS\system32\HPZipm12.exe[2184] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003803FC .text C:\WINDOWS\system32\HPZipm12.exe[2184] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00380600 .text C:\WINDOWS\system32\HPZipm12.exe[2184] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804 .text C:\WINDOWS\system32\HPZipm12.exe[2184] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08 .text C:\WINDOWS\system32\HPZipm12.exe[2184] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600 .text C:\WINDOWS\system32\HPZipm12.exe[2184] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8 .text C:\WINDOWS\system32\HPZipm12.exe[2184] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC .text C:\WINDOWS\system32\svchost.exe[2272] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\svchost.exe[2272] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[2272] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\svchost.exe[2272] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[2272] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014 .text C:\WINDOWS\system32\svchost.exe[2272] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804 .text C:\WINDOWS\system32\svchost.exe[2272] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08 .text C:\WINDOWS\system32\svchost.exe[2272] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C .text C:\WINDOWS\system32\svchost.exe[2272] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10 .text C:\WINDOWS\system32\svchost.exe[2272] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8 .text C:\WINDOWS\system32\svchost.exe[2272] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC .text C:\WINDOWS\system32\svchost.exe[2272] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600 .text C:\WINDOWS\system32\svchost.exe[2272] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804 .text C:\WINDOWS\system32\svchost.exe[2272] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08 .text C:\WINDOWS\system32\svchost.exe[2272] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600 .text C:\WINDOWS\system32\svchost.exe[2272] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8 .text C:\WINDOWS\system32\svchost.exe[2272] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC .text C:\WINDOWS\System32\alg.exe[3092] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\System32\alg.exe[3092] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\System32\alg.exe[3092] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\System32\alg.exe[3092] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\System32\alg.exe[3092] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002B0804 .text C:\WINDOWS\System32\alg.exe[3092] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002B0A08 .text C:\WINDOWS\System32\alg.exe[3092] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002B0600 .text C:\WINDOWS\System32\alg.exe[3092] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002B01F8 .text C:\WINDOWS\System32\alg.exe[3092] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002B03FC .text C:\WINDOWS\System32\alg.exe[3092] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014 .text C:\WINDOWS\System32\alg.exe[3092] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804 .text C:\WINDOWS\System32\alg.exe[3092] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08 .text C:\WINDOWS\System32\alg.exe[3092] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C .text C:\WINDOWS\System32\alg.exe[3092] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10 .text C:\WINDOWS\System32\alg.exe[3092] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8 .text C:\WINDOWS\System32\alg.exe[3092] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC .text C:\WINDOWS\System32\alg.exe[3092] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600 .text C:\Documents and Settings\Owner\Desktop\y2movpbj.exe[3464] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8 .text C:\Documents and Settings\Owner\Desktop\y2movpbj.exe[3464] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Documents and Settings\Owner\Desktop\y2movpbj.exe[3464] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC .text C:\Documents and Settings\Owner\Desktop\y2movpbj.exe[3464] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Documents and Settings\Owner\Desktop\y2movpbj.exe[3464] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003F1014 .text C:\Documents and Settings\Owner\Desktop\y2movpbj.exe[3464] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003F0804 .text C:\Documents and Settings\Owner\Desktop\y2movpbj.exe[3464] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003F0A08 .text C:\Documents and Settings\Owner\Desktop\y2movpbj.exe[3464] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003F0C0C .text C:\Documents and Settings\Owner\Desktop\y2movpbj.exe[3464] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003F0E10 .text C:\Documents and Settings\Owner\Desktop\y2movpbj.exe[3464] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003F01F8 .text C:\Documents and Settings\Owner\Desktop\y2movpbj.exe[3464] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003F03FC .text C:\Documents and Settings\Owner\Desktop\y2movpbj.exe[3464] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003F0600 .text C:\Documents and Settings\Owner\Desktop\y2movpbj.exe[3464] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00AA0804 .text C:\Documents and Settings\Owner\Desktop\y2movpbj.exe[3464] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00AA0A08 .text C:\Documents and Settings\Owner\Desktop\y2movpbj.exe[3464] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00AA0600 .text C:\Documents and Settings\Owner\Desktop\y2movpbj.exe[3464] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00AA01F8 .text C:\Documents and Settings\Owner\Desktop\y2movpbj.exe[3464] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 00AA03FC .text C:\WINDOWS\system32\sol.exe[3532] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A01F8 .text C:\WINDOWS\system32\sol.exe[3532] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\sol.exe[3532] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000A03FC .text C:\WINDOWS\system32\sol.exe[3532] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\sol.exe[3532] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014 .text C:\WINDOWS\system32\sol.exe[3532] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804 .text C:\WINDOWS\system32\sol.exe[3532] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08 .text C:\WINDOWS\system32\sol.exe[3532] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C .text C:\WINDOWS\system32\sol.exe[3532] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10 .text C:\WINDOWS\system32\sol.exe[3532] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8 .text C:\WINDOWS\system32\sol.exe[3532] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC .text C:\WINDOWS\system32\sol.exe[3532] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600 .text C:\WINDOWS\system32\sol.exe[3532] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804 .text C:\WINDOWS\system32\sol.exe[3532] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08 .text C:\WINDOWS\system32\sol.exe[3532] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600 .text C:\WINDOWS\system32\sol.exe[3532] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8 .text C:\WINDOWS\system32\sol.exe[3532] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software) AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) ---- EOF - GMER 1.0.15 ---- 1.log

somebody please help me

can you please help me?

I tried to have help elsewhere but nobody replied beside you. My thread have been closed on another forum. So the answer is I am not being helped at other site.

MBAM log Malwarebytes' Anti-Malware 1.51.0.1200 www.malwarebytes.org Database version: 6804 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 6/7/2011 10:08:29 PM mbam-log-2011-06-07 (22-08-29).txt Scan type: Quick scan Objects scanned: 165735 Time elapsed: 29 minute(s), 31 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) combofix.txt ComboFix 11-06-06.07 - Owner 06/07/2011 22:40:37.2.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.430 [GMT -4:00] Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} . . ((((((((((((((((((((((((( Files Created from 2011-05-08 to 2011-06-08 ))))))))))))))))))))))))))))))) . . 2011-06-06 04:52 . 2011-06-06 04:52 -------- d-sh--w- c:\documents and settings\Movie Watching\IETldCache 2011-06-02 16:30 . 2011-06-02 16:30 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2011-05-20 23:20 . 2011-05-20 23:23 -------- dc-h--w- c:\windows\ie8 2011-05-13 01:11 . 2011-05-10 11:59 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2011-05-13 01:11 . 2011-05-10 12:03 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys 2011-05-13 01:11 . 2011-05-10 11:59 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2011-05-13 01:11 . 2011-05-10 12:02 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2011-05-13 01:11 . 2011-05-10 12:03 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-05-13 01:11 . 2011-05-10 12:02 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2011-05-13 01:11 . 2011-05-10 12:02 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys 2011-05-13 01:11 . 2011-05-10 11:59 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2011-05-13 01:11 . 2011-05-10 12:10 40112 ----a-w- c:\windows\avastSS.scr 2011-05-13 01:11 . 2011-05-10 12:10 199304 ----a-w- c:\windows\system32\aswBoot.exe 2011-05-13 01:10 . 2011-05-13 01:10 -------- d-----w- c:\program files\AVAST Software 2011-05-13 01:10 . 2011-05-13 01:10 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software 2011-05-12 23:11 . 2011-05-13 01:13 -------- d-----w- c:\program files\SpywareGuard 2011-05-12 23:09 . 2011-05-12 23:09 -------- d-----w- c:\documents and settings\All Users\Application Data\TEMP 2011-05-12 23:08 . 2011-05-12 23:11 -------- d-----w- c:\program files\SpywareBlaster 2011-05-12 20:29 . 2011-05-12 20:29 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\PCHealth 2011-05-10 01:05 . 2011-05-28 20:42 -------- d-----w- c:\program files\Spybot - Search & Destroy 2011-05-10 01:05 . 2011-05-13 00:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-05-29 13:11 . 2011-04-05 04:59 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-05-29 13:11 . 2011-04-05 04:59 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-04-14 09:07 . 2010-09-07 21:21 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-04-14 06:40 . 2010-09-02 18:55 73728 ----a-w- c:\windows\system32\javacpl.cpl . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2008-05-13 . 8FCF3A8C83D93FA7BD01574DBD861786 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-05-10 12:10 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-01-22 40368] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-12-02 344064] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-05-10 3459712] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_3"="advpack.dll" [2009-03-08 128512] . c:\documents and settings\Owner\Start Menu\Programs\Startup\ SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-8-29 360448] . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "DisableNotifications"= 1 (0x1) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= . R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [5/12/2011 9:11 PM 441176] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5/12/2011 9:11 PM 307928] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/12/2011 9:11 PM 19544] R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [8/22/2005 2:06 PM 231424] S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [9/22/2010 2:26 PM 30576] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.2.1 192.168.2.1 FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\3d9ghmci.default\ FF - prefs.js: network.proxy.type - 0 FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} FF - Ext: AutoPager: autopager@mozilla.org - %profile%\extensions\autopager@mozilla.org FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\AVAST Software\Avast\WebRep\FF . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-06-07 22:53 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . . C:\## aswSnx private storage . scan completed successfully hidden files: 1 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Swearware\backup\winsock2\Parameters] @DACL=(02 0000) @SACL= "WinSock_Registry_Version"="2.0" "Current_NameSpace_Catalog"="NameSpace_Catalog5" "Current_Protocol_Catalog"="Protocol_Catalog9" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(1068) c:\windows\system32\Ati2evxx.dll . - - - - - - - > 'explorer.exe'(2980) c:\windows\system32\WININET.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2011-06-07 23:01:32 ComboFix-quarantined-files.txt 2011-06-08 03:01 . Pre-Run: 24,934,178,816 bytes free Post-Run: 24,965,275,648 bytes free . - - End Of File - - 6E569BCA0E756E172587600FA84571CD DDS log . DDS (Ver_2011-06-03.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_25 Run by Owner at 22:10:48 on 2011-06-07 . ============== Running Processes =============== . . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: SpywareGuardDLBLOCK.CBrowserHelper: {4a368e80-174f-4872-96b5-0b27ddd11db2} - c:\program files\spywareguard\dlprotect.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab TCP: DhcpNameServer = 192.168.2.1 192.168.2.1 TCP: Interfaces\{4B0E35A4-7C13-4DD1-A3ED-C32AEC4C37FA} : DhcpNameServer = 192.168.2.1 192.168.2.1 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Notify: AtiExtEvent - Ati2evxx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll SEH: SpywareGuard.Handler: {81559c35-8464-49f7-bb0e-07a383bef910} - c:\program files\spywareguard\spywareguard.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\3d9ghmci.default\ FF - prefs.js: network.proxy.type - 0 FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\microsoft\office live\npOLW.dll FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} FF - Ext: AutoPager: autopager@mozilla.org - %profile%\extensions\autopager@mozilla.org FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\avast software\avast\webrep\FF . ============= SERVICES / DRIVERS =============== . R? fsssvc;Windows Live Family Safety Service R? MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver S? aswFsBlk;aswFsBlk S? aswSnx;aswSnx S? aswSP;aswSP S? avast! Antivirus;avast! Antivirus S? fssfltr;fssfltr S? HSFHWATI;HSFHWATI . =============== Created Last 30 ================ . 2011-05-20 23:20:43 -------- dc-h--w- c:\windows\ie8 2011-05-13 01:11:30 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-05-13 01:11:04 40112 ----a-w- c:\windows\avastSS.scr 2011-05-13 01:10:30 -------- d-----w- c:\program files\AVAST Software 2011-05-13 01:10:30 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software 2011-05-12 23:11:49 -------- d-----w- c:\program files\SpywareGuard 2011-05-12 23:08:40 -------- d-----w- c:\program files\SpywareBlaster 2011-05-12 20:29:00 -------- d-----w- c:\documents and settings\owner\local settings\application data\PCHealth 2011-05-12 08:57:24 -------- d-sha-r- C:\cmdcons 2011-05-10 01:05:40 -------- d-----w- c:\program files\Spybot - Search & Destroy 2011-05-10 01:05:40 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy . ==================== Find3M ==================== . 2011-05-29 13:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-05-29 13:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-04-14 09:07:59 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-04-14 06:40:22 73728 ----a-w- c:\windows\system32\javacpl.cpl . ============= FINISH: 22:18:57.68 ===============

Computer stocked on start. tried safe mode and was able to run roguekiller and malwarebyte. after their scan, they delete some stuff but the computer is still very slow and bizarre.I can't save the logs of DDS on the computer so I'll directly post them in the thread. GMER can't start because of this error :Loaddriver("C:\DOCUME~1\OWNER\LOCALS~1\Temp\agedqpow.sys")error 0xC0000061: The handle is invalid DDS log DDS log . DDS (Ver_2011-06-03.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_25 Run by Owner at 7:12:35 on 2011-06-06 . ============== Running Processes =============== . . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: SpywareGuardDLBLOCK.CBrowserHelper: {4a368e80-174f-4872-96b5-0b27ddd11db2} - c:\program files\spywareguard\dlprotect.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Java

Computer stocked on start. tried safe mode and was able to run roguekiller and malwarebyte. after their scan, they delete some stuff but the computer is still very slow and bizarre.I can't save the logs of DDS on the computer so I'll directly post them in the thread. GMER can't start because of this error :Loaddriver("C:\DOCUME~1\OWNER\LOCALS~1\Temp\agedqpow.sys")error 0xC0000061: The handle is invalid DDS log DDS log . DDS (Ver_2011-06-03.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_25 Run by Owner at 7:12:35 on 2011-06-06 . ============== Running Processes =============== . . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: SpywareGuardDLBLOCK.CBrowserHelper: {4a368e80-174f-4872-96b5-0b27ddd11db2} - c:\program files\spywareguard\dlprotect.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab TCP: DhcpNameServer = 192.168.2.1 192.168.2.1 TCP: Interfaces\{4B0E35A4-7C13-4DD1-A3ED-C32AEC4C37FA} : DhcpNameServer = 192.168.2.1 192.168.2.1 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Notify: AtiExtEvent - Ati2evxx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll SEH: SpywareGuard.Handler: {81559c35-8464-49f7-bb0e-07a383bef910} - c:\program files\spywareguard\spywareguard.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\3d9ghmci.default\ FF - prefs.js: network.proxy.type - 0 FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\microsoft\office live\npOLW.dll FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} FF - Ext: AutoPager: - %profile%\extensions\autopager@mozilla.org FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} FF - Ext: Java Quick Starter: - c:\program files\java\jre6\lib\deploy\jqs\ff FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension FF - Ext: avast! WebRep: - c:\program files\avast software\avast\webrep\FF . ============= SERVICES / DRIVERS =============== . R? fsssvc;Windows Live Family Safety Service R? MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver S? aswFsBlk;aswFsBlk S? aswSnx;aswSnx S? aswSP;aswSP S? avast! Antivirus;avast! Antivirus S? fssfltr;fssfltr S? HSFHWATI;HSFHWATI . =============== Created Last 30 ================ . 2011-05-20 23:20:43 -------- dc-h--w- c:\windows\ie8 2011-05-13 01:11:30 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-05-13 01:11:04 40112 ----a-w- c:\windows\avastSS.scr 2011-05-13 01:10:30 -------- d-----w- c:\program files\AVAST Software 2011-05-13 01:10:30 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software 2011-05-12 23:11:49 -------- d-----w- c:\program files\SpywareGuard 2011-05-12 23:08:40 -------- d-----w- c:\program files\SpywareBlaster 2011-05-12 20:29:00 -------- d-----w- c:\documents and settings\owner\local settings\application data\PCHealth 2011-05-12 08:57:24 -------- d-sha-r- C:\cmdcons 2011-05-10 01:05:40 -------- d-----w- c:\program files\Spybot - Search & Destroy 2011-05-10 01:05:40 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy . ==================== Find3M ==================== . 2011-05-29 13:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-05-29 13:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-04-14 09:07:59 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-04-14 06:40:22 73728 ----a-w- c:\windows\system32\javacpl.cpl . ============= FINISH: 7:17:29.01 =============== MBAM log Malwarebytes' Anti-Malware 1.51.0.1200 www.malwarebytes.org Database version: 6803 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 6/7/2011 4:53:39 PM mbam-log-2011-06-07 (16-53-39).txt Scan type: Quick scan Objects scanned: 165559 Time elapsed: 27 minute(s), 41 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Attach.txt log Attach log . ==== Installed Programs ====================== . . Add or Remove Adobe Creative Suite 3 Master Collection Adobe After Effects CS3 Presets Adobe Anchor Service CS3 Adobe Asset Services CS3 Adobe Bridge CS3 Adobe Bridge Start Meeting Adobe BridgeTalk Plugin CS3 Adobe Camera Raw 4.0 Adobe CMaps Adobe Color - Photoshop Specific Adobe Color Common Settings Adobe Color EU Extra Settings Adobe Color JA Extra Settings Adobe Color NA Recommended Settings Adobe Creative Suite 3 Master Collection Adobe Default Language CS3 Adobe Device Central CS3 Adobe ExtendScript Toolkit 2 Adobe Extension Manager CS3 Adobe Flash Player 10 Plugin Adobe Flash Player 9 ActiveX Adobe Fonts All Adobe Help Viewer CS3 Adobe Illustrator CS3 Adobe InDesign CS3 Adobe InDesign CS3 Icon Handler Adobe Linguistics CS3 Adobe MotionPicture Color Files Adobe PDF Library Files Adobe Photoshop CS3 Adobe Reader 8.2.6 Adobe Setup Adobe SING CS3 Adobe Stock Photos CS3 Adobe Type Support Adobe Update Manager CS3 Adobe Version Cue CS3 Client Adobe Video Profiles Adobe WAS CS3 Adobe WinSoft Linguistics Plugin Adobe XMP DVA Panels CS3 Adobe XMP Panels CS3 AHV content for Acrobat and Flash AiO_Scan_CDA AiOSoftwareNPI ATI - Software Uninstall Utility ATI Control Panel ATI Display Driver Audacity 1.2.6 Audacity 1.3.12 (Unicode) avast! Free Antivirus BufferChm C4100 c4100_Help Conexant AC-Link Audio CP_CalendarTemplates1 cp_OnlineProjectsConfig CP_Package_Basic1 CP_Panorama1Config cp_PosterPrintConfig CueTour Destinations DeviceManagementQFolder DivX Setup DocProc DocProcQFolder DocumentViewer DocumentViewerQFolder eSupportQFolder Fax_CDA Free MP3 Recorder 1.0 FullDPAppQFolder Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB2158563) Hotfix for Windows XP (KB2443685) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB954708) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB981793) HP Document Viewer 7.0 HP Imaging Device Functions 7.0 HP Photosmart and Deskjet 7.0.A HP Photosmart Premier Software 6.5 HP Product Detection HP Software Update HP Solution Center 7.0 HPPhotoSmartExpress HPProductAssistant InstantShareDevices InstantShareDevicesMFC Java Auto Updater Java 6 Update 25 Java 6 Update 6 Junk Mail filter update LAME v3.98.3 for Audacity Malwarebytes' Anti-Malware version 1.51.0.1200 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2416447) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Application Error Reporting Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Corporation Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office Live Add-in 1.3 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Search Enhancement Pack Microsoft Silverlight Microsoft Software Update for Web Folders (English) 12 Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Mozilla Firefox (3.6.17) MSN MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) NetWaiting NewCopy_CDA OCR Software by I.R.I.S 7.0 OpenOffice.org 3.2 PanoStandAlone PDF Settings PhotoGallery ProductContextNPI RandMap Readme Realtek AC'97 Audio Revo Uninstaller 1.83 Scan ScannerCopy Security Update for 2007 Microsoft Office System (KB2288621) Security Update for 2007 Microsoft Office System (KB2288931) Security Update for 2007 Microsoft Office System (KB2345043) Security Update for 2007 Microsoft Office System (KB2466156) Security Update for 2007 Microsoft Office System (KB2509488) Security Update for 2007 Microsoft Office System (KB969559) Security Update for 2007 Microsoft Office System (KB976321) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473) Security Update for Microsoft Office Access 2007 (KB979440) Security Update for Microsoft Office Excel 2007 (KB2464583) Security Update for Microsoft Office Groove 2007 (KB2494047) Security Update for Microsoft Office InfoPath 2007 (KB979441) Security Update for Microsoft Office PowerPoint 2007 (KB2535818) Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623) Security Update for Microsoft Office Publisher 2007 (KB2284697) Security Update for Microsoft Office system 2007 (972581) Security Update for Microsoft Office system 2007 (KB974234) Security Update for Microsoft Office Visio Viewer 2007 (KB973709) Security Update for Microsoft Office Word 2007 (KB2344993) Security Update for Windows Internet Explorer 7 (KB2183461) Security Update for Windows Internet Explorer 7 (KB2497640) Security Update for Windows Internet Explorer 8 (KB2497640) Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2121546) Security Update for Windows XP (KB2160329) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2259922) Security Update for Windows XP (KB2279986) Security Update for Windows XP (KB2286198) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2296199) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2412687) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2436673) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2476687) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479628) Security Update for Windows XP (KB2479943) Security Update for Windows XP (KB2481109) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2485376) Security Update for Windows XP (KB2485663) Security Update for Windows XP (KB2503658) Security Update for Windows XP (KB2506212) Security Update for Windows XP (KB2506223) Security Update for Windows XP (KB2507618) Security Update for Windows XP (KB2508272) Security Update for Windows XP (KB2508429) Security Update for Windows XP (KB2509553) Security Update for Windows XP (KB2510581) Security Update for Windows XP (KB2511455) Security Update for Windows XP (KB2524375) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923789) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB971961) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980218) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981349) Security Update for Windows XP (KB981852) Security Update for Windows XP (KB981957) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982214) Security Update for Windows XP (KB982665) Security Update for Windows XP (KB982802) Segoe UI SkinsHP1 SlideShow Soft Data Fax Modem with SmartCP SolutionCenter Sonic_PrimoSDK Spybot - Search & Destroy SpywareBlaster 4.4 SpywareGuard v2.2 Status Texas Instruments PCIxx21/x515/xx12 drivers. TIPCI Toolbox TrayApp Unload Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft Office OneNote 2007 (KB980729) Update for Microsoft Office Outlook 2007 (KB2509470) Update for Outlook 2007 Junk Email Filter (KB2536413) Update for Windows XP (KB2141007) Update for Windows XP (KB2345886) Update for Windows XP (KB2467659) Update for Windows XP (KB898461) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB961503) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971029) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) VC80CRTRedist - 8.0.50727.4053 VLC media player 1.1.7 WebFldrs XP WebReg Windows Internet Explorer 7 Windows Internet Explorer 8 Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Family Safety Windows Live Mail Windows Live Messenger Windows Live Photo Gallery Windows Live Sign-in Assistant Windows Live Sync Windows Live Toolbar Windows Live Upload Tool Windows Live Writer Windows Media Format 11 runtime Windows Media Player 11 WinRAR archiver . ==== End Of File ===========================

Thank You !!!!