I have a virus playing the radio through my speakers and Its blocking Warcraft

Inactive
By TotalyBuggered
May 2, 2011
Topic Status:
Not open for further replies.
  1. I so the thread about HIJACKTHIS and I have a redirect virus and a radio playing BLOG TALK RADIO randomly thru my speakers I ve done everything I can to get rid of it i ran HIJAKTHIS and it said to post the log so here it is

    [HJT log removed - Broni]
  2. Broni

    Broni Malware Annihilator Posts: 46,179   +251

    Welcome aboard [​IMG]

    We don't use HJT around here anymore.

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
  3. TotalyBuggered

    TotalyBuggered Newcomer, in training Topic Starter Posts: 22

    Thanks

    OK ill try all that tomorrow and see what happens im willing to try anytthing!!!
  4. Broni

    Broni Malware Annihilator Posts: 46,179   +251

    OK....................
  5. Broni

    Broni Malware Annihilator Posts: 46,179   +251

    Reopened...
  6. TotalyBuggered

    TotalyBuggered Newcomer, in training Topic Starter Posts: 22

    Posting the Logs

    IT says the logs are too long to paste
    so what do i do?
  7. Broni

    Broni Malware Annihilator Posts: 46,179   +251

  8. TotalyBuggered

    TotalyBuggered Newcomer, in training Topic Starter Posts: 22

    Gmer log 1

    GMER 1.0.15.15627 - http://www.gmer.net
    Rootkit scan 2011-05-11 09:33:23
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Scsi\nvgts1Port3Path0Target0Lun0 WDC_WD32 rev.12.0
    Running: mb46ucb5[1].exe; Driver: C:\DOCUME~1\Tracy\LOCALS~1\Temp\pwlcapow.sys


    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xAC3D8202]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xAC43EC48]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xAC3FC6A1]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xAC3DA7F0]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xAC3DA848]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xAC3DA95E]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xAC3FC055]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xAC3DA746]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xAC3DA898]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xAC3DA79A]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xAC3DA90C]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xAC3D8226]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xAC3FCD67]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xAC3FD01D]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xAC3DABE2]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xAC3FCBD2]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xAC3FCA3D]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xAC43ECF8]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xAC3D7FF0]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xAC3D824A]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xAC3DAD56]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xAC3D8CDA]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xAC3DA820]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xAC3DA870]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xAC3DA988]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xAC3FC3B1]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xAC3DA772]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xAC3DAA1A]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xAC3DA8D8]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xAC3DA7C8]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xAC3DAAFE]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xAC3DA936]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xAC43ED90]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xAC3FC8B8]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xAC3D8BA0]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xAC3FC70A]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xAC447CAE]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xAC3FB6C8]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xAC3D826E]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xAC3D8292]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xAC3D804A]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xAC3D8186]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xAC3FCE6E]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xAC3D8162]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xAC3D81AA]
    SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xAFFD7620]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xAC3D82B6]

    ---- Kernel code sections - GMER 1.0.15 ----

    .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB91CD380, 0x344E37, 0xE8000020]
    .text win32k.sys!EngFreeUserMem + 674 BF809922 4 Bytes JMP AC3DBCA2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngDeleteSurface + 45 BF813911 4 Bytes JMP AC3DBBAE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngSetLastError + 783B BF824157 4 Bytes JMP AC3DAF34 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCreateBitmap + F9C BF828CE9 4 Bytes JMP AC3DBE0C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngUnmapFontFileFD + 2C50 BF8316DA 4 Bytes JMP AC3DC014 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngUnmapFontFileFD + B8F2 BF83A37C 5 Bytes JMP AC3DBB1E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCopyBits + 5F35 BF857E69 4 Bytes JMP AC3DAFA4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!XLATEOBJ_iXlate + 348C BF866FF4 4 Bytes JMP AC3DB180 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!XLATEOBJ_iXlate + 3517 BF86707F 5 Bytes JMP AC3DB326 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!XLATEOBJ_iXlate + 3F47 BF867AAF 4 Bytes JMP AC3DAE58 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!XLATEOBJ_iXlate + AAFC BF86E664 4 Bytes JMP AC3DBBD8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngUnicodeToMultiByteN + 2ED7 BF871F85 4 Bytes JMP AC3DBF72 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngGetCurrentCodePage + 411E BF88C9D8 4 Bytes JMP AC3DB2FE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngTextOut + 4149 BF8B0CBE 5 Bytes JMP AC3DAE70 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCreatePalette + 2DBF BF8C26A3 4 Bytes JMP AC3DBD54 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngStretchBltROP + 450 BF8C3048 5 Bytes JMP AC3DB03E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngFillPath + 1517 BF8CB4AA 1 Byte [E9]
    .text win32k.sys!EngFillPath + 1517 BF8CB4AA 4 Bytes JMP AC3DB0AE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngFillPath + 1797 BF8CB72A 5 Bytes JMP AC3DB0E8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngDeleteSemaphore + 3B3E BF8ED1B7 4 Bytes JMP AC3DAD8C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCreateClip + 19B2 BF913F1F 5 Bytes JMP AC3DAEF0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCreateClip + 2586 BF914AF3 4 Bytes JMP AC3DB008 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCreateClip + 4EE5 BF917452 5 Bytes JMP AC3DB440 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngPlgBlt + 1924 BF945FB0 5 Bytes JMP AC3DBECA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text ntdll.dll!LdrLoadDll 7C91632D 5 Bytes [E9, C6, 9E, 84, 83] {JMP 0xffffffff83849ecb}
    .text ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes [E9, 2A, 92, 84, 83] {JMP 0xffffffff8384922f}
  9. TotalyBuggered

    TotalyBuggered Newcomer, in training Topic Starter Posts: 22

    Gmer log 2

    ---- User code sections - GMER 1.0.15 ----

    .text C:\WINDOWS\system32\spoolsv.exe[280] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
    .text C:\WINDOWS\system32\spoolsv.exe[280] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\spoolsv.exe[280] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
    .text C:\WINDOWS\system32\spoolsv.exe[280] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\spoolsv.exe[280] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
    .text C:\WINDOWS\system32\spoolsv.exe[280] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\spoolsv.exe[280] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\spoolsv.exe[280] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\system32\spoolsv.exe[280] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\system32\spoolsv.exe[280] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\spoolsv.exe[280] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\system32\spoolsv.exe[280] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\spoolsv.exe[280] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
    .text C:\WINDOWS\system32\spoolsv.exe[280] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\system32\spoolsv.exe[280] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
    .text C:\WINDOWS\system32\spoolsv.exe[280] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\spoolsv.exe[280] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\system32\svchost.exe[420] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
    .text C:\WINDOWS\system32\svchost.exe[420] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[420] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
    .text C:\WINDOWS\system32\svchost.exe[420] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[420] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
    .text C:\WINDOWS\system32\svchost.exe[420] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\svchost.exe[420] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\svchost.exe[420] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\system32\svchost.exe[420] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\system32\svchost.exe[420] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\svchost.exe[420] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\system32\svchost.exe[420] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\svchost.exe[420] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
    .text C:\WINDOWS\system32\svchost.exe[420] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\system32\svchost.exe[420] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
    .text C:\WINDOWS\system32\svchost.exe[420] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\svchost.exe[420] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[452] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[452] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[452] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[452] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[452] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[452] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[452] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[452] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[452] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[452] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[452] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[452] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[452] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[452] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[452] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[452] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[452] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
    .text C:\WINDOWS\system32\fxssvc.exe[528] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
    .text C:\WINDOWS\system32\fxssvc.exe[528] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\fxssvc.exe[528] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
    .text C:\WINDOWS\system32\fxssvc.exe[528] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\fxssvc.exe[528] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00381014
    .text C:\WINDOWS\system32\fxssvc.exe[528] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00380804
    .text C:\WINDOWS\system32\fxssvc.exe[528] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00380A08
    .text C:\WINDOWS\system32\fxssvc.exe[528] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00380C0C
    .text C:\WINDOWS\system32\fxssvc.exe[528] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00380E10
    .text C:\WINDOWS\system32\fxssvc.exe[528] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003801F8
    .text C:\WINDOWS\system32\fxssvc.exe[528] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003803FC
    .text C:\WINDOWS\system32\fxssvc.exe[528] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00380600
    .text C:\WINDOWS\system32\fxssvc.exe[528] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
    .text C:\WINDOWS\system32\fxssvc.exe[528] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
    .text C:\WINDOWS\system32\fxssvc.exe[528] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
    .text C:\WINDOWS\system32\fxssvc.exe[528] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
    .text C:\WINDOWS\system32\fxssvc.exe[528] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
    .text C:\WINDOWS\system32\svchost.exe[608] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
    .text C:\WINDOWS\system32\svchost.exe[608] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[608] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
    .text C:\WINDOWS\system32\svchost.exe[608] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[608] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
    .text C:\WINDOWS\system32\svchost.exe[608] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\svchost.exe[608] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\svchost.exe[608] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\system32\svchost.exe[608] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\system32\svchost.exe[608] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\svchost.exe[608] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\system32\svchost.exe[608] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\svchost.exe[608] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
    .text C:\WINDOWS\system32\svchost.exe[608] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\system32\svchost.exe[608] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
    .text C:\WINDOWS\system32\svchost.exe[608] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\svchost.exe[608] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\system32\svchost.exe[644] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
    .text C:\WINDOWS\system32\svchost.exe[644] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[644] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
    .text C:\WINDOWS\system32\svchost.exe[644] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[644] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
    .text C:\WINDOWS\system32\svchost.exe[644] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\svchost.exe[644] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\svchost.exe[644] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\system32\svchost.exe[644] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\system32\svchost.exe[644] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\svchost.exe[644] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\system32\svchost.exe[644] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\svchost.exe[644] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
    .text C:\WINDOWS\system32\svchost.exe[644] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\system32\svchost.exe[644] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
    .text C:\WINDOWS\system32\svchost.exe[644] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\svchost.exe[644] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\System32\svchost.exe[688] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
    .text C:\WINDOWS\System32\svchost.exe[688] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\System32\svchost.exe[688] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
    .text C:\WINDOWS\System32\svchost.exe[688] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\System32\svchost.exe[688] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
    .text C:\WINDOWS\System32\svchost.exe[688] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
    .text C:\WINDOWS\System32\svchost.exe[688] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\System32\svchost.exe[688] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\System32\svchost.exe[688] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\System32\svchost.exe[688] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\System32\svchost.exe[688] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\System32\svchost.exe[688] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
    .text C:\WINDOWS\System32\svchost.exe[688] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
    .text C:\WINDOWS\System32\svchost.exe[688] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\System32\svchost.exe[688] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
    .text C:\WINDOWS\System32\svchost.exe[688] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\System32\svchost.exe[688] USER32.dll!UnhookWinEvent
  10. TotalyBuggered

    TotalyBuggered Newcomer, in training Topic Starter Posts: 22

    Gmer log 3

    .text c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1324] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
    .text c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1324] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1324] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
    .text c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1324] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1324] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00360804
    .text c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1324] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00360A08
    .text c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1324] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00360600
    .text c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1324] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003601F8
    .text c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1324] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003603FC
    .text c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1324] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00371014
    .text c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1324] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00370804
    .text c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1324] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00370A08
    .text c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1324] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00370C0C
    .text c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1324] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00370E10
    .text c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1324] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003701F8
    .text c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1324] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003703FC
    .text c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1324] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00370600
    .text C:\WINDOWS\System32\svchost.exe[1336] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
    .text C:\WINDOWS\System32\svchost.exe[1336] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\System32\svchost.exe[1336] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
    .text C:\WINDOWS\System32\svchost.exe[1336] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\System32\svchost.exe[1336] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
    .text C:\WINDOWS\System32\svchost.exe[1336] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
    .text C:\WINDOWS\System32\svchost.exe[1336] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\System32\svchost.exe[1336] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\System32\svchost.exe[1336] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\System32\svchost.exe[1336] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\System32\svchost.exe[1336] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\System32\svchost.exe[1336] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
    .text C:\WINDOWS\System32\svchost.exe[1336] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
    .text C:\WINDOWS\System32\svchost.exe[1336] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\System32\svchost.exe[1336] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
    .text C:\WINDOWS\System32\svchost.exe[1336] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\System32\svchost.exe[1336] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\system32\svchost.exe[1416] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
    .text C:\WINDOWS\system32\svchost.exe[1416] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1416] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
    .text C:\WINDOWS\system32\svchost.exe[1416] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1416] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
    .text C:\WINDOWS\system32\svchost.exe[1416] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\svchost.exe[1416] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\svchost.exe[1416] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\system32\svchost.exe[1416] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\system32\svchost.exe[1416] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\svchost.exe[1416] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\system32\svchost.exe[1416] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\svchost.exe[1416] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
    .text C:\WINDOWS\system32\svchost.exe[1416] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\system32\svchost.exe[1416] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
    .text C:\WINDOWS\system32\svchost.exe[1416] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\svchost.exe[1416] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\system32\svchost.exe[1488] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
    .text C:\WINDOWS\system32\svchost.exe[1488] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1488] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
    .text C:\WINDOWS\system32\svchost.exe[1488] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1488] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
    .text C:\WINDOWS\system32\svchost.exe[1488] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\svchost.exe[1488] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\svchost.exe[1488] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\system32\svchost.exe[1488] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\system32\svchost.exe[1488] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\svchost.exe[1488] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\system32\svchost.exe[1488] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\svchost.exe[1488] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
    .text C:\WINDOWS\system32\svchost.exe[1488] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\system32\svchost.exe[1488] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
    .text C:\WINDOWS\system32\svchost.exe[1488] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\svchost.exe[1488] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1536] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1536] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1536] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1536] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1536] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002D1014
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1536] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002D0804
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1536] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002D0A08
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1536] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002D0C0C
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1536] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002D0E10
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1536] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002D01F8
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1536] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002D03FC
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1536] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002D0600
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1536] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002E0804
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1536] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002E0A08
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1536] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002E0600
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1536] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002E01F8
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1536] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002E03FC
    .text C:\WINDOWS\system32\svchost.exe[1616] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
    .text C:\WINDOWS\system32\svchost.exe[1616] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1616] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
    .text C:\WINDOWS\system32\svchost.exe[1616] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1616] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
    .text C:\WINDOWS\system32\svchost.exe[1616] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\svchost.exe[1616] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\svchost.exe[1616] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\system32\svchost.exe[1616] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\system32\svchost.exe[1616] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\svchost.exe[1616] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\system32\svchost.exe[1616] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\svchost.exe[1616] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
    .text C:\WINDOWS\system32\svchost.exe[1616] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\system32\svchost.exe[1616] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
    .text C:\WINDOWS\system32\svchost.exe[1616] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\svchost.exe[1616] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\system32\svchost.exe[1744] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
    .text C:\WINDOWS\system32\svchost.exe[1744] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1744] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
    .text C:\WINDOWS\system32\svchost.exe[1744] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1744] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
    .text C:\WINDOWS\system32\svchost.exe[1744] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\svchost.exe[1744] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\svchost.exe[1744] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\system32\svchost.exe[1744] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\system32\svchost.exe[1744] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\svchost.exe[1744] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\system32\svchost.exe[1744] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\svchost.exe[1744] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
    .text C:\WINDOWS\system32\svchost.exe[1744] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\system32\svchost.exe[1744] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
    .text C:\WINDOWS\system32\svchost.exe[1744] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\svchost.exe[1744] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[1816] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[1816] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[1816] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[1816] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[1816] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00381014
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[1816] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00380804
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[1816] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00380A08
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[1816] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00380C0C
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[1816] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00380E10
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[1816] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003801F8
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[1816] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003803FC
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[1816] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00380600
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[1816] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[1816] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[1816] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[1816] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[1816] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
    .text C:\WINDOWS\System32\bcmwltry.exe[1832] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
    .text C:\WINDOWS\System32\bcmwltry.exe[1832] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\System32\bcmwltry.exe[1832] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
    .text C:\WINDOWS\System32\bcmwltry.exe[1832] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\System32\bcmwltry.exe[1832] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003B1014
    .text C:\WINDOWS\System32\bcmwltry.exe[1832] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003B0804
    .text C:\WINDOWS\System32\bcmwltry.exe[1832] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003B0A08
    .text C:\WINDOWS\System32\bcmwltry.exe[1832] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003B0C0C
    .text C:\WINDOWS\System32\bcmwltry.exe[1832] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003B0E10
    .text C:\WINDOWS\System32\bcmwltry.exe[1832] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003B01F8
    .text C:\WINDOWS\System32\bcmwltry.exe[1832] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003B03FC
    .text C:\WINDOWS\System32\bcmwltry.exe[1832] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003B0600
    .text C:\WINDOWS\System32\bcmwltry.exe[1832] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003C0804
    .text C:\WINDOWS\System32\bcmwltry.exe[1832] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003C0A08
    .text C:\WINDOWS\System32\bcmwltry.exe[1832] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003C0600
    .text C:\WINDOWS\System32\bcmwltry.exe[1832] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003C01F8
    .text C:\WINDOWS\System32\bcmwltry.exe[1832] USER32.dll!UnhookWinEvent
  11. TotalyBuggered

    TotalyBuggered Newcomer, in training Topic Starter Posts: 22

    Gmer log 4

    .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1908] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1908] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
    .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1908] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\SearchIndexer.exe[2108] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000D01F8
    .text C:\WINDOWS\system32\SearchIndexer.exe[2108] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\SearchIndexer.exe[2108] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000D03FC
    .text C:\WINDOWS\system32\SearchIndexer.exe[2108] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
    .text C:\WINDOWS\system32\SearchIndexer.exe[2108] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\SearchIndexer.exe[2108] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00311014
    .text C:\WINDOWS\system32\SearchIndexer.exe[2108] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00310804
    .text C:\WINDOWS\system32\SearchIndexer.exe[2108] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00310A08
    .text C:\WINDOWS\system32\SearchIndexer.exe[2108] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00310C0C
    .text C:\WINDOWS\system32\SearchIndexer.exe[2108] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00310E10
    .text C:\WINDOWS\system32\SearchIndexer.exe[2108] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003101F8
    .text C:\WINDOWS\system32\SearchIndexer.exe[2108] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003103FC
    .text C:\WINDOWS\system32\SearchIndexer.exe[2108] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00310600
    .text C:\WINDOWS\system32\SearchIndexer.exe[2108] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00320804
    .text C:\WINDOWS\system32\SearchIndexer.exe[2108] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00320A08
    .text C:\WINDOWS\system32\SearchIndexer.exe[2108] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00320600
    .text C:\WINDOWS\system32\SearchIndexer.exe[2108] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003201F8
    .text C:\WINDOWS\system32\SearchIndexer.exe[2108] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003203FC
    .text C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe[2276] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8
    .text C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe[2276] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe[2276] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC
    .text C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe[2276] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe[2276] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003F1014
    .text C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe[2276] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003F0804
    .text C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe[2276] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003F0A08
    .text C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe[2276] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003F0C0C
    .text C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe[2276] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003F0E10
    .text C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe[2276] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003F01F8
    .text C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe[2276] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003F03FC
    .text C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe[2276] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003F0600
    .text C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe[2276] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00420804
    .text C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe[2276] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00420A08
    .text C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe[2276] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00420600
    .text C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe[2276] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 004201F8
    .text C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe[2276] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 004203FC
    .text C:\Program Files\Internet Explorer\iexplore.exe[2524] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
    .text C:\Program Files\Internet Explorer\iexplore.exe[2524] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Internet Explorer\iexplore.exe[2524] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
    .text C:\Program Files\Internet Explorer\iexplore.exe[2524] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\Internet Explorer\iexplore.exe[2524] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003E1014
    .text C:\Program Files\Internet Explorer\iexplore.exe[2524] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003E0804
    .text C:\Program Files\Internet Explorer\iexplore.exe[2524] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003E0A08
    .text C:\Program Files\Internet Explorer\iexplore.exe[2524] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003E0C0C
    .text C:\Program Files\Internet Explorer\iexplore.exe[2524] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003E0E10
    .text C:\Program Files\Internet Explorer\iexplore.exe[2524] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003E01F8
    .text C:\Program Files\Internet Explorer\iexplore.exe[2524] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003E03FC
    .text C:\Program Files\Internet Explorer\iexplore.exe[2524] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003E0600
    .text C:\Program Files\Internet Explorer\iexplore.exe[2524] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154BD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2524] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9B01 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2524] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD125 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2524] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB5C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2524] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254664 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2524] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003F0600
    .text C:\Program Files\Internet Explorer\iexplore.exe[2524] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003F01F8
    .text C:\Program Files\Internet Explorer\iexplore.exe[2524] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003F03FC
    .text C:\Program Files\Internet Explorer\iexplore.exe[2524] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5117 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2524] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E5049 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2524] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E50B4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2524] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4F1A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2524] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4F7C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2524] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E517A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2524] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4FDE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2524] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDBB8 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2524] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E547F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2524] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 46CAE71D C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2524] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 46CAEEE9 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2524] WS2_32.dll!socket 71AB4211 5 Bytes JMP 46CAE59E C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2524] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 46CAE62A C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2524] WS2_32.dll!send 71AB4C27 5 Bytes JMP 46CAE9ED C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2524] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 017E000A
    .text C:\Program Files\Internet Explorer\iexplore.exe[2524] WS2_32.dll!recv 71AB676F 5 Bytes JMP 46CAF1C3 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
    .text c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe[2656] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
    .text c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe[2656] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe[2656] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
    .text c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe[2656] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe[2656] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002D1014
    .text c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe[2656] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002D0804
    .text c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe[2656] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002D0A08
    .text c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe[2656] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002D0C0C
    .text c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe[2656] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002D0E10
    .text c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe[2656] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002D01F8
    .text c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe[2656] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002D03FC
    .text c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe[2656] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002D0600
    .text c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe[2656] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002E0804
    .text c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe[2656] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002E0A08
    .text c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe[2656] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002E0600
    .text c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe[2656] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002E01F8
    .text c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe[2656] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002E03FC
    .text C:\WINDOWS\system32\wbem\unsecapp.exe[2896] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
    .text C:\WINDOWS\system32\wbem\unsecapp.exe[2896] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\wbem\unsecapp.exe[2896] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
    .text C:\WINDOWS\system32\wbem\unsecapp.exe[2896] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\wbem\unsecapp.exe[2896] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00371014
    .text C:\WINDOWS\system32\wbem\unsecapp.exe[2896] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00370804
    .text C:\WINDOWS\system32\wbem\unsecapp.exe[2896] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00370A08
    .text C:\WINDOWS\system32\wbem\unsecapp.exe[2896] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00370C0C
    .text C:\WINDOWS\system32\wbem\unsecapp.exe[2896] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00370E10
    .text C:\WINDOWS\system32\wbem\unsecapp.exe[2896] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003701F8
    .text C:\WINDOWS\system32\wbem\unsecapp.exe[2896] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003703FC
    .text C:\WINDOWS\system32\wbem\unsecapp.exe[2896] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00370600
    .text C:\WINDOWS\system32\wbem\unsecapp.exe[2896] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
    .text C:\WINDOWS\system32\wbem\unsecapp.exe[2896] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
    .text C:\WINDOWS\system32\wbem\unsecapp.exe[2896] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
    .text C:\WINDOWS\system32\wbem\unsecapp.exe[2896] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
    .text C:\WINDOWS\system32\wbem\unsecapp.exe[2896] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
    .text C:\WINDOWS\System32\alg.exe[3160] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
    .text C:\WINDOWS\System32\alg.exe[3160] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\System32\alg.exe[3160] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
    .text C:\WINDOWS\System32\alg.exe[3160] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\System32\alg.exe[3160] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002B0804
    .text C:\WINDOWS\System32\alg.exe[3160] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\System32\alg.exe[3160] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002B0600
    .text C:\WINDOWS\System32\alg.exe[3160] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\System32\alg.exe[3160] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\System32\alg.exe[3160] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
    .text C:\WINDOWS\System32\alg.exe[3160] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
    .text C:\WINDOWS\System32\alg.exe[3160] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\System32\alg.exe[3160] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
    .text C:\WINDOWS\System32\alg.exe[3160] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
    .text C:\WINDOWS\System32\alg.exe[3160] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\System32\alg.exe[3160] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\System32\alg.exe[3160] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
    .text C:\WINDOWS\system32\wuauclt.exe[3172] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A01F8
    .text C:\WINDOWS\system32\wuauclt.exe[3172] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\wuauclt.exe[3172] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000A03FC
    .text C:\WINDOWS\system32\wuauclt.exe[3172] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\wuauclt.exe[3172] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
    .text C:\WINDOWS\system32\wuauclt.exe[3172] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
    .text C:\WINDOWS\system32\wuauclt.exe[3172] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\system32\wuauclt.exe[3172] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
    .text C:\WINDOWS\system32\wuauclt.exe[3172] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
    .text C:\WINDOWS\system32\wuauclt.exe[3172] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\wuauclt.exe[3172] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\system32\wuauclt.exe[3172] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
    .text C:\WINDOWS\system32\wuauclt.exe[3172] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
    .text C:\WINDOWS\system32\wuauclt.exe[3172] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
    .text C:\WINDOWS\system32\wuauclt.exe[3172] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
    .text C:\WINDOWS\system32\wuauclt.exe[3172] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
    .text C:\WINDOWS\system32\wuauclt.exe[3172] USER32.dll!UnhookWinEvent
     
  12. TotalyBuggered

    TotalyBuggered Newcomer, in training Topic Starter Posts: 22

    Gmer log 5

    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3248] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3248] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3248] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3248] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3248] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3248] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3248] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3248] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3248] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3248] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3248] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3248] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3248] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3248] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3248] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3248] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3248] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\Explorer.EXE[3300] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
    .text C:\WINDOWS\Explorer.EXE[3300] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\Explorer.EXE[3300] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
    .text C:\WINDOWS\Explorer.EXE[3300] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\Explorer.EXE[3300] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003B1014
    .text C:\WINDOWS\Explorer.EXE[3300] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003B0804
    .text C:\WINDOWS\Explorer.EXE[3300] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003B0A08
    .text C:\WINDOWS\Explorer.EXE[3300] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003B0C0C
    .text C:\WINDOWS\Explorer.EXE[3300] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003B0E10
    .text C:\WINDOWS\Explorer.EXE[3300] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003B01F8
    .text C:\WINDOWS\Explorer.EXE[3300] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003B03FC
    .text C:\WINDOWS\Explorer.EXE[3300] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003B0600
    .text C:\WINDOWS\Explorer.EXE[3300] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003C0804
    .text C:\WINDOWS\Explorer.EXE[3300] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003C0A08
    .text C:\WINDOWS\Explorer.EXE[3300] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003C0600
    .text C:\WINDOWS\Explorer.EXE[3300] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003C01F8
    .text C:\WINDOWS\Explorer.EXE[3300] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003C03FC
    .text C:\WINDOWS\Explorer.EXE[3300] WININET.dll!HttpAddRequestHeadersA 3D94CF4E 5 Bytes JMP 00CD164F
    .text C:\WINDOWS\Explorer.EXE[3300] WININET.dll!HttpAddRequestHeadersW 3D94FE49 5 Bytes JMP 00CD1817
    .text C:\Program Files\Microsoft Security Client\msseces.exe[3452] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
    .text C:\Program Files\Microsoft Security Client\msseces.exe[3452] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Microsoft Security Client\msseces.exe[3452] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
    .text C:\Program Files\Microsoft Security Client\msseces.exe[3452] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\Microsoft Security Client\msseces.exe[3452] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002D1014
    .text C:\Program Files\Microsoft Security Client\msseces.exe[3452] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002D0804
    .text C:\Program Files\Microsoft Security Client\msseces.exe[3452] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002D0A08
    .text C:\Program Files\Microsoft Security Client\msseces.exe[3452] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002D0C0C
    .text C:\Program Files\Microsoft Security Client\msseces.exe[3452] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002D0E10
    .text C:\Program Files\Microsoft Security Client\msseces.exe[3452] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002D01F8
    .text C:\Program Files\Microsoft Security Client\msseces.exe[3452] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002D03FC
    .text C:\Program Files\Microsoft Security Client\msseces.exe[3452] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002D0600
    .text C:\Program Files\Microsoft Security Client\msseces.exe[3452] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002E0804
    .text C:\Program Files\Microsoft Security Client\msseces.exe[3452] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002E0A08
    .text C:\Program Files\Microsoft Security Client\msseces.exe[3452] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002E0600
    .text C:\Program Files\Microsoft Security Client\msseces.exe[3452] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002E01F8
    .text C:\Program Files\Microsoft Security Client\msseces.exe[3452] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002E03FC
    .text C:\Program Files\Internet Explorer\iexplore.exe[3480] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
    .text C:\Program Files\Internet Explorer\iexplore.exe[3480] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Internet Explorer\iexplore.exe[3480] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
    .text C:\Program Files\Internet Explorer\iexplore.exe[3480] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\Internet Explorer\iexplore.exe[3480] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003E1014
    .text C:\Program Files\Internet Explorer\iexplore.exe[3480] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003E0804
    .text C:\Program Files\Internet Explorer\iexplore.exe[3480] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003E0A08
    .text C:\Program Files\Internet Explorer\iexplore.exe[3480] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003E0C0C
    .text C:\Program Files\Internet Explorer\iexplore.exe[3480] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003E0E10
    .text C:\Program Files\Internet Explorer\iexplore.exe[3480] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003E01F8
    .text C:\Program Files\Internet Explorer\iexplore.exe[3480] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003E03FC
    .text C:\Program Files\Internet Explorer\iexplore.exe[3480] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003E0600
    .text C:\Program Files\Internet Explorer\iexplore.exe[3480] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154BD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3480] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003F0804
    .text C:\Program Files\Internet Explorer\iexplore.exe[3480] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB5C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3480] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003F0A08
    .text C:\Program Files\Internet Explorer\iexplore.exe[3480] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003F0600
    .text C:\Program Files\Internet Explorer\iexplore.exe[3480] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003F01F8
    .text C:\Program Files\Internet Explorer\iexplore.exe[3480] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003F03FC
    .text C:\Program Files\Internet Explorer\iexplore.exe[3480] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5117 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3480] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E5049 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3480] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E50B4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3480] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4F1A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3480] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4F7C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3480] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E517A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3480] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4FDE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3480] ws2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 0194000A
    .text C:\Program Files\Internet Explorer\iexplore.exe[3480] ws2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 0191000A
    .text C:\Program Files\Internet Explorer\iexplore.exe[3480] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 0190000A
    .text C:\Program Files\Internet Explorer\iexplore.exe[3480] ws2_32.dll!send 71AB4C27 5 Bytes JMP 0192000A
    .text C:\Program Files\Internet Explorer\iexplore.exe[3480] ws2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 0193000A
    .text C:\Program Files\Internet Explorer\iexplore.exe[3480] ws2_32.dll!recv 71AB676F 5 Bytes JMP 018A000A
    .text C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\UGEEAS27\mb46ucb5[1].exe[3800] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8
    .text C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\UGEEAS27\mb46ucb5[1].exe[3800] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\UGEEAS27\mb46ucb5[1].exe[3800] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC
    .text C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\UGEEAS27\mb46ucb5[1].exe[3800] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\UGEEAS27\mb46ucb5[1].exe[3800] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003F0804
    .text C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\UGEEAS27\mb46ucb5[1].exe[3800] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003F0A08
    .text C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\UGEEAS27\mb46ucb5[1].exe[3800] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003F0600
    .text C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\UGEEAS27\mb46ucb5[1].exe[3800] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003F01F8
    .text C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\UGEEAS27\mb46ucb5[1].exe[3800] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003F03FC
    .text C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\UGEEAS27\mb46ucb5[1].exe[3800] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 004C1014
    .text C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\UGEEAS27\mb46ucb5[1].exe[3800] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 004C0804
    .text C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\UGEEAS27\mb46ucb5[1].exe[3800] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 004C0A08
    .text C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\UGEEAS27\mb46ucb5[1].exe[3800] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 004C0C0C
    .text C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\UGEEAS27\mb46ucb5[1].exe[3800] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 004C0E10
    .text C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\UGEEAS27\mb46ucb5[1].exe[3800] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 004C01F8
    .text C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\UGEEAS27\mb46ucb5[1].exe[3800] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 004C03FC
    .text C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\UGEEAS27\mb46ucb5[1].exe[3800] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 004C0600
    .text C:\Program Files\AVAST Software\Avast\avastUI.exe[3940] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\AVAST Software\Avast\avastUI.exe[3940] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\WINDOWS\system32\services.exe[1000] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00660002
    IAT C:\WINDOWS\system32\services.exe[1000] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00660000
    IAT C:\Program Files\Internet Explorer\iexplore.exe[2524] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

    ---- Threads - GMER 1.0.15 ----

    Thread System [4:132] 8ADB7E84
    Thread System [4:136] 8ADBA084

    ---- Files - GMER 1.0.15 ----

    File C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\EXXNK72E\background_gradient[1] 453 bytes

    ---- EOF - GMER 1.0.15 ----
  13. TotalyBuggered

    TotalyBuggered Newcomer, in training Topic Starter Posts: 22

    Attach.txt

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_11-03-05.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume2
    Install Date: 5/2/2008 4:43:58 PM
    System Uptime: 5/10/2011 10:35:53 PM (11 hours ago)
    .
    Motherboard: Dell Inc | | 0PP150
    Processor: Intel Pentium III Xeon processor | Socket 775 | 2999/1333mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 295 GiB total, 219.532 GiB free.
    D: is CDROM ()
    E: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
    Description: Photosmart Plus B209a-m
    Device ID: ROOT\MULTIFUNCTION\0000
    Manufacturer: HP
    Name: Photosmart Plus B209a-m
    PNP Device ID: ROOT\MULTIFUNCTION\0000
    Service:
    .
    ==== System Restore Points ===================
    .
    RP737: 4/4/2011 2:28:01 AM - System Checkpoint
    RP738: 4/6/2011 9:41:45 PM - Restore Operation
    RP739: 4/6/2011 9:45:23 PM - Restore Operation
    RP740: 4/6/2011 9:53:44 PM - Restore Operation
    RP741: 4/6/2011 9:54:18 PM - Restore Operation
    RP742: 4/8/2011 7:27:48 PM - Restore Operation
    RP743: 4/8/2011 11:36:41 PM - avast! Free Antivirus Setup
    RP744: 4/9/2011 9:47:14 PM - Installed Java(TM) 6 Update 24
    RP745: 4/10/2011 10:15:29 PM - System Checkpoint
    RP746: 4/11/2011 9:16:07 PM - Removed J2SE Runtime Environment 5.0 Update 6
    RP747: 4/11/2011 9:16:36 PM - Removed Java(TM) 6 Update 17
    RP748: 4/11/2011 9:17:23 PM - Removed Java(TM) 6 Update 6
    RP749: 4/11/2011 11:28:56 PM - Installed Windows Defender
    RP750: 4/11/2011 11:30:25 PM - Software Distribution Service 3.0
    RP751: 4/12/2011 12:37:16 AM - Restore Operation
    RP752: 4/15/2011 9:31:58 AM - Software Distribution Service 3.0
    RP753: 4/15/2011 6:47:51 PM - Software Distribution Service 3.0
    RP754: 4/16/2011 3:00:26 AM - Software Distribution Service 3.0
    RP755: 4/17/2011 3:53:30 AM - System Checkpoint
    RP756: 4/18/2011 1:01:06 AM - Installed Command & Conquer Generals
    RP757: 4/19/2011 9:49:42 PM - Software Distribution Service 3.0
    RP758: 4/21/2011 8:19:52 PM - Removed MSN Toolbar
    RP759: 4/21/2011 10:12:05 PM - Software Distribution Service 3.0
    RP760: 4/21/2011 11:55:39 PM - Software Distribution Service 3.0
    RP761: 4/21/2011 11:59:11 PM - Software Distribution Service 3.0
    RP762: 4/22/2011 12:21:09 AM - Installed Windows Internet Explorer 8.
    RP763: 4/22/2011 12:21:41 AM - Software Distribution Service 3.0
    RP764: 4/22/2011 12:29:15 AM - Software Distribution Service 3.0
    RP765: 4/23/2011 11:01:34 AM - Software Distribution Service 3.0
    RP766: 4/24/2011 11:51:44 AM - System Checkpoint
    RP767: 4/25/2011 8:04:33 PM - System Checkpoint
    RP768: 4/26/2011 8:53:08 PM - System Checkpoint
    RP769: 4/26/2011 11:41:28 PM - Software Distribution Service 3.0
    RP770: 4/26/2011 11:43:35 PM - Software Distribution Service 3.0
    RP771: 4/26/2011 11:57:26 PM - Software Distribution Service 3.0
    RP772: 4/27/2011 9:28:49 PM - Software Distribution Service 3.0
    RP773: 4/29/2011 3:00:28 PM - Software Distribution Service 3.0
    RP774: 5/1/2011 12:50:21 AM - Software Distribution Service 3.0
    RP775: 5/2/2011 7:04:44 PM - Software Distribution Service 3.0
    RP776: 5/7/2011 2:24:07 PM - System Checkpoint
    RP777: 5/8/2011 11:57:03 PM - Software Distribution Service 3.0
    RP778: 5/10/2011 10:46:54 PM - Software Distribution Service 3.0
    RP779: 5/11/2011 3:00:18 AM - Software Distribution Service 3.0
    .
    ==== Installed Programs ======================
    .
    32 Bit HP CIO Components Installer
    4 Warn Alert
    Acrobat.com
    Ad-Aware
    Adobe Acrobat 6.0.1 Standard
    Adobe AIR
    Adobe Atmosphere Player for Acrobat and Adobe Reader
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.4.4
    AiO_Scan
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ATT-AACE
    avast! Free Antivirus
    AVS Update Manager 1.0
    AVS Video Converter 6
    AVS Video Recorder 2.4
    AVS4YOU Software Navigator 1.3
    B209a-m
    BufferChm
    Command & Conquer Generals
    Compatibility Pack for the 2007 Office system
    Critical Update for Windows Media Player 11 (KB959772)
    Curse Client
    Dell DataSafe Online
    Dell System Restore
    Destinations
    DeviceDiscovery
    DivX Plus Web Player
    Documentation & Support Launcher
    Download Manager 2.3.10
    Enterprise
    Games, Music, & Photos Launcher
    Google Chrome
    Google Earth
    Google Update Helper
    GPBaseService2
    High Definition Audio Driver Package - KB835221
    High Definition Audio Driver Package - KB888111
    Highlight Viewer (Windows Live Toolbar)
    HijackThis 2.0.2
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB915800-v4)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    HP Customer Participation Program 14.0
    HP Imaging Device Functions 14.0
    HP Officejet 5600 series
    HP Photo Creations
    HP Photosmart Plus B209a-m All-in-One Driver Software 14.0 Rel. 6
    HP Print Diagnostic Utility
    HP PSC & OfficeJet 5.3.B
    HP Smart Web Printing 4.60
    HP Solution Center 14.0
    HP Update
    HPProductAssistant
    HPSSupply
    IKEA Home Planner
    ImageMixer VCD2
    Internet Service Offers Launcher
    iTunes
    Java Auto Updater
    Junk Mail filter update
    Malwarebytes' Anti-Malware
    Map Button (Windows Live Toolbar)
    MarketResearch
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Antimalware
    Microsoft Application Error Reporting
    Microsoft Base Smart Card Cryptographic Service Provider Package
    Microsoft Choice Guard
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Live Add-in 1.3
    Microsoft Office Outlook Connector
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Professional 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher 2007
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Plus! Digital Media Edition Installer
    Microsoft Plus! Photo Story 2 LE
    Microsoft Search Enhancement Pack
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Silverlight
    Microsoft Software Update for Web Folders (English) 12
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Sync Framework Runtime Native v1.0 (x86)
    Microsoft Sync Framework Services Native v1.0 (x86)
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable - KB2467175
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Windows Theme Nunavut
    Microsoft Works
    MSVCRT
    MSXML 6.0 Parser (KB933579)
    Musicmatch for Windows Media Player
    Network
    NVIDIA Drivers
    NVIDIA Performance
    NVIDIA System Monitor
    Octoshape add-in for Adobe Flash Player
    OGA Notifier 2.0.0048.0
    Photo Story 3 for Windows
    Picture Package
    PowerDVD
    PS_AIO_06_B209a-m_SW_Min
    QFolder
    QuickTransfer
    Realtek High Definition Audio Driver
    Roxio Creator Audio
    Roxio Creator Copy
    Roxio Creator Data
    Roxio Creator DE
    Roxio Creator Tools
    Roxio Express Labeler 3
    Roxio Update Manager
    Scan
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB2466156)
    Security Update for 2007 Microsoft Office System (KB2509488)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Excel 2007 (KB2464583)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
    Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
    Security Update for Microsoft Office Publisher 2007 (KB2284697)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 8 (KB2482017)
    Security Update for Windows Internet Explorer 8 (KB2497640)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 10 (KB936782)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows Search 4 - KB963093
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2491683)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    Segoe UI
    Shop for HP Supplies
    Smart Menus (Windows Live Toolbar)
    SmartWebPrinting
    SolutionCenter
    Sony USB Driver
    Spybot - Search & Destroy
    StarCraft
    Status
    SUPERAntiSpyware
    Toolbox
    TopOCR 3.1
    Transport Tycoon Deluxe
    TrayApp
    Tropico
    Tropico Reloaded
    TTDPatch 2.5 beta 9
    U.S. Robotics Wireless MAXg Adapter
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Outlook 2007 (KB2509470)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update for Microsoft Windows (KB971513)
    Update for Outlook 2007 Junk Email Filter (KB2536413)
    Update for Windows Internet Explorer 8 (KB2447568)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB2492386)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB961503)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    VC80CRTRedist - 8.0.50727.4053
    Ventrilo Client
    VideoLAN VLC media player 0.8.6d
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    WebFldrs XP
    WebReg
    Westwood Shared Internet Components
    Windows Defender
    Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Installer 3.1 (KB893803)
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live Favorites for Windows Live Toolbar
    Windows Live Mail
    Windows Live Messenger
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Toolbar
    Windows Live Toolbar Extension (Windows Live Toolbar)
    Windows Live Upload Tool
    Windows Live Writer
    Windows Management Framework Core
    Windows Media Format 11 runtime
    Windows Media Format SDK Hotfix - KB891122
    Windows Media Player 10
    Windows Media Player 11
    Windows Search 4.0
    Windows XP Service Pack 3
    World of Warcraft
    X-Com Terror From the Deep
    Xvid 1.2.2 final uninstall
    Yahoo! Internet Mail
    Yahoo! Messenger
    .
    ==== Event Viewer Messages From Past Week ========
    .
    5/8/2011 11:55:06 PM, error: nvgts [9] - The device, \Device\Scsi\nvgts1, did not respond within the timeout period.
    5/8/2011 11:52:24 PM, error: Service Control Manager [7000] - The SASDIFSV service failed to start due to the following error: Cannot create a file when that file already exists.
    5/7/2011 5:53:47 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 240 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
    5/7/2011 3:53:46 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 120 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
    5/7/2011 2:53:46 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 60 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
    5/7/2011 2:23:46 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 30 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
    5/7/2011 2:18:44 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.103.879.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6802.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    5/7/2011 11:10:57 AM, error: Service Control Manager [7034] - The SeaPort service terminated unexpectedly. It has done this 1 time(s).
    5/7/2011 11:10:57 AM, error: Service Control Manager [7031] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
    5/7/2011 11:10:46 AM, error: Service Control Manager [7034] - The Performance Service service terminated unexpectedly. It has done this 1 time(s).
    5/7/2011 11:10:46 AM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
    5/7/2011 11:10:46 AM, error: Service Control Manager [7034] - The Broadcom Wireless LAN Tray Service service terminated unexpectedly. It has done this 1 time(s).
    5/7/2011 11:10:46 AM, error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
    5/7/2011 11:10:46 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    5/7/2011 11:08:33 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
    .
    ==== End Of File ===========================
  14. TotalyBuggered

    TotalyBuggered Newcomer, in training Topic Starter Posts: 22

    Dds log

    .
    DDS (Ver_11-03-05.01) - NTFSx86
    Run by Tracy at 9:30:53.14 on Wed 05/11/2011
    Internet Explorer: 8.0.6001.18702
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3069.1745 [GMT -5:00]
    .
    AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
    AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .
    ============== Running Processes ===============
    .
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost -k DcomLaunch
    c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    svchost.exe
    svchost.exe
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\System32\bcmwltry.exe
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\fxssvc.exe
    C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
    C:\WINDOWS\system32\svchost.exe -k HPService
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\AVAST Software\Avast\avastUI.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
    C:\Documents and Settings\Tracy\Local Settings\Temporary Internet Files\Content.IE5\UGEEAS27\mb46ucb5[1].exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\Documents and Settings\Tracy\Desktop\dds.scr
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.ebay.com/
    uSearch Page =
    uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1080501
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uSearch Bar =
    uDefault_Search_URL = hxxp://www.google.com/ie
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    mSearchAssistant = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
    BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
    BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
    BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
    TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
    TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
    TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
    TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
    EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
    EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
    uRun: [igndlm.exe] c:\program files\download manager\DLM.exe /windowsstart /startifwork
    mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
    mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
    IE: Add to Google Photos Screensa&ver
    IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - c:\program files\bodog poker\BPGame.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
    DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
    DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-24-0.cab
    DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1209769999067
    DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
    Filter: text/html - {d9615e12-6fcb-45a4-a019-9cf821228ab2} -
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
    SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
    SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-10-30 64512]
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-4-8 441176]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-4-8 307288]
    R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
    R1 MpKslbd238556;MpKslbd238556;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3b2d322f-13f6-4d98-bf48-4f88f701c641}\MpKslbd238556.sys [2011-5-10 28752]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-4-8 19544]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-4-8 42184]
    R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-9-22 54752]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-4 135664]
    S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-4-1 2146496]
    S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
    S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [2008-9-14 2944]
    S3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver;c:\windows\system32\drivers\BrFiltLo.sys [2008-9-14 12160]
    S3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver;c:\windows\system32\drivers\BrFiltUp.sys [2008-9-14 3968]
    S3 BrSerWDM;Brother WDM Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [2008-9-14 60416]
    S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\BrUsbMdm.sys [2008-9-14 11008]
    S3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [2008-9-14 10368]
    S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-5-4 135664]
    S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-4-1 15232]
    S3 Symantec Core LC;Symantec Core LC;c:\progra~1\common~1\symant~1\ccpd-lc\symlcsvc.exe [2011-3-16 1245064]
    S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-11 14336]
    .
    =============== Created Last 30 ================
    .
    2011-05-11 05:41:35 -------- d-----w- c:\docume~1\tracy\applic~1\Windows Search
    2011-05-11 03:47:06 28752 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{3b2d322f-13f6-4d98-bf48-4f88f701c641}\MpKslbd238556.sys
    2011-05-11 03:46:56 7071056 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{3b2d322f-13f6-4d98-bf48-4f88f701c641}\mpengine.dll
    2011-04-27 05:01:31 -------- d-----w- c:\windows\system32\winrm
    2011-04-27 05:01:28 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
    2011-04-27 04:58:50 -------- d-----w- c:\docume~1\tracy\locals~1\applic~1\Identities
    2011-04-27 04:58:49 -------- d-----w- c:\docume~1\tracy\applic~1\Windows Desktop Search
    2011-04-27 04:58:22 -------- d-----w- c:\windows\system32\GroupPolicy
    2011-04-27 04:58:22 -------- d-----w- c:\program files\Windows Desktop Search
    2011-04-27 04:57:41 98304 ------w- c:\windows\system32\dllcache\nlhtml.dll
    2011-04-27 04:57:41 29696 ------w- c:\windows\system32\dllcache\mimefilt.dll
    2011-04-27 04:57:41 192000 ------w- c:\windows\system32\dllcache\offfilt.dll
    2011-04-23 16:01:42 7071056 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
    2011-04-22 05:20:33 -------- dc-h--w- c:\windows\ie8
    2011-04-22 04:57:19 -------- d-----w- c:\program files\Microsoft Security Client
    2011-04-20 02:49:49 7071056 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\windows defender\definition updates\{36eca13d-03aa-4453-8756-604244775056}\mpengine.dll
    2011-04-18 06:02:09 -------- d-----w- c:\program files\EA Games
    2011-04-15 14:32:15 -------- d--h--w- c:\windows\$hf_mig$
    2011-04-14 08:39:02 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
    2011-04-13 05:42:35 -------- dc-h--w- c:\docume~1\alluse~1\applic~1\{6A395471-4AA3-4072-AE1B-9B69A97AD164}
    2011-04-12 04:30:37 6792528 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\windows defender\definition updates\backup\mpengine.dll
    2011-04-12 04:30:35 222080 ------w- c:\windows\system32\MpSigStub.exe
    .
    ==================== Find3M ====================
    .
    2011-04-18 17:25:12 40112 ----a-w- c:\windows\avastSS.scr
    2011-04-18 10:23:39 16432 ----a-w- c:\windows\system32\lsdelete.exe
    2011-04-08 23:44:58 9920304 ----a-w- C:\mseinstall.exe
    2011-03-11 14:10:38 471552 ----a-w- c:\windows\apppatch\aclayers.dll
    2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll
    2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys
    2011-02-22 23:06:29 916480 ----a-w- c:\windows\system32\wininet.dll
    2011-02-22 23:06:29 43520 ------w- c:\windows\system32\licmgr10.dll
    2011-02-22 23:06:29 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2011-02-22 11:41:59 385024 ------w- c:\windows\system32\html.iec
    2011-02-17 12:32:12 5120 ----a-w- c:\windows\system32\xpsp4res.dll
    2011-02-15 12:56:39 290432 ----a-w- c:\windows\system32\atmfd.dll
    2011-02-11 13:25:52 229888 ----a-w- c:\windows\system32\fxscover.exe
    .
    ============= FINISH: 9:32:14.85 ===============
  15. TotalyBuggered

    TotalyBuggered Newcomer, in training Topic Starter Posts: 22

    Mbam log 5-11-11

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 6555

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    5/11/2011 9:27:48 AM
    mbam-log-2011-05-11 (09-27-48).txt

    Scan type: Quick scan
    Objects scanned: 184372
    Time elapsed: 4 minute(s), 31 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
  16. TotalyBuggered

    TotalyBuggered Newcomer, in training Topic Starter Posts: 22

    OK..

    hope that was all ok... i have no idea what all that is but im sure you do :)

    thank you in advance

    tracy
  17. Broni

    Broni Malware Annihilator Posts: 46,179   +251

    You're running three AV programs, Avast, Microsoft Security Essentials and Lavasoft Ad-Watch Live! Anti-Virus.
    TWO of them have to go.
    Let me know, which one is to stay and uninstall two others.

    When done....

    Download Bootkit Remover to your Desktop.

    • You then need to extract the remover.exe file from the RAR using a program capable of extracing RAR compressed files. If you don't have an extraction program, you can use 7-Zip: http://www.7-zip.org/
    • After extracing remover.exe to your Desktop, double-click on remover.exe to run the program (Vista/7 users,right click on remover.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.

    ===================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
  18. TotalyBuggered

    TotalyBuggered Newcomer, in training Topic Starter Posts: 22

    OK..

    I just uninstalled AVAST and AD aware
  19. Broni

    Broni Malware Annihilator Posts: 46,179   +251

    Cool :)
    Go on....
  20. TotalyBuggered

    TotalyBuggered Newcomer, in training Topic Starter Posts: 22

    ok

    when i click on bookit it gives me an error first on a pop up that says

    ATA_PASS_THRU_DIRECT is not supported by your disk controller
    SCSI_PASS_THRU_DIRECT will be used for disk I/O


    then the log says
    Bootkit Remover
    (c) 2009 eSage Lab
    www.esagelab.com

    Program version: 1.2.0.0
    OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`02f10c00
    ATA_Read(): DeviceIoControl() ERROR 1
    Boot sector MD5 is: d151c79dcec0bf1ec983bea63558a0ef

    Size Device Name MBR Status
    --------------------------------------------
    298 GB \\.\PhysicalDrive0 Unknown boot code

    Unknown boot code has been found on some of your physical disks.
    To inspect the boot code manually, dump the master boot sector:
    remover.exe dump <device_name> [output_file]
    To disinfect the master boot sector, use the following command:
    remover.exe fix <device_name>


    Done;
    Press any key to quit...
  21. Broni

    Broni Malware Annihilator Posts: 46,179   +251

    That's all I needed.
    Go on...
  22. TotalyBuggered

    TotalyBuggered Newcomer, in training Topic Starter Posts: 22

    YAY!!

    I cannot thank you enough.. for the first time in a month warcraft will work the virus was doing something and it kept telling me it could not access my memory

    you are a genius and very kind for doing that

    i didint know what else i was going to do

    thank you!!!!
    tracy

    PS my GF from work has the exact same virus now i can help her


    thank you Broni !!! :approve:
  23. TotalyBuggered

    TotalyBuggered Newcomer, in training Topic Starter Posts: 22

    paypal...

    i just noticed your paypal link and sent you a little cash,........ :)
  24. Broni

    Broni Malware Annihilator Posts: 46,179   +251

    I'm very happy to see you and your computer being happy :)

    But...I still need to see that Combofix log.

    P. S. Thank you for your donation :)
  25. TotalyBuggered

    TotalyBuggered Newcomer, in training Topic Starter Posts: 22

    combofix

    it froze up and never gave me one
    should I do it again?
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.