Lavasoft Support Forums > IE homepage taken over

jhtham

Jul 27 2009, 06:46 AM

My IE7 homepage is set to about:blank but it constantly loads
'http://www.qq5.com/" on startup.

I've scanned my pc using avast antivirus during boot up, it shows no infections

Hijackthis log as follows:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:25:58 PM, on 27/07/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
E:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Saitek\Software\Profiler.exe
C:\Program Files\Saitek\Software\SaiMfd.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Razer\Diamondback 3G\razerhid.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Razer\Diamondback 3G\razerofa.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
E:\Program Files\Java\jre6\bin\jusched.exe
E:\Program Files\Free Download Manager\fdm.exe
E:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.ucd.ie:8484
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;*.local
O2 - BHO: (no name) - {053F9267-DC04-4294-A72C-58F732D338C0} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - E:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - E:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - E:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe
O4 - HKLM\..\Run: [SaiMfd] C:\Program Files\Saitek\Software\SaiMfd.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Diamondback] C:\Program Files\Razer\Diamondback 3G\razerhid.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Free Download Manager] "E:\Program Files\Free Download Manager\fdm.exe" -autorun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "E:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Download All with FlashGet - E:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - E:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://E:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://E:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://E:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://E:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-MY/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1239145459968
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1239145448609
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {CFD7D0F6-CCAF-4FFA-9D7F-CE9B65F562EC} (AppCaller Control) - http://www.bombndash.com/common/AppCaller.ocx
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{028D2654-F787-43B1-B6BB-85DEEF136108}: NameServer = 202.188.0.133,202.188.1.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{849E3F7A-920B-4801-B7C3-DD485E8252FF}: NameServer = 202.188.0.133,202.188.1.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{028D2654-F787-43B1-B6BB-85DEEF136108}: NameServer = 202.188.0.133,202.188.1.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{028D2654-F787-43B1-B6BB-85DEEF136108}: NameServer = 202.188.0.133,202.188.1.5
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - E:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Pharos Systems ComTaskMaster - Pharos Systems International - C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 13910 bytes

Blade81

Jul 27 2009, 11:40 PM

Hi,

Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds.scr to run the tool.

When done, DDS will open two (2) logs:
1. DDS.txt
2. Attach.txt

Save both reports to your desktop. Post them back to your topic.

Download GMER here by clicking download exe -button and then saving it your desktop:

Double-click .exe that you downloaded
Click rootkit-tab and then scan.
Don't check
Show All
box while scanning in progress!
When scanning is ready, click Copy.
This copies log to clipboard
Post log in your reply.

jhtham

Jul 28 2009, 02:56 AM

DDS.txt

DDS (Ver_09-06-26.01) - NTFSx86
Run by joonhi at 9:47:12.89 on 28/07/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.3326.2473 [GMT 8:00]

AV: avast! antivirus 4.8.1335 [VPS 090727-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\WINDOWS\system32\svchost.exe -k bthsvcs
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
E:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Saitek\Software\Profiler.exe
C:\Program Files\Saitek\Software\SaiMfd.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Razer\Diamondback 3G\razerhid.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
E:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Razer\Diamondback 3G\razerofa.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
E:\Program Files\Free Download Manager\fdm.exe
E:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\joonhi\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = about:blank
uInternet Settings,ProxyServer = proxy.ucd.ie:8484
uInternet Settings,ProxyOverride = local;*.local
BHO: {053F9267-DC04-4294-A72C-58F732D338C0} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - e:\program files\free download manager\iefdm2.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - e:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - e:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: FlashGet GetFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - e:\program files\flashget\getflash.dll
TB: Alcohol Toolbar: {4c4e7cdb-5bfc-4d74-83e2-8ae659b7eda2} -
TB: {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [Free Download Manager] "e:\program files\free download manager\fdm.exe" -autorun
uRun: [DAEMON Tools Lite] "e:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [Profiler] c:\program files\saitek\software\Profiler.exe
mRun: [SaiMfd] c:\program files\saitek\software\SaiMfd.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\isuspm.exe" -scheduler
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [Diamondback] c:\program files\razer\diamondback 3g\razerhid.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [XboxStat] "c:\program files\microsoft xbox 360 accessories\XboxStat.exe" silentrun
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay
mRun: [SunJavaUpdateSched] "e:\program files\java\jre6\bin\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: &Download All with FlashGet - e:\progra~1\flashget\jc_all.htm
IE: &Download with FlashGet - e:\progra~1\flashget\jc_link.htm
IE: Download all with Free Download Manager - file://e:\program files\free download manager\dlall.htm
IE: Download selected with Free Download Manager - file://e:\program files\free download manager\dlselected.htm
IE: Download video with Free Download Manager - file://e:\program files\free download manager\dlfvideo.htm
IE: Download with Free Download Manager - file://e:\program files\free download manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - e:\program files\flashget\FlashGet.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-MY/a-UNO1/GAME_UNO1.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1239145459968
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1239145448609
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CFD7D0F6-CCAF-4FFA-9D7F-CE9B65F562EC} - hxxp://www.bombndash.com/common/AppCaller.ocx
DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} - hxxp://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
TCP: {028D2654-F787-43B1-B6BB-85DEEF136108} = 208.67.222.222,208.67.220.220
TCP: {849E3F7A-920B-4801-B7C3-DD485E8252FF} = 202.188.0.133,202.188.1.5
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath -

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R0 BootScreen;BootScreen;\SystemRoot\\SystemRoot\System32\drivers\vidstub.sys --> \SystemRoot\\SystemRoot\System32\drivers\vidstub.sys [?]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-7-27 64160]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-4-4 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-4-4 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2007-11-19 138680]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-7-3 1029456]
R2 vnccom;vnccom;c:\windows\system32\drivers\vnccom.SYS [2007-11-4 6016]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2007-11-19 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2007-11-19 352920]
R3 Razerlow;Diamondback 3G USB Filter Driver;c:\windows\system32\drivers\DB3G.sys [2008-5-5 13225]
S1 atitray;atitray;\??\c:\program files\radeon omega drivers\v3.8.252\ati tray tools\atitray.sys --> c:\program files\radeon omega drivers\v3.8.252\ati tray tools\atitray.sys [?]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\ef.tmp --> c:\windows\system32\EF.tmp [?]
S3 NPF;WinPcap Packet Driver (NPF);c:\windows\system32\drivers\npf.sys --> c:\windows\system32\drivers\NPF.sys [?]
S3 PsSdk41;PsSdk41;c:\windows\system32\drivers\pssdk41.sys [2008-10-22 36928]
S3 SaiHFF0D;SaiHFF0D;c:\windows\system32\drivers\SaiHFF0D.sys [2007-6-7 176000]
S3 SaiUFF0D;SaiUFF0D;c:\windows\system32\drivers\SaiUFF0D.sys [2007-6-7 27136]
S3 tap0901;TAP-Win32 Adapter V9;c:\windows\system32\drivers\tap0901.sys [2007-4-26 25088]
S3 XDva008;XDva008;\??\c:\windows\system32\xdva008.sys --> c:\windows\system32\XDva008.sys [?]

=============== Created Last 30 ================

2009-07-27 15:52 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{EF63305C-BAD7-4144-9208-D65528260864}
2009-07-27 13:23 <DIR> --d----- c:\program files\Trend Micro
2009-07-21 14:05 <DIR> --d----- c:\program files\common files\Macromedia Shared
2009-07-21 12:36 <DIR> --d----- c:\docume~1\alluse~1\applic~1\FarmFrenzy-PizzaParty
2009-07-20 19:44 <DIR> --d----- c:\program files\common files\Macromedia
2009-07-19 17:50 <DIR> --d----- c:\docume~1\joonhi\applic~1\Beanbag Studios
2009-07-19 09:22 <DIR> --d----- c:\program files\common files\baidu
2009-07-04 20:40 <DIR> --d----- c:\program files\Microsoft Games for Windows - LIVE

==================== Find3M ====================

============= FINISH: 9:48:12.81 ===============

jhtham

Jul 28 2009, 02:58 AM

Attach.txt

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-06-26.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 06/06/2007 6:32:58 PM
System Uptime: 28/07/2009 8:23:54 AM (1 hours ago)

Motherboard: Dell Inc. | | 0XD720
Processor: Genuine Intel® CPU T2300 @ 1.66GHz | Microprocessor | 1662/166mhz
Processor: Genuine Intel® CPU T2300 @ 1.66GHz | Microprocessor | 1662/166mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 39 GiB total, 5.202 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 34 GiB total, 9.743 GiB free.
F: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Hamachi Network Interface
Device ID: ROOT\NET00
Manufacturer: LogMeIn, Inc.
Name: Hamachi Network Interface
PNP Device ID: ROOT\NET00
Service: hamachi

Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Jh
Device ID: ROOT\WPD00
Manufacturer: Nokia
Name: Jh
PNP Device ID: ROOT\WPD00
Service: WUDFRd

Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia 7510a
Device ID: ROOT\WPD01
Manufacturer: Nokia
Name: Nokia 7510a
PNP Device ID: ROOT\WPD01
Service: WUDFRd

==== System Restore Points ===================

RP887: 21/07/2009 9:34:38 AM - Removed Java™ 6 Update 14
RP888: 21/07/2009 9:35:36 AM - Installed Java™ 6 Update 14
RP889: 21/07/2009 9:44:30 AM - Installed Java™ 6 Update 14
RP890: 21/07/2009 9:45:00 AM - Installed Java™ 6 Update 14
RP891: 21/07/2009 9:49:16 AM - Installed Java™ 6 Update 14
RP892: 21/07/2009 9:50:09 AM - Installed Java™ 6 Update 14
RP893: 21/07/2009 12:35:46 PM - Installed Farm Frenzy - Pizza Party!
RP894: 21/07/2009 2:03:43 PM - Installed Dreamweaver MX 2004
RP895: 24/07/2009 10:56:14 AM - System Checkpoint
RP896: 25/07/2009 11:53:38 AM - System Checkpoint
RP897: 26/07/2009 6:28:48 PM - System Checkpoint
RP898: 27/07/2009 1:37:39 PM - Automatic Restore Point

==== Installed Programs ======================

==== Event Viewer Messages From Past Week ========

==== End Of File ===========================

jhtham

Jul 28 2009, 04:33 AM

GMER scan taking much longer than expected. Willl post when it is done

EDIT: its up now. Sorry about the weird line breaks.. it just happened when i pasted it. The GMER scan terminated with a "Rootkit modifications detected" (or something along these lines)

GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-07-28 11:33:49
Windows 5.1.2600 Service Pack 2

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xF0F716B8] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xF0F71574] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xF0F71A52] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xF0F7114C] <-- ROOTKIT !!!
SSDT spuc.sys ZwEnumerateKey [0xF5BBECA2] <-- ROOTKIT !!!
SSDT spuc.sys ZwEnumerateValueKey [0xF5BBF030] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xF0F7164E] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xF0F7108C] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xF0F710F0] <-- ROOTKIT !!!
SSDT spuc.sys ZwQueryKey [0xF5BBF108] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xF0F7176E] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xF0F7172E] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xF0F718AE] <-- ROOTKIT !!!

INT 0x62 ? FCC5BD64
INT 0x63 ? FC8472AC
INT 0x73 ? FC9AEE54
INT 0x74 ? FCAE3974
INT 0x82 ? FCC59E54
INT 0x83 ? FCC62D54
INT 0x84 ? FC99752C
INT 0x93 ? FC8EF5FC
INT 0x94 ? FC976E54
INT 0xA3 ? FCA95E54
INT 0xA4 ? FC9F18DC
INT 0xB1 ? FCD06E54
INT 0xB4 ? FCAF276C

---- Kernel code sections - GMER 1.0.15 ----

? spuc.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload F4BFE62C 5 Bytes JMP FCC861D8
.text vaxscsi.sys!A0DB34FC6FE35D429A28ADDE5467D4D7 F4AEE4D0 48 Bytes [FC, 38, AF, B9, 7E, F5, EB, ...]
? C:\WINDOWS\System32\Drivers\vaxscsi.sys The process cannot access the file because it is being used by another process.
.text al07kawl.SYS F4AB6386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text al07kawl.SYS F4AB63AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text al07kawl.SYS F4AB63C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH}
.text al07kawl.SYS F4AB63C9 1 Byte [2E]
.text al07kawl.SYS F4AB63C9 11 Bytes [2E, 00, 00, 00, 5A, 02, 00, ...]
.text ...
? C:\WINDOWS\TEMP\mc21.tmp The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[276] KERNEL32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[276] KERNEL32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[276] KERNEL32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes CALL 5F00003D
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[276] KERNEL32.dll!ExitProcess 7C81CDDA 6 Bytes JMP 5F040F5A
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[276] GDI32.dll!EndPage 77F2DDB1 6 Bytes JMP 5F190F5A
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[276] GDI32.dll!EndDoc 77F2E041 6 Bytes JMP 5F130F5A
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[276] GDI32.dll!StartPage 77F2F116 6 Bytes JMP 5F160F5A
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[276] GDI32.dll!AbortDoc 77F43EFF 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[276] GDI32.dll!StartDocW 77F44B8F 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[276] GDI32.dll!StartDocW + 4 77F44B93 2 Bytes [11, 5F]
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[276] GDI32.dll!StartDocA 77F450A9 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[276] GDI32.dll!StartDocA + 4 77F450AD 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[436] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[436] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[436] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes CALL 5F00003D
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[436] kernel32.dll!ExitProcess 7C81CDDA 6 Bytes JMP 5F040F5A
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[436] GDI32.dll!EndPage 77F2DDB1 6 Bytes JMP 5F200F5A
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[436] GDI32.dll!EndDoc 77F2E041 6 Bytes JMP 5F1A0F5A
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[436] GDI32.dll!StartPage 77F2F116 6 Bytes JMP 5F1D0F5A
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[436] GDI32.dll!AbortDoc 77F43EFF 6 Bytes JMP 5F230F5A
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[436] GDI32.dll!StartDocW 77F44B8F 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[436] GDI32.dll!StartDocW + 4 77F44B93 2 Bytes [18, 5F]
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[436] GDI32.dll!StartDocA 77F450A9 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[436] GDI32.dll!StartDocA + 4 77F450AD 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[512] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[512] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[512] kernel32.dll!ExitProcess 7C81CDDA 6 Bytes JMP 5F040F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[512] GDI32.dll!EndPage 77F2DDB1 6 Bytes JMP 5F190F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[512] GDI32.dll!EndDoc 77F2E041 6 Bytes JMP 5F130F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[512] GDI32.dll!StartPage 77F2F116 6 Bytes JMP 5F160F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[512] GDI32.dll!AbortDoc 77F43EFF 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[512] GDI32.dll!StartDocW 77F44B8F 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[512] GDI32.dll!StartDocW + 4 77F44B93 2 Bytes [11, 5F]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[512] GDI32.dll!StartDocA 77F450A9 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[512] GDI32.dll!StartDocA + 4 77F450AD 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\stsystra.exe[516] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\stsystra.exe[516] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\stsystra.exe[516] kernel32.dll!ExitProcess 7C81CDDA 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\stsystra.exe[516] GDI32.dll!EndPage 77F2DDB1 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\stsystra.exe[516] GDI32.dll!EndDoc 77F2E041 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\stsystra.exe[516] GDI32.dll!StartPage 77F2F116 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\stsystra.exe[516] GDI32.dll!AbortDoc 77F43EFF 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\stsystra.exe[516] GDI32.dll!StartDocW 77F44B8F 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\stsystra.exe[516] GDI32.dll!StartDocW + 4 77F44B93 2 Bytes [11, 5F]
.text C:\WINDOWS\stsystra.exe[516] GDI32.dll!StartDocA 77F450A9 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\stsystra.exe[516] GDI32.dll!StartDocA + 4 77F450AD 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Dell\QuickSet\quickset.exe[544] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Dell\QuickSet\quickset.exe[544] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Dell\QuickSet\quickset.exe[544] kernel32.dll!ExitProcess 7C81CDDA 6 Bytes JMP 5F040F5A
.text C:\Program Files\Dell\QuickSet\quickset.exe[544] GDI32.dll!EndPage 77F2DDB1 6 Bytes JMP 5F190F5A
.text C:\Program Files\Dell\QuickSet\quickset.exe[544] GDI32.dll!EndDoc 77F2E041 6 Bytes JMP 5F130F5A
.text C:\Program Files\Dell\QuickSet\quickset.exe[544] GDI32.dll!StartPage 77F2F116 6 Bytes JMP 5F160F5A
.text C:\Program Files\Dell\QuickSet\quickset.exe[544] GDI32.dll!AbortDoc 77F43EFF 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Dell\QuickSet\quickset.exe[544] GDI32.dll!StartDocW 77F44B8F 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell\QuickSet\quickset.exe[544] GDI32.dll!StartDocW + 4 77F44B93 2 Bytes [11, 5F]
.text C:\Program Files\Dell\QuickSet\quickset.exe[544] GDI32.dll!StartDocA 77F450A9 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell\QuickSet\quickset.exe[544] GDI32.dll!StartDocA + 4 77F450AD 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Saitek\Software\Profiler.exe[560] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Saitek\Software\Profiler.exe[560] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Saitek\Software\Profiler.exe[560] kernel32.dll!ExitProcess 7C81CDDA 6 Bytes JMP 5F040F5A
.text C:\Program Files\Saitek\Software\Profiler.exe[560] GDI32.dll!EndPage 77F2DDB1 6 Bytes JMP 5F190F5A
.text C:\Program Files\Saitek\Software\Profiler.exe[560] GDI32.dll!EndDoc 77F2E041 6 Bytes JMP 5F130F5A
.text C:\Program Files\Saitek\Software\Profiler.exe[560] GDI32.dll!StartPage 77F2F116 6 Bytes JMP 5F160F5A
.text C:\Program Files\Saitek\Software\Profiler.exe[560] GDI32.dll!AbortDoc 77F43EFF 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Saitek\Software\Profiler.exe[560] GDI32.dll!StartDocW 77F44B8F 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Saitek\Software\Profiler.exe[560] GDI32.dll!StartDocW + 4 77F44B93 2 Bytes [11, 5F]
.text C:\Program Files\Saitek\Software\Profiler.exe[560] GDI32.dll!StartDocA 77F450A9 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Saitek\Software\Profiler.exe[560] GDI32.dll!StartDocA + 4 77F450AD 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Saitek\Software\SaiMfd.exe[628] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Saitek\Software\SaiMfd.exe[628] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Saitek\Software\SaiMfd.exe[628] kernel32.dll!ExitProcess 7C81CDDA 6 Bytes JMP 5F040F5A
.text C:\Program Files\Saitek\Software\SaiMfd.exe[628] GDI32.dll!EndPage 77F2DDB1 6 Bytes JMP 5F190F5A
.text C:\Program Files\Saitek\Software\SaiMfd.exe[628] GDI32.dll!EndDoc 77F2E041 6 Bytes JMP 5F130F5A
.text C:\Program Files\Saitek\Software\SaiMfd.exe[628] GDI32.dll!StartPage 77F2F116 6 Bytes JMP 5F160F5A
.text C:\Program Files\Saitek\Software\SaiMfd.exe[628] GDI32.dll!AbortDoc 77F43EFF 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Saitek\Software\SaiMfd.exe[628] GDI32.dll!StartDocW 77F44B8F 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Saitek\Software\SaiMfd.exe[628] GDI32.dll!StartDocW + 4 77F44B93 2 Bytes [11, 5F]
.text C:\Program Files\Saitek\Software\SaiMfd.exe[628] GDI32.dll!StartDocA 77F450A9 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Saitek\Software\SaiMfd.exe[628] GDI32.dll!StartDocA + 4 77F450AD 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\Ati2evxx.exe[808] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[808] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[808] kernel32.dll!ExitProcess 7C81CDDA 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[808] GDI32.dll!EndPage 77F2DDB1 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[808] GDI32.dll!EndDoc 77F2E041 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[808] GDI32.dll!StartPage 77F2F116 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[808] GDI32.dll!AbortDoc 77F43EFF 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[808] GDI32.dll!StartDocW 77F44B8F 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\Ati2evxx.exe[808] GDI32.dll!StartDocW + 4 77F44B93 2 Bytes [11, 5F]
.text C:\WINDOWS\system32\Ati2evxx.exe[808] GDI32.dll!StartDocA 77F450A9 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\Ati2evxx.exe[808] GDI32.dll!StartDocA + 4 77F450AD 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\ctfmon.exe[1136] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\ctfmon.exe[1136] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\ctfmon.exe[1136] kernel32.dll!ExitProcess 7C81CDDA 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\ctfmon.exe[1136] GDI32.dll!EndPage 77F2DDB1 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\ctfmon.exe[1136] GDI32.dll!EndDoc 77F2E041 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\ctfmon.exe[1136] GDI32.dll!StartPage 77F2F116 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\ctfmon.exe[1136] GDI32.dll!AbortDoc 77F43EFF 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\ctfmon.exe[1136] GDI32.dll!StartDocW 77F44B8F 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[1136] GDI32.dll!StartDocW + 4 77F44B93 2 Bytes [11, 5F]
.text C:\WINDOWS\system32\ctfmon.exe[1136] GDI32.dll!StartDocA 77F450A9 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[1136] GDI32.dll!StartDocA + 4 77F450AD 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe[1392] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe[1392] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe[1392] kernel32.dll!ExitProcess 7C81CDDA 6 Bytes JMP 5F040F5A
.text C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe[1392] GDI32.dll!EndPage 77F2DDB1 6 Bytes JMP 5F190F5A
.text C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe[1392] GDI32.dll!EndDoc 77F2E041 6 Bytes JMP 5F130F5A
.text C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe[1392] GDI32.dll!StartPage 77F2F116 6 Bytes JMP 5F160F5A
.text C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe[1392] GDI32.dll!AbortDoc 77F43EFF 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe[1392] GDI32.dll!StartDocW 77F44B8F 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe[1392] GDI32.dll!StartDocW + 4 77F44B93 2 Bytes [11, 5F]
.text C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe[1392] GDI32.dll!StartDocA 77F450A9 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe[1392] GDI32.dll!StartDocA + 4 77F450AD 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\Explorer.EXE[1464] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\Explorer.EXE[1464] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\Explorer.EXE[1464] kernel32.dll!ExitProcess 7C81CDDA 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\Explorer.EXE[1464] GDI32.dll!EndPage 77F2DDB1 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\Explorer.EXE[1464] GDI32.dll!EndDoc 77F2E041 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\Explorer.EXE[1464] GDI32.dll!StartPage 77F2F116 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\Explorer.EXE[1464] GDI32.dll!AbortDoc 77F43EFF 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\Explorer.EXE[1464] GDI32.dll!StartDocW 77F44B8F 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[1464] GDI32.dll!StartDocW + 4 77F44B93 2 Bytes [11, 5F]
.text C:\WINDOWS\Explorer.EXE[1464] GDI32.dll!StartDocA 77F450A9 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[1464] GDI32.dll!StartDocA + 4 77F450AD 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\rundll32.exe[2080] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\rundll32.exe[2080] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\rundll32.exe[2080] kernel32.dll!ExitProcess 7C81CDDA 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\rundll32.exe[2080] GDI32.dll!EndPage 77F2DDB1 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\rundll32.exe[2080] GDI32.dll!EndDoc 77F2E041 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\rundll32.exe[2080] GDI32.dll!StartPage 77F2F116 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\rundll32.exe[2080] GDI32.dll!AbortDoc 77F43EFF 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\rundll32.exe[2080] GDI32.dll!StartDocW 77F44B8F 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\rundll32.exe[2080] GDI32.dll!StartDocW + 4 77F44B93 2 Bytes [11, 5F]
.text C:\WINDOWS\system32\rundll32.exe[2080] GDI32.dll!StartDocA 77F450A9 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\rundll32.exe[2080] GDI32.dll!StartDocA + 4 77F450AD 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Razer\Diamondback 3G\razerhid.exe[2392] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Razer\Diamondback 3G\razerhid.exe[2392] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Razer\Diamondback 3G\razerhid.exe[2392] kernel32.dll!ExitProcess 7C81CDDA 6 Bytes JMP 5F040F5A
.text C:\Program Files\Razer\Diamondback 3G\razerhid.exe[2392] GDI32.dll!EndPage 77F2DDB1 6 Bytes JMP 5F190F5A
.text C:\Program Files\Razer\Diamondback 3G\razerhid.exe[2392] GDI32.dll!EndDoc 77F2E041 6 Bytes JMP 5F130F5A
.text C:\Program Files\Razer\Diamondback 3G\razerhid.exe[2392] GDI32.dll!StartPage 77F2F116 6 Bytes JMP 5F160F5A
.text C:\Program Files\Razer\Diamondback 3G\razerhid.exe[2392] GDI32.dll!AbortDoc 77F43EFF 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Razer\Diamondback 3G\razerhid.exe[2392] GDI32.dll!StartDocW 77F44B8F 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Razer\Diamondback 3G\razerhid.exe[2392] GDI32.dll!StartDocW + 4 77F44B93 2 Bytes [11, 5F]
.text C:\Program Files\Razer\Diamondback 3G\razerhid.exe[2392] GDI32.dll!StartDocA 77F450A9 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Razer\Diamondback 3G\razerhid.exe[2392] GDI32.dll!StartDocA + 4 77F450AD 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\NOTEPAD.EXE[2416] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\NOTEPAD.EXE[2416] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\NOTEPAD.EXE[2416] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes CALL 5F00003D
.text C:\WINDOWS\system32\NOTEPAD.EXE[2416] kernel32.dll!ExitProcess 7C81CDDA 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\NOTEPAD.EXE[2416] GDI32.dll!EndPage 77F2DDB1 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\NOTEPAD.EXE[2416] GDI32.dll!EndDoc 77F2E041 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\NOTEPAD.EXE[2416] GDI32.dll!StartPage 77F2F116 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\NOTEPAD.EXE[2416] GDI32.dll!AbortDoc 77F43EFF 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\NOTEPAD.EXE[2416] GDI32.dll!StartDocW 77F44B8F 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\NOTEPAD.EXE[2416] GDI32.dll!StartDocW + 4 77F44B93 2 Bytes [11, 5F]
.text C:\WINDOWS\system32\NOTEPAD.EXE[2416] GDI32.dll!StartDocA 77F450A9 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\NOTEPAD.EXE[2416] GDI32.dll!StartDocA + 4 77F450AD 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Documents and Settings\joonhi\Desktop\vfnhodbh.exe[2696] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Documents and Settings\joonhi\Desktop\vfnhodbh.exe[2696] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0A0F5A
.text C:\Documents and Settings\joonhi\Desktop\vfnhodbh.exe[2696] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes CALL 5F00003D
.text C:\Documents and Settings\joonhi\Desktop\vfnhodbh.exe[2696] kernel32.dll!ExitProcess 7C81CDDA 6 Bytes JMP 5F040F5A
.text C:\Documents and Settings\joonhi\Desktop\vfnhodbh.exe[2696] GDI32.dll!EndPage 77F2DDB1 6 Bytes JMP 5F190F5A
.text C:\Documents and Settings\joonhi\Desktop\vfnhodbh.exe[2696] GDI32.dll!EndDoc 77F2E041 6 Bytes JMP 5F130F5A
.text C:\Documents and Settings\joonhi\Desktop\vfnhodbh.exe[2696] GDI32.dll!StartPage 77F2F116 6 Bytes JMP 5F160F5A
.text C:\Documents and Settings\joonhi\Desktop\vfnhodbh.exe[2696] GDI32.dll!AbortDoc 77F43EFF 6 Bytes JMP 5F1C0F5A
.text C:\Documents and Settings\joonhi\Desktop\vfnhodbh.exe[2696] GDI32.dll!StartDocW 77F44B8F 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\joonhi\Desktop\vfnhodbh.exe[2696] GDI32.dll!StartDocW + 4 77F44B93 2 Bytes [11, 5F]
.text C:\Documents and Settings\joonhi\Desktop\vfnhodbh.exe[2696] GDI32.dll!StartDocA 77F450A9 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\joonhi\Desktop\vfnhodbh.exe[2696] GDI32.dll!StartDocA + 4 77F450AD 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2804] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2804] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2804] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes CALL 5F00003D
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2804] kernel32.dll!ExitProcess 7C81CDDA 6 Bytes JMP 5F040F5A
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2804] GDI32.dll!EndPage 77F2DDB1 6 Bytes JMP 5F190F5A
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2804] GDI32.dll!EndDoc 77F2E041 6 Bytes JMP 5F130F5A
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2804] GDI32.dll!StartPage 77F2F116 6 Bytes JMP 5F160F5A
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2804] GDI32.dll!AbortDoc 77F43EFF 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2804] GDI32.dll!StartDocW 77F44B8F 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2804] GDI32.dll!StartDocW + 4 77F44B93 2 Bytes [11, 5F]
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2804] GDI32.dll!StartDocA 77F450A9 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2804] GDI32.dll!StartDocA + 4 77F450AD 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Mozilla Firefox\firefox.exe[2868] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2868] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2868] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes CALL 5F00003D
.text C:\Program Files\Mozilla Firefox\firefox.exe[2868] kernel32.dll!ExitProcess 7C81CDDA 6 Bytes JMP 5F040F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2868] GDI32.dll!EndPage 77F2DDB1 6 Bytes JMP 5F190F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2868] GDI32.dll!EndDoc 77F2E041 6 Bytes JMP 5F130F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2868] GDI32.dll!StartPage 77F2F116 6 Bytes JMP 5F160F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2868] GDI32.dll!AbortDoc 77F43EFF 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2868] GDI32.dll!StartDocW 77F44B8F 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\firefox.exe[2868] GDI32.dll!StartDocW + 4 77F44B93 2 Bytes [11, 5F]
.text C:\Program Files\Mozilla Firefox\firefox.exe[2868] GDI32.dll!StartDocA 77F450A9 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\firefox.exe[2868] GDI32.dll!StartDocA + 4 77F450AD 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\wscntfy.exe[2976] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\wscntfy.exe[2976] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\wscntfy.exe[2976] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes CALL 5F00003D
.text C:\WINDOWS\system32\wscntfy.exe[2976] kernel32.dll!ExitProcess 7C81CDDA 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\wscntfy.exe[2976] GDI32.dll!EndPage 77F2DDB1 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\wscntfy.exe[2976] GDI32.dll!EndDoc 77F2E041 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\wscntfy.exe[2976] GDI32.dll!StartPage 77F2F116 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\wscntfy.exe[2976] GDI32.dll!AbortDoc 77F43EFF 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\wscntfy.exe[2976] GDI32.dll!StartDocW 77F44B8F 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wscntfy.exe[2976] GDI32.dll!StartDocW + 4 77F44B93 2 Bytes [11, 5F]
.text C:\WINDOWS\system32\wscntfy.exe[2976] GDI32.dll!StartDocA 77F450A9 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wscntfy.exe[2976] GDI32.dll!StartDocA + 4 77F450AD 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3088] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3088] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3088] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes CALL 5F00003D
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3088] kernel32.dll!ExitProcess 7C81CDDA 6 Bytes JMP 5F040F5A
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3088] GDI32.dll!EndPage 77F2DDB1 6 Bytes JMP 5F190F5A
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3088] GDI32.dll!EndDoc 77F2E041 6 Bytes JMP 5F130F5A
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3088] GDI32.dll!StartPage 77F2F116 6 Bytes JMP 5F160F5A
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3088] GDI32.dll!AbortDoc 77F43EFF 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3088] GDI32.dll!StartDocW 77F44B8F 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3088] GDI32.dll!StartDocW + 4 77F44B93 2 Bytes [11, 5F]
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3088] GDI32.dll!StartDocA 77F450A9 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3088] GDI32.dll!StartDocA + 4 77F450AD 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe[3160] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe[3160] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe[3160] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes CALL 5F00003D
.text C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe[3160] kernel32.dll!ExitProcess 7C81CDDA 6 Bytes JMP 5F040F5A
.text C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe[3160] GDI32.dll!EndPage 77F2DDB1 6 Bytes JMP 5F190F5A
.text C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe[3160] GDI32.dll!EndDoc 77F2E041 6 Bytes JMP 5F130F5A
.text C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe[3160] GDI32.dll!StartPage 77F2F116 6 Bytes JMP 5F160F5A
.text C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe[3160] GDI32.dll!AbortDoc 77F43EFF 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe[3160] GDI32.dll!StartDocW 77F44B8F 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe[3160] GDI32.dll!StartDocW + 4 77F44B93 2 Bytes [11, 5F]
.text C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe[3160] GDI32.dll!StartDocA 77F450A9 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe[3160] GDI32.dll!StartDocA + 4 77F450AD 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[3184] KERNEL32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[3184] KERNEL32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[3184] KERNEL32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes CALL 5F00003D
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[3184] KERNEL32.dll!ExitProcess 7C81CDDA 6 Bytes JMP 5F040F5A
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[3184] GDI32.dll!EndPage 77F2DDB1 6 Bytes JMP 5F190F5A
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[3184] GDI32.dll!EndDoc 77F2E041 6 Bytes JMP 5F130F5A
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[3184] GDI32.dll!StartPage 77F2F116 6 Bytes JMP 5F160F5A
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[3184] GDI32.dll!AbortDoc 77F43EFF 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[3184] GDI32.dll!StartDocW 77F44B8F 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[3184] GDI32.dll!StartDocW + 4 77F44B93 2 Bytes [11, 5F]
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[3184] GDI32.dll!StartDocA 77F450A9 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[3184] GDI32.dll!StartDocA + 4 77F450AD 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text E:\Program Files\Java\jre6\bin\jusched.exe[3252] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text E:\Program Files\Java\jre6\bin\jusched.exe[3252] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0A0F5A
.text E:\Program Files\Java\jre6\bin\jusched.exe[3252] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes CALL 5F00003D
.text E:\Program Files\Java\jre6\bin\jusched.exe[3252] kernel32.dll!ExitProcess 7C81CDDA 6 Bytes JMP 5F040F5A
.text E:\Program Files\Java\jre6\bin\jusched.exe[3252] GDI32.dll!EndPage 77F2DDB1 6 Bytes JMP 5F190F5A
.text E:\Program Files\Java\jre6\bin\jusched.exe[3252] GDI32.dll!EndDoc 77F2E041 6 Bytes JMP 5F130F5A
.text E:\Program Files\Java\jre6\bin\jusched.exe[3252] GDI32.dll!StartPage 77F2F116 6 Bytes JMP 5F160F5A
.text E:\Program Files\Java\jre6\bin\jusched.exe[3252] GDI32.dll!AbortDoc 77F43EFF 6 Bytes JMP 5F1C0F5A
.text E:\Program Files\Java\jre6\bin\jusched.exe[3252] GDI32.dll!StartDocW 77F44B8F 3 Bytes [FF, 25, 1E]
.text E:\Program Files\Java\jre6\bin\jusched.exe[3252] GDI32.dll!StartDocW + 4 77F44B93 2 Bytes [11, 5F]
.text E:\Program Files\Java\jre6\bin\jusched.exe[3252] GDI32.dll!StartDocA 77F450A9 3 Bytes [FF, 25, 1E]
.text E:\Program Files\Java\jre6\bin\jusched.exe[3252] GDI32.dll!StartDocA + 4 77F450AD 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Razer\Diamondback 3G\razerofa.exe[3280] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Razer\Diamondback 3G\razerofa.exe[3280] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Razer\Diamondback 3G\razerofa.exe[3280] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes CALL 5F00003D
.text C:\Program Files\Razer\Diamondback 3G\razerofa.exe[3280] kernel32.dll!ExitProcess 7C81CDDA 6 Bytes JMP 5F040F5A
.text C:\Program Files\Razer\Diamondback 3G\razerofa.exe[3280] GDI32.dll!EndPage 77F2DDB1 6 Bytes JMP 5F190F5A
.text C:\Program Files\Razer\Diamondback 3G\razerofa.exe[3280] GDI32.dll!EndDoc 77F2E041 6 Bytes JMP 5F130F5A
.text C:\Program Files\Razer\Diamondback 3G\razerofa.exe[3280] GDI32.dll!StartPage 77F2F116 6 Bytes JMP 5F160F5A
.text C:\Program Files\Razer\Diamondback 3G\razerofa.exe[3280] GDI32.dll!AbortDoc 77F43EFF 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Razer\Diamondback 3G\razerofa.exe[3280] GDI32.dll!StartDocW 77F44B8F 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Razer\Diamondback 3G\razerofa.exe[3280] GDI32.dll!StartDocW + 4 77F44B93 2 Bytes [11, 5F]
.text C:\Program Files\Razer\Diamondback 3G\razerofa.exe[3280] GDI32.dll!StartDocA 77F450A9 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Razer\Diamondback 3G\razerofa.exe[3280] GDI32.dll!StartDocA + 4 77F450AD 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3292] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes CALL 5F00003D
.text E:\Program Files\Free Download Manager\fdm.exe[3320] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text E:\Program Files\Free Download Manager\fdm.exe[3320] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0A0F5A
.text E:\Program Files\Free Download Manager\fdm.exe[3320] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes CALL 5F00003D
.text E:\Program Files\Free Download Manager\fdm.exe[3320] kernel32.dll!ExitProcess 7C81CDDA 6 Bytes JMP 5F040F5A
.text E:\Program Files\Free Download Manager\fdm.exe[3320] GDI32.dll!EndPage 77F2DDB1 6 Bytes JMP 5F190F5A
.text E:\Program Files\Free Download Manager\fdm.exe[3320] GDI32.dll!EndDoc 77F2E041 6 Bytes JMP 5F130F5A
.text E:\Program Files\Free Download Manager\fdm.exe[3320] GDI32.dll!StartPage 77F2F116 6 Bytes JMP 5F160F5A
.text E:\Program Files\Free Download Manager\fdm.exe[3320] GDI32.dll!AbortDoc 77F43EFF 6 Bytes JMP 5F1C0F5A
.text E:\Program Files\Free Download Manager\fdm.exe[3320] GDI32.dll!StartDocW 77F44B8F 3 Bytes [FF, 25, 1E]
.text E:\Program Files\Free Download Manager\fdm.exe[3320] GDI32.dll!StartDocW + 4 77F44B93 2 Bytes [11, 5F]
.text E:\Program Files\Free Download Manager\fdm.exe[3320] GDI32.dll!StartDocA 77F450A9 3 Bytes [FF, 25, 1E]
.text E:\Program Files\Free Download Manager\fdm.exe[3320] GDI32.dll!StartDocA + 4 77F450AD 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[3332] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[3332] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[3332] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes CALL 5F00003D
.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[3332] kernel32.dll!ExitProcess 7C81CDDA 6 Bytes JMP 5F040F5A
.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[3332] GDI32.dll!EndPage 77F2DDB1 6 Bytes JMP 5F190F5A
.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[3332] GDI32.dll!EndDoc 77F2E041 6 Bytes JMP 5F130F5A
.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[3332] GDI32.dll!StartPage 77F2F116 6 Bytes JMP 5F160F5A
.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[3332] GDI32.dll!AbortDoc 77F43EFF 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[3332] GDI32.dll!StartDocW 77F44B8F 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[3332] GDI32.dll!StartDocW + 4 77F44B93 2 Bytes [11, 5F]
.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[3332] GDI32.dll!StartDocA 77F450A9 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[3332] GDI32.dll!StartDocA + 4 77F450AD 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text E:\Program Files\DAEMON Tools Lite\daemon.exe[3348] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text E:\Program Files\DAEMON Tools Lite\daemon.exe[3348] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0A0F5A
.text E:\Program Files\DAEMON Tools Lite\daemon.exe[3348] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes CALL 5F00003D
.text E:\Program Files\DAEMON Tools Lite\daemon.exe[3348] kernel32.dll!ExitProcess 7C81CDDA 6 Bytes JMP 5F040F5A
.text E:\Program Files\DAEMON Tools Lite\daemon.exe[3348] GDI32.dll!EndPage 77F2DDB1 6 Bytes JMP 5F190F5A
.text E:\Program Files\DAEMON Tools Lite\daemon.exe[3348] GDI32.dll!EndDoc 77F2E041 6 Bytes JMP 5F130F5A
.text E:\Program Files\DAEMON Tools Lite\daemon.exe[3348] GDI32.dll!StartPage 77F2F116 6 Bytes JMP 5F160F5A
.text E:\Program Files\DAEMON Tools Lite\daemon.exe[3348] GDI32.dll!AbortDoc 77F43EFF 6 Bytes JMP 5F1C0F5A
.text E:\Program Files\DAEMON Tools Lite\daemon.exe[3348] GDI32.dll!StartDocW 77F44B8F 3 Bytes [FF, 25, 1E]
.text E:\Program Files\DAEMON Tools Lite\daemon.exe[3348] GDI32.dll!StartDocW + 4 77F44B93 2 Bytes [11, 5F]
.text E:\Program Files\DAEMON Tools Lite\daemon.exe[3348] GDI32.dll!StartDocA 77F450A9 3 Bytes [FF, 25, 1E]
.text E:\Program Files\DAEMON Tools Lite\daemon.exe[3348] GDI32.dll!StartDocA + 4 77F450AD 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3464] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3464] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3464] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes CALL 5F00003D
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3464] kernel32.dll!ExitProcess 7C81CDDA 6 Bytes JMP 5F040F5A
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3464] GDI32.dll!EndPage 77F2DDB1 6 Bytes JMP 5F190F5A
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3464] GDI32.dll!EndDoc 77F2E041 6 Bytes JMP 5F130F5A
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3464] GDI32.dll!StartPage 77F2F116 6 Bytes JMP 5F160F5A
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3464] GDI32.dll!AbortDoc 77F43EFF 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3464] GDI32.dll!StartDocW 77F44B8F 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3464] GDI32.dll!StartDocW + 4 77F44B93 2 Bytes [11, 5F]
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3464] GDI32.dll!StartDocA 77F450A9 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3464] GDI32.dll!StartDocA + 4 77F450AD 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\System32\alg.exe[3580] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes CALL 5F00003D
.text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[3808] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[3808] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[3808] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes CALL 5F00003D
.text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[3808] kernel32.dll!ExitProcess 7C81CDDA 6 Bytes JMP 5F040F5A
.text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[3808] GDI32.dll!EndPage 77F2DDB1 6 Bytes JMP 5F190F5A
.text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[3808] GDI32.dll!EndDoc 77F2E041 6 Bytes JMP 5F130F5A
.text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[3808] GDI32.dll!StartPage 77F2F116 6 Bytes JMP 5F160F5A
.text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[3808] GDI32.dll!AbortDoc 77F43EFF 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[3808] GDI32.dll!StartDocW 77F44B8F 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[3808] GDI32.dll!StartDocW + 4 77F44B93 2 Bytes [11, 5F]
.text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[3808] GDI32.dll!StartDocA 77F450A9 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[3808] GDI32.dll!StartDocA + 4 77F450AD 2 Bytes [0E, 5F] {PUSH CS; POP EDI}

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F5BA1040] spuc.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F5BA113C] spuc.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F5BA10BE] spuc.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F5BA17FC] spuc.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F5BA16D2] spuc.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F5BB1048] spuc.sys
IAT \SystemRoot\System32\Drivers\al07kawl.SYS[HAL.dll!KfAcquireSpinLock] 4B8BDF8B
IAT \SystemRoot\System32\Drivers\al07kawl.SYS[HAL.dll!READ_PORT_UCHAR] 8D3F0304
IAT \SystemRoot\System32\Drivers\al07kawl.SYS[HAL.dll!KeGetCurrentIrql] CB033043
IAT \SystemRoot\System32\Drivers\al07kawl.SYS[HAL.dll!KfRaiseIrql] 0673C13B
IAT \SystemRoot\System32\Drivers\al07kawl.SYS[HAL.dll!KfLowerIrql] C13B0003
IAT \SystemRoot\System32\Drivers\al07kawl.SYS[HAL.dll!HalGetInterruptVector] 8366FA72
IAT \SystemRoot\System32\Drivers\al07kawl.SYS[HAL.dll!HalTranslateBusAddress] 75000E7B
IAT \SystemRoot\System32\Drivers\al07kawl.SYS[HAL.dll!KeStallExecutionProcessor] 0B7D80E3
IAT \SystemRoot\System32\Drivers\al07kawl.SYS[HAL.dll!KfReleaseSpinLock] 307B8D00
IAT \SystemRoot\System32\Drivers\al07kawl.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 00AA840F
IAT \SystemRoot\System32\Drivers\al07kawl.SYS[HAL.dll!READ_PORT_USHORT] 83660000
IAT \SystemRoot\System32\Drivers\al07kawl.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 6A000E7A
IAT \SystemRoot\System32\Drivers\al07kawl.SYS[HAL.dll!WRITE_PORT_UCHAR] C6647400
IAT \SystemRoot\System32\Drivers\al07kawl.SYS[WMILIB.SYS!WmiSystemControl] 4F8B0200
IAT \SystemRoot\System32\Drivers\al07kawl.SYS[WMILIB.SYS!WmiCompleteRequest] 968D5140

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[912] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00380002
IAT C:\WINDOWS\system32\services.exe[912] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00380000

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs FCC851F8

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

Device \FileSystem\Fastfat \FatCdrom FA42E1F8

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device \Driver\usbuhci \Device\USBPDO-0 FCA3E1F8
Device \Driver\usbuhci \Device\USBPDO-1 FCA3E1F8
Device \Driver\usbuhci \Device\USBPDO-2 FCA3E1F8
Device \Driver\usbuhci \Device\USBPDO-3 FCA3E1F8
Device \Driver\usbehci \Device\USBPDO-4 FCA111F8

AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\NetBT \Device\NetBT_Tcpip_{028D2654-F787-43B1-B6BB-85DEEF136108} FC926500
Device \Driver\Ftdisk \Device\HarddiskVolume1 FCC871F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 FCC871F8
Device \Driver\Cdrom \Device\CdRom0 FC9B81F8
Device \Driver\sptd \Device\3002608012 spuc.sys
Device \Driver\Ftdisk \Device\HarddiskVolume3 FCC871F8
Device \Driver\Cdrom \Device\CdRom1 FC9B81F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 FCCF61F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort0 FCCF61F8
Device \Driver\atapi \Device\Ide\IdePort0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort1 FCCF61F8
Device \Driver\atapi \Device\Ide\IdePort1 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e FCCF61F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\PCI_PNP9262 \Device000066 spuc.sys
Device \Driver\PCI_PNP9262 \Device000067 spuc.sys
Device \Driver\NetBT \Device\NetBT_Tcpip_{849E3F7A-920B-4801-B7C3-DD485E8252FF} FC926500
Device \Driver\NetBT \Device\NetBt_Wins_Export FC926500
Device \Driver\NetBT \Device\NetbiosSmb FC926500

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\usbuhci \Device\USBFDO-0 FCA3E1F8
Device \Driver\usbuhci \Device\USBFDO-1 FCA3E1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver FC983500
Device \Driver\usbuhci \Device\USBFDO-2 FCA3E1F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector FC983500
Device \Driver\usbuhci \Device\USBFDO-3 FCA3E1F8
Device \Driver\usbehci \Device\USBFDO-4 FCA111F8
Device \Driver\Ftdisk \Device\FtControl FCC871F8
Device \Driver\vaxscsi \Device\Scsi\vaxscsi1 FC9F2500
Device \Driver\al07kawl \Device\Scsi\al07kawl1Port2Path0Target0Lun0 FC8C5500
Device \Driver\al07kawl \Device\Scsi\al07kawl1Port2Path0Target0Lun0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\al07kawl \Device\Scsi\al07kawl1 FC8C5500
Device \Driver\al07kawl \Device\Scsi\al07kawl1 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \FileSystem\Fastfat \Fat FA42E1F8

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

Device \FileSystem\Cdfs \Cdfs FC803500

---- Services - GMER 1.0.15 ----

Service system32\drivers\UACbtkxnyqk.sys (*** hidden *** ) [SYSTEM] UACd.sys <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys1060a53fe6
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys1060a53fe6@001e3a3ef264 0x59 0x71 0xF0 0x62 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys1060a53fe6@00247c0e1a06 0x8B 0xC1 0xCC 0x4E ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\CfgD79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\CfgD79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 52\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\CfgD79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\CfgD79C293C1ED61418462E24595C90D04@ujdew 0xDA 0x3D 0xC7 0x75 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\CfgD79C293C1ED61418462E24595C90D04000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\CfgD79C293C1ED61418462E24595C90D04000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\CfgD79C293C1ED61418462E24595C90D04000001@ujdew 0x9A 0xA7 0xBA 0xE9 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\CfgD79C293C1ED61418462E24595C90D04000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\CfgD79C293C1ED61418462E24595C90D04000001\jdgg40@ujdew 0xCB 0xCF 0xB7 0xD1 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xE5 0xD5 0x15 0x9B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 E:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4000001@khjeh 0x26 0xC2 0x57 0x31 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4000001Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4000001Jf40@khjeh 0x24 0x60 0x39 0x10 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4000001Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4000001Jf41@khjeh 0xFC 0x1C 0x6F 0x9C ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4000001Jf42
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4000001Jf42@khjeh 0xB7 0x05 0x93 0x9B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACbtkxnyqk.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys1060a53fe6
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys1060a53fe6@001e3a3ef264 0x59 0x71 0xF0 0x62 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys1060a53fe6@00247c0e1a06 0x8B 0xC1 0xCC 0x4E ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\CfgD79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\CfgD79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 52\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\CfgD79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\CfgD79C293C1ED61418462E24595C90D04@ujdew 0xDA 0x3D 0xC7 0x75 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\CfgD79C293C1ED61418462E24595C90D04000001
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\CfgD79C293C1ED61418462E24595C90D04000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\CfgD79C293C1ED61418462E24595C90D04000001@ujdew 0x9A 0xA7 0xBA 0xE9 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\CfgD79C293C1ED61418462E24595C90D04000001\jdgg40
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\CfgD79C293C1ED61418462E24595C90D04000001\jdgg40@ujdew 0xCB 0xCF 0xB7 0xD1 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xE5 0xD5 0x15 0x9B ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 E:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4000001
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4000001@khjeh 0x26 0xC2 0x57 0x31 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4000001Jf40
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4000001Jf40@khjeh 0x24 0x60 0x39 0x10 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4000001Jf41
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4000001Jf41@khjeh 0xFC 0x1C 0x6F 0x9C ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4000001Jf42
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4000001Jf42@khjeh 0xB7 0x05 0x93 0x9B ...
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACbtkxnyqk.sys
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys@group file system
Reg HKLM\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version
Reg HKLM\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version@Version 0x77 0x6E 0x0C 0xDF ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6895C28E-790B-C040-24C9-5FC31BD1CB61}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F13CC3FE-D74B-C823-F0DC-FCB1AB595A15}

---- Files - GMER 1.0.15 ----

File C:\Program Files\microsoft frontpage\version3.0 0 bytes
File C:\Program Files\Microsoft Games for Windows - LIVE\Client 0 bytes
File C:\Program Files\Microsoft Games for Windows - LIVE\Client\ja 0 bytes
File C:\Program Files\Microsoft Games for Windows - LIVE\Client\ja\msadctls.dll.mui 13408 bytes executable

---- EOF - GMER 1.0.15 ----

Blade81

Jul 28 2009, 08:00 AM

Hi again,

Are you familiar with this piece of proxy settings:
uInternet Settings,ProxyServer = proxy.ucd.ie:8484

Disable Spybot's TeaTimer to make sure it won't interfere with fixes. You can re-enable it when you're clean again:

Run Spybot-S&D in Advanced Mode
If it is not already set to do this, go to the Mode menu
select
Advanced Mode
On the left hand side, click on Tools
Then click on the Resident icon in the list
Uncheck
Resident TeaTimer
and OK any prompts.
Restart your computer

Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
Remember to re-enable them afterwards.
Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds.txt log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

jhtham

Jul 28 2009, 12:28 PM

QUOTE

Are you familiar with this piece of proxy settings:
uInternet Settings,ProxyServer = proxy.ucd.ie:8484

Yes, I am familiar with it.

QUOTE

"http://www.bleepingcomputer.com/combofix/how-to-use-combofix"

The website doesn't seem to be up and running... any alternative sites?

Blade81

Jul 28 2009, 06:10 PM

QUOTE

The website doesn't seem to be up and running... any alternative sites?

Hi,

Please use one of these links to download program to your desktop:
Link 1
Link 2

Make sure your antivirus and other protection software is disabled before you run ComboFix.

Blade81

Aug 23 2009, 08:54 AM

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.

Everyone else please begin a New Topic.

Thank You !