Hi everyone sorry but this is my first time posting on this forum and I am not entirely sure if I am posting this request in the correct area. I believe that my computers have been hacked. My apartment building provides free internet and I bought a dual wireless router with ethernet cables for my desktop pc and the wireless function for my macbook pro. I was wondering if someone can take a look at my system and let me know if something is wrong?
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:11:16 AM, on 7/21/2013
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v10.0 (10.00.9200.16537)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhostex.exe
C:\Windows\system32\DialogFilter.exe
C:\Windows\system32\rundll32.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Hi\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
--
End of file - 3230 bytes
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 10.0.9200.16537
Run by jo at 8:12:03 on 2013-07-21
Microsoft Windows Embedded 8 Industry Pro 6.2.9200.0.1252.1.1033.18.2030.1345 [GMT -7:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\dwm.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\taskhostex.exe
C:\Windows\system32\DialogFilter.exe
C:\Windows\system32\rundll32.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wlms\wlms-emb.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{F6AE712C-3121-4016-B0B0-54E549CEDF1E} : DHCPNameServer = 192.168.1.1
SSODL: WebCheck - <orphaned>
LSA: Security Packages = kerberos msv1_0 schannel wdigest pku2u tspkg livessp
mASetup: {A6EADE66-0000-0000-484E-7E8A45000000} - "c:\windows\system32\rundll32.exe" "c:\program files\adobe\reader 11.0\esl\AiodLite.dll",CreateReaderUserSettings
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\jo\appdata\roaming\mozilla\firefox\profiles\77709tkw.default\
FF - ExtSQL: 2013-06-23 07:24; {73a6fe31-595d-460b-a920-fcc0f8843232}; c:\users\jo\appdata\roaming\mozilla\firefox\profiles\77709tkw.default\exten sions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-6-24 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-6-24 175176]
R0 kbldfltr;kbldfltr;c:\windows\system32\drivers\kbldfltr.sys [2013-3-27 18032]
R0 uwfreg;Unified Write Filter Registry Redirector;c:\windows\system32\drivers\uwfreg.sys [2013-3-27 43240]
R0 uwfs;Unified Write Filter File Redirector;c:\windows\system32\drivers\uwfs.sys [2013-3-27 34536]
R0 uwfvol;Unified Write Filter Volume Manager;c:\windows\system32\drivers\uwfvol.sys [2013-3-27 61160]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-6-24 770344]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-6-24 369584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-6-24 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-6-24 66336]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-6-24 46808]
R2 DialogFilter;Dialog Box Filter;c:\windows\system32\svchost.exe -k netsvcs [2013-3-27 23040]
R2 KeyboardFilter;Keyboard Filter;c:\windows\system32\svchost.exe -k netsvcs [2013-3-27 23040]
R2 WLMS;Windows Embedded Licensing Monitoring Service;c:\windows\system32\wlms\wlms-emb.exe [2013-6-22 29848]
S3 netvsc;netvsc;c:\windows\system32\drivers\netvsc63.sys [2013-3-27 68608]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S4 EmbProvSvc;EmbProvSvc;c:\windows\system32\dism\EmbProvSvc.exe [2013-3-27 69632]
S4 POSPerformanceCounters;Point Of Service Performance Counters;c:\program files\microsoft point of service\Microsoft.PointOfService.Service.exe [2008-2-29 42056]
S4 UwfServicingSvc;Unified Write Filter Servicing Helper Service;system32\UwfServicingSvc.exe --> system32\UwfServicingSvc.exe [?]
.
=============== Created Last 30 ================
.
2013-07-20 01:47:32 -------- d-----w- c:\users\jo\appdata\local\WinZip
2013-07-20 01:46:16 -------- d-----w- c:\program files\Vuze
2013-07-17 10:33:06 252080 ----a-w- c:\programdata\microsoft\windows\sqm\manifest\Sqm10210.bin
2013-07-16 18:28:06 -------- d-----w- c:\program files\VideoLAN
2013-07-14 10:00:53 -------- d-----w- c:\windows\system32\MRT
2013-07-13 21:54:09 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2013-07-13 21:53:16 -------- d-----w- c:\program files\iPod
2013-07-13 21:53:15 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-07-13 21:53:15 -------- d-----w- c:\program files\iTunes
2013-07-13 21:52:40 -------- d-----w- c:\users\jo\appdata\local\Apple
2013-07-13 21:52:04 -------- d-----w- c:\program files\Bonjour
2013-07-10 13:07:26 -------- d-----w- c:\users\jo\appdata\local\Adobe
2013-07-10 04:05:06 2877440 ----a-w- c:\windows\system32\jscript9.dll
2013-07-10 04:05:05 1767936 ----a-w- c:\windows\system32\wininet.dll
2013-07-10 04:05:04 235520 ----a-w- c:\program files\internet explorer\IEShims.dll
2013-07-10 04:05:03 817664 ----a-w- c:\program files\common files\microsoft shared\vgx\VGX.dll
2013-07-10 04:03:59 104704 ----a-w- c:\windows\system32\drivers\dumpsd.sys
2013-07-10 04:03:58 67584 ----a-w- c:\windows\system32\MbaeParserTask.exe
2013-07-10 04:03:58 598528 ----a-w- c:\windows\system32\audiosrv.dll
2013-07-10 04:03:58 161792 ----a-w- c:\windows\system32\DeviceSetupManager.dll
2013-07-10 04:03:57 158720 ----a-w- c:\windows\system32\vdsutil.dll
2013-07-10 04:03:56 30208 ----a-w- c:\windows\system32\drivers\BthAvrcpTg.sys
2013-07-10 04:01:38 3389952 ----a-w- c:\windows\system32\win32k.sys
2013-07-10 04:00:33 18523648 ----a-w- c:\program files\common files\microsoft shared\microsoft camera codec pack\MicrosoftRawCodec.dll
2013-07-10 04:00:09 1421312 ----a-w- c:\windows\system32\DWrite.dll
2013-07-10 03:59:30 -------- d-----w- c:\program files\OverDrive Media Console
2013-06-24 11:29:48 52224 ----a-w- c:\windows\system32\appinfo.dll
2013-06-24 11:29:48 104680 ----a-w- c:\windows\system32\consent.exe
2013-06-24 11:28:30 84992 ----a-w- c:\windows\system32\wbem\PolicMan.dll
2013-06-24 11:28:30 82944 ----a-w- c:\windows\system32\dskquota.dll
2013-06-24 11:28:24 929792 ----a-w- c:\windows\system32\mfnetsrc.dll
2013-06-24 11:28:24 568832 ----a-w- c:\windows\system32\mfnetcore.dll
2013-06-24 11:28:23 513024 ----a-w- c:\windows\system32\mfmpeg2srcsnk.dll
2013-06-24 11:27:52 319208 ----a-w- c:\windows\system32\halmacpi.dll
2013-06-24 11:26:18 1226752 ----a-w- c:\windows\system32\Windows.UI.Immersive.dll
2013-06-24 11:24:44 1229576 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-06-24 11:24:14 847360 ----a-w- c:\windows\system32\reseteng.dll
2013-06-24 11:24:14 375808 ----a-w- c:\windows\system32\ReAgent.dll
2013-06-24 11:22:53 2382336 ----a-w- c:\windows\system32\esent.dll
2013-06-24 11:20:48 6144 ----a-w- c:\windows\system32\KBDKURD.DLL
2013-06-24 11:19:10 -------- d--h--w- c:\programdata\Common Files
2013-06-24 11:19:10 -------- d-----w- c:\users\jo\appdata\local\MFAData
2013-06-24 11:19:10 -------- d-----w- c:\users\jo\appdata\local\Avg2013
2013-06-24 11:19:10 -------- d-----w- c:\programdata\MFAData
2013-06-24 11:18:29 24064 ----a-w- c:\windows\system32\ReAgentc.exe
2013-06-24 11:18:26 35328 ----a-w- c:\windows\system32\atmlib.dll
2013-06-24 11:18:26 300032 ----a-w- c:\windows\system32\atmfd.dll
2013-06-24 11:18:19 330752 ----a-w- c:\windows\system32\sppwinob.dll
2013-06-24 11:16:53 793088 ----a-w- c:\windows\system32\autochk.exe
2013-06-24 11:16:53 482816 ----a-w- c:\windows\system32\untfs.dll
2013-06-24 11:16:52 1075200 ----a-w- c:\windows\system32\gdi32.dll
2013-06-24 11:15:22 271080 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2013-06-24 11:15:15 60416 ----a-w- c:\windows\system32\wwanprotdim.dll
2013-06-24 11:15:12 74240 ----a-w- c:\windows\system32\newdev.exe
2013-06-24 11:15:12 275968 ----a-w- c:\windows\system32\newdev.dll
2013-06-24 11:15:11 73728 ----a-w- c:\windows\system32\ndadmin.exe
2013-06-24 11:14:45 640000 ----a-w- c:\windows\system32\drivers\http.sys
2013-06-24 11:14:25 50784 ----a-w- c:\programdata\microsoft\windowsfiltering\sqm\manifest\Sqm3.bin
2013-06-24 11:14:22 17536 ----a-w- c:\programdata\microsoft\windowssampling\sqm\manifest\Sqm3.bin
2013-06-24 11:14:16 7068072 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{dbd1b20c-7282-49fc-8729-e75b13462a4e}\mpengine.dll
2013-06-23 14:45:20 7068072 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll
2013-06-23 14:45:12 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-06-23 14:34:42 503808 ----a-w- c:\windows\system32\win32spl.dll
2013-06-23 14:23:34 -------- d-----w- c:\users\jo\appdata\local\Mozilla
2013-06-23 14:18:42 -------- d-----w- c:\program files\Mozilla Maintenance Service
2013-06-23 01:52:55 -------- d-----w- c:\windows\system32\winrm
2013-06-23 01:52:55 -------- d-----w- c:\windows\system32\slmgr
2013-06-23 01:52:55 -------- d-----w- c:\windows\system32\en
2013-06-23 01:52:55 -------- d-----w- c:\windows\system32\drivers\umdf\en-US
2013-06-23 01:52:55 -------- d-----w- c:\windows\system32\0409
2013-06-23 01:52:55 -------- d-----w- c:\windows\en-US
2013-06-23 01:52:55 -------- d-----w- c:\windows\DigitalLocker
2013-06-23 01:52:52 -------- d-----w- c:\windows\system32\WCN
2013-06-23 01:52:52 -------- d-----w- c:\windows\system32\Printing_Admin_Scripts
2013-06-23 01:49:33 -------- d-----w- c:\windows\Panther
2013-06-23 01:14:47 -------- d-----w- c:\windows\system32\wlms
2013-06-23 01:03:20 -------- d-sh--we c:\programdata\Documents
2013-06-23 01:03:20 -------- d-sh--we C:\Documents and Settings
2013-06-23 01:00:43 0 ----a-w- c:\windows\ativpsrm.bin
.
==================== Find3M ====================
.
2013-06-29 16:11:14 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-06-29 16:11:14 175176 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-06-16 22:33:43 816896 ----a-w- c:\windows\system32\drivers\ndis.sys
2013-06-01 10:24:46 2106176 ----a-w- c:\windows\explorer.exe
2013-06-01 10:09:24 158976 ----a-w- c:\windows\system32\drivers\sdbus.sys
2013-06-01 09:50:13 1800960 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-06-01 09:42:14 268032 ----a-w- c:\windows\system32\drivers\USBXHCI.SYS
2013-06-01 09:42:11 180480 ----a-w- c:\windows\system32\drivers\UCX01000.SYS
2013-06-01 09:41:30 281344 ----a-w- c:\windows\system32\drivers\volsnap.sys
2013-06-01 09:41:28 5573376 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-06-01 09:26:14 581120 ----a-w- c:\windows\system32\vds.exe
2013-06-01 09:25:52 372224 ----a-w- c:\windows\system32\wwansvc.dll
2013-06-01 09:25:52 364544 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-06-01 09:25:05 67584 ----a-w- c:\windows\system32\samlib.dll
2013-06-01 09:25:05 550400 ----a-w- c:\windows\system32\samsrv.dll
2013-06-01 09:25:03 496640 ----a-w- c:\windows\system32\qedit.dll
2013-06-01 09:24:19 493056 ----a-w- c:\windows\system32\mscms.dll
2013-06-01 09:24:09 850944 ----a-w- c:\windows\system32\mfasfsrcsnk.dll
2013-06-01 09:24:09 1453568 ----a-w- c:\windows\system32\mfcore.dll
2013-06-01 09:23:46 1842176 ----a-w- c:\windows\system32\dwmcore.dll
2013-05-24 22:08:56 939448 ----a-w- c:\windows\system32\winresume.exe
2013-05-24 22:08:56 1035512 ----a-w- c:\windows\system32\winresume.efi
2013-05-24 22:08:55 1166232 ----a-w- c:\windows\system32\winload.efi
2013-05-24 22:08:55 1063960 ----a-w- c:\windows\system32\winload.exe
2013-05-15 22:37:03 44032 ----a-w- c:\windows\system32\UXInit.dll
2013-05-14 09:23:31 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-05-09 08:59:10 61680 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-05-09 08:59:10 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-05-09 08:59:09 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-05-09 08:58:37 41664 ----a-w- c:\windows\avastSS.scr
2013-05-04 05:54:28 103176 ----a-w- c:\windows\system32\AuthHost.exe
2013-05-04 05:20:57 362240 ----a-w- c:\windows\system32\drivers\USBHUB3.SYS
2013-05-04 05:20:54 238336 ----a-w- c:\windows\system32\drivers\spaceport.sys
2013-05-04 04:58:34 34304 ----a-w- c:\windows\system32\wuapp.exe
2013-05-04 04:58:31 1150976 ----a-w- c:\windows\system32\VSSVC.exe
2013-05-04 04:58:14 758784 ----a-w- c:\windows\system32\Magnify.exe
2013-05-04 04:58:02 83968 ----a-w- c:\windows\system32\wudriver.dll
2013-05-04 04:58:02 215040 ----a-w- c:\windows\system32\WUSettingsProvider.dll
2013-05-04 04:58:02 1555456 ----a-w- c:\windows\system32\wucltux.dll
2013-05-04 04:58:02 125952 ----a-w- c:\windows\system32\wuwebv.dll
2013-05-04 04:57:58 2620928 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-05-04 04:57:49 10788864 ----a-w- c:\windows\system32\Windows.UI.Xaml.dll
2013-05-04 04:57:39 8857088 ----a-w- c:\windows\system32\twinui.dll
2013-05-04 04:57:39 247296 ----a-w- c:\windows\system32\ubpm.dll
2013-05-04 04:57:36 1049600 ----a-w- c:\windows\system32\sysmain.dll
2013-05-04 04:57:35 303616 ----a-w- c:\windows\system32\stobject.dll
2013-05-04 04:57:23 73728 ----a-w- c:\windows\system32\psmsrv.dll
2013-05-04 04:57:16 18432 ----a-w- c:\windows\system32\npmproxy.dll
2013-05-04 04:57:04 371200 ----a-w- c:\windows\system32\netprofmsvc.dll
2013-05-04 04:57:04 151040 ----a-w- c:\windows\system32\netplwiz.dll
2013-05-04 04:57:04 115712 ----a-w- c:\windows\system32\netprofm.dll
2013-05-04 04:57:02 14336 ----a-w- c:\windows\system32\muifontsetup.dll
2013-05-04 04:56:48 411136 ----a-w- c:\windows\system32\mfmp4srcsnk.dll
2013-05-04 04:56:35 582144 ----a-w- c:\windows\system32\gpprefcl.dll
2013-05-04 04:56:14 449536 ----a-w- c:\windows\system32\DevicePairing.dll
2013-05-04 04:56:06 92160 ----a-w- c:\windows\system32\biwinrt.dll
2013-05-04 04:56:05 309760 ----a-w- c:\windows\system32\BCP47Langs.dll
2013-05-04 04:56:05 2035712 ----a-w- c:\windows\system32\authui.dll
2013-05-04 04:56:05 143360 ----a-w- c:\windows\system32\bisrv.dll
2013-05-04 04:56:02 975360 ----a-w- c:\windows\system32\AppXDeploymentServer.dll
2013-05-04 04:56:02 554496 ----a-w- c:\windows\system32\AppXDeploymentExtensions.dll
2013-05-04 04:55:58 389632 ----a-w- c:\windows\system32\intl.cpl
2013-05-04 04:10:47 14848 ----a-w- c:\windows\system32\rars.rs
2013-05-04 04:06:43 320512 ----a-w- c:\windows\system32\drivers\rdbss.sys
2013-04-23 23:13:53 1013248 ----a-w- c:\windows\system32\certutil.exe
2013-04-23 23:12:44 51712 ----a-w- c:\windows\system32\cryptsvc.dll
2013-04-23 23:12:44 1569792 ----a-w- c:\windows\system32\crypt32.dll
2013-04-23 23:12:44 109056 ----a-w- c:\windows\system32\cryptnet.dll
.
============= FINISH: 8:12:30.29 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows Embedded 8 Industry Pro
Boot Device: \Device\HarddiskVolume1
Install Date: 6/22/2013 6:14:59 PM
System Uptime: 7/21/2013 8:07:12 AM (0 hours ago)
.
Motherboard: Dell Inc. | | 0GM819
Processor: Intel(R) Core(TM)2 Duo CPU E6750 @ 2.66GHz | CPU | 2660/1333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 149 GiB total, 131.142 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: PCI Serial Port
Device ID: PCI\VEN_8086&DEV_29B7&SUBSYS_02111028&REV_02\3&172E68DD&0&1B
Manufacturer:
Name: PCI Serial Port
PNP Device ID: PCI\VEN_8086&DEV_29B7&SUBSYS_02111028&REV_02\3&172E68DD&0&1B
Service:
.
Class GUID:
Description: PCI Simple Communications Controller
Device ID: PCI\VEN_8086&DEV_29B4&SUBSYS_02111028&REV_02\3&172E68DD&0&18
Manufacturer:
Name: PCI Simple Communications Controller
PNP Device ID: PCI\VEN_8086&DEV_29B4&SUBSYS_02111028&REV_02\3&172E68DD&0&18
Service:
.
==== System Restore Points ===================
.
RP3: 7/4/2013 9:47:22 AM - Scheduled Checkpoint
RP4: 7/9/2013 8:58:48 PM - Installed OverDrive Media Console
RP5: 7/13/2013 2:52:42 PM - Installed iTunes
.
==== Installed Programs ======================
.
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.03)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
avast! Free Antivirus
Bonjour
iTunes
Microsoft POS for .NET 1.12
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Windows Embedded Keyboard Filter Database
Mozilla Firefox 22.0 (x86 en-US)
Mozilla Maintenance Service
OverDrive Media Console
VLC media player 2.0.7
Vuze
WinZip 17.0
.
==== Event Viewer Messages From Past Week ========
.
7/21/2013 8:07:19 AM, Error: Microsoft-Windows-Kernel-General [6] - An I/O operation initiated by the Registry failed unrecoverably.The Registry could not flush hive (file): ''.
7/21/2013 7:28:53 AM, Error: TPM [2] - The TPM self test command failed.
7/21/2013 7:28:53 AM, Error: TPM [15] - The device driver for the Trusted Platform Module (TPM) encountered a non-recoverable error in the TPM hardware, which prevents TPM services (such as data encryption) from being used. For further help, please contact the computer manufacturer.
7/15/2013 3:01:20 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800F020B: Western Digital Technologies - Other hardware - WD SES Device.
.
==== End Of File ===========================
GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-07-21 12:47:51
Windows 6.2.9200 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 ST3160023AS rev.3.05 149.05GB
Running: wtqe18z7.exe; Driver: C:\Users\jo\AppData\Local\Temp\pxldrpob.sys
---- System - GMER 2.1 ----
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwWriteVirtualMemory [0x8DEF976E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x8D83A80E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwUnloadDriver [0x8DEF7C42]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0x8D83BCF6]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwTerminateProcess [0x8DEF98EA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x8D83A556]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0x8D83C1C8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0x8D83C066]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x8D83A45C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x8D83A4CE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x8D83A2F8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0x8D83BD16]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x8D83A7A8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x8D83A742]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwReplyWaitReceivePortEx [0x8D83D22A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwReplyWaitReceivePort [0x8D8418B4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThreadEx [0x8D83C506]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x8D83C7F8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x8DEF9822]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x8D8470DC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0x8D83F26E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x8D846EF6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x8D847036]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0x8D83EE78]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x8D846EAC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x8D847122]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x8D846F86]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x8D846F42]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x8D83C92C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x8D83F98C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x8D83A6DC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0x8DEF7C12]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x8DEF96C2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0x8D83F596]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x8D83A676]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0x8D83BE9C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x8D8470B8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThreadEx [0x8D83B800]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0x8D83B5E4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x8D846ECE]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0x8DEF9992]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x8D846E86]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x8D8470FE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x8D846F64]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x8D846F18]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0x8D83B0E6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAlpcSendWaitReceivePort [0x8D83D256]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x8DEF95FA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x8D83A610]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8DF12E00]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Kernel code sections - GMER 2.1 ----
.text ntoskrnl.exe!ZwCallbackReturn + 16C 818D5E78 12 Bytes [56, A5, 83, 8D, C8, C1, 83, ...]
.text ntoskrnl.exe!ZwCallbackReturn + 604 818D6310 12 Bytes [B8, 70, 84, 8D, 00, B8, 83, ...]
.text ntoskrnl.exe!ZwReplacePartitionUnit + 26B1 8194BAB5 1 Byte [06]
.text ntoskrnl.exe!KiDispatchInterrupt + 66A 8195039A 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
PAGE ntoskrnl.exe!ObInsertObject + 347 81A4BE55 5 Bytes JMP 8DF117CC \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ObMakeTemporaryObject 81B22BB6 5 Bytes JMP 8DF0FC9A \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ZwCreateProcessEx 81BCC593 2 Bytes JMP 8DF12E04 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ZwCreateProcessEx + 3 81BCC596 4 Bytes [34, 0C, CC, CC] {XOR AL, 0xc; INT 3 ; INT 3 }
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8FC01000, 0x2BFDB0, 0xE8000020]
? C:\Users\jo\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !
---- User code sections - GMER 2.1 ----
.text C:\Windows\system32\wininit.exe[564] KERNEL32.DLL!GetBinaryTypeW + 6F 76CDDDE0 1 Byte [62]
.text C:\Windows\system32\csrss.exe[572] kernel32.dll!GetBinaryTypeW + 6F 76CDDDE0 1 Byte [62]
.text C:\Windows\system32\winlogon.exe[616] KERNEL32.DLL!GetBinaryTypeW + 6F 76CDDDE0 1 Byte [62]
.text C:\Windows\system32\services.exe[660] KERNEL32.DLL!GetBinaryTypeW + 6F 76CDDDE0 1 Byte [62]
.text C:\Windows\system32\lsass.exe[668] KERNEL32.DLL!GetBinaryTypeW + 6F 76CDDDE0 1 Byte [62]
.text C:\Users\Hi\Desktop\wtqe18z7.exe[748] ntdll.dll!LdrUnloadDll 773D2029 5 Bytes JMP 002003FC
.text C:\Users\Hi\Desktop\wtqe18z7.exe[748] ntdll.dll!LdrLoadDll 773E5D29 5 Bytes JMP 002001F8
.text C:\Users\Hi\Desktop\wtqe18z7.exe[748] KERNEL32.dll!GetBinaryTypeW + 6F 76CDDDE0 1 Byte [62]
.text C:\Users\Hi\Desktop\wtqe18z7.exe[748] USER32.dll!UnhookWindowsHookEx 76A3A37A 5 Bytes JMP 00230A08
.text C:\Users\Hi\Desktop\wtqe18z7.exe[748] USER32.dll!SetWindowsHookExW 76A3F223 5 Bytes JMP 00230804
.text C:\Users\Hi\Desktop\wtqe18z7.exe[748] USER32.dll!UnhookWinEvent 76A3FE7F 5 Bytes JMP 002303FC
.text C:\Users\Hi\Desktop\wtqe18z7.exe[748] USER32.dll!SetWinEventHook 76A4938E 5 Bytes JMP 002301F8
.text C:\Users\Hi\Desktop\wtqe18z7.exe[748] USER32.dll!SetWindowsHookExA 76A56F76 5 Bytes JMP 00230600
.text C:\Windows\System32\svchost.exe[880] KERNEL32.DLL!GetBinaryTypeW + 6F 76CDDDE0 1 Byte [62]
.text C:\Windows\system32\dwm.exe[928] KERNEL32.DLL!GetBinaryTypeW + 6F 76CDDDE0 1 Byte [62]
.text C:\Windows\system32\svchost.exe[940] KERNEL32.DLL!GetBinaryTypeW + 6F 76CDDDE0 1 Byte [62]
.text C:\Windows\system32\svchost.exe[992] KERNEL32.DLL!GetBinaryTypeW + 6F 76CDDDE0 1 Byte [62]
.text C:\Windows\System32\svchost.exe[1048] KERNEL32.DLL!GetBinaryTypeW + 6F 76CDDDE0 1 Byte [62]
.text ...
.text C:\Windows\Explorer.EXE[2340] ntdll.dll!LdrUnloadDll 773D2029 5 Bytes JMP 00C803FC
.text C:\Windows\Explorer.EXE[2340] ntdll.dll!LdrLoadDll 773E5D29 5 Bytes JMP 00C801F8
.text C:\Windows\Explorer.EXE[2340] USER32.dll!UnhookWindowsHookEx 76A3A37A 5 Bytes JMP 00CB0A08
.text C:\Windows\Explorer.EXE[2340] USER32.dll!SetWindowsHookExW 76A3F223 5 Bytes JMP 00CB0804
.text C:\Windows\Explorer.EXE[2340] USER32.dll!UnhookWinEvent 76A3FE7F 5 Bytes JMP 00CB03FC
.text C:\Windows\Explorer.EXE[2340] USER32.dll!SetWinEventHook 76A4938E 5 Bytes JMP 00CB01F8
.text C:\Windows\Explorer.EXE[2340] USER32.dll!SetWindowsHookExA 76A56F76 5 Bytes JMP 00CB0600
.text C:\Windows\system32\svchost.exe[2452] ntdll.dll!LdrUnloadDll 773D2029 5 Bytes JMP 00A903FC
.text C:\Windows\system32\svchost.exe[2452] ntdll.dll!LdrLoadDll 773E5D29 5 Bytes JMP 00A901F8
.text C:\Windows\system32\svchost.exe[2452] user32.dll!UnhookWindowsHookEx 76A3A37A 5 Bytes JMP 00C30A08
.text C:\Windows\system32\svchost.exe[2452] user32.dll!SetWindowsHookExW 76A3F223 5 Bytes JMP 00C30804
.text C:\Windows\system32\svchost.exe[2452] user32.dll!UnhookWinEvent 76A3FE7F 5 Bytes JMP 00C303FC
.text C:\Windows\system32\svchost.exe[2452] user32.dll!SetWinEventHook 76A4938E 5 Bytes JMP 00C301F8
.text C:\Windows\system32\svchost.exe[2452] user32.dll!SetWindowsHookExA 76A56F76 5 Bytes JMP 00C30600
.text C:\Windows\system32\SearchIndexer.exe[3032] ntdll.dll!LdrUnloadDll 773D2029 5 Bytes JMP 007103FC
.text C:\Windows\system32\SearchIndexer.exe[3032] ntdll.dll!LdrLoadDll 773E5D29 5 Bytes JMP 007101F8
.text C:\Windows\system32\SearchIndexer.exe[3032] KERNEL32.dll!GetBinaryTypeW + 6F 76CDDDE0 1 Byte [62]
.text C:\Windows\system32\SearchIndexer.exe[3032] USER32.dll!UnhookWindowsHookEx 76A3A37A 5 Bytes JMP 00740A08
.text C:\Windows\system32\SearchIndexer.exe[3032] USER32.dll!SetWindowsHookExW 76A3F223 5 Bytes JMP 00740804
.text C:\Windows\system32\SearchIndexer.exe[3032] USER32.dll!UnhookWinEvent 76A3FE7F 5 Bytes JMP 007403FC
.text C:\Windows\system32\SearchIndexer.exe[3032] USER32.dll!SetWinEventHook 76A4938E 5 Bytes JMP 007401F8
.text C:\Windows\system32\SearchIndexer.exe[3032] USER32.dll!SetWindowsHookExA 76A56F76 5 Bytes JMP 00740600
.text C:\Windows\system32\wlms\wlms-emb.exe[3124] ntdll.dll!LdrUnloadDll 773D2029 5 Bytes JMP 004A03FC
.text C:\Windows\system32\wlms\wlms-emb.exe[3124] ntdll.dll!LdrLoadDll 773E5D29 5 Bytes JMP 004A01F8
.text C:\Program Files\iTunes\iTunesHelper.exe[3472] ntdll.dll!LdrUnloadDll 773D2029 5 Bytes JMP 00E103FC
.text C:\Program Files\iTunes\iTunesHelper.exe[3472] ntdll.dll!LdrLoadDll 773E5D29 5 Bytes JMP 00E101F8
.text C:\Program Files\iTunes\iTunesHelper.exe[3472] USER32.dll!UnhookWindowsHookEx 76A3A37A 5 Bytes JMP 00E40A08
.text C:\Program Files\iTunes\iTunesHelper.exe[3472] USER32.dll!SetWindowsHookExW 76A3F223 5 Bytes JMP 00E40804
.text C:\Program Files\iTunes\iTunesHelper.exe[3472] USER32.dll!UnhookWinEvent 76A3FE7F 5 Bytes JMP 00E403FC
.text C:\Program Files\iTunes\iTunesHelper.exe[3472] USER32.dll!SetWinEventHook 76A4938E 5 Bytes JMP 00E401F8
.text C:\Program Files\iTunes\iTunesHelper.exe[3472] USER32.dll!SetWindowsHookExA 76A56F76 5 Bytes JMP 00E40600
.text C:\Program Files\iPod\bin\iPodService.exe[3584] ntdll.dll!LdrUnloadDll 773D2029 5 Bytes JMP 005703FC
.text C:\Program Files\iPod\bin\iPodService.exe[3584] ntdll.dll!LdrLoadDll 773E5D29 5 Bytes JMP 005701F8
.text C:\Program Files\iPod\bin\iPodService.exe[3584] KERNEL32.dll!GetBinaryTypeW + 6F 76CDDDE0 1 Byte [62]
.text C:\Program Files\iPod\bin\iPodService.exe[3584] USER32.dll!UnhookWindowsHookEx 76A3A37A 5 Bytes JMP 00590A08
.text C:\Program Files\iPod\bin\iPodService.exe[3584] USER32.dll!SetWindowsHookExW 76A3F223 5 Bytes JMP 00590804
.text C:\Program Files\iPod\bin\iPodService.exe[3584] USER32.dll!UnhookWinEvent 76A3FE7F 5 Bytes JMP 005903FC
.text C:\Program Files\iPod\bin\iPodService.exe[3584] USER32.dll!SetWinEventHook 76A4938E 5 Bytes JMP 005901F8
.text C:\Program Files\iPod\bin\iPodService.exe[3584] USER32.dll!SetWindowsHookExA 76A56F76 5 Bytes JMP 00590600
.text C:\Program Files\Mozilla Firefox\firefox.exe[3752] ntdll.dll!LdrUnloadDll 773D2029 5 Bytes JMP 008303FC
.text C:\Program Files\Mozilla Firefox\firefox.exe[3752] ntdll.dll!LdrLoadDll 773E5D29 5 Bytes JMP 65A8EEB0 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3752] KERNEL32.dll!InterlockedExchange + 11 76CC153B 7 Bytes JMP 6609979B C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3752] KERNEL32.dll!GetStdHandle + C 76CC1B37 7 Bytes JMP 66099778 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3752] KERNEL32.dll!CreateProcessW + 69 76CC4798 7 Bytes JMP 65A94CE9 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3752] KERNEL32.dll!GetBinaryTypeW + 6F 76CDDDE0 1 Byte [62]
.text C:\Program Files\Mozilla Firefox\firefox.exe[3752] USER32.dll!UnhookWindowsHookEx 76A3A37A 5 Bytes JMP 00840A08
.text C:\Program Files\Mozilla Firefox\firefox.exe[3752] USER32.dll!SetWindowsHookExW 76A3F223 5 Bytes JMP 00840804
.text C:\Program Files\Mozilla Firefox\firefox.exe[3752] USER32.dll!UnhookWinEvent 76A3FE7F 5 Bytes JMP 008403FC
.text C:\Program Files\Mozilla Firefox\firefox.exe[3752] USER32.dll!SetWinEventHook 76A4938E 5 Bytes JMP 008401F8
.text C:\Program Files\Mozilla Firefox\firefox.exe[3752] USER32.dll!SetWindowsHookExA 76A56F76 5 Bytes JMP 00840600
.text C:\Program Files\Mozilla Firefox\firefox.exe[3752] GDI32.dll!SetWindowOrgEx + 3C7 765A8C9D 7 Bytes JMP 660996F9 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
---- User IAT/EAT - GMER 2.1 ----
IAT C:\Users\Hi\Desktop\wtqe18z7.exe[748] @ C:\Windows\system32\KERNEL32.dll [ntdll.dll!NtSetValueKey] [70B19925] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\Hi\Desktop\wtqe18z7.exe[748] @ C:\Windows\system32\KERNEL32.dll [ntdll.dll!NtSetInformationFile] [70B034CF] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\Hi\Desktop\wtqe18z7.exe[748] @ C:\Windows\system32\KERNEL32.dll [ntdll.dll!NtCreateFile] [70B212A3] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\Hi\Desktop\wtqe18z7.exe[748] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!NtSetValueKey] [70B19925] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\Hi\Desktop\wtqe18z7.exe[748] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!NtCreateFile] [70B212A3] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\Hi\Desktop\wtqe18z7.exe[748] @ C:\Windows\system32\USER32.dll [ntdll.dll!NtSetValueKey] [70B19925] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\Hi\Desktop\wtqe18z7.exe[748] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!NtSetInformationFile] [70B034CF] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\Hi\Desktop\wtqe18z7.exe[748] @ C:\Windows\system32\shell32.dll [USER32.dll!CallNextHookEx] [70B03537] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\Hi\Desktop\wtqe18z7.exe[748] @ C:\Windows\system32\shell32.dll [USER32.dll!SetWindowsHookExW] [70B5C5DF] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\Hi\Desktop\wtqe18z7.exe[748] @ C:\Windows\system32\shell32.dll [ntdll.dll!NtSetInformationFile] [70B034CF] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\Hi\Desktop\wtqe18z7.exe[748] @ C:\Windows\system32\shell32.dll [ntdll.dll!NtCreateFile] [70B212A3] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\Hi\Desktop\wtqe18z7.exe[748] @ C:\Windows\system32\ole32.dll [ntdll.dll!NtSetInformationFile] [70B034CF] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\Hi\Desktop\wtqe18z7.exe[748] @ C:\Windows\system32\ole32.dll [ntdll.dll!NtCreateFile] [70B212A3] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\Hi\Desktop\wtqe18z7.exe[748] @ C:\Windows\system32\ole32.dll [USER32.dll!GetWindowThreadProcessId] [70B5CCAF] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\Hi\Desktop\wtqe18z7.exe[748] @ C:\Windows\system32\ole32.dll [USER32.dll!MessageBoxW] [70B5DE9C] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\Hi\Desktop\wtqe18z7.exe[748] @ C:\Windows\system32\ole32.dll [USER32.dll!CallNextHookEx] [70B03537] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\Hi\Desktop\wtqe18z7.exe[748] @ C:\Windows\system32\ole32.dll [USER32.dll!SetWindowsHookExW] [70B5C5DF] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\Hi\Desktop\wtqe18z7.exe[748] @ C:\Windows\SYSTEM32\IPHLPAPI.DLL [ntdll.dll!NtCreateFile] [70B212A3] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\svchost.exe[1180] @ C:\Windows\system32\WS2_32.dll [NSI.dll!NsiGetAllParameters] [753715F0] C:\Windows\system32\NSI.dll (NSI User-mode interface DLL/Microsoft Corporation)
IAT C:\Windows\system32\svchost.exe[1180] @ C:\Windows\system32\WS2_32.dll [NSI.dll!NsiGetParameter] [75371720] C:\Windows\system32\NSI.dll (NSI User-mode interface DLL/Microsoft Corporation)
IAT C:\Windows\system32\svchost.exe[1180] @ C:\Windows\system32\WS2_32.dll [NSI.dll!NsiSetAllParameters] [75371E3F] C:\Windows\system32\NSI.dll (NSI User-mode interface DLL/Microsoft Corporation)
IAT C:\Windows\system32\svchost.exe[1180] @ C:\Windows\SYSTEM32\iphlpapi.dll [NSI.dll!NsiGetAllParameters] [753715F0] C:\Windows\system32\NSI.dll (NSI User-mode interface DLL/Microsoft Corporation)
IAT C:\Windows\system32\svchost.exe[1180] @ C:\Windows\SYSTEM32\iphlpapi.dll [NSI.dll!NsiAllocateAndGetTable] [75371879] C:\Windows\system32\NSI.dll (NSI User-mode interface DLL/Microsoft Corporation)
IAT C:\Windows\system32\svchost.exe[1180] @ C:\Windows\SYSTEM32\iphlpapi.dll [NSI.dll!NsiFreeTable] [75371B3C] C:\Windows\system32\NSI.dll (NSI User-mode interface DLL/Microsoft Corporation)
IAT C:\Windows\system32\svchost.exe[1180] @ C:\Windows\SYSTEM32\iphlpapi.dll [NSI.dll!NsiEnumerateObjectsAllParameters] [75371415] C:\Windows\system32\NSI.dll (NSI User-mode interface DLL/Microsoft Corporation)
IAT C:\Windows\system32\svchost.exe[1180] @ C:\Windows\SYSTEM32\iphlpapi.dll [NSI.dll!NsiSetParameter] [75372220] C:\Windows\system32\NSI.dll (NSI User-mode interface DLL/Microsoft Corporation)
IAT C:\Windows\system32\svchost.exe[1180] @ C:\Windows\SYSTEM32\iphlpapi.dll [NSI.dll!NsiGetParameter] [75371720] C:\Windows\system32\NSI.dll (NSI User-mode interface DLL/Microsoft Corporation)
IAT C:\Windows\system32\svchost.exe[1180] @ C:\Windows\SYSTEM32\iphlpapi.dll [NSI.dll!NsiSetAllParameters] [75371E3F] C:\Windows\system32\NSI.dll (NSI User-mode interface DLL/Microsoft Corporation)
IAT C:\Windows\system32\svchost.exe[1180] @ C:\Windows\SYSTEM32\iphlpapi.dll [NSI.dll!NsiRequestChangeNotification] [75371FDD] C:\Windows\system32\NSI.dll (NSI User-mode interface DLL/Microsoft Corporation)
IAT C:\Windows\system32\svchost.exe[1180] @ C:\Windows\SYSTEM32\iphlpapi.dll [NSI.dll!NsiCancelChangeNotification] [7537213A] C:\Windows\system32\NSI.dll (NSI User-mode interface DLL/Microsoft Corporation)
IAT C:\Windows\system32\svchost.exe[1180] @ C:\Windows\SYSTEM32\iphlpapi.dll [NSI.dll!NsiSetAllPersistentParametersWithMask] [753729D1] C:\Windows\system32\NSI.dll (NSI User-mode interface DLL/Microsoft Corporation)
IAT C:\Program Files\iTunes\iTunesHelper.exe[3472] @ C:\Windows\system32\ole32.dll [GDI32.dll!SelectPalette] [70B20D2C] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\iTunes\iTunesHelper.exe[3472] @ C:\Windows\system32\ole32.dll [GDI32.dll!CreateCompatibleDC] [70B20C6E] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\iTunes\iTunesHelper.exe[3472] @ C:\Windows\system32\ole32.dll [GDI32.dll!GetDeviceCaps] [70B20951] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\iTunes\iTunesHelper.exe[3472] @ C:\Windows\system32\ole32.dll [GDI32.dll!RealizePalette] [70B20FAE] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\iTunes\iTunesHelper.exe[3472] @ C:\Windows\system32\ole32.dll [GDI32.dll!CreateDIBitmap] [70B20F52] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\iTunes\iTunesHelper.exe[3472] @ C:\Windows\system32\ole32.dll [GDI32.dll!CreateDIBSection] [70B20CBA] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\iTunes\iTunesHelper.exe[3472] @ C:\Windows\system32\ole32.dll [GDI32.dll!BitBlt] [70B20CA2] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\iTunes\iTunesHelper.exe[3472] @ C:\Windows\system32\ole32.dll [GDI32.dll!CreateBitmap] [70B20F0D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\iTunes\iTunesHelper.exe[3472] @ C:\Windows\system32\ole32.dll [GDI32.dll!GetPaletteEntries] [70B20D14] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\iTunes\iTunesHelper.exe[3472] @ C:\Windows\system32\ole32.dll [GDI32.dll!CreatePalette] [70B20F96] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\iTunes\iTunesHelper.exe[3472] @ C:\Windows\system32\ole32.dll [GDI32.dll!CreateCompatibleBitmap] [70B20C43] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\iTunes\iTunesHelper.exe[3472] @ C:\Windows\system32\ole32.dll [USER32.dll!GetWindowLongW] [70B218F5] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\iTunes\iTunesHelper.exe[3472] @ C:\Windows\system32\ole32.dll [USER32.dll!SetWindowLongW] [70B21925] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\iTunes\iTunesHelper.exe[3472] @ C:\Windows\system32\ole32.dll [USER32.dll!DestroyWindow] [70B20BE8] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\iTunes\iTunesHelper.exe[3472] @ C:\Windows\system32\ole32.dll [USER32.dll!ReleaseDC] [70B20988] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\iTunes\iTunesHelper.exe[3472] @ C:\Windows\system32\ole32.dll [USER32.dll!GetDC] [70B20ABF] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\iTunes\iTunesHelper.exe[3472] @ C:\Windows\system32\ole32.dll [USER32.dll!CallWindowProcW] [70B2193D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
---- Devices - GMER 2.1 ----
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Control\FVEStats@OsvSize 0x00 0x00 0xD0 0x3C ...
Reg HKLM\SYSTEM\CurrentControlSet\Control\FVEStats@OsvEncryptComplete 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Control\FVEStats@OsvEncryptInit 0x5B 0x58 0x6B 0x2A ...
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed 258427376
---- EOF - GMER 2.1 ----
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:11:16 AM, on 7/21/2013
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v10.0 (10.00.9200.16537)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhostex.exe
C:\Windows\system32\DialogFilter.exe
C:\Windows\system32\rundll32.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Hi\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
--
End of file - 3230 bytes
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 10.0.9200.16537
Run by jo at 8:12:03 on 2013-07-21
Microsoft Windows Embedded 8 Industry Pro 6.2.9200.0.1252.1.1033.18.2030.1345 [GMT -7:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\dwm.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\taskhostex.exe
C:\Windows\system32\DialogFilter.exe
C:\Windows\system32\rundll32.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wlms\wlms-emb.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{F6AE712C-3121-4016-B0B0-54E549CEDF1E} : DHCPNameServer = 192.168.1.1
SSODL: WebCheck - <orphaned>
LSA: Security Packages = kerberos msv1_0 schannel wdigest pku2u tspkg livessp
mASetup: {A6EADE66-0000-0000-484E-7E8A45000000} - "c:\windows\system32\rundll32.exe" "c:\program files\adobe\reader 11.0\esl\AiodLite.dll",CreateReaderUserSettings
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\jo\appdata\roaming\mozilla\firefox\profiles\77709tkw.default\
FF - ExtSQL: 2013-06-23 07:24; {73a6fe31-595d-460b-a920-fcc0f8843232}; c:\users\jo\appdata\roaming\mozilla\firefox\profiles\77709tkw.default\exten sions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-6-24 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-6-24 175176]
R0 kbldfltr;kbldfltr;c:\windows\system32\drivers\kbldfltr.sys [2013-3-27 18032]
R0 uwfreg;Unified Write Filter Registry Redirector;c:\windows\system32\drivers\uwfreg.sys [2013-3-27 43240]
R0 uwfs;Unified Write Filter File Redirector;c:\windows\system32\drivers\uwfs.sys [2013-3-27 34536]
R0 uwfvol;Unified Write Filter Volume Manager;c:\windows\system32\drivers\uwfvol.sys [2013-3-27 61160]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-6-24 770344]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-6-24 369584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-6-24 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-6-24 66336]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-6-24 46808]
R2 DialogFilter;Dialog Box Filter;c:\windows\system32\svchost.exe -k netsvcs [2013-3-27 23040]
R2 KeyboardFilter;Keyboard Filter;c:\windows\system32\svchost.exe -k netsvcs [2013-3-27 23040]
R2 WLMS;Windows Embedded Licensing Monitoring Service;c:\windows\system32\wlms\wlms-emb.exe [2013-6-22 29848]
S3 netvsc;netvsc;c:\windows\system32\drivers\netvsc63.sys [2013-3-27 68608]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S4 EmbProvSvc;EmbProvSvc;c:\windows\system32\dism\EmbProvSvc.exe [2013-3-27 69632]
S4 POSPerformanceCounters;Point Of Service Performance Counters;c:\program files\microsoft point of service\Microsoft.PointOfService.Service.exe [2008-2-29 42056]
S4 UwfServicingSvc;Unified Write Filter Servicing Helper Service;system32\UwfServicingSvc.exe --> system32\UwfServicingSvc.exe [?]
.
=============== Created Last 30 ================
.
2013-07-20 01:47:32 -------- d-----w- c:\users\jo\appdata\local\WinZip
2013-07-20 01:46:16 -------- d-----w- c:\program files\Vuze
2013-07-17 10:33:06 252080 ----a-w- c:\programdata\microsoft\windows\sqm\manifest\Sqm10210.bin
2013-07-16 18:28:06 -------- d-----w- c:\program files\VideoLAN
2013-07-14 10:00:53 -------- d-----w- c:\windows\system32\MRT
2013-07-13 21:54:09 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2013-07-13 21:53:16 -------- d-----w- c:\program files\iPod
2013-07-13 21:53:15 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-07-13 21:53:15 -------- d-----w- c:\program files\iTunes
2013-07-13 21:52:40 -------- d-----w- c:\users\jo\appdata\local\Apple
2013-07-13 21:52:04 -------- d-----w- c:\program files\Bonjour
2013-07-10 13:07:26 -------- d-----w- c:\users\jo\appdata\local\Adobe
2013-07-10 04:05:06 2877440 ----a-w- c:\windows\system32\jscript9.dll
2013-07-10 04:05:05 1767936 ----a-w- c:\windows\system32\wininet.dll
2013-07-10 04:05:04 235520 ----a-w- c:\program files\internet explorer\IEShims.dll
2013-07-10 04:05:03 817664 ----a-w- c:\program files\common files\microsoft shared\vgx\VGX.dll
2013-07-10 04:03:59 104704 ----a-w- c:\windows\system32\drivers\dumpsd.sys
2013-07-10 04:03:58 67584 ----a-w- c:\windows\system32\MbaeParserTask.exe
2013-07-10 04:03:58 598528 ----a-w- c:\windows\system32\audiosrv.dll
2013-07-10 04:03:58 161792 ----a-w- c:\windows\system32\DeviceSetupManager.dll
2013-07-10 04:03:57 158720 ----a-w- c:\windows\system32\vdsutil.dll
2013-07-10 04:03:56 30208 ----a-w- c:\windows\system32\drivers\BthAvrcpTg.sys
2013-07-10 04:01:38 3389952 ----a-w- c:\windows\system32\win32k.sys
2013-07-10 04:00:33 18523648 ----a-w- c:\program files\common files\microsoft shared\microsoft camera codec pack\MicrosoftRawCodec.dll
2013-07-10 04:00:09 1421312 ----a-w- c:\windows\system32\DWrite.dll
2013-07-10 03:59:30 -------- d-----w- c:\program files\OverDrive Media Console
2013-06-24 11:29:48 52224 ----a-w- c:\windows\system32\appinfo.dll
2013-06-24 11:29:48 104680 ----a-w- c:\windows\system32\consent.exe
2013-06-24 11:28:30 84992 ----a-w- c:\windows\system32\wbem\PolicMan.dll
2013-06-24 11:28:30 82944 ----a-w- c:\windows\system32\dskquota.dll
2013-06-24 11:28:24 929792 ----a-w- c:\windows\system32\mfnetsrc.dll
2013-06-24 11:28:24 568832 ----a-w- c:\windows\system32\mfnetcore.dll
2013-06-24 11:28:23 513024 ----a-w- c:\windows\system32\mfmpeg2srcsnk.dll
2013-06-24 11:27:52 319208 ----a-w- c:\windows\system32\halmacpi.dll
2013-06-24 11:26:18 1226752 ----a-w- c:\windows\system32\Windows.UI.Immersive.dll
2013-06-24 11:24:44 1229576 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-06-24 11:24:14 847360 ----a-w- c:\windows\system32\reseteng.dll
2013-06-24 11:24:14 375808 ----a-w- c:\windows\system32\ReAgent.dll
2013-06-24 11:22:53 2382336 ----a-w- c:\windows\system32\esent.dll
2013-06-24 11:20:48 6144 ----a-w- c:\windows\system32\KBDKURD.DLL
2013-06-24 11:19:10 -------- d--h--w- c:\programdata\Common Files
2013-06-24 11:19:10 -------- d-----w- c:\users\jo\appdata\local\MFAData
2013-06-24 11:19:10 -------- d-----w- c:\users\jo\appdata\local\Avg2013
2013-06-24 11:19:10 -------- d-----w- c:\programdata\MFAData
2013-06-24 11:18:29 24064 ----a-w- c:\windows\system32\ReAgentc.exe
2013-06-24 11:18:26 35328 ----a-w- c:\windows\system32\atmlib.dll
2013-06-24 11:18:26 300032 ----a-w- c:\windows\system32\atmfd.dll
2013-06-24 11:18:19 330752 ----a-w- c:\windows\system32\sppwinob.dll
2013-06-24 11:16:53 793088 ----a-w- c:\windows\system32\autochk.exe
2013-06-24 11:16:53 482816 ----a-w- c:\windows\system32\untfs.dll
2013-06-24 11:16:52 1075200 ----a-w- c:\windows\system32\gdi32.dll
2013-06-24 11:15:22 271080 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2013-06-24 11:15:15 60416 ----a-w- c:\windows\system32\wwanprotdim.dll
2013-06-24 11:15:12 74240 ----a-w- c:\windows\system32\newdev.exe
2013-06-24 11:15:12 275968 ----a-w- c:\windows\system32\newdev.dll
2013-06-24 11:15:11 73728 ----a-w- c:\windows\system32\ndadmin.exe
2013-06-24 11:14:45 640000 ----a-w- c:\windows\system32\drivers\http.sys
2013-06-24 11:14:25 50784 ----a-w- c:\programdata\microsoft\windowsfiltering\sqm\manifest\Sqm3.bin
2013-06-24 11:14:22 17536 ----a-w- c:\programdata\microsoft\windowssampling\sqm\manifest\Sqm3.bin
2013-06-24 11:14:16 7068072 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{dbd1b20c-7282-49fc-8729-e75b13462a4e}\mpengine.dll
2013-06-23 14:45:20 7068072 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll
2013-06-23 14:45:12 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-06-23 14:34:42 503808 ----a-w- c:\windows\system32\win32spl.dll
2013-06-23 14:23:34 -------- d-----w- c:\users\jo\appdata\local\Mozilla
2013-06-23 14:18:42 -------- d-----w- c:\program files\Mozilla Maintenance Service
2013-06-23 01:52:55 -------- d-----w- c:\windows\system32\winrm
2013-06-23 01:52:55 -------- d-----w- c:\windows\system32\slmgr
2013-06-23 01:52:55 -------- d-----w- c:\windows\system32\en
2013-06-23 01:52:55 -------- d-----w- c:\windows\system32\drivers\umdf\en-US
2013-06-23 01:52:55 -------- d-----w- c:\windows\system32\0409
2013-06-23 01:52:55 -------- d-----w- c:\windows\en-US
2013-06-23 01:52:55 -------- d-----w- c:\windows\DigitalLocker
2013-06-23 01:52:52 -------- d-----w- c:\windows\system32\WCN
2013-06-23 01:52:52 -------- d-----w- c:\windows\system32\Printing_Admin_Scripts
2013-06-23 01:49:33 -------- d-----w- c:\windows\Panther
2013-06-23 01:14:47 -------- d-----w- c:\windows\system32\wlms
2013-06-23 01:03:20 -------- d-sh--we c:\programdata\Documents
2013-06-23 01:03:20 -------- d-sh--we C:\Documents and Settings
2013-06-23 01:00:43 0 ----a-w- c:\windows\ativpsrm.bin
.
==================== Find3M ====================
.
2013-06-29 16:11:14 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-06-29 16:11:14 175176 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-06-16 22:33:43 816896 ----a-w- c:\windows\system32\drivers\ndis.sys
2013-06-01 10:24:46 2106176 ----a-w- c:\windows\explorer.exe
2013-06-01 10:09:24 158976 ----a-w- c:\windows\system32\drivers\sdbus.sys
2013-06-01 09:50:13 1800960 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-06-01 09:42:14 268032 ----a-w- c:\windows\system32\drivers\USBXHCI.SYS
2013-06-01 09:42:11 180480 ----a-w- c:\windows\system32\drivers\UCX01000.SYS
2013-06-01 09:41:30 281344 ----a-w- c:\windows\system32\drivers\volsnap.sys
2013-06-01 09:41:28 5573376 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-06-01 09:26:14 581120 ----a-w- c:\windows\system32\vds.exe
2013-06-01 09:25:52 372224 ----a-w- c:\windows\system32\wwansvc.dll
2013-06-01 09:25:52 364544 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-06-01 09:25:05 67584 ----a-w- c:\windows\system32\samlib.dll
2013-06-01 09:25:05 550400 ----a-w- c:\windows\system32\samsrv.dll
2013-06-01 09:25:03 496640 ----a-w- c:\windows\system32\qedit.dll
2013-06-01 09:24:19 493056 ----a-w- c:\windows\system32\mscms.dll
2013-06-01 09:24:09 850944 ----a-w- c:\windows\system32\mfasfsrcsnk.dll
2013-06-01 09:24:09 1453568 ----a-w- c:\windows\system32\mfcore.dll
2013-06-01 09:23:46 1842176 ----a-w- c:\windows\system32\dwmcore.dll
2013-05-24 22:08:56 939448 ----a-w- c:\windows\system32\winresume.exe
2013-05-24 22:08:56 1035512 ----a-w- c:\windows\system32\winresume.efi
2013-05-24 22:08:55 1166232 ----a-w- c:\windows\system32\winload.efi
2013-05-24 22:08:55 1063960 ----a-w- c:\windows\system32\winload.exe
2013-05-15 22:37:03 44032 ----a-w- c:\windows\system32\UXInit.dll
2013-05-14 09:23:31 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-05-09 08:59:10 61680 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-05-09 08:59:10 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-05-09 08:59:09 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-05-09 08:58:37 41664 ----a-w- c:\windows\avastSS.scr
2013-05-04 05:54:28 103176 ----a-w- c:\windows\system32\AuthHost.exe
2013-05-04 05:20:57 362240 ----a-w- c:\windows\system32\drivers\USBHUB3.SYS
2013-05-04 05:20:54 238336 ----a-w- c:\windows\system32\drivers\spaceport.sys
2013-05-04 04:58:34 34304 ----a-w- c:\windows\system32\wuapp.exe
2013-05-04 04:58:31 1150976 ----a-w- c:\windows\system32\VSSVC.exe
2013-05-04 04:58:14 758784 ----a-w- c:\windows\system32\Magnify.exe
2013-05-04 04:58:02 83968 ----a-w- c:\windows\system32\wudriver.dll
2013-05-04 04:58:02 215040 ----a-w- c:\windows\system32\WUSettingsProvider.dll
2013-05-04 04:58:02 1555456 ----a-w- c:\windows\system32\wucltux.dll
2013-05-04 04:58:02 125952 ----a-w- c:\windows\system32\wuwebv.dll
2013-05-04 04:57:58 2620928 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-05-04 04:57:49 10788864 ----a-w- c:\windows\system32\Windows.UI.Xaml.dll
2013-05-04 04:57:39 8857088 ----a-w- c:\windows\system32\twinui.dll
2013-05-04 04:57:39 247296 ----a-w- c:\windows\system32\ubpm.dll
2013-05-04 04:57:36 1049600 ----a-w- c:\windows\system32\sysmain.dll
2013-05-04 04:57:35 303616 ----a-w- c:\windows\system32\stobject.dll
2013-05-04 04:57:23 73728 ----a-w- c:\windows\system32\psmsrv.dll
2013-05-04 04:57:16 18432 ----a-w- c:\windows\system32\npmproxy.dll
2013-05-04 04:57:04 371200 ----a-w- c:\windows\system32\netprofmsvc.dll
2013-05-04 04:57:04 151040 ----a-w- c:\windows\system32\netplwiz.dll
2013-05-04 04:57:04 115712 ----a-w- c:\windows\system32\netprofm.dll
2013-05-04 04:57:02 14336 ----a-w- c:\windows\system32\muifontsetup.dll
2013-05-04 04:56:48 411136 ----a-w- c:\windows\system32\mfmp4srcsnk.dll
2013-05-04 04:56:35 582144 ----a-w- c:\windows\system32\gpprefcl.dll
2013-05-04 04:56:14 449536 ----a-w- c:\windows\system32\DevicePairing.dll
2013-05-04 04:56:06 92160 ----a-w- c:\windows\system32\biwinrt.dll
2013-05-04 04:56:05 309760 ----a-w- c:\windows\system32\BCP47Langs.dll
2013-05-04 04:56:05 2035712 ----a-w- c:\windows\system32\authui.dll
2013-05-04 04:56:05 143360 ----a-w- c:\windows\system32\bisrv.dll
2013-05-04 04:56:02 975360 ----a-w- c:\windows\system32\AppXDeploymentServer.dll
2013-05-04 04:56:02 554496 ----a-w- c:\windows\system32\AppXDeploymentExtensions.dll
2013-05-04 04:55:58 389632 ----a-w- c:\windows\system32\intl.cpl
2013-05-04 04:10:47 14848 ----a-w- c:\windows\system32\rars.rs
2013-05-04 04:06:43 320512 ----a-w- c:\windows\system32\drivers\rdbss.sys
2013-04-23 23:13:53 1013248 ----a-w- c:\windows\system32\certutil.exe
2013-04-23 23:12:44 51712 ----a-w- c:\windows\system32\cryptsvc.dll
2013-04-23 23:12:44 1569792 ----a-w- c:\windows\system32\crypt32.dll
2013-04-23 23:12:44 109056 ----a-w- c:\windows\system32\cryptnet.dll
.
============= FINISH: 8:12:30.29 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows Embedded 8 Industry Pro
Boot Device: \Device\HarddiskVolume1
Install Date: 6/22/2013 6:14:59 PM
System Uptime: 7/21/2013 8:07:12 AM (0 hours ago)
.
Motherboard: Dell Inc. | | 0GM819
Processor: Intel(R) Core(TM)2 Duo CPU E6750 @ 2.66GHz | CPU | 2660/1333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 149 GiB total, 131.142 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: PCI Serial Port
Device ID: PCI\VEN_8086&DEV_29B7&SUBSYS_02111028&REV_02\3&172E68DD&0&1B
Manufacturer:
Name: PCI Serial Port
PNP Device ID: PCI\VEN_8086&DEV_29B7&SUBSYS_02111028&REV_02\3&172E68DD&0&1B
Service:
.
Class GUID:
Description: PCI Simple Communications Controller
Device ID: PCI\VEN_8086&DEV_29B4&SUBSYS_02111028&REV_02\3&172E68DD&0&18
Manufacturer:
Name: PCI Simple Communications Controller
PNP Device ID: PCI\VEN_8086&DEV_29B4&SUBSYS_02111028&REV_02\3&172E68DD&0&18
Service:
.
==== System Restore Points ===================
.
RP3: 7/4/2013 9:47:22 AM - Scheduled Checkpoint
RP4: 7/9/2013 8:58:48 PM - Installed OverDrive Media Console
RP5: 7/13/2013 2:52:42 PM - Installed iTunes
.
==== Installed Programs ======================
.
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.03)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
avast! Free Antivirus
Bonjour
iTunes
Microsoft POS for .NET 1.12
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Windows Embedded Keyboard Filter Database
Mozilla Firefox 22.0 (x86 en-US)
Mozilla Maintenance Service
OverDrive Media Console
VLC media player 2.0.7
Vuze
WinZip 17.0
.
==== Event Viewer Messages From Past Week ========
.
7/21/2013 8:07:19 AM, Error: Microsoft-Windows-Kernel-General [6] - An I/O operation initiated by the Registry failed unrecoverably.The Registry could not flush hive (file): ''.
7/21/2013 7:28:53 AM, Error: TPM [2] - The TPM self test command failed.
7/21/2013 7:28:53 AM, Error: TPM [15] - The device driver for the Trusted Platform Module (TPM) encountered a non-recoverable error in the TPM hardware, which prevents TPM services (such as data encryption) from being used. For further help, please contact the computer manufacturer.
7/15/2013 3:01:20 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800F020B: Western Digital Technologies - Other hardware - WD SES Device.
.
==== End Of File ===========================
GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-07-21 12:47:51
Windows 6.2.9200 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 ST3160023AS rev.3.05 149.05GB
Running: wtqe18z7.exe; Driver: C:\Users\jo\AppData\Local\Temp\pxldrpob.sys
---- System - GMER 2.1 ----
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwWriteVirtualMemory [0x8DEF976E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x8D83A80E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwUnloadDriver [0x8DEF7C42]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0x8D83BCF6]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwTerminateProcess [0x8DEF98EA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x8D83A556]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0x8D83C1C8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0x8D83C066]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x8D83A45C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x8D83A4CE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x8D83A2F8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0x8D83BD16]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x8D83A7A8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x8D83A742]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwReplyWaitReceivePortEx [0x8D83D22A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwReplyWaitReceivePort [0x8D8418B4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThreadEx [0x8D83C506]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x8D83C7F8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x8DEF9822]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x8D8470DC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0x8D83F26E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x8D846EF6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x8D847036]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0x8D83EE78]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x8D846EAC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x8D847122]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x8D846F86]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x8D846F42]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x8D83C92C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x8D83F98C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x8D83A6DC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0x8DEF7C12]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x8DEF96C2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0x8D83F596]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x8D83A676]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0x8D83BE9C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x8D8470B8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThreadEx [0x8D83B800]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0x8D83B5E4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x8D846ECE]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0x8DEF9992]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x8D846E86]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x8D8470FE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x8D846F64]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x8D846F18]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0x8D83B0E6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAlpcSendWaitReceivePort [0x8D83D256]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x8DEF95FA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x8D83A610]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8DF12E00]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Kernel code sections - GMER 2.1 ----
.text ntoskrnl.exe!ZwCallbackReturn + 16C 818D5E78 12 Bytes [56, A5, 83, 8D, C8, C1, 83, ...]
.text ntoskrnl.exe!ZwCallbackReturn + 604 818D6310 12 Bytes [B8, 70, 84, 8D, 00, B8, 83, ...]
.text ntoskrnl.exe!ZwReplacePartitionUnit + 26B1 8194BAB5 1 Byte [06]
.text ntoskrnl.exe!KiDispatchInterrupt + 66A 8195039A 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
PAGE ntoskrnl.exe!ObInsertObject + 347 81A4BE55 5 Bytes JMP 8DF117CC \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ObMakeTemporaryObject 81B22BB6 5 Bytes JMP 8DF0FC9A \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ZwCreateProcessEx 81BCC593 2 Bytes JMP 8DF12E04 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ZwCreateProcessEx + 3 81BCC596 4 Bytes [34, 0C, CC, CC] {XOR AL, 0xc; INT 3 ; INT 3 }
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8FC01000, 0x2BFDB0, 0xE8000020]
? C:\Users\jo\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !
---- User code sections - GMER 2.1 ----
.text C:\Windows\system32\wininit.exe[564] KERNEL32.DLL!GetBinaryTypeW + 6F 76CDDDE0 1 Byte [62]
.text C:\Windows\system32\csrss.exe[572] kernel32.dll!GetBinaryTypeW + 6F 76CDDDE0 1 Byte [62]
.text C:\Windows\system32\winlogon.exe[616] KERNEL32.DLL!GetBinaryTypeW + 6F 76CDDDE0 1 Byte [62]
.text C:\Windows\system32\services.exe[660] KERNEL32.DLL!GetBinaryTypeW + 6F 76CDDDE0 1 Byte [62]
.text C:\Windows\system32\lsass.exe[668] KERNEL32.DLL!GetBinaryTypeW + 6F 76CDDDE0 1 Byte [62]
.text C:\Users\Hi\Desktop\wtqe18z7.exe[748] ntdll.dll!LdrUnloadDll 773D2029 5 Bytes JMP 002003FC
.text C:\Users\Hi\Desktop\wtqe18z7.exe[748] ntdll.dll!LdrLoadDll 773E5D29 5 Bytes JMP 002001F8
.text C:\Users\Hi\Desktop\wtqe18z7.exe[748] KERNEL32.dll!GetBinaryTypeW + 6F 76CDDDE0 1 Byte [62]
.text C:\Users\Hi\Desktop\wtqe18z7.exe[748] USER32.dll!UnhookWindowsHookEx 76A3A37A 5 Bytes JMP 00230A08
.text C:\Users\Hi\Desktop\wtqe18z7.exe[748] USER32.dll!SetWindowsHookExW 76A3F223 5 Bytes JMP 00230804
.text C:\Users\Hi\Desktop\wtqe18z7.exe[748] USER32.dll!UnhookWinEvent 76A3FE7F 5 Bytes JMP 002303FC
.text C:\Users\Hi\Desktop\wtqe18z7.exe[748] USER32.dll!SetWinEventHook 76A4938E 5 Bytes JMP 002301F8
.text C:\Users\Hi\Desktop\wtqe18z7.exe[748] USER32.dll!SetWindowsHookExA 76A56F76 5 Bytes JMP 00230600
.text C:\Windows\System32\svchost.exe[880] KERNEL32.DLL!GetBinaryTypeW + 6F 76CDDDE0 1 Byte [62]
.text C:\Windows\system32\dwm.exe[928] KERNEL32.DLL!GetBinaryTypeW + 6F 76CDDDE0 1 Byte [62]
.text C:\Windows\system32\svchost.exe[940] KERNEL32.DLL!GetBinaryTypeW + 6F 76CDDDE0 1 Byte [62]
.text C:\Windows\system32\svchost.exe[992] KERNEL32.DLL!GetBinaryTypeW + 6F 76CDDDE0 1 Byte [62]
.text C:\Windows\System32\svchost.exe[1048] KERNEL32.DLL!GetBinaryTypeW + 6F 76CDDDE0 1 Byte [62]
.text ...
.text C:\Windows\Explorer.EXE[2340] ntdll.dll!LdrUnloadDll 773D2029 5 Bytes JMP 00C803FC
.text C:\Windows\Explorer.EXE[2340] ntdll.dll!LdrLoadDll 773E5D29 5 Bytes JMP 00C801F8
.text C:\Windows\Explorer.EXE[2340] USER32.dll!UnhookWindowsHookEx 76A3A37A 5 Bytes JMP 00CB0A08
.text C:\Windows\Explorer.EXE[2340] USER32.dll!SetWindowsHookExW 76A3F223 5 Bytes JMP 00CB0804
.text C:\Windows\Explorer.EXE[2340] USER32.dll!UnhookWinEvent 76A3FE7F 5 Bytes JMP 00CB03FC
.text C:\Windows\Explorer.EXE[2340] USER32.dll!SetWinEventHook 76A4938E 5 Bytes JMP 00CB01F8
.text C:\Windows\Explorer.EXE[2340] USER32.dll!SetWindowsHookExA 76A56F76 5 Bytes JMP 00CB0600
.text C:\Windows\system32\svchost.exe[2452] ntdll.dll!LdrUnloadDll 773D2029 5 Bytes JMP 00A903FC
.text C:\Windows\system32\svchost.exe[2452] ntdll.dll!LdrLoadDll 773E5D29 5 Bytes JMP 00A901F8
.text C:\Windows\system32\svchost.exe[2452] user32.dll!UnhookWindowsHookEx 76A3A37A 5 Bytes JMP 00C30A08
.text C:\Windows\system32\svchost.exe[2452] user32.dll!SetWindowsHookExW 76A3F223 5 Bytes JMP 00C30804
.text C:\Windows\system32\svchost.exe[2452] user32.dll!UnhookWinEvent 76A3FE7F 5 Bytes JMP 00C303FC
.text C:\Windows\system32\svchost.exe[2452] user32.dll!SetWinEventHook 76A4938E 5 Bytes JMP 00C301F8
.text C:\Windows\system32\svchost.exe[2452] user32.dll!SetWindowsHookExA 76A56F76 5 Bytes JMP 00C30600
.text C:\Windows\system32\SearchIndexer.exe[3032] ntdll.dll!LdrUnloadDll 773D2029 5 Bytes JMP 007103FC
.text C:\Windows\system32\SearchIndexer.exe[3032] ntdll.dll!LdrLoadDll 773E5D29 5 Bytes JMP 007101F8
.text C:\Windows\system32\SearchIndexer.exe[3032] KERNEL32.dll!GetBinaryTypeW + 6F 76CDDDE0 1 Byte [62]
.text C:\Windows\system32\SearchIndexer.exe[3032] USER32.dll!UnhookWindowsHookEx 76A3A37A 5 Bytes JMP 00740A08
.text C:\Windows\system32\SearchIndexer.exe[3032] USER32.dll!SetWindowsHookExW 76A3F223 5 Bytes JMP 00740804
.text C:\Windows\system32\SearchIndexer.exe[3032] USER32.dll!UnhookWinEvent 76A3FE7F 5 Bytes JMP 007403FC
.text C:\Windows\system32\SearchIndexer.exe[3032] USER32.dll!SetWinEventHook 76A4938E 5 Bytes JMP 007401F8
.text C:\Windows\system32\SearchIndexer.exe[3032] USER32.dll!SetWindowsHookExA 76A56F76 5 Bytes JMP 00740600
.text C:\Windows\system32\wlms\wlms-emb.exe[3124] ntdll.dll!LdrUnloadDll 773D2029 5 Bytes JMP 004A03FC
.text C:\Windows\system32\wlms\wlms-emb.exe[3124] ntdll.dll!LdrLoadDll 773E5D29 5 Bytes JMP 004A01F8
.text C:\Program Files\iTunes\iTunesHelper.exe[3472] ntdll.dll!LdrUnloadDll 773D2029 5 Bytes JMP 00E103FC
.text C:\Program Files\iTunes\iTunesHelper.exe[3472] ntdll.dll!LdrLoadDll 773E5D29 5 Bytes JMP 00E101F8
.text C:\Program Files\iTunes\iTunesHelper.exe[3472] USER32.dll!UnhookWindowsHookEx 76A3A37A 5 Bytes JMP 00E40A08
.text C:\Program Files\iTunes\iTunesHelper.exe[3472] USER32.dll!SetWindowsHookExW 76A3F223 5 Bytes JMP 00E40804
.text C:\Program Files\iTunes\iTunesHelper.exe[3472] USER32.dll!UnhookWinEvent 76A3FE7F 5 Bytes JMP 00E403FC
.text C:\Program Files\iTunes\iTunesHelper.exe[3472] USER32.dll!SetWinEventHook 76A4938E 5 Bytes JMP 00E401F8
.text C:\Program Files\iTunes\iTunesHelper.exe[3472] USER32.dll!SetWindowsHookExA 76A56F76 5 Bytes JMP 00E40600
.text C:\Program Files\iPod\bin\iPodService.exe[3584] ntdll.dll!LdrUnloadDll 773D2029 5 Bytes JMP 005703FC
.text C:\Program Files\iPod\bin\iPodService.exe[3584] ntdll.dll!LdrLoadDll 773E5D29 5 Bytes JMP 005701F8
.text C:\Program Files\iPod\bin\iPodService.exe[3584] KERNEL32.dll!GetBinaryTypeW + 6F 76CDDDE0 1 Byte [62]
.text C:\Program Files\iPod\bin\iPodService.exe[3584] USER32.dll!UnhookWindowsHookEx 76A3A37A 5 Bytes JMP 00590A08
.text C:\Program Files\iPod\bin\iPodService.exe[3584] USER32.dll!SetWindowsHookExW 76A3F223 5 Bytes JMP 00590804
.text C:\Program Files\iPod\bin\iPodService.exe[3584] USER32.dll!UnhookWinEvent 76A3FE7F 5 Bytes JMP 005903FC
.text C:\Program Files\iPod\bin\iPodService.exe[3584] USER32.dll!SetWinEventHook 76A4938E 5 Bytes JMP 005901F8
.text C:\Program Files\iPod\bin\iPodService.exe[3584] USER32.dll!SetWindowsHookExA 76A56F76 5 Bytes JMP 00590600
.text C:\Program Files\Mozilla Firefox\firefox.exe[3752] ntdll.dll!LdrUnloadDll 773D2029 5 Bytes JMP 008303FC
.text C:\Program Files\Mozilla Firefox\firefox.exe[3752] ntdll.dll!LdrLoadDll 773E5D29 5 Bytes JMP 65A8EEB0 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3752] KERNEL32.dll!InterlockedExchange + 11 76CC153B 7 Bytes JMP 6609979B C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3752] KERNEL32.dll!GetStdHandle + C 76CC1B37 7 Bytes JMP 66099778 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3752] KERNEL32.dll!CreateProcessW + 69 76CC4798 7 Bytes JMP 65A94CE9 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3752] KERNEL32.dll!GetBinaryTypeW + 6F 76CDDDE0 1 Byte [62]
.text C:\Program Files\Mozilla Firefox\firefox.exe[3752] USER32.dll!UnhookWindowsHookEx 76A3A37A 5 Bytes JMP 00840A08
.text C:\Program Files\Mozilla Firefox\firefox.exe[3752] USER32.dll!SetWindowsHookExW 76A3F223 5 Bytes JMP 00840804
.text C:\Program Files\Mozilla Firefox\firefox.exe[3752] USER32.dll!UnhookWinEvent 76A3FE7F 5 Bytes JMP 008403FC
.text C:\Program Files\Mozilla Firefox\firefox.exe[3752] USER32.dll!SetWinEventHook 76A4938E 5 Bytes JMP 008401F8
.text C:\Program Files\Mozilla Firefox\firefox.exe[3752] USER32.dll!SetWindowsHookExA 76A56F76 5 Bytes JMP 00840600
.text C:\Program Files\Mozilla Firefox\firefox.exe[3752] GDI32.dll!SetWindowOrgEx + 3C7 765A8C9D 7 Bytes JMP 660996F9 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
---- User IAT/EAT - GMER 2.1 ----
IAT C:\Users\Hi\Desktop\wtqe18z7.exe[748] @ C:\Windows\system32\KERNEL32.dll [ntdll.dll!NtSetValueKey] [70B19925] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\Hi\Desktop\wtqe18z7.exe[748] @ C:\Windows\system32\KERNEL32.dll [ntdll.dll!NtSetInformationFile] [70B034CF] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\Hi\Desktop\wtqe18z7.exe[748] @ C:\Windows\system32\KERNEL32.dll [ntdll.dll!NtCreateFile] [70B212A3] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\Hi\Desktop\wtqe18z7.exe[748] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!NtSetValueKey] [70B19925] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\Hi\Desktop\wtqe18z7.exe[748] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!NtCreateFile] [70B212A3] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\Hi\Desktop\wtqe18z7.exe[748] @ C:\Windows\system32\USER32.dll [ntdll.dll!NtSetValueKey] [70B19925] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\Hi\Desktop\wtqe18z7.exe[748] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!NtSetInformationFile] [70B034CF] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\Hi\Desktop\wtqe18z7.exe[748] @ C:\Windows\system32\shell32.dll [USER32.dll!CallNextHookEx] [70B03537] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\Hi\Desktop\wtqe18z7.exe[748] @ C:\Windows\system32\shell32.dll [USER32.dll!SetWindowsHookExW] [70B5C5DF] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\Hi\Desktop\wtqe18z7.exe[748] @ C:\Windows\system32\shell32.dll [ntdll.dll!NtSetInformationFile] [70B034CF] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\Hi\Desktop\wtqe18z7.exe[748] @ C:\Windows\system32\shell32.dll [ntdll.dll!NtCreateFile] [70B212A3] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\Hi\Desktop\wtqe18z7.exe[748] @ C:\Windows\system32\ole32.dll [ntdll.dll!NtSetInformationFile] [70B034CF] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\Hi\Desktop\wtqe18z7.exe[748] @ C:\Windows\system32\ole32.dll [ntdll.dll!NtCreateFile] [70B212A3] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\Hi\Desktop\wtqe18z7.exe[748] @ C:\Windows\system32\ole32.dll [USER32.dll!GetWindowThreadProcessId] [70B5CCAF] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\Hi\Desktop\wtqe18z7.exe[748] @ C:\Windows\system32\ole32.dll [USER32.dll!MessageBoxW] [70B5DE9C] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\Hi\Desktop\wtqe18z7.exe[748] @ C:\Windows\system32\ole32.dll [USER32.dll!CallNextHookEx] [70B03537] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\Hi\Desktop\wtqe18z7.exe[748] @ C:\Windows\system32\ole32.dll [USER32.dll!SetWindowsHookExW] [70B5C5DF] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\Hi\Desktop\wtqe18z7.exe[748] @ C:\Windows\SYSTEM32\IPHLPAPI.DLL [ntdll.dll!NtCreateFile] [70B212A3] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\svchost.exe[1180] @ C:\Windows\system32\WS2_32.dll [NSI.dll!NsiGetAllParameters] [753715F0] C:\Windows\system32\NSI.dll (NSI User-mode interface DLL/Microsoft Corporation)
IAT C:\Windows\system32\svchost.exe[1180] @ C:\Windows\system32\WS2_32.dll [NSI.dll!NsiGetParameter] [75371720] C:\Windows\system32\NSI.dll (NSI User-mode interface DLL/Microsoft Corporation)
IAT C:\Windows\system32\svchost.exe[1180] @ C:\Windows\system32\WS2_32.dll [NSI.dll!NsiSetAllParameters] [75371E3F] C:\Windows\system32\NSI.dll (NSI User-mode interface DLL/Microsoft Corporation)
IAT C:\Windows\system32\svchost.exe[1180] @ C:\Windows\SYSTEM32\iphlpapi.dll [NSI.dll!NsiGetAllParameters] [753715F0] C:\Windows\system32\NSI.dll (NSI User-mode interface DLL/Microsoft Corporation)
IAT C:\Windows\system32\svchost.exe[1180] @ C:\Windows\SYSTEM32\iphlpapi.dll [NSI.dll!NsiAllocateAndGetTable] [75371879] C:\Windows\system32\NSI.dll (NSI User-mode interface DLL/Microsoft Corporation)
IAT C:\Windows\system32\svchost.exe[1180] @ C:\Windows\SYSTEM32\iphlpapi.dll [NSI.dll!NsiFreeTable] [75371B3C] C:\Windows\system32\NSI.dll (NSI User-mode interface DLL/Microsoft Corporation)
IAT C:\Windows\system32\svchost.exe[1180] @ C:\Windows\SYSTEM32\iphlpapi.dll [NSI.dll!NsiEnumerateObjectsAllParameters] [75371415] C:\Windows\system32\NSI.dll (NSI User-mode interface DLL/Microsoft Corporation)
IAT C:\Windows\system32\svchost.exe[1180] @ C:\Windows\SYSTEM32\iphlpapi.dll [NSI.dll!NsiSetParameter] [75372220] C:\Windows\system32\NSI.dll (NSI User-mode interface DLL/Microsoft Corporation)
IAT C:\Windows\system32\svchost.exe[1180] @ C:\Windows\SYSTEM32\iphlpapi.dll [NSI.dll!NsiGetParameter] [75371720] C:\Windows\system32\NSI.dll (NSI User-mode interface DLL/Microsoft Corporation)
IAT C:\Windows\system32\svchost.exe[1180] @ C:\Windows\SYSTEM32\iphlpapi.dll [NSI.dll!NsiSetAllParameters] [75371E3F] C:\Windows\system32\NSI.dll (NSI User-mode interface DLL/Microsoft Corporation)
IAT C:\Windows\system32\svchost.exe[1180] @ C:\Windows\SYSTEM32\iphlpapi.dll [NSI.dll!NsiRequestChangeNotification] [75371FDD] C:\Windows\system32\NSI.dll (NSI User-mode interface DLL/Microsoft Corporation)
IAT C:\Windows\system32\svchost.exe[1180] @ C:\Windows\SYSTEM32\iphlpapi.dll [NSI.dll!NsiCancelChangeNotification] [7537213A] C:\Windows\system32\NSI.dll (NSI User-mode interface DLL/Microsoft Corporation)
IAT C:\Windows\system32\svchost.exe[1180] @ C:\Windows\SYSTEM32\iphlpapi.dll [NSI.dll!NsiSetAllPersistentParametersWithMask] [753729D1] C:\Windows\system32\NSI.dll (NSI User-mode interface DLL/Microsoft Corporation)
IAT C:\Program Files\iTunes\iTunesHelper.exe[3472] @ C:\Windows\system32\ole32.dll [GDI32.dll!SelectPalette] [70B20D2C] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\iTunes\iTunesHelper.exe[3472] @ C:\Windows\system32\ole32.dll [GDI32.dll!CreateCompatibleDC] [70B20C6E] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\iTunes\iTunesHelper.exe[3472] @ C:\Windows\system32\ole32.dll [GDI32.dll!GetDeviceCaps] [70B20951] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\iTunes\iTunesHelper.exe[3472] @ C:\Windows\system32\ole32.dll [GDI32.dll!RealizePalette] [70B20FAE] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\iTunes\iTunesHelper.exe[3472] @ C:\Windows\system32\ole32.dll [GDI32.dll!CreateDIBitmap] [70B20F52] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\iTunes\iTunesHelper.exe[3472] @ C:\Windows\system32\ole32.dll [GDI32.dll!CreateDIBSection] [70B20CBA] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\iTunes\iTunesHelper.exe[3472] @ C:\Windows\system32\ole32.dll [GDI32.dll!BitBlt] [70B20CA2] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\iTunes\iTunesHelper.exe[3472] @ C:\Windows\system32\ole32.dll [GDI32.dll!CreateBitmap] [70B20F0D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\iTunes\iTunesHelper.exe[3472] @ C:\Windows\system32\ole32.dll [GDI32.dll!GetPaletteEntries] [70B20D14] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\iTunes\iTunesHelper.exe[3472] @ C:\Windows\system32\ole32.dll [GDI32.dll!CreatePalette] [70B20F96] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\iTunes\iTunesHelper.exe[3472] @ C:\Windows\system32\ole32.dll [GDI32.dll!CreateCompatibleBitmap] [70B20C43] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\iTunes\iTunesHelper.exe[3472] @ C:\Windows\system32\ole32.dll [USER32.dll!GetWindowLongW] [70B218F5] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\iTunes\iTunesHelper.exe[3472] @ C:\Windows\system32\ole32.dll [USER32.dll!SetWindowLongW] [70B21925] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\iTunes\iTunesHelper.exe[3472] @ C:\Windows\system32\ole32.dll [USER32.dll!DestroyWindow] [70B20BE8] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\iTunes\iTunesHelper.exe[3472] @ C:\Windows\system32\ole32.dll [USER32.dll!ReleaseDC] [70B20988] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\iTunes\iTunesHelper.exe[3472] @ C:\Windows\system32\ole32.dll [USER32.dll!GetDC] [70B20ABF] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\iTunes\iTunesHelper.exe[3472] @ C:\Windows\system32\ole32.dll [USER32.dll!CallWindowProcW] [70B2193D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
---- Devices - GMER 2.1 ----
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Control\FVEStats@OsvSize 0x00 0x00 0xD0 0x3C ...
Reg HKLM\SYSTEM\CurrentControlSet\Control\FVEStats@OsvEncryptComplete 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Control\FVEStats@OsvEncryptInit 0x5B 0x58 0x6B 0x2A ...
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed 258427376
---- EOF - GMER 2.1 ----