having trouble removing virtumonde [Archive]

Zeus42

2007-07-16, 14:15

Hi

I ran vudo fix and came up clean, then ran spybot and virtumonde was still there. Here is the report from GMER

GMER 1.0.13.12551 - http://www.gmer.net
Rootkit scan 2007-07-16 06:14:32
Windows 5.1.2600 Service Pack 2

---- System - GMER 1.0.13 ----

Code 865EB770 ZwCreateSection
Code 865E1E40 ZwDuplicateObject
Code 8652F1E0 ZwSetInformationFile
Code 865689C8 ZwSetSystemInformation
Code 865DCC18 ZwWriteFile
Code 865EB76F NtCreateSection
Code 865E1E3F NtDuplicateObject
Code 8652F1DF NtSetInformationFile
Code 865DCC17 NtWriteFile

---- Kernel code sections - GMER 1.0.13 ----

PAGE ntkrnlpa.exe!IoGetBootDiskInformation + 66F 8056AC95 7 Bytes JMP 8653B6DC
PAGE ntkrnlpa.exe!NtSetInformationFile 8056F398 5 Bytes JMP 8652F1E4
PAGE ntkrnlpa.exe!NtWriteFile 80571334 7 Bytes JMP 865DCC1C
PAGE ntkrnlpa.exe!NtCreateSection 8059F4EA 7 Bytes JMP 865EB774
PAGE ntkrnlpa.exe!ObCloseHandle + 17 805B09BB 7 Bytes JMP 86494A04
PAGE ntkrnlpa.exe!NtDuplicateObject 805B249C 7 Bytes JMP 865E1E44
PAGE ntkrnlpa.exe!ZwSetSystemInformation 80604932 5 Bytes JMP 865689CC
PAGE Fastfat.SYS B9912948 7 Bytes JMP 8663FE44
? C:\DOCUME~1\MICHAE~1\LOCALS~1\Temp\catchme.sys The system cannot find the file specified.
? C:\WINDOWS\system32\Drivers\PROCEXP90.SYS The system cannot find the file specified.

---- User code sections - GMER 1.0.13 ----

.text C:\WINDOWS\system32\csrss.exe[648] ntdll.dll!NtCreateProcess 7C90D754 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[648] ntdll.dll!NtCreateProcess + 4 7C90D758 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\csrss.exe[648] ntdll.dll!NtCreateProcessEx 7C90D769 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[648] ntdll.dll!NtCreateProcessEx + 4 7C90D76D 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\csrss.exe[648] ntdll.dll!NtResumeThread 7C90E45F 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[648] ntdll.dll!NtResumeThread + 4 7C90E463 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\csrss.exe[648] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[648] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\csrss.exe[648] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[648] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\csrss.exe[648] KERNEL32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\winlogon.exe[672] ntdll.dll!NtCreateProcess 7C90D754 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[672] ntdll.dll!NtCreateProcess + 4 7C90D758 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[672] ntdll.dll!NtCreateProcessEx 7C90D769 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[672] ntdll.dll!NtCreateProcessEx + 4 7C90D76D 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[672] ntdll.dll!NtResumeThread 7C90E45F 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[672] ntdll.dll!NtResumeThread + 4 7C90E463 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[672] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[672] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[672] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[672] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[672] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\services.exe[716] ntdll.dll!NtCreateProcess 7C90D754 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[716] ntdll.dll!NtCreateProcess + 4 7C90D758 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\services.exe[716] ntdll.dll!NtCreateProcessEx 7C90D769 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[716] ntdll.dll!NtCreateProcessEx + 4 7C90D76D 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\services.exe[716] ntdll.dll!NtResumeThread 7C90E45F 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[716] ntdll.dll!NtResumeThread + 4 7C90E463 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\services.exe[716] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[716] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\services.exe[716] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[716] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\services.exe[716] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\lsass.exe[728] ntdll.dll!NtCreateProcess 7C90D754 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[728] ntdll.dll!NtCreateProcess + 4 7C90D758 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\lsass.exe[728] ntdll.dll!NtCreateProcessEx 7C90D769 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[728] ntdll.dll!NtCreateProcessEx + 4 7C90D76D 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\lsass.exe[728] ntdll.dll!NtResumeThread 7C90E45F 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[728] ntdll.dll!NtResumeThread + 4 7C90E463 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\lsass.exe[728] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[728] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\lsass.exe[728] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[728] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\lsass.exe[728] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\svchost.exe[880] ntdll.dll!NtCreateProcess 7C90D754 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[880] ntdll.dll!NtCreateProcess + 4 7C90D758 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\svchost.exe[880] ntdll.dll!NtCreateProcessEx 7C90D769 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[880] ntdll.dll!NtCreateProcessEx + 4 7C90D76D 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\svchost.exe[880] ntdll.dll!NtResumeThread 7C90E45F 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[880] ntdll.dll!NtResumeThread + 4 7C90E463 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\svchost.exe[880] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[880] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\svchost.exe[880] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[880] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\svchost.exe[880] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\svchost.exe[936] ntdll.dll!NtCreateProcess 7C90D754 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[936] ntdll.dll!NtCreateProcess + 4 7C90D758 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\svchost.exe[936] ntdll.dll!NtCreateProcessEx 7C90D769 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[936] ntdll.dll!NtCreateProcessEx + 4 7C90D76D 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\svchost.exe[936] ntdll.dll!NtResumeThread 7C90E45F 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[936] ntdll.dll!NtResumeThread + 4 7C90E463 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\svchost.exe[936] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[936] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\svchost.exe[936] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[936] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\System32\svchost.exe[1028] ntdll.dll!NtCreateProcess 7C90D754 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1028] ntdll.dll!NtCreateProcess + 4 7C90D758 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1028] ntdll.dll!NtCreateProcessEx 7C90D769 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1028] ntdll.dll!NtCreateProcessEx + 4 7C90D76D 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1028] ntdll.dll!NtResumeThread 7C90E45F 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1028] ntdll.dll!NtResumeThread + 4 7C90E463 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1028] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1028] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1028] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1028] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 05, 5F ]

Zeus42

2007-07-16, 14:16

.text C:\WINDOWS\System32\svchost.exe[1028] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\svchost.exe[1084] ntdll.dll!NtCreateProcess 7C90D754 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1084] ntdll.dll!NtCreateProcess + 4 7C90D758 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1084] ntdll.dll!NtCreateProcessEx 7C90D769 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1084] ntdll.dll!NtCreateProcessEx + 4 7C90D76D 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1084] ntdll.dll!NtResumeThread 7C90E45F 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1084] ntdll.dll!NtResumeThread + 4 7C90E463 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1084] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1084] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1084] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1084] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1084] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\svchost.exe[1148] ntdll.dll!NtCreateProcess 7C90D754 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1148] ntdll.dll!NtCreateProcess + 4 7C90D758 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1148] ntdll.dll!NtCreateProcessEx 7C90D769 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1148] ntdll.dll!NtCreateProcessEx + 4 7C90D76D 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1148] ntdll.dll!NtResumeThread 7C90E45F 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1148] ntdll.dll!NtResumeThread + 4 7C90E463 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1148] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1148] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1148] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1148] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1148] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\spoolsv.exe[1596] ntdll.dll!NtCreateProcess 7C90D754 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[1596] ntdll.dll!NtCreateProcess + 4 7C90D758 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[1596] ntdll.dll!NtCreateProcessEx 7C90D769 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[1596] ntdll.dll!NtCreateProcessEx + 4 7C90D76D 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[1596] ntdll.dll!NtResumeThread 7C90E45F 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[1596] ntdll.dll!NtResumeThread + 4 7C90E463 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[1596] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[1596] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[1596] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[1596] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[1596] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe[1684] ntdll.dll!NtCreateProcess 7C90D754 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe[1684] ntdll.dll!NtCreateProcess + 4 7C90D758 2 Bytes [ 0E, 5F ]
.text C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe[1684] ntdll.dll!NtCreateProcessEx 7C90D769 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe[1684] ntdll.dll!NtCreateProcessEx + 4 7C90D76D 2 Bytes [ 11, 5F ]
.text C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe[1684] ntdll.dll!NtResumeThread 7C90E45F 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe[1684] ntdll.dll!NtResumeThread + 4 7C90E463 2 Bytes [ 14, 5F ]
.text C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe[1684] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe[1684] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 0B, 5F ]
.text C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe[1684] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe[1684] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 05, 5F ]
.text C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe[1684] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe[1708] ntdll.dll!NtCreateProcess 7C90D754 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe[1708] ntdll.dll!NtCreateProcess + 4 7C90D758 2 Bytes [ 0E, 5F ]
.text C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe[1708] ntdll.dll!NtCreateProcessEx 7C90D769 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe[1708] ntdll.dll!NtCreateProcessEx + 4 7C90D76D 2 Bytes [ 11, 5F ]
.text C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe[1708] ntdll.dll!NtResumeThread 7C90E45F 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe[1708] ntdll.dll!NtResumeThread + 4 7C90E463 2 Bytes [ 14, 5F ]
.text C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe[1708] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe[1708] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 0B, 5F ]
.text C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe[1708] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe[1708] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 05, 5F ]
.text C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe[1708] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe[1724] ntdll.dll!NtCreateProcess 7C90D754 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe[1724] ntdll.dll!NtCreateProcess + 4 7C90D758 2 Bytes [ 0E, 5F ]
.text C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe[1724] ntdll.dll!NtCreateProcessEx 7C90D769 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe[1724] ntdll.dll!NtCreateProcessEx + 4 7C90D76D 2 Bytes [ 11, 5F ]
.text C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe[1724] ntdll.dll!NtResumeThread 7C90E45F 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe[1724] ntdll.dll!NtResumeThread + 4 7C90E463 2 Bytes [ 14, 5F ]
.text C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe[1724] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe[1724] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 0B, 5F ]
.text C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe[1724] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe[1724] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 05, 5F ]
.text C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe[1724] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe[1772] ntdll.dll!NtCreateProcess 7C90D754 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe[1772] ntdll.dll!NtCreateProcess + 4 7C90D758 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe[1772] ntdll.dll!NtCreateProcessEx 7C90D769 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe[1772] ntdll.dll!NtCreateProcessEx + 4 7C90D76D 2 Bytes [ 11, 5F ]
.text C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe[1772] ntdll.dll!NtResumeThread 7C90E45F 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe[1772] ntdll.dll!NtResumeThread + 4 7C90E463 2 Bytes [ 14, 5F ]
.text C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe[1772] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe[1772] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe[1772] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe[1772] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 05, 5F ]
.text C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe[1772] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe[1816] ntdll.dll!NtCreateProcess 7C90D754 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe[1816] ntdll.dll!NtCreateProcess + 4 7C90D758 2 Bytes [ 0E, 5F ]
.text C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe[1816] ntdll.dll!NtCreateProcessEx 7C90D769 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe[1816] ntdll.dll!NtCreateProcessEx + 4 7C90D76D 2 Bytes [ 11, 5F ]
.text C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe[1816] ntdll.dll!NtResumeThread 7C90E45F 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe[1816] ntdll.dll!NtResumeThread + 4 7C90E463 2 Bytes [ 14, 5F ]
.text C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe[1816] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe[1816] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 0B, 5F ]
.text C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe[1816] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe[1816] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 05, 5F ]
.text C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe[1816] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\nvsvc32.exe[1916] ntdll.dll!NtCreateProcess 7C90D754 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\nvsvc32.exe[1916] ntdll.dll!NtCreateProcess + 4 7C90D758 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\nvsvc32.exe[1916] ntdll.dll!NtCreateProcessEx 7C90D769 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\nvsvc32.exe[1916] ntdll.dll!NtCreateProcessEx + 4 7C90D76D 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\nvsvc32.exe[1916] ntdll.dll!NtResumeThread 7C90E45F 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\nvsvc32.exe[1916] ntdll.dll!NtResumeThread + 4 7C90E463 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\nvsvc32.exe[1916] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\nvsvc32.exe[1916] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\nvsvc32.exe[1916] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\nvsvc32.exe[1916] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\nvsvc32.exe[1916] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\HPZipm12.exe[2028] ntdll.dll!NtCreateProcess 7C90D754 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\HPZipm12.exe[2028] ntdll.dll!NtCreateProcess + 4 7C90D758 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\HPZipm12.exe[2028] ntdll.dll!NtCreateProcessEx 7C90D769 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\HPZipm12.exe[2028] ntdll.dll!NtCreateProcessEx + 4 7C90D76D 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\HPZipm12.exe[2028] ntdll.dll!NtResumeThread 7C90E45F 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\HPZipm12.exe[2028] ntdll.dll!NtResumeThread + 4 7C90E463 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\HPZipm12.exe[2028] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\HPZipm12.exe[2028] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\HPZipm12.exe[2028] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\HPZipm12.exe[2028] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\HPZipm12.exe[2028] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A

Zeus42

2007-07-16, 14:17

---- User IAT/EAT - GMER 1.0.13 ----

IAT C:\Program Files\AIM6\aim6.exe[2148] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT C:\Program Files\AIM6\aim6.exe[2148] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT C:\Program Files\AIM6\aim6.exe[2148] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT C:\Program Files\AIM6\aim6.exe[2148] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT C:\Program Files\AIM6\aim6.exe[2148] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT C:\Program Files\AIM6\aim6.exe[2148] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT C:\Program Files\AIM6\aim6.exe[2148] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT C:\Program Files\AIM6\aim6.exe[2148] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT C:\Program Files\AIM6\aim6.exe[2148] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT C:\Program Files\AIM6\aim6.exe[2148] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT C:\Program Files\AIM6\aim6.exe[2148] @ C:\WINDOWS\system32\wininet.dll [ADVAPI32.dll!RegQueryValueExA] [0100EAA2] c:\program files\aim6\services\imApp\ver6_1_41_2\imAppService.dll
IAT C:\Program Files\AIM6\aim6.exe[2148] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT C:\Program Files\AIM6\aim6.exe[2148] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT C:\Program Files\AIM6\aolsoftware.exe[2848] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT C:\Program Files\AIM6\aolsoftware.exe[2848] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT C:\Program Files\AIM6\aolsoftware.exe[2848] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT C:\Program Files\AIM6\aolsoftware.exe[2848] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT C:\Program Files\AIM6\aolsoftware.exe[2848] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT C:\Program Files\AIM6\aolsoftware.exe[2848] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT C:\Program Files\AIM6\aolsoftware.exe[2848] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT C:\Program Files\AIM6\aolsoftware.exe[2848] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT C:\Program Files\AIM6\aolsoftware.exe[2848] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT C:\Program Files\AIM6\aolsoftware.exe[2848] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT C:\Program Files\AIM6\aolsoftware.exe[2848] @ C:\WINDOWS\system32\secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT C:\Program Files\AIM6\aolsoftware.exe[2848] @ C:\WINDOWS\system32\secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll

AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [F7B2C404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [F7B2C404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [F7B2C404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [F7B2C404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [F7B2C404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [F7B2C404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [F7B2C404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [F7B2C404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [F7B2C404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [F7B2C404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [F7B2C404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [F7B2C404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [F7B2C404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [F7B2C404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [F7B2C404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [F7B2C404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [F7B2C404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [F7B2C404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [F7B2C404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [F7B2C404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [F7B2C404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [F7B2C404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [F7B2C404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [F7B2C404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [F7B2C404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [F7B2C404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [F7B2C404] avg7rsw.sys

Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FILE_SYSTEM_CONTROL Code 8663FE40
Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [F7B7C85A] avgtdi.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [F7B7C85A] avgtdi.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [F7B7C85A] avgtdi.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [F7B7C85A] avgtdi.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_INTERNAL_DEVICE_CONTROL [F7B7C85A] avgtdi.sys
Device \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL Code 8663FE40

AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE [F7B2C404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_NAMED_PIPE [F7B2C404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLOSE [F7B2C404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_READ [F7B2C404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_WRITE [F7B2C404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION [F7B2C404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION [F7B2C404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA [F7B2C404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_EA [F7B2C404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS [F7B2C404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION [F7B2C404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION [F7B2C404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL [F7B2C404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL [F7B2C404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL [F7B2C404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_INTERNAL_DEVICE_CONTROL [F7B2C404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN [F7B2C404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL [F7B2C404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP [F7B2C404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_MAILSLOT [F7B2C404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_SECURITY [F7B2C404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_SECURITY [F7B2C404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_POWER [F7B2C404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SYSTEM_CONTROL [F7B2C404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CHANGE [F7B2C404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_QUOTA [F7B2C404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_QUOTA [F7B2C404] avg7rsw.sys

---- EOF - GMER 1.0.13 ----

Zeus42

2007-07-16, 14:19

And this one is from hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:18:11 AM, on 7/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Wireless-G Portable USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Wireless-G Portable USB Adapter Wireless Network Monitor\WUSB54GPv4.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Wireless-G Portable USB Adapter Wireless Network Monitor\InfoMyCa.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [WUSB54GPv4] "C:\Program Files\Wireless-G Portable USB Adapter Wireless Network Monitor\InvokeSvc3.exe"
O4 - HKCU\..\Run: [System Mechanic Popup Blocker] "C:\Program Files\iolo\System Mechanic Professional 7\PopupBlocker.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: WUSB54GPv4SVC - GEMTEKS - C:\Program Files\Wireless-G Portable USB Adapter Wireless Network Monitor\WLService.exe

--
End of file - 4901 bytes

Zeus42

2007-07-16, 14:20

Sorry this is so long:red:

tashi

2007-07-26, 00:00

Hello.

Because of the amount of posts in your thread, helpers probably thought you were already being assisted. We ask for two logs only, the HJT and results of the on-line anti virus scan. ;)

The Waiting Room: Post here if waiting for help longer than four days (http://forums.spybot.info/forumdisplay.php?f=37)