wintest.exe\startup PROBLEM HELP!!!!

**Ja-c-to-the-K** · 04-18-2007, 09:33 PM

You gotta be kinding me, I supposto install 10 diffrent things, just to clean this up?????????????? OK but it might just be awhile before I post the log.
I don't need another spyware program, I have PCtools spyware doctor......
I don't understand why HJT needs to be renamed, that's kinda odd. But I WILL do all this.

I'll do the Gmer thing right now.

Thankz! Alot for your help jholland1964, you are a life-saver!!!

Gmer Scan log:

GMER 1.0.12.12011 - http://www.gmer.net
Rootkit scan 2007-04-18 19:30:47
Windows 5.1.2600 Service Pack 1

---- Kernel code sections - GMER 1.0.12 ----

.text ntdll.dll!NtClose 77F5B5C8 5 Bytes JMP 72033FAA
.text ntdll.dll!NtCreateProcess 77F5B728 5 Bytes JMP 72034135
.text ntdll.dll!NtCreateProcessEx 77F5B738 5 Bytes JMP 72034019
.text ntdll.dll!NtCreateSection 77F5B758 5 Bytes JMP 72033FC8
.text ntdll.dll!NtTerminateProcess 77F5C448 3 Bytes [ FF, 25, 1E ]
.text ntdll.dll!NtTerminateProcess + 4 77F5C44C 2 Bytes [ 0E, 5F ]

---- User code sections - GMER 1.0.12 ----

.text C:\WINDOWS\system32\csrss.exe[408] ntdll.dll!NtTerminateProcess 77F5C448 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[408] ntdll.dll!NtTerminateProcess + 4 77F5C44C 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\csrss.exe[408] USER32.dll!SetWindowsHookExA 77D48A1C 6 Bytes [ FF, 25, 1E, 00, 15, 5F ]
.text C:\WINDOWS\system32\csrss.exe[408] USER32.dll!SetWindowsHookExW 77D67297 6 Bytes [ FF, 25, 1E, 00, 19, 5F ]
.text C:\WINDOWS\system32\csrss.exe[408] KERNEL32.dll!CreateProcessW 77E61B8E 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\WINDOWS\system32\csrss.exe[408] KERNEL32.dll!CreateProcessA 77E61BBC 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\WINDOWS\system32\csrss.exe[408] KERNEL32.dll!LoadLibraryExW 77E7D839 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\system32\csrss.exe[408] GDI32.dll!Escape 77C7D846 6 Bytes [ FF, 25, 1E, 00, 11, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[432] ntdll.dll!NtTerminateProcess 77F5C448 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[432] ntdll.dll!NtTerminateProcess + 4 77F5C44C 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[432] kernel32.dll!CreateProcessW 77E61B8E 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[432] kernel32.dll!CreateProcessA 77E61BBC 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[432] kernel32.dll!LoadLibraryExW 77E7D839 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[432] GDI32.dll!Escape 77C7D846 6 Bytes [ FF, 25, 1E, 00, 11, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[432] USER32.dll!SetWindowsHookExA 77D48A1C 6 Bytes [ FF, 25, 1E, 00, 15, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[432] USER32.dll!SetWindowsHookExW 77D67297 6 Bytes [ FF, 25, 1E, 00, 19, 5F ]
.text C:\WINDOWS\system32\services.exe[476] ntdll.dll!NtTerminateProcess 77F5C448 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[476] ntdll.dll!NtTerminateProcess + 4 77F5C44C 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\services.exe[476] kernel32.dll!CreateProcessW 77E61B8E 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\WINDOWS\system32\services.exe[476] kernel32.dll!CreateProcessA 77E61BBC 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\WINDOWS\system32\services.exe[476] kernel32.dll!LoadLibraryExW 77E7D839 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\system32\services.exe[476] USER32.dll!SetWindowsHookExA 77D48A1C 6 Bytes [ FF, 25, 1E, 00, 15, 5F ]
.text C:\WINDOWS\system32\services.exe[476] USER32.dll!SetWindowsHookExW 77D67297 6 Bytes [ FF, 25, 1E, 00, 19, 5F ]
.text C:\WINDOWS\system32\services.exe[476] GDI32.dll!Escape 77C7D846 6 Bytes [ FF, 25, 1E, 00, 11, 5F ]
.text C:\WINDOWS\system32\lsass.exe[488] ntdll.dll!NtTerminateProcess 77F5C448 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[488] ntdll.dll!NtTerminateProcess + 4 77F5C44C 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\lsass.exe[488] kernel32.dll!CreateProcessW 77E61B8E 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\WINDOWS\system32\lsass.exe[488] kernel32.dll!CreateProcessA 77E61BBC 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\WINDOWS\system32\lsass.exe[488] kernel32.dll!LoadLibraryExW 77E7D839 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\system32\lsass.exe[488] USER32.dll!SetWindowsHookExA 77D48A1C 6 Bytes [ FF, 25, 1E, 00, 15, 5F ]
.text C:\WINDOWS\system32\lsass.exe[488] USER32.dll!SetWindowsHookExW 77D67297 6 Bytes [ FF, 25, 1E, 00, 19, 5F ]
.text C:\WINDOWS\system32\lsass.exe[488] GDI32.dll!Escape 77C7D846 6 Bytes [ FF, 25, 1E, 00, 11, 5F ]
.text C:\WINDOWS\system32\svchost.exe[660] ntdll.dll!NtTerminateProcess 77F5C448 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[660] ntdll.dll!NtTerminateProcess + 4 77F5C44C 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\svchost.exe[660] kernel32.dll!CreateProcessW 77E61B8E 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\WINDOWS\system32\svchost.exe[660] kernel32.dll!CreateProcessA 77E61BBC 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\WINDOWS\system32\svchost.exe[660] kernel32.dll!LoadLibraryExW 77E7D839 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\system32\svchost.exe[660] USER32.dll!SetWindowsHookExA 77D48A1C 6 Bytes [ FF, 25, 1E, 00, 15, 5F ]
.text C:\WINDOWS\system32\svchost.exe[660] USER32.dll!SetWindowsHookExW 77D67297 6 Bytes [ FF, 25, 1E, 00, 19, 5F ]
.text C:\WINDOWS\system32\svchost.exe[660] GDI32.dll!Escape 77C7D846 6 Bytes [ FF, 25, 1E, 00, 11, 5F ]
.text C:\WINDOWS\system32\svchost.exe[704] ntdll.dll!NtTerminateProcess 77F5C448 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[704] ntdll.dll!NtTerminateProcess + 4 77F5C44C 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\svchost.exe[704] kernel32.dll!CreateProcessW 77E61B8E 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\WINDOWS\system32\svchost.exe[704] kernel32.dll!CreateProcessA 77E61BBC 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\WINDOWS\system32\svchost.exe[704] kernel32.dll!LoadLibraryExW 77E7D839 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\system32\svchost.exe[704] GDI32.dll!Escape 77C7D846 6 Bytes [ FF, 25, 1E, 00, 11, 5F ]
.text C:\WINDOWS\system32\svchost.exe[704] USER32.dll!SetWindowsHookExA 77D48A1C 6 Bytes [ FF, 25, 1E, 00, 15, 5F ]
.text C:\WINDOWS\system32\svchost.exe[704] USER32.dll!SetWindowsHookExW 77D67297 6 Bytes [ FF, 25, 1E, 00, 19, 5F ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[788] ntdll.dll!NtTerminateProcess 77F5C448 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[788] ntdll.dll!NtTerminateProcess + 4 77F5C44C 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[788] kernel32.dll!CreateProcessW 77E61B8E 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[788] kernel32.dll!CreateProcessA 77E61BBC 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[788] kernel32.dll!LoadLibraryExW 77E7D839 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[788] kernel32.dll!FreeLibrary + 11 77E7E69D 4 Bytes [ 9B, 19, 18, E7 ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[788] USER32.dll!SetWindowsHookExA 77D48A1C 6 Bytes [ FF, 25, 1E, 00, 15, 5F ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[788] USER32.dll!SetWindowsHookExW 77D67297 6 Bytes [ FF, 25, 1E, 00, 19, 5F ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[788] GDI32.dll!Escape 77C7D846 6 Bytes [ FF, 25, 1E, 00, 11, 5F ]
.text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtTerminateProcess 77F5C448 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtTerminateProcess + 4 77F5C44C 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\svchost.exe[852] kernel32.dll!CreateProcessW 77E61B8E 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\WINDOWS\system32\svchost.exe[852] kernel32.dll!CreateProcessA 77E61BBC 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\WINDOWS\system32\svchost.exe[852] kernel32.dll!LoadLibraryExW 77E7D839 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\system32\svchost.exe[852] USER32.dll!SetWindowsHookExA 77D48A1C 6 Bytes [ FF, 25, 1E, 00, 15, 5F ]
.text C:\WINDOWS\system32\svchost.exe[852] USER32.dll!SetWindowsHookExW 77D67297 6 Bytes [ FF, 25, 1E, 00, 19, 5F ]
.text C:\WINDOWS\system32\svchost.exe[852] GDI32.dll!Escape 77C7D846 6 Bytes [ FF, 25, 1E, 00, 11, 5F ]
.text C:\WINDOWS\system32\svchost.exe[876] ntdll.dll!NtTerminateProcess 77F5C448 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[876] ntdll.dll!NtTerminateProcess + 4 77F5C44C 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\svchost.exe[876] kernel32.dll!CreateProcessW 77E61B8E 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\WINDOWS\system32\svchost.exe[876] kernel32.dll!CreateProcessA 77E61BBC 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\WINDOWS\system32\svchost.exe[876] kernel32.dll!LoadLibraryExW 77E7D839 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\system32\svchost.exe[876] GDI32.dll!Escape 77C7D846 6 Bytes [ FF, 25, 1E, 00, 11, 5F ]
.text C:\WINDOWS\system32\svchost.exe[876] USER32.dll!SetWindowsHookExA 77D48A1C 6 Bytes [ FF, 25, 1E, 00, 15, 5F ]
.text C:\WINDOWS\system32\svchost.exe[876] USER32.dll!SetWindowsHookExW 77D67297 6 Bytes [ FF, 25, 1E, 00, 19, 5F ]
.text C:\WINDOWS\explorer.exe[980] ntdll.dll!NtTerminateProcess 77F5C448 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\explorer.exe[980] ntdll.dll!NtTerminateProcess + 4 77F5C44C 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\explorer.exe[980] kernel32.dll!CreateProcessW 77E61B8E 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\WINDOWS\explorer.exe[980] kernel32.dll!CreateProcessA 77E61BBC 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\WINDOWS\explorer.exe[980] kernel32.dll!LoadLibraryExW 77E7D839 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\explorer.exe[980] GDI32.dll!Escape 77C7D846 6 Bytes [ FF, 25, 1E, 00, 11, 5F ]
.text C:\WINDOWS\explorer.exe[980] USER32.dll!SetWindowsHookExA 77D48A1C 6 Bytes [ FF, 25, 1E, 00, 15, 5F ]
.text C:\WINDOWS\explorer.exe[980] USER32.dll!SetWindowsHookExW 77D67297 6 Bytes [ FF, 25, 1E, 00, 19, 5F ]
.text C:\WINDOWS\system32\carpserv.exe[1092] ntdll.dll!NtTerminateProcess 77F5C448 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\carpserv.exe[1092] ntdll.dll!NtTerminateProcess + 4 77F5C44C 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\carpserv.exe[1092] kernel32.dll!CreateProcessW 77E61B8E 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\WINDOWS\system32\carpserv.exe[1092] kernel32.dll!CreateProcessA 77E61BBC 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\WINDOWS\system32\carpserv.exe[1092] kernel32.dll!LoadLibraryExW 77E7D839 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\system32\carpserv.exe[1092] user32.dll!SetWindowsHookExA 77D48A1C 6 Bytes [ FF, 25, 1E, 00, 15, 5F ]
.text C:\WINDOWS\system32\carpserv.exe[1092] user32.dll!SetWindowsHookExW 77D67297 6 Bytes [ FF, 25, 1E, 00, 19, 5F ]
.text C:\WINDOWS\system32\carpserv.exe[1092] GDI32.dll!Escape 77C7D846 6 Bytes [ FF, 25, 1E, 00, 11, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[1112] ntdll.dll!NtTerminateProcess 77F5C448 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[1112] ntdll.dll!NtTerminateProcess + 4 77F5C44C 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[1112] kernel32.dll!CreateProcessW 77E61B8E 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[1112] kernel32.dll!CreateProcessA 77E61BBC 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[1112] kernel32.dll!LoadLibraryExW 77E7D839 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[1112] GDI32.dll!Escape 77C7D846 6 Bytes [ FF, 25, 1E, 00, 11, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[1112] USER32.dll!SetWindowsHookExA 77D48A1C 6 Bytes [ FF, 25, 1E, 00, 15, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[1112] USER32.dll!SetWindowsHookExW 77D67297 6 Bytes [ FF, 25, 1E, 00, 19, 5F ]
.text C:\WINDOWS\system32\bcmwltry.exe[1120] ntdll.dll!NtTerminateProcess 77F5C448 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\bcmwltry.exe[1120] ntdll.dll!NtTerminateProcess + 4 77F5C44C 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\bcmwltry.exe[1120] kernel32.dll!CreateProcessW 77E61B8E 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\WINDOWS\system32\bcmwltry.exe[1120] kernel32.dll!CreateProcessA 77E61BBC 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\WINDOWS\system32\bcmwltry.exe[1120] kernel32.dll!LoadLibraryExW 77E7D839 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\system32\bcmwltry.exe[1120] GDI32.dll!Escape 77C7D846 6 Bytes [ FF, 25, 1E, 00, 11, 5F ]
.text C:\WINDOWS\system32\bcmwltry.exe[1120] USER32.dll!SetWindowsHookExA 77D48A1C 6 Bytes [ FF, 25, 1E, 00, 15, 5F ]
.text C:\WINDOWS\system32\bcmwltry.exe[1120] USER32.dll!SetWindowsHookExW 77D67297 6 Bytes [ FF, 25, 1E, 00, 19, 5F ]
.text C:\PROGRA~1\Grisoft\AVG7\avgcc.exe[1128] ntdll.dll!NtTerminateProcess 77F5C448 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\Grisoft\AVG7\avgcc.exe[1128] ntdll.dll!NtTerminateProcess + 4 77F5C44C 2 Bytes [ 0E, 5F ]
.text C:\PROGRA~1\Grisoft\AVG7\avgcc.exe[1128] kernel32.dll!CreateProcessW 77E61B8E 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\PROGRA~1\Grisoft\AVG7\avgcc.exe[1128] kernel32.dll!CreateProcessA 77E61BBC 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\PROGRA~1\Grisoft\AVG7\avgcc.exe[1128] kernel32.dll!LoadLibraryExW 77E7D839 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\PROGRA~1\Grisoft\AVG7\avgcc.exe[1128] GDI32.dll!Escape 77C7D846 6 Bytes [ FF, 25, 1E, 00, 11, 5F ]
.text C:\PROGRA~1\Grisoft\AVG7\avgcc.exe[1128] USER32.dll!SetWindowsHookExA 77D48A1C 6 Bytes [ FF, 25, 1E, 00, 15, 5F ]
.text C:\PROGRA~1\Grisoft\AVG7\avgcc.exe[1128] USER32.dll!SetWindowsHookExW 77D67297 6 Bytes [ FF, 25, 1E, 00, 19, 5F ]
.text C:\WINDOWS\system32\wintest.exe[1140] ntdll.dll!NtTerminateProcess 77F5C448 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\wintest.exe[1140] ntdll.dll!NtTerminateProcess + 4 77F5C44C 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\wintest.exe[1140] kernel32.dll!CreateProcessW 77E61B8E 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\WINDOWS\system32\wintest.exe[1140] kernel32.dll!CreateProcessA 77E61BBC 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\WINDOWS\system32\wintest.exe[1140] kernel32.dll!LoadLibraryExW 77E7D839 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\system32\wintest.exe[1140] GDI32.dll!Escape 77C7D846 6 Bytes [ FF, 25, 1E, 00, 11, 5F ]
.text C:\WINDOWS\system32\wintest.exe[1140] USER32.dll!SetWindowsHookExA 77D48A1C 6 Bytes [ FF, 25, 1E, 00, 15, 5F ]
.text C:\WINDOWS\system32\wintest.exe[1140] USER32.dll!SetWindowsHookExW 77D67297 6 Bytes [ FF, 25, 1E, 00, 19, 5F ]
.text C:\Program Files\BigFix\BigFix.exe[1212] ntdll.dll!NtTerminateProcess 77F5C448 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\BigFix\BigFix.exe[1212] ntdll.dll!NtTerminateProcess + 4 77F5C44C 2 Bytes [ 0E, 5F ]
.text C:\Program Files\BigFix\BigFix.exe[1212] kernel32.dll!CreateProcessW 77E61B8E 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\Program Files\BigFix\BigFix.exe[1212] kernel32.dll!CreateProcessA 77E61BBC 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\Program Files\BigFix\BigFix.exe[1212] kernel32.dll!LoadLibraryExW 77E7D839 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\Program Files\BigFix\BigFix.exe[1212] USER32.dll!SetWindowsHookExA 77D48A1C 6 Bytes [ FF, 25, 1E, 00, 15, 5F ]
.text C:\Program Files\BigFix\BigFix.exe[1212] USER32.dll!SetWindowsHookExW 77D67297 6 Bytes [ FF, 25, 1E, 00, 19, 5F ]
.text C:\Program Files\BigFix\BigFix.exe[1212] GDI32.dll!Escape 77C7D846 6 Bytes [ FF, 25, 1E, 00, 11, 5F ]
.text C:\WINDOWS\system32\alg.exe[1272] ntdll.dll!NtTerminateProcess 77F5C448 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\alg.exe[1272] ntdll.dll!NtTerminateProcess + 4 77F5C44C 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\alg.exe[1272] kernel32.dll!CreateProcessW 77E61B8E 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\WINDOWS\system32\alg.exe[1272] kernel32.dll!CreateProcessA 77E61BBC 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\WINDOWS\system32\alg.exe[1272] kernel32.dll!LoadLibraryExW 77E7D839 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\system32\alg.exe[1272] GDI32.dll!Escape 77C7D846 6 Bytes [ FF, 25, 1E, 00, 11, 5F ]
.text C:\WINDOWS\system32\alg.exe[1272] USER32.dll!SetWindowsHookExA 77D48A1C 6 Bytes [ FF, 25, 1E, 00, 15, 5F ]
.text C:\WINDOWS\system32\alg.exe[1272] USER32.dll!SetWindowsHookExW 77D67297 6 Bytes [ FF, 25, 1E, 00, 19, 5F ]
.text C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe[1284] ntdll.dll!NtTerminateProcess 77F5C448 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe[1284] ntdll.dll!NtTerminateProcess + 4 77F5C44C 2 Bytes [ 0E, 5F ]
.text C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe[1284] kernel32.dll!CreateProcessW 77E61B8E 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe[1284] kernel32.dll!CreateProcessA 77E61BBC 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe[1284] kernel32.dll!LoadLibraryExW 77E7D839 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe[1284] USER32.dll!SetWindowsHookExA 77D48A1C 6 Bytes [ FF, 25, 1E, 00, 15, 5F ]
.text C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe[1284] USER32.dll!SetWindowsHookExW 77D67297 6 Bytes [ FF, 25, 1E, 00, 19, 5F ]
.text C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe[1284] GDI32.dll!Escape 77C7D846 6 Bytes [ FF, 25, 1E, 00, 11, 5F ]
.text C:\PROGRA~1\Magentic\bin\MgApp.exe[1296] ntdll.dll!NtTerminateProcess 77F5C448 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\Magentic\bin\MgApp.exe[1296] ntdll.dll!NtTerminateProcess + 4 77F5C44C 2 Bytes [ 0E, 5F ]
.text C:\PROGRA~1\Magentic\bin\MgApp.exe[1296] kernel32.dll!CreateProcessW 77E61B8E 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\PROGRA~1\Magentic\bin\MgApp.exe[1296] kernel32.dll!CreateProcessA 77E61BBC 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\PROGRA~1\Magentic\bin\MgApp.exe[1296] kernel32.dll!LoadLibraryExW 77E7D839 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\PROGRA~1\Magentic\bin\MgApp.exe[1296] USER32.dll!SetWindowsHookExA 77D48A1C 6 Bytes [ FF, 25, 1E, 00, 15, 5F ]
.text C:\PROGRA~1\Magentic\bin\MgApp.exe[1296] USER32.dll!SetWindowsHookExW 77D67297 6 Bytes [ FF, 25, 1E, 00, 19, 5F ]
.text C:\PROGRA~1\Magentic\bin\MgApp.exe[1296] GDI32.dll!Escape 77C7D846 6 Bytes [ FF, 25, 1E, 00, 11, 5F ]
.text C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe[1308] ntdll.dll!NtTerminateProcess 77F5C448 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe[1308] ntdll.dll!NtTerminateProcess + 4 77F5C44C 2 Bytes [ 0E, 5F ]
.text C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe[1308] kernel32.dll!CreateProcessW 77E61B8E 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe[1308] kernel32.dll!CreateProcessA 77E61BBC 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe[1308] kernel32.dll!LoadLibraryExW 77E7D839 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe[1308] USER32.dll!SetWindowsHookExA 77D48A1C 6 Bytes [ FF, 25, 1E, 00, 15, 5F ]
.text C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe[1308] USER32.dll!SetWindowsHookExW 77D67297 6 Bytes [ FF, 25, 1E, 00, 19, 5F ]
.text C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe[1308] GDI32.dll!Escape 77C7D846 6 Bytes [ FF, 25, 1E, 00, 11, 5F ]
.text C:\PROGRA~1\Grisoft\AVG7\avgemc.exe[1320] ntdll.dll!NtTerminateProcess 77F5C448 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\Grisoft\AVG7\avgemc.exe[1320] ntdll.dll!NtTerminateProcess + 4 77F5C44C 2 Bytes [ 0E, 5F ]
.text C:\PROGRA~1\Grisoft\AVG7\avgemc.exe[1320] kernel32.dll!CreateProcessW 77E61B8E 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\PROGRA~1\Grisoft\AVG7\avgemc.exe[1320] kernel32.dll!CreateProcessA 77E61BBC 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\PROGRA~1\Grisoft\AVG7\avgemc.exe[1320] kernel32.dll!LoadLibraryExW 77E7D839 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\PROGRA~1\Grisoft\AVG7\avgemc.exe[1320] USER32.dll!SetWindowsHookExA 77D48A1C 6 Bytes [ FF, 25, 1E, 00, 15, 5F ]
.text C:\PROGRA~1\Grisoft\AVG7\avgemc.exe[1320] USER32.dll!SetWindowsHookExW 77D67297 6 Bytes [ FF, 25, 1E, 00, 19, 5F ]
.text C:\PROGRA~1\Grisoft\AVG7\avgemc.exe[1320] GDI32.dll!Escape 77C7D846 6 Bytes [ FF, 25, 1E, 00, 11, 5F ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[1396] kernel32.dll!LoadLibraryExW 77E7D839 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[1396] user32.dll!SetWindowsHookExA 77D48A1C 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[1396] user32.dll!SetWindowsHookExW 77D67297 6 Bytes [ FF, 25, 1E, 00, 0F, 5F ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[1396] GDI32.dll!Escape 77C7D846 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\PROGRA~1\SPYWAR~1\swdoctor.exe[1920] ntdll.dll!NtTerminateProcess 77F5C448 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\SPYWAR~1\swdoctor.exe[1920] ntdll.dll!NtTerminateProcess + 4 77F5C44C 2 Bytes [ 0E, 5F ]
.text C:\PROGRA~1\SPYWAR~1\swdoctor.exe[1920] kernel32.dll!CreateProcessW 77E61B8E 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\PROGRA~1\SPYWAR~1\swdoctor.exe[1920] kernel32.dll!CreateProcessA 77E61BBC 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\PROGRA~1\SPYWAR~1\swdoctor.exe[1920] kernel32.dll!LoadLibraryExW 77E7D839 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\PROGRA~1\SPYWAR~1\swdoctor.exe[1920] kernel32.dll!FreeLibrary + 11 77E7E69D 4 Bytes [ 9B, 19, 18, E7 ]
.text C:\PROGRA~1\SPYWAR~1\swdoctor.exe[1920] USER32.dll!SetWindowsHookExA 77D48A1C 6 Bytes [ FF, 25, 1E, 00, 15, 5F ]
.text C:\PROGRA~1\SPYWAR~1\swdoctor.exe[1920] USER32.dll!SetWindowsHookExW 77D67297 6 Bytes [ FF, 25, 1E, 00, 19, 5F ]
.text C:\PROGRA~1\SPYWAR~1\swdoctor.exe[1920] GDI32.dll!Escape 77C7D846 6 Bytes [ FF, 25, 1E, 00, 11, 5F ]
.text C:\Documents and Settings\Balbinka\My Documents\gmer.exe[3256] ntdll.dll!NtTerminateProcess 77F5C448 3 Bytes [ FF, 25, 1E ]
.text C:\Documents and Settings\Balbinka\My Documents\gmer.exe[3256] ntdll.dll!NtTerminateProcess + 4 77F5C44C 2 Bytes [ 0E, 5F ]
.text C:\Documents and Settings\Balbinka\My Documents\gmer.exe[3256] kernel32.dll!CreateProcessW 77E61B8E 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\Documents and Settings\Balbinka\My Documents\gmer.exe[3256] kernel32.dll!CreateProcessA 77E61BBC 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\Documents and Settings\Balbinka\My Documents\gmer.exe[3256] kernel32.dll!LoadLibraryExW 77E7D839 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\Documents and Settings\Balbinka\My Documents\gmer.exe[3256] kernel32.dll!FreeLibrary + 11 77E7E69D 4 Bytes [ 9B, 19, 18, E7 ]
.text C:\Documents and Settings\Balbinka\My Documents\gmer.exe[3256] USER32.dll!SetWindowsHookExA 77D48A1C 6 Bytes [ FF, 25, 1E, 00, 15, 5F ]
.text C:\Documents and Settings\Balbinka\My Documents\gmer.exe[3256] USER32.dll!SetWindowsHookExW 77D67297 6 Bytes [ FF, 25, 1E, 00, 19, 5F ]
.text C:\Documents and Settings\Balbinka\My Documents\gmer.exe[3256] GDI32.dll!Escape 77C7D846 6 Bytes [ FF, 25, 1E, 00, 11, 5F ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3960] ntdll.dll!NtTerminateProcess 77F5C448 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3960] ntdll.dll!NtTerminateProcess + 4 77F5C44C 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3960] kernel32.dll!CreateProcessW 77E61B8E 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3960] kernel32.dll!CreateProcessA 77E61BBC 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3960] kernel32.dll!LoadLibraryExW 77E7D839 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3960] kernel32.dll!FreeLibrary + 11 77E7E69D 4 Bytes [ 9B, 19, 18, E7 ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3960] USER32.dll!SetWindowsHookExA 77D48A1C 6 Bytes [ FF, 25, 1E, 00, 15, 5F ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3960] USER32.dll!SetWindowsHookExW 77D67297 6 Bytes [ FF, 25, 1E, 00, 19, 5F ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3960] GDI32.dll!Escape 77C7D846 6 Bytes [ FF, 25, 1E, 00, 11, 5F ]

---- Devices - GMER 1.0.12 ----

Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [F7A5F85A] avgtdi.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [F7A5F85A] avgtdi.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [F7A5F85A] avgtdi.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [F7A5F85A] avgtdi.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_INTERNAL_DEVICE_CONTROL [F7A5F85A] avgtdi.sys

---- Files - GMER 1.0.12 ----

ADS C:\System Volume Information\_restore{EEF84697-6736-4397-BC02-2C9522B52F41}\RP282\A0174606.exe:SummaryInformati on
ADS C:\System Volume Information\_restore{EEF84697-6736-4397-BC02-2C9522B52F41}\RP282\A0174606.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
ADS C:\WINDOWS\AIM.ico:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
ADS C:\WINDOWS\emachines_32.bmp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
ADS C:\WINDOWS\encarta.ico:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
ADS C:\WINDOWS\ICQ.ico:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
ADS C:\WINDOWS\Netscape.ico:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
ADS C:\WINDOWS\PCHealth\EMCImage\e_back.gif:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
ADS C:\WINDOWS\system32\OemLinkIcon.ico:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
ADS C:\WINDOWS\system32\OEMLOGO.BMP:Q30lsldxJoudresxA aaqpcawXc
ADS C:\WINDOWS\system32\OEMLOGO.BMP:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
ADS ...

---- EOF - GMER 1.0.12 ----

Thread: wintest.exe\startup PROBLEM HELP!!!!

Thread Tools

Display

Threaded View

Thread Information

Users Browsing this Thread

Posting Permissions