Slow computer, firefox crashes

**deskjet** · 08.11.2008, 17:45

8.11.2008 16:38:07 Windows version: Microsoft Windows XP, Build=2600, SP="Service Pack 2"
8.11.2008 16:38:07 System Restore: enabled
8.11.2008 16:38:08 1.1 Searching for user-mode API hooks
8.11.2008 16:38:08 Analysis: kernel32.dll, export table found in section .text
8.11.2008 16:38:08 Function kernel32.dll:CreateProcessA (99) intercepted, method ProcAddressHijack.GetProcAddress ->7C802367->61F03F42
8.11.2008 16:38:08 Hook kernel32.dll:CreateProcessA (99) blocked
8.11.2008 16:38:08 Function kernel32.dll:CreateProcessW (103) intercepted, method ProcAddressHijack.GetProcAddress ->7C802332->61F04040
8.11.2008 16:38:08 Hook kernel32.dll:CreateProcessW (103) blocked
8.11.2008 16:38:08 Function kernel32.dll:FreeLibrary (241) intercepted, method ProcAddressHijack.GetProcAddress ->7C80ABDE->61F041FC
8.11.2008 16:38:08 Hook kernel32.dll:FreeLibrary (241) blocked
8.11.2008 16:38:08 Function kernel32.dll:GetModuleFileNameA (372) intercepted, method ProcAddressHijack.GetProcAddress ->7C80B4CF->61F040FB
8.11.2008 16:38:08 Hook kernel32.dll:GetModuleFileNameA (372) blocked
8.11.2008 16:38:08 Function kernel32.dll:GetModuleFileNameW (373) intercepted, method ProcAddressHijack.GetProcAddress ->7C80B3D5->61F041A0
8.11.2008 16:38:08 Hook kernel32.dll:GetModuleFileNameW (373) blocked
8.11.2008 16:38:08 Function kernel32.dll:GetProcAddress (40

intercepted, method ProcAddressHijack.GetProcAddress ->7C80ADA0->61F04648
8.11.2008 16:38:08 Hook kernel32.dll:GetProcAddress (40

blocked
8.11.2008 16:38:08 Function kernel32.dll

oadLibraryA (57

intercepted, method ProcAddressHijack.GetProcAddress ->7C801D77->61F03C6F
8.11.2008 16:38:08 Hook kernel32.dll

oadLibraryA (57

blocked
8.11.2008 16:38:08 >>> Functions LoadLibraryA - preventing AVZ process from being intercepted by address replacement !!)
8.11.2008 16:38:08 Function kernel32.dll

oadLibraryExA (579) intercepted, method ProcAddressHijack.GetProcAddress ->7C801D4F->61F03DAF
8.11.2008 16:38:08 Hook kernel32.dll

oadLibraryExA (579) blocked
8.11.2008 16:38:08 >>> Functions LoadLibraryExA - preventing AVZ process from being intercepted by address replacement !!)
8.11.2008 16:38:08 Function kernel32.dll

oadLibraryExW (580) intercepted, method ProcAddressHijack.GetProcAddress ->7C801AF1->61F03E5A
8.11.2008 16:38:08 Hook kernel32.dll

oadLibraryExW (580) blocked
8.11.2008 16:38:08 Function kernel32.dll

oadLibraryW (581) intercepted, method ProcAddressHijack.GetProcAddress ->7C80AE4B->61F03D0C
8.11.2008 16:38:08 Hook kernel32.dll

oadLibraryW (581) blocked
8.11.2008 16:38:08 IAT modification detected: GetModuleFileNameW - 00C20010<>7C80B3D5
8.11.2008 16:38:08 Analysis: ntdll.dll, export table found in section .text
8.11.2008 16:38:08 Analysis: user32.dll, export table found in section .text
8.11.2008 16:38:08 Analysis: advapi32.dll, export table found in section .text
8.11.2008 16:38:08 Analysis: ws2_32.dll, export table found in section .text
8.11.2008 16:38:09 Analysis: wininet.dll, export table found in section .text
8.11.2008 16:38:09 Analysis: rasapi32.dll, export table found in section .text
8.11.2008 16:38:09 Analysis: urlmon.dll, export table found in section .text
8.11.2008 16:38:09 Analysis: netapi32.dll, export table found in section .text
8.11.2008 16:38:09 1.2 Searching for kernel-mode API hooks
8.11.2008 16:38:10 Driver loaded successfully
8.11.2008 16:38:10 SDT found (RVA=083120)
8.11.2008 16:38:10 Kernel ntoskrnl.exe found in memory at address 804D7000
8.11.2008 16:38:10 SDT = 8055A120
8.11.2008 16:38:10 KiST = 804E26A8 (284)
8.11.2008 16:38:10 Function NtAlertResumeThread (0C) intercepted (8062F288->8519BC8

, hook not defined
8.11.2008 16:38:10 >>> Function restored successfully !
8.11.2008 16:38:10 >>> Hook code blocked
8.11.2008 16:38:10 Function NtAlertThread (0D) intercepted (8057A8B8->8519BD6

, hook not defined
8.11.2008 16:38:10 >>> Function restored successfully !
8.11.2008 16:38:10 >>> Hook code blocked
8.11.2008 16:38:10 Function NtAllocateVirtualMemory (11) intercepted (8056897D->851CFCB

, hook not defined
8.11.2008 16:38:10 >>> Function restored successfully !
8.11.2008 16:38:10 >>> Hook code blocked
8.11.2008 16:38:10 Function NtConnectPort (1F) intercepted (8058BC70->8522D19

, hook not defined
8.11.2008 16:38:10 >>> Function restored successfully !
8.11.2008 16:38:10 >>> Hook code blocked
8.11.2008 16:38:10 Function NtCreateKey (29) intercepted (80570647->F5944EB0), hook C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
8.11.2008 16:38:10 >>> Function restored successfully !
8.11.2008 16:38:10 >>> Hook code blocked
8.11.2008 16:38:10 Function NtCreateMutant (2B) intercepted (805748CF->8519B9D

, hook not defined
8.11.2008 16:38:10 >>> Function restored successfully !
8.11.2008 16:38:10 >>> Hook code blocked
8.11.2008 16:38:10 Function NtCreateThread (35) intercepted (8057BE6A->851CFE10), hook not defined
8.11.2008 16:38:10 >>> Function restored successfully !
8.11.2008 16:38:10 >>> Hook code blocked
8.11.2008 16:38:10 Function NtDebugActiveProcess (39) intercepted (8065A585->8519B65

, hook not defined
8.11.2008 16:38:10 >>> Function restored successfully !
8.11.2008 16:38:10 >>> Hook code blocked
8.11.2008 16:38:10 Function NtDeleteKey (3F) intercepted (805956DA->F5945130), hook C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
8.11.2008 16:38:10 >>> Function restored successfully !
8.11.2008 16:38:10 >>> Hook code blocked
8.11.2008 16:38:10 Function NtDeleteValueKey (41) intercepted (805940B0->F5945690), hook C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
8.11.2008 16:38:10 >>> Function restored successfully !
8.11.2008 16:38:10 >>> Hook code blocked
8.11.2008 16:38:10 Function NtEnumerateKey (47) intercepted (80570D4E->F7479A92), hook C:\WINDOWS\system32\Drivers\sptd.sys
8.11.2008 16:38:10 >>> Function restored successfully !
8.11.2008 16:38:10 >>> Hook code blocked
8.11.2008 16:38:10 Function NtEnumerateValueKey (49) intercepted (8057E296->F7479E20), hook C:\WINDOWS\system32\Drivers\sptd.sys
8.11.2008 16:38:10 >>> Function restored successfully !
8.11.2008 16:38:10 >>> Hook code blocked
8.11.2008 16:38:10 Function NtFreeVirtualMemory (53) intercepted (805692A8->851CFB1

, hook not defined
8.11.2008 16:38:10 >>> Function restored successfully !
8.11.2008 16:38:10 >>> Hook code blocked
8.11.2008 16:38:10 Function NtImpersonateAnonymousToken (59) intercepted (805973FD->8519BAC

, hook not defined
8.11.2008 16:38:10 >>> Function restored successfully !
8.11.2008 16:38:10 >>> Hook code blocked
8.11.2008 16:38:10 Function NtImpersonateThread (5B) intercepted (8057E8B9->8519BBA

, hook not defined
8.11.2008 16:38:10 >>> Function restored successfully !
8.11.2008 16:38:10 >>> Hook code blocked
8.11.2008 16:38:10 Function NtMapViewOfSection (6C) intercepted (805781F1->851CFA3

, hook not defined
8.11.2008 16:38:10 >>> Function restored successfully !
8.11.2008 16:38:10 >>> Hook code blocked
8.11.2008 16:38:10 Function NtOpenEvent (72) intercepted (8057EC53->8519B8F

, hook not defined
8.11.2008 16:38:10 >>> Function restored successfully !
8.11.2008 16:38:10 >>> Hook code blocked
8.11.2008 16:38:10 Function NtOpenKey (77) intercepted (805686DB->F7474090), hook C:\WINDOWS\system32\Drivers\sptd.sys
8.11.2008 16:38:10 >>> Function restored successfully !
8.11.2008 16:38:10 >>> Hook code blocked
8.11.2008 16:38:10 Function NtOpenProcessToken (7B) intercepted (8056C3FE->851CF05

, hook not defined
8.11.2008 16:38:10 >>> Function restored successfully !
8.11.2008 16:38:10 >>> Hook code blocked
8.11.2008 16:38:10 Function NtOpenSection (7D) intercepted (805740EF->8519B73

, hook not defined
8.11.2008 16:38:10 >>> Function restored successfully !
8.11.2008 16:38:10 >>> Hook code blocked
8.11.2008 16:38:10 Function NtOpenThreadToken (81) intercepted (8056BE9B->851CF810), hook not defined
8.11.2008 16:38:10 >>> Function restored successfully !
8.11.2008 16:38:10 >>> Hook code blocked
8.11.2008 16:38:10 Function NtQueryKey (A0) intercepted (80570A57->F7479EF

, hook C:\WINDOWS\system32\Drivers\sptd.sys
8.11.2008 16:38:10 >>> Function restored successfully !
8.11.2008 16:38:10 >>> Hook code blocked
8.11.2008 16:38:10 Function NtQueryValueKey (B1) intercepted (8056CCA6->F7479D7

, hook C:\WINDOWS\system32\Drivers\sptd.sys
8.11.2008 16:38:10 >>> Function restored successfully !
8.11.2008 16:38:10 >>> Hook code blocked
8.11.2008 16:38:10 Function NtResumeThread (CE) intercepted (8057C4DD->851B7760), hook not defined
8.11.2008 16:38:10 >>> Function restored successfully !
8.11.2008 16:38:10 >>> Hook code blocked
8.11.2008 16:38:10 Function NtSetContextThread (D5) intercepted (8062D5E7->851CF750), hook not defined
8.11.2008 16:38:10 >>> Function restored successfully !
8.11.2008 16:38:10 >>> Hook code blocked
8.11.2008 16:38:11 Function NtSetInformationProcess (E4) intercepted (8056C10A->851CF8E0), hook not defined
8.11.2008 16:38:11 >>> Function restored successfully !
8.11.2008 16:38:11 >>> Hook code blocked
8.11.2008 16:38:11 Function NtSetInformationThread (E5) intercepted (8057218B->851CF680), hook not defined
8.11.2008 16:38:11 >>> Function restored successfully !
8.11.2008 16:38:11 >>> Hook code blocked
8.11.2008 16:38:11 Function NtSetValueKey (F7) intercepted (80579D5F->F59458E0), hook C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
8.11.2008 16:38:11 >>> Function restored successfully !
8.11.2008 16:38:11 >>> Hook code blocked
8.11.2008 16:38:11 Function NtSuspendProcess (FD) intercepted (8062F1CD->8519B81

, hook not defined
8.11.2008 16:38:11 >>> Function restored successfully !
8.11.2008 16:38:11 >>> Hook code blocked
8.11.2008 16:38:11 Function NtSuspendThread (FE) intercepted (805E05D5->8519BEB0), hook not defined
8.11.2008 16:38:11 >>> Function restored successfully !
8.11.2008 16:38:11 >>> Hook code blocked
8.11.2008 16:38:11 Function NtTerminateProcess (101) intercepted (80584CB9->850FE1F

, hook not defined
8.11.2008 16:38:11 >>> Function restored successfully !
8.11.2008 16:38:11 >>> Hook code blocked
8.11.2008 16:38:11 Function NtTerminateThread (102) intercepted (8057B583->8519BF90), hook not defined
8.11.2008 16:38:11 >>> Function restored successfully !
8.11.2008 16:38:11 >>> Hook code blocked
8.11.2008 16:38:11 Function NtUnmapViewOfSection (10B) intercepted (80577D76->8519005

, hook not defined
8.11.2008 16:38:11 >>> Function restored successfully !
8.11.2008 16:38:11 >>> Hook code blocked
8.11.2008 16:38:11 Function NtWriteVirtualMemory (115) intercepted (8057E6A2->851CFBE

, hook not defined
8.11.2008 16:38:11 >>> Function restored successfully !
8.11.2008 16:38:11 >>> Hook code blocked
8.11.2008 16:38:12 Functions checked: 284, intercepted: 34, restored: 34
8.11.2008 16:38:12 1.3 Checking IDT and SYSENTER
8.11.2008 16:38:12 Analysis for CPU 1
8.11.2008 16:38:12 Checking IDT and SYSENTER - complete
8.11.2008 16:38:12 1.4 Searching for masking processes and drivers
8.11.2008 16:38:12 Checking not performed: extended monitoring driver (AVZPM) is not installed
8.11.2008 16:38:12 Driver loaded successfully
8.11.2008 16:38:12 1.5 Checking of IRP handlers
8.11.2008 16:38:12 \FileSystem\ntfs[IRP_MJ_CREATE] = 857471E8 -> hook not defined
8.11.2008 16:38:12 \FileSystem\ntfs[IRP_MJ_CLOSE] = 857471E8 -> hook not defined
8.11.2008 16:38:12 \FileSystem\ntfs[IRP_MJ_WRITE] = 857471E8 -> hook not defined
8.11.2008 16:38:12 \FileSystem\ntfs[IRP_MJ_QUERY_INFORMATION] = 857471E8 -> hook not defined
8.11.2008 16:38:12 \FileSystem\ntfs[IRP_MJ_SET_INFORMATION] = 857471E8 -> hook not defined
8.11.2008 16:38:12 \FileSystem\ntfs[IRP_MJ_QUERY_EA] = 857471E8 -> hook not defined
8.11.2008 16:38:12 \FileSystem\ntfs[IRP_MJ_SET_EA] = 857471E8 -> hook not defined
8.11.2008 16:38:12 \FileSystem\ntfs[IRP_MJ_QUERY_VOLUME_INFORMATION] = 857471E8 -> hook not defined
8.11.2008 16:38:12 \FileSystem\ntfs[IRP_MJ_SET_VOLUME_INFORMATION] = 857471E8 -> hook not defined
8.11.2008 16:38:12 \FileSystem\ntfs[IRP_MJ_DIRECTORY_CONTROL] = 857471E8 -> hook not defined
8.11.2008 16:38:12 \FileSystem\ntfs[IRP_MJ_FILE_SYSTEM_CONTROL] = 857471E8 -> hook not defined
8.11.2008 16:38:12 \FileSystem\ntfs[IRP_MJ_DEVICE_CONTROL] = 857471E8 -> hook not defined
8.11.2008 16:38:12 \FileSystem\ntfs[IRP_MJ_LOCK_CONTROL] = 857471E8 -> hook not defined
8.11.2008 16:38:12 \FileSystem\ntfs[IRP_MJ_QUERY_SECURITY] = 857471E8 -> hook not defined
8.11.2008 16:38:12 \FileSystem\ntfs[IRP_MJ_SET_SECURITY] = 857471E8 -> hook not defined
8.11.2008 16:38:12 \FileSystem\ntfs[IRP_MJ_PNP] = 857471E8 -> hook not defined
8.11.2008 16:38:13 Checking - complete
8.11.2008 16:38:36 >> Services: potentially dangerous service allowed: TermService (Päätepalvelut)
8.11.2008 16:38:36 >> Services: potentially dangerous service allowed: SSDPSRV (SSDP-palvelu (Simple Service Discovery Protocol))
8.11.2008 16:38:36 >> Services: potentially dangerous service allowed: Schedule (Tehtävien ajoitus)
8.11.2008 16:38:36 >> Services: potentially dangerous service allowed: mnmsrvc (NetMeeting etätyöpöydän jakaminen)
8.11.2008 16:38:36 >> Services: potentially dangerous service allowed: RDSessMgr (Etätyöpöydän ohjeen istunnonhallinta)
8.11.2008 16:38:36 > Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!
8.11.2008 16:38:36 >> Security: disk drives' autorun is enabled
8.11.2008 16:38:36 >> Security: administrative shares (C$, D$ ...) are enabled
8.11.2008 16:38:36 >> Security: anonymous user access is enabled
8.11.2008 16:38:37 >> Security: sending Remote Assistant queries is enabled
8.11.2008 16:38:42 >> Disable HDD autorun
8.11.2008 16:38:42 >> Disable autorun from network drives
8.11.2008 16:38:42 >> Disable CD/DVD autorun
8.11.2008 16:38:42 >> Disable removable media autorun
8.11.2008 16:38:42 System Analysis in progress
8.11.2008 16:40:15 System Analysis - complete
8.11.2008 16:40:15 Delete file:C:\Documents and Settings\Kribe\Työpöytä\Kaspersky Lab Tool\is-LCN6J\LOG\avptool_syscheck.htm
8.11.2008 16:40:15 Delete file:C:\Documents and Settings\Kribe\Työpöytä\Kaspersky Lab Tool\is-LCN6J\LOG\avptool_syscheck.xml
8.11.2008 16:40:15 Deleting service/driver: uti5ota4
8.11.2008 16:40:15 Delete file:C:\WINDOWS\system32\Drivers\uti5ota4.sys
8.11.2008 16:40:15 Deleting service/driver: uji5ota4
8.11.2008 16:40:15 Script executed without errors

**RiC** · 08.11.2008, 20:01

8.11.2008 16:38:07 Windows version: Microsoft Windows XP, Build=2600, SP="Service Pack 2"
8.11.2008 16:38:07 System Restore: enabled
8.11.2008 16:38:08 1.1 Searching for user-mode API hooks
...

It a wrong log file, you need attach avptool_syscheck.zip to message.