Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple malware


  • This topic is locked This topic is locked
12 replies to this topic

#1 sullyj3

sullyj3

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:06 PM

Posted 16 June 2010 - 06:21 AM

I have many problems on my computer: I'll to be as complete and accurate as possible, but I'm likely to forget a few things. I'm using a compaq presarion notebook running windows 7

I'm unable to use windows updates.
I am often redirected to different advertising websites when clicking results in search engines
I often get various error messages (the contents of which i'll post as they come up)

i ran GMer and DDS as instructed in the "Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help"

here are the logs: first DDS:


DDS (Ver_10-03-17.01) - NTFSx86
Run by James at 19:43:58.13 on Wed 16/06/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.61.1033.18.3580.2109 [GMT 10:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\STacSV.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\PROGRA~1\Stardock\WINDOW~1\VistaSrv.exe
C:\PROGRA~1\Stardock\WINDOW~1\WBVista.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\aestsrv.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Windows\system32\AstSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Stardock\CursorFX\CursorFX.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Opera\opera.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Last.fm\LastFM.exe
C:\Program Files\Avast5\AvastSvc.exe
C:\Program Files\Avast5\avastUI.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Winamp\winamp.exe
C:\Users\James\Desktop\dds.scr
C:\Program Files\Winamp\Elevator.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Avast5\defs\10061400\Sf.bin
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2077543
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_AU&c=94&bd=Presario&pf=cnnb
uSearch Page = ${URL_SEARCHPAGE}
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_AU&c=94&bd=Presario&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_AU&c=94&bd=Presario&pf=cnnb
mSearch Page = ${URL_SEARCHPAGE}
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: myBabylon English Toolbar: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - c:\program files\mybabylon_english\tbmyBa.dll
uURLSearchHooks: ToggleEN Toolbar: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - c:\program files\toggleen\tbTogg.dll
mURLSearchHooks: myBabylon English Toolbar: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - c:\program files\mybabylon_english\tbmyBa.dll
mURLSearchHooks: ToggleEN Toolbar: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - c:\program files\toggleen\tbTogg.dll
BHO: ToggleEN Toolbar: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - c:\program files\toggleen\tbTogg.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: AOL Toolbar BHO: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Babylon IE plugin: {9cfaccb6-2f3f-4177-94ea-0d2b72d384c1} - c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll
BHO: myBabylon English Toolbar: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - c:\program files\mybabylon_english\tbmyBa.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: myBabylon English Toolbar: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - c:\program files\mybabylon_english\tbmyBa.dll
TB: ToggleEN Toolbar: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - c:\program files\toggleen\tbTogg.dll
uRun: [Google Update] "c:\users\james\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Grayimanites] rundll32.exe "c:\users\james\appdata\local\KBDapox2.dll",Startup
uRun: [M5T8QL3YW3] c:\users\james\appdata\local\temp\Rh0.exe
uRun: [Lpidon] rundll32.exe "c:\users\james\appdata\local\awimusigegobe.dll",Startup
uRun: [Startup] c:\users\james\appdata\roaming\microsoft\svchost.exe
uRun: [iSnooze] c:\program files\isnooze\iSnooze.exe
uRun: [StartServiceCBDAAKHP] c:\users\james\appdata\local\cbdaakhp\StartService.exe
uRun: [QZAIB7KITK] c:\windows\Rbotoa.exe
uRun: [CursorFX] "c:\program files\stardock\cursorfx\CursorFX.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0"
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [NortonOnlineBackupReminder] "c:\program files\symantec\norton online backup\activation\NobuActivation.exe" UNATTENDED
mRun: [UpdatePRCShortCut] "c:\program files\hewlett-packard\recovery\muitransfer\muistartmenu.exe" "c:\program files\hewlett-packard\recovery" updatewithcreateonce "software\cyberlink\PowerRecover"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [WirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Babylon Client] c:\program files\babylon\babylon-pro\Babylon.exe -AutoStart
mRun: [cftmon] c:\windows\system32\qwmnp.exe
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [avast5] "c:\program files\avast5\avastUI.exe" /nogui
dRunOnce: [<NO NAME>]
StartupFolder: c:\users\james\appdata\roaming\micros~1\windows\startm~1\programs\startup\limewi~1.lnk - c:\program files\limewire\LimeWire.exe
StartupFolder: c:\users\james\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
uPolicies-explorer: HideClock = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
dPolicies-explorer: HideClock = 0 (0x0)
IE: &AOL Toolbar Search - c:\programdata\aol\ietoolbar\resources\en-au\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\mi3dfc~1\office11\EXCEL.EXE/3000
IE: Translate this web page with Babylon - c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll/Action.htm
IE: {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll/ActionTU.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
Trusted Zone: ketsujin.com\fighterace
Trusted Zone: ketsujin.com\primary
Trusted Zone: ketsujin.com\update
Trusted Zone: ketsujin.com\www
Trusted Zone: stormofaces.com\www
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
TCP: NameServer = 93.188.164.13,93.188.166.114
TCP: {E5CCD1AF-4579-4179-B770-F8FDCCE5E06C} = 93.188.164.13,93.188.166.114
TCP: {FB9D2171-9150-49B8-B95E-5FF3FB0801A1} = 93.188.164.13,93.188.166.114
TCP: 46C696E6B613 = 93.188.164.13,93.188.166.114
Notify: WBSrv - c:\program files\stardock\windowblinds\wbsrv.dll
AppInit_DLLs: wbsys.dll
SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - c:\program files\stardock\iconpackager\iprepair.dll
STS: FencesShlExt Class: {1984dd45-52cf-49cd-ab77-18f378fea264} - c:\program files\stardock\fences\FencesMenu.dll
STS: Deskscapes Class: {ec654325-1273-c2a9-2b7c-45d29bce68fb} - c:\program files\stardock\deskscapes3\deskscapes.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

================= FIREFOX ===================

FF - ProfilePath - c:\users\james\appdata\roaming\mozilla\firefox\profiles\pmdiosg2.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - component: c:\users\james\appdata\roaming\mozilla\firefox\profiles\pmdiosg2.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\FFExternalAlert.dll
FF - component: c:\users\james\appdata\roaming\mozilla\firefox\profiles\pmdiosg2.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\RadioWMPCore.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\opera\program\plugins\nppdf32.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\james\appdata\local\google\update\1.2.183.23\npGoogleOneClick8.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-6-16 164048]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\AEstSrv.exe [2009-10-20 81920]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-7-3 176128]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-6-16 19024]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-6-16 51792]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2009-8-17 228408]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-10-20 167936]
R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2009-10-20 28344]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2009-10-20 167424]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-14 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-14 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-14 661504]
S3 USBTINSP;TI-Nspire™ Handheld Device Driver;c:\windows\system32\drivers\tinspusb.sys [2010-6-14 123392]

=============== Created Last 30 ================

2010-06-16 09:08:18 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-06-16 09:08:05 0 d-----w- c:\program files\Avast5
2010-06-16 00:47:50 16501 ----a-w- c:\users\james\.recently-used.xbel
2010-06-14 12:03:24 123392 ----a-w- c:\windows\system32\drivers\tinspusb.sys
2010-06-14 12:03:24 0 d-----w- c:\programdata\RNDIS
2010-06-10 11:30:05 0 d-----w- c:\users\james\appdata\roaming\avidemux
2010-06-10 11:29:56 0 d-----w- c:\program files\Avidemux 2.5
2010-06-10 10:49:25 0 d-----w- c:\program files\t@b
2010-06-10 09:23:36 371 ----a-w- c:\users\james\Videos.scn
2010-06-10 09:16:24 0 d-----w- c:\programdata\Pinnacle VideoSpin
2010-06-10 09:16:24 0 d-----w- c:\program files\PinnacleVideoSpin
2010-06-10 09:16:24 0 d-----w- c:\program files\Pinnacle
2010-06-10 09:16:24 0 d-----w- c:\program files\common files\Yahoo!
2010-06-10 09:15:15 0 d-----w- c:\programdata\Pinnacle
2010-06-08 12:37:12 0 d-----w- c:\programdata\Last.fm
2010-06-08 12:36:23 0 d-----w- c:\program files\Last.fm
2010-06-04 02:26:55 0 d-----w- c:\programdata\CCP
2010-06-04 02:26:55 0 d-----w- c:\program files\CCP
2010-06-03 00:52:52 0 d-----w- c:\program files\Sauerbraten
2010-06-03 00:32:18 0 d-----w- c:\program files\The Ur-Quan Masters
2010-06-02 10:50:50 0 d-----w- c:\program files\Digital Catholic Bible
2010-06-02 10:49:01 0 d-----w- c:\users\james\appdata\roaming\uqm
2010-05-31 10:29:16 0 d-----w- c:\program files\Boundless Ocean (2005)
2010-05-31 10:28:27 3027326 ----a-w- c:\program files\BoundlessOcean.zip
2010-05-31 09:08:01 0 d-----w- c:\users\james\appdata\roaming\Sahmon Games
2010-05-31 09:07:48 0 d-----w- c:\program files\MyPlayCity.com
2010-05-31 09:00:10 0 d-----w- c:\program files\Star Defender 4
2010-05-26 06:06:15 32592 ----a-w- c:\windows\system32\msonpmon.dll
2010-05-23 00:35:56 0 d-----w- c:\program files\ToggleEN
2010-05-20 00:06:56 0 d-----w- c:\programdata\PopCap Games
2010-05-18 00:55:41 0 dc-h--w- c:\programdata\{1C533CDB-BAC7-4600-B3DE-0B628D9AC643}
2010-05-18 00:44:27 0 dc-h--w- c:\programdata\{03B3EED6-BE84-4EE0-AB1E-BF091841DA15}

==================== Find3M ====================

2010-06-08 01:39:06 20192256 ----a-w- c:\windows\system32\imageres.dll
2010-05-05 03:08:07 21584 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-05-03 23:15:00 363328 ----a-w- c:\windows\fonts\TOY_S__.TTF
2010-05-03 23:13:50 1052076 ----a-w- c:\windows\fonts\StAndrew.ttf
2010-05-03 23:10:52 28716 ----a-w- c:\windows\fonts\Mostwasted.ttf
2010-05-02 09:57:04 373248 ----a-w- c:\windows\system32\qwmnp.exe
2010-04-19 08:30:16 75 ----a-w- c:\users\james\jagex_runescape_preferences2.dat
2010-04-19 08:30:16 41 ----a-w- c:\users\james\jagex_runescape_preferences.dat
2010-04-19 02:50:54 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2010-04-19 02:50:54 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2010-04-18 00:03:59 0 ----a-w- c:\users\james\jagex__preferences3.dat
2010-04-08 04:25:00 197396 ----a-w- c:\windows\fonts\BrainDamage.ttf
2010-03-01 06:42:11 3426443 ----a-w- c:\program files\InstallFreeRARExtractFrog.exe
2010-03-01 05:34:01 18234256 ----a-w- c:\program files\gimp-2.6.8-i686-setup.exe
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-05-28 01:53:43 204268200 ----a-w- c:\program files\TI-NspireCAS.exe
2005-08-27 07:26:00 1581056 ----a-w- c:\program files\SAFlashPlayer.exe
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 19:45:47.66 ===============

and now GMer (ARK.txt)

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-16 20:49:45
Windows 6.1.7600
Running: gmer.exe; Driver: C:\Users\James\AppData\Local\Temp\fflyrfob.sys


---- System - GMER 1.0.15 ----

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C34AF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C34104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C343F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C1D2D8
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C1C898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C341DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C34958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C346F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C34F2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C351A8

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0x9CF9EAC6]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0x9CF9E8EA]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0x9CF9EA24]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82C94599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82CB8F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
PAGE ntkrnlpa.exe!ZwLoadDriver 82DF2279 7 Bytes JMP 9CF9EA28 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 82E59FA7 5 Bytes JMP 9CF9A536 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ObInsertObject + 27 82E73CA7 5 Bytes JMP 9CF9BF28 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!NtCreateSection 82E81D23 7 Bytes JMP 9CF9E8EE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 82F2BEAA 7 Bytes JMP 9CF9EACA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x92C40000, 0x2D5046, 0xE8000020]
.text peauth.sys 9CE1FC9D 28 Bytes [8F, 22, 3A, 6A, DF, AB, F3, ...]
.text peauth.sys 9CE1FCC1 28 Bytes [8F, 22, 3A, 6A, DF, AB, F3, ...]
PAGE peauth.sys 9CE25B9B 72 Bytes [A0, 04, 0E, 46, D0, 63, 9E, ...]
PAGE peauth.sys 9CE25BEC 111 Bytes [2E, 0B, AA, A4, BE, 5B, B3, ...]
PAGE peauth.sys 9CE2602C 102 Bytes [C7, F5, 51, FB, F7, B4, 94, ...]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Winamp\Elevator.exe[880] kernel32.dll!VirtualProtect 764B50AB 5 Bytes JMP 660045CC C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Winamp\Elevator.exe[880] USER32.dll!SetWindowPlacement 77C98169 5 Bytes JMP 660371C5 C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Winamp\Elevator.exe[880] USER32.dll!MoveWindow 77C9A8C4 5 Bytes JMP 660374C0 C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Winamp\Elevator.exe[880] USER32.dll!DeferWindowPos 77C9C338 5 Bytes JMP 66036AF8 C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Winamp\Elevator.exe[880] USER32.dll!SetWindowPos 77CA3581 5 Bytes JMP 6603760F C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Winamp\Elevator.exe[880] USER32.dll!GetWindowRect 77CA7450 5 Bytes JMP 6603779B C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Winamp\Elevator.exe[880] USER32.dll!EndPaint 77CA7B73 5 Bytes JMP 66002C09 C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Winamp\Elevator.exe[880] USER32.dll!BeginPaint 77CA7B87 5 Bytes JMP 66002C0E C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Winamp\Elevator.exe[880] USER32.dll!GetWindowPlacement 77CC6BD0 5 Bytes JMP 66037316 C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\system32\taskhost.exe[884] kernel32.dll!VirtualProtect 764B50AB 5 Bytes JMP 660045CC C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\system32\taskhost.exe[884] USER32.dll!SetWindowPlacement 77C98169 5 Bytes JMP 660371C5 C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\system32\taskhost.exe[884] USER32.dll!MoveWindow 77C9A8C4 5 Bytes JMP 660374C0 C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\system32\taskhost.exe[884] USER32.dll!DeferWindowPos 77C9C338 5 Bytes JMP 66036AF8 C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\system32\taskhost.exe[884] USER32.dll!SetWindowPos 77CA3581 5 Bytes JMP 6603760F C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\system32\taskhost.exe[884] USER32.dll!GetWindowRect 77CA7450 5 Bytes JMP 6603779B C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\system32\taskhost.exe[884] USER32.dll!EndPaint 77CA7B73 5 Bytes JMP 66002C09 C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\system32\taskhost.exe[884] USER32.dll!BeginPaint 77CA7B87 5 Bytes JMP 66002C0E C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\system32\taskhost.exe[884] USER32.dll!GetWindowPlacement 77CC6BD0 5 Bytes JMP 66037316 C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1252] KERNEL32.dll!VirtualProtect 764B50AB 5 Bytes JMP 660045CC C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1252] USER32.dll!SetWindowPlacement 77C98169 5 Bytes JMP 660371C5 C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1252] USER32.dll!MoveWindow 77C9A8C4 5 Bytes JMP 660374C0 C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1252] USER32.dll!DeferWindowPos 77C9C338 5 Bytes JMP 66036AF8 C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1252] USER32.dll!SetWindowPos 77CA3581 5 Bytes JMP 6603760F C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1252] USER32.dll!GetWindowRect 77CA7450 5 Bytes JMP 6603779B C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1252] USER32.dll!EndPaint 77CA7B73 5 Bytes JMP 66002C09 C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1252] USER32.dll!BeginPaint 77CA7B87 5 Bytes JMP 66002C0E C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1252] USER32.dll!GetWindowPlacement 77CC6BD0 5 Bytes JMP 66037316 C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\system32\atieclxx.exe[1268] kernel32.dll!VirtualProtect 764B50AB 5 Bytes JMP 660045CC C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\system32\atieclxx.exe[1268] USER32.dll!SetWindowPlacement 77C98169 5 Bytes JMP 660371C5 C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\system32\atieclxx.exe[1268] USER32.dll!MoveWindow 77C9A8C4 5 Bytes JMP 660374C0 C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\system32\atieclxx.exe[1268] USER32.dll!DeferWindowPos 77C9C338 5 Bytes JMP 66036AF8 C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\system32\atieclxx.exe[1268] USER32.dll!SetWindowPos 77CA3581 5 Bytes JMP 6603760F C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\system32\atieclxx.exe[1268] USER32.dll!GetWindowRect 77CA7450 5 Bytes JMP 6603779B C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\system32\atieclxx.exe[1268] USER32.dll!EndPaint 77CA7B73 5 Bytes JMP 66002C09 C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\system32\atieclxx.exe[1268] USER32.dll!BeginPaint 77CA7B87 5 Bytes JMP 66002C0E C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\system32\atieclxx.exe[1268] USER32.dll!GetWindowPlacement 77CC6BD0 5 Bytes JMP 66037316 C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\system32\svchost.exe[1464] ntdll.dll!NtProtectVirtualMemory 77DA5360 5 Bytes JMP 0036000A
.text C:\Windows\system32\svchost.exe[1464] ntdll.dll!NtWriteVirtualMemory 77DA5EE0 5 Bytes JMP 0037000A
.text C:\Windows\system32\svchost.exe[1464] ntdll.dll!KiUserExceptionDispatcher 77DA6448 5 Bytes JMP 0035000A
.text C:\Windows\system32\svchost.exe[1464] ole32.dll!CoCreateInstance 762657FC 5 Bytes JMP 00DC000A
.text C:\Windows\system32\wuauclt.exe[2056] ntdll.dll!NtProtectVirtualMemory 77DA5360 5 Bytes JMP 0024000A
.text C:\Windows\system32\wuauclt.exe[2056] ntdll.dll!NtWriteVirtualMemory 77DA5EE0 5 Bytes JMP 0025000A
.text C:\Windows\system32\wuauclt.exe[2056] ntdll.dll!KiUserExceptionDispatcher 77DA6448 5 Bytes JMP 0023000A
.text C:\Windows\system32\wuauclt.exe[2056] USER32.dll!SetWindowPlacement 77C98169 5 Bytes JMP 660371C5 C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\system32\wuauclt.exe[2056] USER32.dll!MoveWindow 77C9A8C4 5 Bytes JMP 660374C0 C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\system32\wuauclt.exe[2056] USER32.dll!DeferWindowPos 77C9C338 5 Bytes JMP 66036AF8 C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\system32\wuauclt.exe[2056] USER32.dll!SetWindowPos 77CA3581 5 Bytes JMP 6603760F C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\system32\wuauclt.exe[2056] USER32.dll!GetWindowRect 77CA7450 5 Bytes JMP 6603779B C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\system32\wuauclt.exe[2056] USER32.dll!EndPaint 77CA7B73 5 Bytes JMP 66002C09 C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\system32\wuauclt.exe[2056] USER32.dll!BeginPaint 77CA7B87 5 Bytes JMP 66002C0E C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\system32\wuauclt.exe[2056] USER32.dll!GetWindowPlacement 77CC6BD0 5 Bytes JMP 66037316 C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Opera\opera.exe[2304] ntdll.dll!NtProtectVirtualMemory 77DA5360 5 Bytes JMP 0026000A
.text C:\Program Files\Opera\opera.exe[2304] ntdll.dll!NtWriteVirtualMemory 77DA5EE0 5 Bytes JMP 0027000A
.text C:\Program Files\Opera\opera.exe[2304] ntdll.dll!KiUserExceptionDispatcher 77DA6448 5 Bytes JMP 0015000A
.text C:\Program Files\Opera\opera.exe[2304] USER32.dll!SetWindowPlacement 77C98169 5 Bytes JMP 660371C5 C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Opera\opera.exe[2304] USER32.dll!MoveWindow 77C9A8C4 5 Bytes JMP 660374C0 C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Opera\opera.exe[2304] USER32.dll!DeferWindowPos 77C9C338 5 Bytes JMP 66036AF8 C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Opera\opera.exe[2304] USER32.dll!SetWindowPos 77CA3581 5 Bytes JMP 10001040 C:\Program Files\Stardock\CursorFX\CurXP0.dll (CursorFX support DLL/ )
.text C:\Program Files\Opera\opera.exe[2304] USER32.dll!DrawIconEx 77CA4C5D 5 Bytes JMP 100011E0 C:\Program Files\Stardock\CursorFX\CurXP0.dll (CursorFX support DLL/ )
.text C:\Program Files\Opera\opera.exe[2304] USER32.dll!GetIconInfo 77CA4FA4 5 Bytes JMP 10001120 C:\Program Files\Stardock\CursorFX\CurXP0.dll (CursorFX support DLL/ )
.text C:\Program Files\Opera\opera.exe[2304] USER32.dll!GetWindowRect 77CA7450 5 Bytes JMP 6603779B C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Opera\opera.exe[2304] USER32.dll!EndPaint 77CA7B73 5 Bytes JMP 66002C09 C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Opera\opera.exe[2304] USER32.dll!BeginPaint 77CA7B87 5 Bytes JMP 66002C0E C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Opera\opera.exe[2304] USER32.dll!GetWindowPlacement 77CC6BD0 5 Bytes JMP 66037316 C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\Explorer.EXE[2464] ntdll.dll!NtProtectVirtualMemory 77DA5360 5 Bytes JMP 0017000A
.text C:\Windows\Explorer.EXE[2464] ntdll.dll!NtWriteVirtualMemory 77DA5EE0 5 Bytes JMP 0018000A
.text C:\Windows\Explorer.EXE[2464] ntdll.dll!KiUserExceptionDispatcher 77DA6448 5 Bytes JMP 0016000A
.text C:\Windows\Explorer.EXE[2464] USER32.dll!SetWindowPlacement 77C98169 5 Bytes JMP 660371C5 C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\Explorer.EXE[2464] USER32.dll!MoveWindow 77C9A8C4 5 Bytes JMP 660374C0 C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\Explorer.EXE[2464] USER32.dll!DeferWindowPos 77C9C338 5 Bytes JMP 66036AF8 C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\Explorer.EXE[2464] USER32.dll!SetWindowPos 77CA3581 5 Bytes JMP 053B1040 C:\Program Files\Stardock\CursorFX\CurXP0.dll (CursorFX support DLL/ )
.text C:\Windows\Explorer.EXE[2464] USER32.dll!DrawIconEx 77CA4C5D 5 Bytes JMP 053B11E0 C:\Program Files\Stardock\CursorFX\CurXP0.dll (CursorFX support DLL/ )
.text C:\Windows\Explorer.EXE[2464] USER32.dll!GetIconInfo 77CA4FA4 5 Bytes JMP 053B1120 C:\Program Files\Stardock\CursorFX\CurXP0.dll (CursorFX support DLL/ )
.text C:\Windows\Explorer.EXE[2464] USER32.dll!GetWindowRect 77CA7450 5 Bytes JMP 6603779B C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\Explorer.EXE[2464] USER32.dll!EndPaint 77CA7B73 5 Bytes JMP 66002C09 C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\Explorer.EXE[2464] USER32.dll!BeginPaint 77CA7B87 5 Bytes JMP 66002C0E C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\Explorer.EXE[2464] USER32.dll!GetWindowPlacement 77CC6BD0 5 Bytes JMP 66037316 C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\system32\taskhost.exe[2588] kernel32.dll!VirtualProtect 764B50AB 5 Bytes JMP 660045CC C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\system32\taskhost.exe[2588] USER32.dll!SetWindowPlacement 77C98169 5 Bytes JMP 660371C5 C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\system32\taskhost.exe[2588] USER32.dll!MoveWindow 77C9A8C4 5 Bytes JMP 660374C0 C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\system32\taskhost.exe[2588] USER32.dll!DeferWindowPos 77C9C338 5 Bytes JMP 66036AF8 C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\system32\taskhost.exe[2588] USER32.dll!SetWindowPos 77CA3581 5 Bytes JMP 6603760F C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\system32\taskhost.exe[2588] USER32.dll!GetWindowRect 77CA7450 5 Bytes JMP 6603779B C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\system32\taskhost.exe[2588] USER32.dll!EndPaint 77CA7B73 5 Bytes JMP 66002C09 C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\system32\taskhost.exe[2588] USER32.dll!BeginPaint 77CA7B87 5 Bytes JMP 66002C0E C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\system32\taskhost.exe[2588] USER32.dll!GetWindowPlacement 77CC6BD0 5 Bytes JMP 66037316 C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Opera\opera.exe[2672] ntdll.dll!NtProtectVirtualMemory 77DA5360 5 Bytes JMP 003A000A
.text C:\Program Files\Opera\opera.exe[2672] ntdll.dll!NtWriteVirtualMemory 77DA5EE0 5 Bytes JMP 003B000A
.text C:\Program Files\Opera\opera.exe[2672] ntdll.dll!KiUserExceptionDispatcher 77DA6448 5 Bytes JMP 0039000A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2844] kernel32.dll!VirtualProtect 764B50AB 5 Bytes JMP 660045CC C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2844] USER32.dll!SetWindowPlacement 77C98169 5 Bytes JMP 660371C5 C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2844] USER32.dll!MoveWindow 77C9A8C4 5 Bytes JMP 660374C0 C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2844] USER32.dll!DeferWindowPos 77C9C338 5 Bytes JMP 66036AF8 C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2844] USER32.dll!SetWindowPos 77CA3581 5 Bytes JMP 01981040 C:\Program Files\Stardock\CursorFX\CurXP0.dll (CursorFX support DLL/ )
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2844] USER32.dll!DrawIconEx 77CA4C5D 5 Bytes JMP 019811E0 C:\Program Files\Stardock\CursorFX\CurXP0.dll (CursorFX support DLL/ )
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2844] USER32.dll!GetIconInfo 77CA4FA4 5 Bytes JMP 01981120 C:\Program Files\Stardock\CursorFX\CurXP0.dll (CursorFX support DLL/ )
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2844] USER32.dll!GetWindowRect 77CA7450 5 Bytes JMP 6603779B C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2844] USER32.dll!EndPaint 77CA7B73 5 Bytes JMP 66002C09 C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2844] USER32.dll!BeginPaint 77CA7B87 5 Bytes JMP 66002C0E C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2844] USER32.dll!GetWindowPlacement 77CC6BD0 5 Bytes JMP 66037316 C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\IDT\WDM\sttray.exe[2852] kernel32.dll!VirtualProtect 764B50AB 5 Bytes JMP 660045CC C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\IDT\WDM\sttray.exe[2852] USER32.dll!SetWindowPlacement 77C98169 5 Bytes JMP 660371C5 C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\IDT\WDM\sttray.exe[2852] USER32.dll!MoveWindow 77C9A8C4 5 Bytes JMP 660374C0 C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\IDT\WDM\sttray.exe[2852] USER32.dll!DeferWindowPos 77C9C338 5 Bytes JMP 66036AF8 C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\IDT\WDM\sttray.exe[2852] USER32.dll!SetWindowPos 77CA3581 5 Bytes JMP 6603760F C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\IDT\WDM\sttray.exe[2852] USER32.dll!GetWindowRect 77CA7450 5 Bytes JMP 6603779B C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\IDT\WDM\sttray.exe[2852] USER32.dll!EndPaint 77CA7B73 5 Bytes JMP 66002C09 C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\IDT\WDM\sttray.exe[2852] USER32.dll!BeginPaint 77CA7B87 5 Bytes JMP 66002C0E C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\IDT\WDM\sttray.exe[2852] USER32.dll!GetWindowPlacement 77CC6BD0 5 Bytes JMP 66037316 C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Hp\QuickPlay\QPService.exe[2864] kernel32.dll!VirtualProtect 764B50AB 5 Bytes JMP 660045CC C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Hp\QuickPlay\QPService.exe[2864] USER32.dll!SetWindowPlacement 77C98169 5 Bytes JMP 660371C5 C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Hp\QuickPlay\QPService.exe[2864] USER32.dll!MoveWindow 77C9A8C4 5 Bytes JMP 660374C0 C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Hp\QuickPlay\QPService.exe[2864] USER32.dll!DeferWindowPos 77C9C338 5 Bytes JMP 66036AF8 C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Hp\QuickPlay\QPService.exe[2864] USER32.dll!SetWindowPos 77CA3581 5 Bytes JMP 6603760F C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Hp\QuickPlay\QPService.exe[2864] USER32.dll!GetWindowRect 77CA7450 5 Bytes JMP 6603779B C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Hp\QuickPlay\QPService.exe[2864] USER32.dll!EndPaint 77CA7B73 5 Bytes JMP 66002C09 C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Hp\QuickPlay\QPService.exe[2864] USER32.dll!BeginPaint 77CA7B87 5 Bytes JMP 66002C0E C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Hp\QuickPlay\QPService.exe[2864] USER32.dll!GetWindowPlacement 77CC6BD0 5 Bytes JMP 66037316 C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Users\James\Desktop\gmer\gmer.exe[2888] kernel32.dll!VirtualProtect 764B50AB 5 Bytes JMP 660045CC C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Users\James\Desktop\gmer\gmer.exe[2888] USER32.dll!SetWindowPlacement 77C98169 5 Bytes JMP 660371C5 C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Users\James\Desktop\gmer\gmer.exe[2888] USER32.dll!MoveWindow 77C9A8C4 5 Bytes JMP 660374C0 C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Users\James\Desktop\gmer\gmer.exe[2888] USER32.dll!DeferWindowPos 77C9C338 5 Bytes JMP 66036AF8 C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Users\James\Desktop\gmer\gmer.exe[2888] USER32.dll!SetWindowPos 77CA3581 5 Bytes JMP 6603760F C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Users\James\Desktop\gmer\gmer.exe[2888] USER32.dll!GetWindowRect 77CA7450 5 Bytes JMP 6603779B C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Users\James\Desktop\gmer\gmer.exe[2888] USER32.dll!EndPaint 77CA7B73 5 Bytes JMP 66002C09 C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Users\James\Desktop\gmer\gmer.exe[2888] USER32.dll!BeginPaint 77CA7B87 5 Bytes JMP 66002C0E C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Users\James\Desktop\gmer\gmer.exe[2888] USER32.dll!GetWindowPlacement 77CC6BD0 5 Bytes JMP 66037316 C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[2940] kernel32.dll!VirtualProtect 764B50AB 5 Bytes JMP 660045CC C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[2940] USER32.dll!SetWindowPlacement 77C98169 5 Bytes JMP 660371C5 C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[2940] USER32.dll!MoveWindow 77C9A8C4 5 Bytes JMP 660374C0 C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[2940] USER32.dll!DeferWindowPos 77C9C338 5 Bytes JMP 66036AF8 C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[2940] USER32.dll!SetWindowPos 77CA3581 5 Bytes JMP 6603760F C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[2940] USER32.dll!GetWindowRect 77CA7450 5 Bytes JMP 6603779B C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[2940] USER32.dll!EndPaint 77CA7B73 5 Bytes JMP 66002C09 C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[2940] USER32.dll!BeginPaint 77CA7B87 5 Bytes JMP 66002C0E C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[2940] USER32.dll!GetWindowPlacement 77CC6BD0 5 Bytes JMP 66037316 C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2968] KERNEL32.dll!VirtualProtect 764B50AB 5 Bytes JMP 660045CC C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2968] USER32.dll!SetWindowPlacement 77C98169 5 Bytes JMP 660371C5 C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2968] USER32.dll!MoveWindow 77C9A8C4 5 Bytes JMP 660374C0 C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2968] USER32.dll!DeferWindowPos 77C9C338 5 Bytes JMP 66036AF8 C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2968] USER32.dll!SetWindowPos 77CA3581 5 Bytes JMP 6603760F C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2968] USER32.dll!GetWindowRect 77CA7450 5 Bytes JMP 6603779B C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2968] USER32.dll!EndPaint 77CA7B73 5 Bytes JMP 66002C09 C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2968] USER32.dll!BeginPaint 77CA7B87 5 Bytes JMP 66002C0E C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2968] USER32.dll!GetWindowPlacement 77CC6BD0 5 Bytes JMP 66037316 C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Java\jre6\bin\jusched.exe[3032] kernel32.dll!VirtualProtect 764B50AB 5 Bytes JMP 660045CC C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Java\jre6\bin\jusched.exe[3032] USER32.dll!SetWindowPlacement 77C98169 5 Bytes JMP 660371C5 C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Java\jre6\bin\jusched.exe[3032] USER32.dll!MoveWindow 77C9A8C4 5 Bytes JMP 660374C0 C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Java\jre6\bin\jusched.exe[3032] USER32.dll!DeferWindowPos 77C9C338 5 Bytes JMP 66036AF8 C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Java\jre6\bin\jusched.exe[3032] USER32.dll!SetWindowPos 77CA3581 5 Bytes JMP 6603760F C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Java\jre6\bin\jusched.exe[3032] USER32.dll!GetWindowRect 77CA7450 5 Bytes JMP 6603779B C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Java\jre6\bin\jusched.exe[3032] USER32.dll!EndPaint 77CA7B73 5 Bytes JMP 66002C09 C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Java\jre6\bin\jusched.exe[3032] USER32.dll!BeginPaint 77CA7B87 5 Bytes JMP 66002C0E C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Java\jre6\bin\jusched.exe[3032] USER32.dll!GetWindowPlacement 77CC6BD0 5 Bytes JMP 66037316 C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Hp\HP Software Update\hpwuschd2.exe[3072] kernel32.dll!VirtualProtect 764B50AB 5 Bytes JMP 660045CC C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Hp\HP Software Update\hpwuschd2.exe[3072] USER32.dll!SetWindowPlacement 77C98169 5 Bytes JMP 660371C5 C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Hp\HP Software Update\hpwuschd2.exe[3072] USER32.dll!MoveWindow 77C9A8C4 5 Bytes JMP 660374C0 C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Hp\HP Software Update\hpwuschd2.exe[3072] USER32.dll!DeferWindowPos 77C9C338 5 Bytes JMP 66036AF8 C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Hp\HP Software Update\hpwuschd2.exe[3072] USER32.dll!SetWindowPos 77CA3581 5 Bytes JMP 6603760F C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Hp\HP Software Update\hpwuschd2.exe[3072] USER32.dll!GetWindowRect 77CA7450 5 Bytes JMP 6603779B C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Hp\HP Software Update\hpwuschd2.exe[3072] USER32.dll!EndPaint 77CA7B73 5 Bytes JMP 66002C09 C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Hp\HP Software Update\hpwuschd2.exe[3072] USER32.dll!BeginPaint 77CA7B87 5 Bytes JMP 66002C0E C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Hp\HP Software Update\hpwuschd2.exe[3072] USER32.dll!GetWindowPlacement 77CC6BD0 5 Bytes JMP 66037316 C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3100] KERNEL32.dll!VirtualProtect 764B50AB 5 Bytes JMP 660045CC C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3100] USER32.dll!SetWindowPlacement 77C98169 5 Bytes JMP 660371C5 C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3100] USER32.dll!MoveWindow 77C9A8C4 5 Bytes JMP 660374C0 C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3100] USER32.dll!DeferWindowPos 77C9C338 5 Bytes JMP 66036AF8 C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3100] USER32.dll!SetWindowPos 77CA3581 5 Bytes JMP 6603760F C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3100] USER32.dll!GetWindowRect 77CA7450 5 Bytes JMP 6603779B C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3100] USER32.dll!EndPaint 77CA7B73 5 Bytes JMP 66002C09 C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3100] USER32.dll!BeginPaint 77CA7B87 5 Bytes JMP 66002C0E C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3100] USER32.dll!GetWindowPlacement 77CC6BD0 5 Bytes JMP 66037316 C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3128] kernel32.dll!VirtualProtect 764B50AB 5 Bytes JMP 660045CC C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3128] USER32.dll!SetWindowPlacement 77C98169 5 Bytes JMP 660371C5 C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3128] USER32.dll!MoveWindow 77C9A8C4 5 Bytes JMP 660374C0 C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3128] USER32.dll!DeferWindowPos 77C9C338 5 Bytes JMP 66036AF8 C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3128] USER32.dll!SetWindowPos 77CA3581 5 Bytes JMP 6603760F C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3128] USER32.dll!GetWindowRect 77CA7450 5 Bytes JMP 6603779B C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3128] USER32.dll!EndPaint 77CA7B73 5 Bytes JMP 66002C09 C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3128] USER32.dll!BeginPaint 77CA7B87 5 Bytes JMP 66002C0E C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3128] USER32.dll!GetWindowPlacement 77CC6BD0 5 Bytes JMP 66037316 C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Winamp\winampa.exe[3216] kernel32.dll!VirtualProtect 764B50AB 5 Bytes JMP 660045CC C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Winamp\winampa.exe[3216] USER32.dll!SetWindowPlacement 77C98169 5 Bytes JMP 660371C5 C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Winamp\winampa.exe[3216] USER32.dll!MoveWindow 77C9A8C4 5 Bytes JMP 660374C0 C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Winamp\winampa.exe[3216] USER32.dll!DeferWindowPos 77C9C338 5 Bytes JMP 66036AF8 C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Winamp\winampa.exe[3216] USER32.dll!SetWindowPos 77CA3581 5 Bytes JMP 6603760F C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Winamp\winampa.exe[3216] USER32.dll!GetWindowRect 77CA7450 5 Bytes JMP 6603779B C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Winamp\winampa.exe[3216] USER32.dll!EndPaint 77CA7B73 5 Bytes JMP 66002C09 C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Winamp\winampa.exe[3216] USER32.dll!BeginPaint 77CA7B87 5 Bytes JMP 66002C0E C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Winamp\winampa.exe[3216] USER32.dll!GetWindowPlacement 77CC6BD0 5 Bytes JMP 66037316 C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Stardock\CursorFX\CursorFX.exe[3288] kernel32.dll!VirtualProtect 764B50AB 5 Bytes JMP 660045CC C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Stardock\CursorFX\CursorFX.exe[3288] USER32.dll!SetWindowPlacement 77C98169 5 Bytes JMP 660371C5 C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Stardock\CursorFX\CursorFX.exe[3288] USER32.dll!MoveWindow 77C9A8C4 5 Bytes JMP 660374C0 C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Stardock\CursorFX\CursorFX.exe[3288] USER32.dll!DeferWindowPos 77C9C338 5 Bytes JMP 66036AF8 C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Stardock\CursorFX\CursorFX.exe[3288] USER32.dll!SetWindowPos 77CA3581 5 Bytes JMP 6603760F C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Stardock\CursorFX\CursorFX.exe[3288] USER32.dll!GetWindowRect 77CA7450 5 Bytes JMP 6603779B C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Stardock\CursorFX\CursorFX.exe[3288] USER32.dll!EndPaint 77CA7B73 5 Bytes JMP 66002C09 C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Stardock\CursorFX\CursorFX.exe[3288] USER32.dll!BeginPaint 77CA7B87 5 Bytes JMP 66002C0E C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Stardock\CursorFX\CursorFX.exe[3288] USER32.dll!GetWindowPlacement 77CC6BD0 5 Bytes JMP 66037316 C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3304] kernel32.dll!VirtualProtect 764B50AB 5 Bytes JMP 660045CC C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3304] USER32.dll!SetWindowPlacement 77C98169 5 Bytes JMP 660371C5 C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3304] USER32.dll!MoveWindow 77C9A8C4 5 Bytes JMP 660374C0 C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3304] USER32.dll!DeferWindowPos 77C9C338 5 Bytes JMP 66036AF8 C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3304] USER32.dll!SetWindowPos 77CA3581 5 Bytes JMP 6603760F C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3304] USER32.dll!GetWindowRect 77CA7450 5 Bytes JMP 6603779B C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3304] USER32.dll!EndPaint 77CA7B73 5 Bytes JMP 66002C09 C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3304] USER32.dll!BeginPaint 77CA7B87 5 Bytes JMP 66002C0E C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3304] USER32.dll!GetWindowPlacement 77CC6BD0 5 Bytes JMP 66037316 C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4072] kernel32.dll!VirtualProtect 764B50AB 5 Bytes JMP 660045CC C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4072] USER32.dll!SetWindowPlacement 77C98169 5 Bytes JMP 660371C5 C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4072] USER32.dll!MoveWindow 77C9A8C4 5 Bytes JMP 660374C0 C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4072] USER32.dll!DeferWindowPos 77C9C338 5 Bytes JMP 66036AF8 C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4072] USER32.dll!SetWindowPos 77CA3581 5 Bytes JMP 6603760F C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4072] USER32.dll!GetWindowRect 77CA7450 5 Bytes JMP 6603779B C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4072] USER32.dll!EndPaint 77CA7B73 5 Bytes JMP 66002C09 C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4072] USER32.dll!BeginPaint 77CA7B87 5 Bytes JMP 66002C0E C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4072] USER32.dll!GetWindowPlacement 77CC6BD0 5 Bytes JMP 66037316 C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Avast5\avastUI.exe[4132] kernel32.dll!VirtualProtect 764B50AB 5 Bytes JMP 020C45CC C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Avast5\avastUI.exe[4132] USER32.dll!SetWindowPlacement 77C98169 5 Bytes JMP 020F71C5 C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Avast5\avastUI.exe[4132] USER32.dll!MoveWindow 77C9A8C4 5 Bytes JMP 020F74C0 C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Avast5\avastUI.exe[4132] USER32.dll!DeferWindowPos 77C9C338 5 Bytes JMP 020F6AF8 C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Avast5\avastUI.exe[4132] USER32.dll!SetWindowPos 77CA3581 5 Bytes JMP 020F760F C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Avast5\avastUI.exe[4132] USER32.dll!GetWindowRect 77CA7450 5 Bytes JMP 020F779B C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Avast5\avastUI.exe[4132] USER32.dll!EndPaint 77CA7B73 5 Bytes JMP 020C2C09 C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Avast5\avastUI.exe[4132] USER32.dll!BeginPaint 77CA7B87 5 Bytes JMP 020C2C0E C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Avast5\avastUI.exe[4132] USER32.dll!GetWindowPlacement 77CC6BD0 5 Bytes JMP 020F7316 C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[4172] kernel32.dll!VirtualProtect 764B50AB 5 Bytes JMP 660045CC C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[4172] kernel32.dll!SetUnhandledExceptionFilter 764C3142 5 Bytes JMP 5C9E5436 C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[4172] USER32.dll!SetWindowPlacement 77C98169 5 Bytes JMP 660371C5 C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[4172] USER32.dll!MoveWindow 77C9A8C4 5 Bytes JMP 660374C0 C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[4172] USER32.dll!DeferWindowPos 77C9C338 5 Bytes JMP 66036AF8 C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[4172] USER32.dll!SetWindowPos 77CA3581 5 Bytes JMP 01EE1040 C:\Program Files\Stardock\CursorFX\CurXP0.dll (CursorFX support DLL/ )
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[4172] USER32.dll!DrawIconEx 77CA4C5D 5 Bytes JMP 01EE11E0 C:\Program Files\Stardock\CursorFX\CurXP0.dll (CursorFX support DLL/ )
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[4172] USER32.dll!GetIconInfo 77CA4FA4 5 Bytes JMP 01EE1120 C:\Program Files\Stardock\CursorFX\CurXP0.dll (CursorFX support DLL/ )
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[4172] USER32.dll!GetWindowRect 77CA7450 5 Bytes JMP 6603779B C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[4172] USER32.dll!EndPaint 77CA7B73 5 Bytes JMP 66002C09 C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[4172] USER32.dll!BeginPaint 77CA7B87 5 Bytes JMP 66002C0E C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[4172] USER32.dll!GetWindowPlacement 77CC6BD0 5 Bytes JMP 66037316 C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Winamp\winamp.exe[4436] kernel32.dll!VirtualProtect 764B50AB 5 Bytes JMP 660045CC C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Winamp\winamp.exe[4436] USER32.dll!SetWindowPlacement 77C98169 5 Bytes JMP 660371C5 C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Winamp\winamp.exe[4436] USER32.dll!MoveWindow 77C9A8C4 5 Bytes JMP 660374C0 C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Winamp\winamp.exe[4436] USER32.dll!SetScrollRange 77C9AE3C 5 Bytes JMP 04AAC759 C:\Program Files\Winamp\Plugins\gen_jumpex.dll
.text C:\Program Files\Winamp\winamp.exe[4436] USER32.dll!DeferWindowPos 77C9C338 5 Bytes JMP 66036AF8 C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Winamp\winamp.exe[4436] USER32.dll!SetWindowPos 77CA3581 5 Bytes JMP 04B01040 C:\Program Files\Stardock\CursorFX\CurXP0.dll (CursorFX support DLL/ )
.text C:\Program Files\Winamp\winamp.exe[4436] USER32.dll!DrawIconEx 77CA4C5D 5 Bytes JMP 04B011E0 C:\Program Files\Stardock\CursorFX\CurXP0.dll (CursorFX support DLL/ )
.text C:\Program Files\Winamp\winamp.exe[4436] USER32.dll!GetIconInfo 77CA4FA4 5 Bytes JMP 04B01120 C:\Program Files\Stardock\CursorFX\CurXP0.dll (CursorFX support DLL/ )
.text C:\Program Files\Winamp\winamp.exe[4436] USER32.dll!GetScrollInfo 77CA5151 7 Bytes JMP 04AAC68B C:\Program Files\Winamp\Plugins\gen_jumpex.dll
.text C:\Program Files\Winamp\winamp.exe[4436] USER32.dll!SetScrollInfo 77CA6632 7 Bytes JMP 04AAC703 C:\Program Files\Winamp\Plugins\gen_jumpex.dll
.text C:\Program Files\Winamp\winamp.exe[4436] USER32.dll!GetWindowRect 77CA7450 5 Bytes JMP 6603779B C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Winamp\winamp.exe[4436] USER32.dll!EndPaint 77CA7B73 5 Bytes JMP 66002C09 C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Winamp\winamp.exe[4436] USER32.dll!BeginPaint 77CA7B87 5 Bytes JMP 66002C0E C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Winamp\winamp.exe[4436] USER32.dll!GetScrollRange 77CC1B6C 5 Bytes JMP 04AAC6D8 C:\Program Files\Winamp\Plugins\gen_jumpex.dll
.text C:\Program Files\Winamp\winamp.exe[4436] USER32.dll!SetScrollPos 77CC1BD0 5 Bytes JMP 04AAC72E C:\Program Files\Winamp\Plugins\gen_jumpex.dll
.text C:\Program Files\Winamp\winamp.exe[4436] USER32.dll!GetScrollPos 77CC252B 5 Bytes JMP 04AAC6B3 C:\Program Files\Winamp\Plugins\gen_jumpex.dll
.text C:\Program Files\Winamp\winamp.exe[4436] USER32.dll!EnableScrollBar 77CC386D 5 Bytes JMP 04AAC663 C:\Program Files\Winamp\Plugins\gen_jumpex.dll
.text C:\Program Files\Winamp\winamp.exe[4436] USER32.dll!EnableScrollBar + 6 77CC3873 1 Byte [CC] {INT 3 }
.text C:\Program Files\Winamp\winamp.exe[4436] USER32.dll!ShowScrollBar 77CC5785 5 Bytes JMP 04AAC787 C:\Program Files\Winamp\Plugins\gen_jumpex.dll
.text C:\Program Files\Winamp\winamp.exe[4436] USER32.dll!GetWindowPlacement 77CC6BD0 5 Bytes JMP 66037316 C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Last.fm\LastFM.exe[5452] kernel32.dll!VirtualProtect 764B50AB 5 Bytes JMP 660045CC C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Last.fm\LastFM.exe[5452] USER32.dll!SetWindowPlacement 77C98169 5 Bytes JMP 660371C5 C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Last.fm\LastFM.exe[5452] USER32.dll!MoveWindow 77C9A8C4 5 Bytes JMP 660374C0 C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Last.fm\LastFM.exe[5452] USER32.dll!DeferWindowPos 77C9C338 5 Bytes JMP 66036AF8 C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Last.fm\LastFM.exe[5452] USER32.dll!SetWindowPos 77CA3581 5 Bytes JMP 04741040 C:\Program Files\Stardock\CursorFX\CurXP0.dll (CursorFX support DLL/ )
.text C:\Program Files\Last.fm\LastFM.exe[5452] USER32.dll!DrawIconEx 77CA4C5D 5 Bytes JMP 047411E0 C:\Program Files\Stardock\CursorFX\CurXP0.dll (CursorFX support DLL/ )
.text C:\Program Files\Last.fm\LastFM.exe[5452] USER32.dll!GetIconInfo 77CA4FA4 5 Bytes JMP 04741120 C:\Program Files\Stardock\CursorFX\CurXP0.dll (CursorFX support DLL/ )
.text C:\Program Files\Last.fm\LastFM.exe[5452] USER32.dll!GetWindowRect 77CA7450 5 Bytes JMP 6603779B C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Last.fm\LastFM.exe[5452] USER32.dll!EndPaint 77CA7B73 5 Bytes JMP 66002C09 C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Last.fm\LastFM.exe[5452] USER32.dll!BeginPaint 77CA7B87 5 Bytes JMP 66002C0E C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Last.fm\LastFM.exe[5452] USER32.dll!GetWindowPlacement 77CC6BD0 5 Bytes JMP 66037316 C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\system32\wuauclt.exe[5484] ntdll.dll!NtProtectVirtualMemory 77DA5360 5 Bytes JMP 0020000A
.text C:\Windows\system32\wuauclt.exe[5484] ntdll.dll!NtWriteVirtualMemory 77DA5EE0 5 Bytes JMP 0021000A
.text C:\Windows\system32\wuauclt.exe[5484] ntdll.dll!KiUserExceptionDispatcher 77DA6448 5 Bytes JMP 001F000A
.text C:\Windows\system32\wuauclt.exe[5484] USER32.dll!SetWindowPlacement 77C98169 5 Bytes JMP 660371C5 C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\system32\wuauclt.exe[5484] USER32.dll!MoveWindow 77C9A8C4 5 Bytes JMP 660374C0 C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\system32\wuauclt.exe[5484] USER32.dll!DeferWindowPos 77C9C338 5 Bytes JMP 66036AF8 C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\system32\wuauclt.exe[5484] USER32.dll!SetWindowPos 77CA3581 5 Bytes JMP 6603760F C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\system32\wuauclt.exe[5484] USER32.dll!GetWindowRect 77CA7450 5 Bytes JMP 6603779B C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\system32\wuauclt.exe[5484] USER32.dll!EndPaint 77CA7B73 5 Bytes JMP 66002C09 C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\system32\wuauclt.exe[5484] USER32.dll!BeginPaint 77CA7B87 5 Bytes JMP 66002C0E C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\system32\wuauclt.exe[5484] USER32.dll!GetWindowPlacement 77CC6BD0 5 Bytes JMP 66037316 C:\Program Files\Stardock\WindowBlinds\WBLIND.dll (WindowBlinds/Stardock Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp aswRdr.SYS (avast! TDI RDR Driver/ALWIL Software)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\ACPI_HAL \Device\0000007a halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device -> \Driver\atapi \Device\Harddisk0\DR0 86CAEEE4

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001a6b2af2e9
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001a6b2af2e9 (not active ControlSet)
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002109E60090400000000000F01FEC\Usage@ProductNonBootFilesIntl_1033 1020264499
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002109F10090400000000000F01FEC\Usage@SpellingAndGrammarFiles_1033 1020271066
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xC8 0x28 0x51 0xAF ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x46 0x47 0x15 0xB0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0xFF 0x7C 0x85 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x3E 0x1E 0x9E 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xCD 0x44 0xCD 0xB9 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xB0 0x18 0xED 0xA7 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0x31 0x77 0xE1 0xBA ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x01 0x3A 0x48 0xFC ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xF6 0x0F 0x4E 0x58 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x37 0xA4 0xAA 0xC3 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0x2A 0xB7 0xCC 0xB5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0x05 0x73 0x21 0xDD ...

---- Files - GMER 1.0.15 ----

File C:\Windows\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----

Attached Files



BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:12:06 PM

Posted 18 June 2010 - 10:05 AM

Hi sullyj3,

Welcome to Virus/Trojan/Spyware/Malware Removal (VTSMR) forum. I am going to assist you with your problem.

Please refrain from making any changes to your system (scanning or running other tools, updating Windows, installing applications, removing files, etc.) from now on as it might interfere with our fixes. Please let me know in your next reply if you agree with this.

If the issue is not resolved please update me on the current condition of your computer.

#3 sullyj3

sullyj3
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:06 PM

Posted 20 June 2010 - 03:22 AM

Sure thanks. no changes. got it.

#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:12:06 PM

Posted 20 June 2010 - 10:17 AM

If the issue is not resolved please update me on the current condition of your computer.


#5 sullyj3

sullyj3
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:06 PM

Posted 21 June 2010 - 04:23 AM

the error messages are:

There was a problem starting
C:\Users\James\AppData\Local\KBDapox2.dll

The specified module could not be found.




[and]




There was a problem starting
C:\Users\James\AppData\Local\awimusigegobe.dll

The specified module could not be found.

#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:12:06 PM

Posted 21 June 2010 - 07:51 AM

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools. (Information on A/V control HERE)
  • Double click on ComboFix.exe & follow the prompts.

When finished, it shall produce a log for you. Please copy and paste the C:\ComboFix.txt in your next reply.

#7 sullyj3

sullyj3
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:06 PM

Posted 22 June 2010 - 05:14 AM

I downloaded combofix and ran it, but after the loading bar finished it vanished and nothing happened. I tried the other two download mirrors, but the same thing happened.

#8 sullyj3

sullyj3
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:06 PM

Posted 22 June 2010 - 05:17 AM

aaah. DW just forgot to disable avast.

#9 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:12:06 PM

Posted 22 June 2010 - 05:25 AM

You need to disable your Avast Antivirus before running ComboFix.
  • Open Avast.
  • Under avast! settings... windows select Troubleshooting.
  • Check avast! self-defense module.
  • Click OK.


#10 sullyj3

sullyj3
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:06 PM

Posted 22 June 2010 - 05:39 AM

OH. does it matter that I already disabled it a different way b4 u said that? Any way CF seems to have worked. heres the log:


ComboFix 10-06-21.01 - James 22/06/2010 20:26:03.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.61.1033.18.3580.2730 [GMT 10:00]
Running from: c:\users\James\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Game Maker 7.0\Uninstal.exe
c:\users\James\AppData\Local\{BBC68202-13BE-4E41-906F-22C49D9F4128}
c:\users\James\AppData\Local\{BBC68202-13BE-4E41-906F-22C49D9F4128}\chrome.manifest
c:\users\James\AppData\Local\{BBC68202-13BE-4E41-906F-22C49D9F4128}\chrome\content\_cfg.js
c:\users\James\AppData\Local\{BBC68202-13BE-4E41-906F-22C49D9F4128}\chrome\content\overlay.xul
c:\users\James\AppData\Local\{BBC68202-13BE-4E41-906F-22C49D9F4128}\install.rdf
c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job

.
((((((((((((((((((((((((( Files Created from 2010-05-22 to 2010-06-22 )))))))))))))))))))))))))))))))
.

2010-06-22 10:16 . 2010-06-22 10:17 -------- d-----w- C:\32788R22FWJFW
2010-06-21 09:58 . 2010-06-21 09:58 -------- d-----w- c:\users\James\AppData\Local\Mesa_Dynamics,_LLC
2010-06-21 09:42 . 2010-06-21 09:42 -------- d-----w- c:\program files\Mesa Dynamics, LLC
2010-06-21 09:36 . 2010-06-21 09:58 -------- d-----w- c:\programdata\Chit Chat For Facebook
2010-06-21 09:36 . 2010-06-21 09:36 -------- d-----w- c:\program files\Chit Chat For Facebook
2010-06-20 09:37 . 2010-06-20 09:37 -------- d-----w- c:\users\Experimental\AppData\Roaming\Texas Instruments
2010-06-20 09:35 . 2010-06-20 09:35 -------- d-----w- c:\users\Experimental\AppData\Local\Opera
2010-06-20 03:37 . 2010-06-20 03:37 -------- d-----w- c:\users\James\AppData\Local\IsolatedStorage
2010-06-19 05:11 . 2004-12-20 02:55 1900624 ----a-w- c:\program files\VisualBoyAdvance.exe
2010-06-19 03:42 . 2010-06-19 03:47 -------- d-----w- c:\program files\Worms Armageddon
2010-06-19 03:35 . 2010-06-19 03:35 -------- d-----w- c:\program files\Team17
2010-06-16 09:08 . 2010-05-06 20:33 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-16 09:08 . 2010-05-06 20:39 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-16 09:08 . 2010-05-06 20:34 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-16 09:08 . 2010-05-06 20:39 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-16 09:08 . 2010-05-06 20:34 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-06-16 09:08 . 2010-05-06 20:59 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-06-16 09:08 . 2010-05-06 20:59 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-16 09:08 . 2010-06-16 09:08 -------- d-----w- c:\program files\Avast5
2010-06-14 04:36 . 2010-06-14 04:36 -------- d-----w- c:\users\Judith\AppData\Roaming\Stardock
2010-06-10 11:30 . 2010-06-10 11:32 -------- d-----w- c:\users\James\AppData\Roaming\avidemux
2010-06-10 11:29 . 2010-06-10 11:30 -------- d-----w- c:\program files\Avidemux 2.5
2010-06-10 10:49 . 2010-06-10 10:49 -------- d-----w- c:\program files\t@b
2010-06-10 09:16 . 2010-06-10 09:18 -------- d-----w- c:\programdata\Pinnacle VideoSpin
2010-06-10 09:16 . 2010-06-10 09:16 -------- d-----w- c:\program files\PinnacleVideoSpin
2010-06-10 09:16 . 2010-06-10 09:16 -------- d-----w- c:\program files\Pinnacle
2010-06-10 09:16 . 2010-06-10 09:16 -------- d-----w- c:\program files\Common Files\Yahoo!
2010-06-10 09:15 . 2010-06-10 09:15 -------- d-----w- c:\programdata\Pinnacle
2010-06-10 09:15 . 2010-06-10 09:15 -------- d-----w- c:\users\James\AppData\Local\Downloaded Installations
2010-06-08 12:37 . 2010-06-08 12:37 53 ----a-w- c:\programdata\Last.fm\Client\uninst2.bat
2010-06-08 12:37 . 2010-06-08 12:37 683801 ----a-w- c:\programdata\Last.fm\Client\UninstWA\unins000.exe
2010-06-08 12:37 . 2010-06-08 12:37 -------- d-----w- c:\programdata\Last.fm
2010-06-08 12:36 . 2010-06-22 10:16 -------- d-----w- c:\users\James\AppData\Local\Last.fm
2010-06-08 12:36 . 2010-06-08 12:36 -------- d-----w- c:\program files\Last.fm
2010-06-04 02:26 . 2010-06-04 02:26 -------- d-----w- c:\programdata\CCP
2010-06-04 02:26 . 2010-06-04 02:26 -------- d-----w- c:\program files\CCP
2010-06-03 00:52 . 2010-06-03 00:54 -------- d-----w- c:\program files\Sauerbraten
2010-06-03 00:32 . 2010-06-03 00:42 -------- d-----w- c:\program files\The Ur-Quan Masters
2010-06-02 10:50 . 2010-06-02 10:50 -------- d-----w- c:\program files\Digital Catholic Bible
2010-06-02 10:49 . 2010-06-03 03:54 -------- d-----w- c:\users\James\AppData\Roaming\uqm
2010-05-31 10:29 . 2010-05-31 10:29 -------- d-----w- c:\program files\Boundless Ocean (2005)
2010-05-31 10:28 . 2010-05-31 08:21 3027326 ----a-w- c:\program files\BoundlessOcean.zip
2010-05-31 09:08 . 2010-05-31 09:08 -------- d-----w- c:\users\James\AppData\Roaming\Sahmon Games
2010-05-31 09:07 . 2010-05-31 10:39 -------- d-----w- c:\program files\MyPlayCity.com
2010-05-31 09:00 . 2010-06-02 02:14 -------- d-----w- c:\program files\Star Defender 4
2010-05-28 08:44 . 2010-05-28 08:44 -------- dc-h--w- c:\users\James\AppData\Local\{E568B6A0-8E02-46C8-8954-00ECD7CD3554}
2010-05-26 06:06 . 2006-10-26 09:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2010-05-26 06:06 . 2006-10-26 09:56 32592 ----a-w- c:\windows\system32\msonpmon.dll
2010-05-24 11:39 . 2010-05-24 11:39 131584 ----a-w- c:\programdata\Stardock\DeskScapes\ExtractedData\Winter Snow {06BBDA24-46A2-4968-8A26-789601269427}\WinterSnow64.dll
2010-05-24 11:39 . 2010-05-24 11:39 126976 ----a-w- c:\programdata\Stardock\DeskScapes\ExtractedData\Winter Snow {06BBDA24-46A2-4968-8A26-789601269427}\WinterSnow32.dll
2010-05-24 11:38 . 2010-05-24 11:38 259888 ----a-w- c:\programdata\Stardock\DeskScapes\ExtractedData\Water Dream {40FC92D4-8FCB-4FD1-A502-B886521589D4}\water64.dll
2010-05-24 11:38 . 2010-05-24 11:38 206128 ----a-w- c:\programdata\Stardock\DeskScapes\ExtractedData\Water Dream {40FC92D4-8FCB-4FD1-A502-B886521589D4}\water32.dll
2010-05-24 03:15 . 2010-05-24 03:15 -------- d-----w- c:\users\Experimental\AppData\Roaming\Stardock
2010-05-24 03:15 . 2010-05-24 03:16 -------- d-----w- c:\users\Experimental\AppData\Roaming\Babylon

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-22 07:30 . 2010-03-23 09:01 -------- d-----w- c:\users\James\AppData\Roaming\LimeWire
2010-06-20 09:30 . 2010-04-09 00:36 136320 ----a-w- c:\users\Experimental\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-16 09:08 . 2010-05-02 10:14 -------- d-----w- c:\programdata\Alwil Software
2010-06-16 00:47 . 2010-01-28 13:30 -------- d-----w- c:\users\James\AppData\Roaming\gtk-2.0
2010-06-14 12:04 . 2010-01-28 06:43 -------- d-----w- c:\users\James\AppData\Roaming\Texas Instruments
2010-06-14 12:04 . 2010-01-28 06:42 -------- d-----w- c:\program files\TI Education
2010-06-14 12:03 . 2010-06-14 12:03 -------- d-----w- c:\programdata\RNDIS
2010-06-14 12:03 . 2010-01-28 06:40 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-06-10 09:18 . 2010-01-27 07:51 136320 ----a-w- c:\users\James\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-08 01:39 . 2009-07-13 23:42 20192256 ----a-w- c:\windows\system32\imageres.dll
2010-06-02 23:31 . 2010-04-17 04:35 -------- d-----w- c:\program files\Guitar Pro 6
2010-06-02 08:39 . 2009-08-16 22:22 -------- d-----w- c:\programdata\Microsoft Help
2010-05-28 10:53 . 2010-02-08 13:52 -------- d-----w- c:\users\James\AppData\Roaming\Skype
2010-05-28 08:15 . 2010-05-17 06:00 -------- d-----w- c:\program files\Stardock
2010-05-23 00:35 . 2010-05-23 00:35 -------- d-----w- c:\program files\ToggleEN
2010-05-20 00:06 . 2010-05-20 00:06 -------- d-----w- c:\programdata\PopCap Games
2010-05-18 06:13 . 2010-04-03 02:37 -------- d-----w- c:\program files\Common Files\Steam
2010-05-18 00:55 . 2010-05-18 00:55 -------- dc-h--w- c:\programdata\{1C533CDB-BAC7-4600-B3DE-0B628D9AC643}
2010-05-18 00:44 . 2010-05-18 00:44 -------- dc-h--w- c:\programdata\{03B3EED6-BE84-4EE0-AB1E-BF091841DA15}
2010-05-17 08:24 . 2010-05-17 08:24 -------- d-----w- c:\programdata\Age of Empires 3 YPack Trial
2010-05-17 08:22 . 2009-08-16 21:24 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-17 08:21 . 2009-07-14 04:52 -------- d-----w- c:\program files\Microsoft Games
2010-05-17 07:52 . 2010-05-17 07:52 126792 ----a-w- c:\programdata\Stardock\DeskScapes\ExtractedData\Desktop Earth {EB1EDBF1-3A47-4C74-8E89-21100F91B395}\DesktopEarth64.dll
2010-05-17 07:52 . 2010-05-17 07:52 120136 ----a-w- c:\programdata\Stardock\DeskScapes\ExtractedData\Desktop Earth {EB1EDBF1-3A47-4C74-8E89-21100F91B395}\DesktopEarth32.dll
2010-05-17 07:52 . 2010-05-17 07:52 93184 ----a-w- c:\programdata\Stardock\DeskScapes\ExtractedData\Desktop Slideshow {C532A024-329D-4C2D-81CF-AFE381DF4D82}\slideshow64.dll
2010-05-17 07:52 . 2010-05-17 07:52 90112 ----a-w- c:\programdata\Stardock\DeskScapes\ExtractedData\Desktop Slideshow {C532A024-329D-4C2D-81CF-AFE381DF4D82}\slideshow32.dll
2010-05-17 07:51 . 2010-05-17 07:51 -------- dc-h--w- c:\programdata\{B767CDF4-2709-4263-A017-35191D1BF499}
2010-05-17 07:51 . 2010-05-17 07:51 -------- d-----w- c:\programdata\Stardock
2010-05-17 07:16 . 2010-05-17 07:16 -------- d-----w- c:\program files\Common Files\Stardock
2010-05-17 06:00 . 2010-05-17 06:00 -------- d-----w- c:\users\James\AppData\Roaming\Stardock
2010-05-17 06:00 . 2010-05-17 06:00 -------- dc-h--w- c:\programdata\{A87EB928-0C6C-4071-AEF1-59E32BAEDF1B}
2010-05-16 11:18 . 2010-05-16 11:18 -------- d-----w- c:\program files\warning forever
2010-05-16 11:12 . 2010-05-16 11:12 -------- d-----w- c:\program files\icytower1.4
2010-05-14 11:00 . 2010-05-11 11:07 -------- d-----w- c:\program files\MediaMonkey
2010-05-13 23:31 . 2009-08-16 23:09 -------- d-----w- c:\programdata\CyberLink
2010-05-13 10:45 . 2010-05-13 10:45 -------- d-----w- c:\program files\YouTube Downloader
2010-05-13 10:36 . 2010-05-13 10:35 -------- d-----w- c:\program files\WinampWecker
2010-05-12 12:22 . 2010-05-12 06:17 -------- d-----w- c:\users\James\AppData\Roaming\Winamp
2010-05-12 11:05 . 2010-04-23 01:18 -------- d-----w- c:\program files\Halo
2010-05-12 06:19 . 2010-05-12 06:17 -------- d-----w- c:\program files\Winamp
2010-05-12 06:17 . 2010-05-12 06:17 -------- d-----w- c:\program files\Winamp Detect
2010-05-12 06:17 . 2010-05-12 06:17 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-05-11 11:53 . 2010-01-28 12:11 -------- d-----w- c:\program files\Common Files\Apple
2010-05-08 22:04 . 2010-05-08 22:04 -------- d-----w- c:\users\James\AppData\Roaming\Binary Fortress Software
2010-05-08 22:04 . 2010-05-08 22:04 -------- d-----w- c:\program files\iTunes Sync
2010-05-08 06:58 . 2010-01-30 04:16 -------- d-----w- c:\users\Judith\AppData\Roaming\Apple Computer
2010-05-08 06:46 . 2010-01-30 04:16 126864 ----a-w- c:\users\Judith\AppData\Local\GDIPFONTCACHEV1.DAT
2010-05-08 06:37 . 2010-05-08 06:37 -------- d-----w- c:\program files\Alarm Clock
2010-05-08 06:32 . 2010-05-08 06:32 -------- d-----w- c:\program files\Crayon Room
2010-05-05 11:54 . 2010-04-10 04:56 -------- d-----w- c:\program files\The Dark Legions
2010-05-05 11:51 . 2010-04-06 10:38 -------- d-----w- c:\program files\InterActual
2010-05-05 09:28 . 2010-05-05 09:24 -------- d-----w- c:\program files\Professor Fizzwizzle
2010-05-05 07:16 . 2010-05-05 07:16 388096 ----a-r- c:\users\James\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-05-05 06:41 . 2010-04-15 12:29 -------- d-----w- c:\program files\Opera
2010-05-05 03:08 . 2009-07-13 23:11 21584 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-05-04 23:23 . 2010-05-02 09:58 0 ----a-w- c:\users\James\AppData\Local\Avebup.bin
2010-05-04 13:48 . 2010-05-04 13:48 -------- d-----w- c:\users\James\AppData\Roaming\fretsonfire
2010-05-04 13:48 . 2010-05-04 13:48 -------- d-----w- c:\program files\Frets on Fire
2010-05-04 11:07 . 2010-05-04 11:07 -------- d-----w- c:\program files\magebane2
2010-05-04 10:49 . 2010-05-04 10:48 -------- d-----w- c:\program files\AssaultCube_v1.0
2010-05-03 09:23 . 2010-05-03 09:23 -------- d-----w- c:\program files\Fighter Ace Anniversary Edition
2010-05-03 09:23 . 2010-05-02 09:58 120 ----a-w- c:\users\James\AppData\Local\Aqoweq.dat
2010-05-02 10:41 . 2009-08-16 21:38 -------- d-----w- c:\programdata\Norton
2010-05-02 10:14 . 2010-05-02 10:14 -------- d-----w- c:\program files\Alwil Software
2010-05-02 10:08 . 2009-08-16 22:11 -------- d-----w- c:\program files\Symantec
2010-05-02 09:57 . 2010-05-02 09:56 373248 ----a-w- c:\windows\system32\qwmnp.exe
2010-05-02 03:50 . 2010-05-02 03:50 -------- d-----w- c:\program files\myBabylon_English
2010-05-02 03:50 . 2010-05-02 03:50 -------- d-----w- c:\program files\Conduit
2010-04-28 07:12 . 2009-08-16 21:27 -------- d-----w- c:\program files\Microsoft Silverlight
2010-04-28 07:09 . 2009-08-16 22:24 -------- d-----w- c:\program files\Microsoft Works
2010-04-28 07:06 . 2010-04-28 07:06 -------- d-----w- c:\program files\MSXML 4.0
2010-04-26 06:35 . 2009-08-16 22:57 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-21 02:06 . 2010-05-02 03:50 52224 ----a-w- c:\users\James\AppData\Roaming\Mozilla\Firefox\Profiles\pmdiosg2.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\FFExternalAlert.dll
2010-04-21 02:06 . 2010-05-02 03:50 101376 ----a-w- c:\users\James\AppData\Roaming\Mozilla\Firefox\Profiles\pmdiosg2.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\RadioWMPCore.dll
2010-04-19 08:30 . 2010-04-18 00:03 75 ----a-w- c:\users\James\jagex_runescape_preferences2.dat
2010-04-19 08:30 . 2010-04-09 05:58 41 ----a-w- c:\users\James\jagex_runescape_preferences.dat
2010-04-19 02:50 . 2010-04-11 02:53 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2010-04-19 02:50 . 2010-04-11 02:53 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2010-04-18 00:03 . 2010-04-18 00:03 0 ----a-w- c:\users\James\jagex__preferences3.dat
2010-04-09 05:52 . 2010-03-21 06:14 2485883 ----a-w- c:\programdata\ArcSoft\Global Deploy\CheckUpdate\ArcConnect.exe
2010-03-01 06:42 . 2010-03-01 06:42 3426443 ----a-w- c:\program files\InstallFreeRARExtractFrog.exe
2010-03-01 05:34 . 2010-03-01 05:34 18234256 ----a-w- c:\program files\gimp-2.6.8-i686-setup.exe
2009-05-28 01:53 . 2010-01-28 05:32 204268200 ----a-w- c:\program files\TI-NspireCAS.exe
2005-08-27 07:26 . 2010-02-21 05:09 1581056 ----a-w- c:\program files\SAFlashPlayer.exe
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files\myBabylon_English\tbmyBa.dll" [2010-04-15 2515552]
"{038cb5c7-48ea-4af9-94e0-a1646542e62b}"= "c:\program files\ToggleEN\tbTogg.dll" [2010-04-15 2515552]

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[HKEY_CLASSES_ROOT\clsid\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]
2010-04-15 02:33 2515552 ----a-w- c:\program files\ToggleEN\tbTogg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
2010-04-15 02:33 2515552 ----a-w- c:\program files\myBabylon_English\tbmyBa.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-07-10 06:28 1174920 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-07-10 1174920]
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files\myBabylon_English\tbmyBa.dll" [2010-04-15 2515552]
"{038cb5c7-48ea-4af9-94e0-a1646542e62b}"= "c:\program files\ToggleEN\tbTogg.dll" [2010-04-15 2515552]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[HKEY_CLASSES_ROOT\clsid\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-07-10 1174920]
"{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7}"= "c:\program files\myBabylon_English\tbmyBa.dll" [2010-04-15 2515552]
"{038CB5C7-48EA-4AF9-94E0-A1646542E62B}"= "c:\program files\ToggleEN\tbTogg.dll" [2010-04-15 2515552]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[HKEY_CLASSES_ROOT\clsid\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\users\James\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-04-15 136176]
"CursorFX"="c:\program files\Stardock\CursorFX\CursorFX.exe" [2010-03-23 417280]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe" [2010-01-27 256280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-02 98304]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-14 1541416]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-07-22 458844]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2009-06-24 468264]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-18 218408]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-06-24 320056]
"NortonOnlineBackupReminder"="c:\program files\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-05-13 581480]
"UpdatePRCShortCut"="c:\program files\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-16 148888]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"avast5"="c:\program files\Avast5\avastUI.exe" [2010-05-06 2815192]

c:\users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2010-3-17 503808]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"HideClock"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences\FencesMenu.dll" [2009-10-02 128360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2010-02-02 04:33 230704 ----a-w- c:\program files\Stardock\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-06-24 167424]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 USBTINSP;TI-Nspire™ Handheld Device Driver;c:\windows\system32\DRIVERS\tinspusb.sys [2008-12-05 123392]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\aestsrv.exe [2009-03-02 81920]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-02 176128]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-05-06 51792]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-05-23 167936]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-03-09 28344]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 19:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-06-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1361839246-3054844468-2001830804-1001Core.job
- c:\users\James\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-15 12:41]

2010-06-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1361839246-3054844468-2001830804-1001UA.job
- c:\users\James\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-15 12:41]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2077543
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_AU&c=94&bd=Presario&pf=cnnb
uInternet Settings,ProxyOverride = *.local
IE: &AOL Toolbar Search - c:\programdata\AOL\ieToolbar\resources\en-AU\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI3DFC~1\OFFICE11\EXCEL.EXE/3000
Trusted Zone: ketsujin.com\fighterace
Trusted Zone: ketsujin.com\primary
Trusted Zone: ketsujin.com\update
Trusted Zone: ketsujin.com\www
Trusted Zone: stormofaces.com\www
FF - ProfilePath - c:\users\James\AppData\Roaming\Mozilla\Firefox\Profiles\pmdiosg2.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - component: c:\users\James\AppData\Roaming\Mozilla\Firefox\Profiles\pmdiosg2.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\FFExternalAlert.dll
FF - component: c:\users\James\AppData\Roaming\Mozilla\Firefox\Profiles\pmdiosg2.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\RadioWMPCore.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\program files\Opera\program\plugins\nppdf32.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\James\AppData\Local\Google\Update\1.2.183.23\npGoogleOneClick8.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Grayimanites - c:\users\James\AppData\Local\KBDapox2.dll
HKCU-Run-Lpidon - c:\users\James\AppData\Local\awimusigegobe.dll
HKCU-Run-iSnooze - c:\program files\iSnooze\iSnooze.exe
HKCU-Run-StartServiceCBDAAKHP - c:\users\James\AppData\Local\CBDAAKHP\StartService.exe
HKCU-Run-QZAIB7KITK - c:\windows\Rbotoa.exe
SafeBoot-klmdb.sys
AddRemove-Alien Arena 7.33_is1 - f:\games\Alien Arena 7_33\unins000.exe
AddRemove-LSI Soft Modem - c:\windows\agrsmdel
AddRemove-FruitSmash - c:\program files\Electrotank\Fruit Smash\uninstall.exe
AddRemove-{A9DCC49B-E188-4A4D-8125-5E66121CBA53} - c:\program files\Mesa Dynamics



**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: >>UNKNOWN [0x82C47000]<< >>UNKNOWN [0x8CB84000]<< >>UNKNOWN [0x8D7B1000]<< >>UNKNOWN [0x8CD10000]<< >>UNKNOWN [0x82C10000]<< >>UNKNOWN [0x8CB04000]<< >>UNKNOWN [0x8CD92000]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
IoDeviceObjectType -> DumpProcedure -> 0xd46a624f
DeleteProcedure -> 0x8e206fd0
SecurityProcedure -> 0x85f5fdc0
user & kernel MBR OK

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-06-22 20:35:41
ComboFix-quarantined-files.txt 2010-06-22 10:35

Pre-Run: 236,490,567,680 bytes free
Post-Run: 238,365,155,328 bytes free

- - End Of File - - E21B9D45AD17F025664BBC2F4E4D6423



It seems to have made too many changes for my liking... any who.

#11 sullyj3

sullyj3
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:06 PM

Posted 22 June 2010 - 05:43 AM

The error messages are gone, that seems like a good sign?

#12 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:12:06 PM

Posted 22 June 2010 - 05:57 AM

It is good but we are not done yet.

We are going to run this special tool.
  • Please download TDSSKiller.exe and save it to your desktop.
  • Run TDSSKiller.exe.
  • When it finished press any key to continue.
  • Let reboot if needed and tell me if it needed a reboot.
  • Also it makes a txt file on the C:\ directory (like TDSSKiller.2.3.2.0_Date_Time_log.txt). Please attach it to your replay.


#13 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:12:06 PM

Posted 27 June 2010 - 11:00 AM

This thread will now be closed due to lack of activity.

If you should have a new issue, please start a new topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users