Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirecting to hazardous site


  • This topic is locked This topic is locked
18 replies to this topic

#1 imusewindows

imusewindows

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:06 PM

Posted 24 February 2011 - 09:54 AM

Welcome
For some time there and Opera redirects me to the dangerous side.
When opening web pages (including this forum) Avast is blocking the page and displays
HTML: RedirMe-inf (Trj)
Whereismypeople.com
I do not know what to do help. Scanning is nothing

DDS (Ver_10-12-12.02) - NTFSx86
Run by User at 15:59:44,98 on 2011-02-24
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.48.1045.18.2934.1658 [GMT 1:00]

AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9fc8b38ddee9fbba\STacSV.exe
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\Hpservice.exe
C:\windows\system32\vcsFPService.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9fc8b38ddee9fbba\aestsrv.exe
C:\windows\System32\svchost.exe -k Akamai
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\Hewlett-Packard\HP QuickLook\HPDayStarterService.exe
C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\uArcCapture.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\windows\system32\vssvc.exe
C:\windows\System32\svchost.exe -k swprv
C:\Users\User\Desktop\dds.scr
C:\windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.pl/
uDefault_Page_URL = hxxp://www.bing.com
mDefault_Page_URL = hxxp://www.bing.com
mStart Page = hxxp://www.bing.com
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [HPWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\delayedappstarter.exe 120 c:\program files\hewlett-packard\hp wireless assistant\HPWA_Main.exe /hidden
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [HPPowerAssistant] c:\program files\hewlett-packard\hp power assistant\HPPA_Main.exe /hidden
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&ksport do programu Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Wyślij obraz do urządzenia &Bluetooth... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Wyślij stronę do urządzenia &Bluetooth... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

============= SERVICES / DRIVERS ===============

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-2-23 371544]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-7-23 301528]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-2-2 214024]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutral_9fc8b38ddee9fbba\AEstSrv.exe [2010-3-7 81920]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-7-14 20992]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-7-23 19544]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-7-23 53592]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2011-2-23 42184]
R2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\hewlett-packard\hp power assistant\HPPA_Service.exe [2010-8-23 103992]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\hewlett-packard\hp wireless assistant\HPWA_Service.exe [2009-12-16 102968]
R2 HPDayStarterService;HP DayStarter Service;c:\program files\hewlett-packard\hp quicklook\HPDayStarterService.exe [2010-1-7 81920]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\hewlett-packard\shared\HPDrvMntSvc.exe [2010-10-14 92216]
R2 hpHotkeyMonitor;HP Hotkey Monitor;c:\program files\hewlett-packard\hp hotkey support\hpHotkeyMonitor.exe [2010-1-5 264248]
R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2010-6-15 26168]
R2 uArcCapture;ArcCapture;c:\windows\system32\uArcCapture.exe [2010-3-7 506472]
R2 UNS;Intel® Management & Security Application User Notification Service;c:\program files\intel\intel® management engine components\uns\UNS.exe [2010-3-7 2320920]
R2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2009-12-14 1639728]
R3 ARCVCAM;ARCVCAM, ArcSoft Webcam Sharing Manager Driver;c:\windows\system32\drivers\ArcSoftVCapture.sys [2010-3-7 29824]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2009-10-26 125696]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2009-10-30 209920]
R3 rtsuvc;HP Webcam [2 MP Fixed];c:\windows\system32\drivers\rtsuvc.sys [2010-3-7 73344]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 KMService;KMService;c:\windows\system32\srvany.exe [2010-9-14 8192]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-3-7 29472]
S3 MfeAVFK;McAfee Inc. MfeAVFK;c:\windows\system32\drivers\mfeavfk.sys [2010-2-2 79816]
S3 MfeBOPK;McAfee Inc. MfeBOPK;c:\windows\system32\drivers\mfebopk.sys [2010-2-2 35272]
S3 MfeRKDK;McAfee Inc. MfeRKDK;c:\windows\system32\drivers\mferkdk.sys [2010-2-2 34248]
S3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2009-10-3 6114816]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2010-2-2 181792]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-2-2 249888]
S3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-26 1343400]

=============== Created Last 30 ================

2011-02-23 17:23:34 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-02-23 14:19:22 276992 ----a-w- c:\windows\system32\wcncsvc.dll
2011-02-23 11:38:40 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2011-02-23 11:38:40 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-22 07:51:12 5890896 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{e6d876b6-3246-4752-836e-f6d20b6cc0ea}\mpengine.dll
2011-02-21 17:03:51 -------- d-----w- c:\users\user\appdata\local\Adobe
2011-02-21 09:57:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-18 16:19:51 -------- d-----w- c:\users\user\DoctorWeb
2011-02-15 18:47:06 -------- d-----w- c:\windows\system32\wbem\repository
2011-02-10 14:50:40 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-10 14:50:36 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-10 08:23:02 2329088 ----a-w- c:\windows\system32\win32k.sys
2011-02-10 08:23:01 541184 ----a-w- c:\windows\system32\kerberos.dll
2011-02-10 08:23:01 428032 ----a-w- c:\windows\system32\vbscript.dll
2011-02-02 11:11:17 80896 ----a-w- c:\windows\system32\ff_vfw.dll
2011-02-02 11:11:16 -------- d-----w- c:\program files\ffdshow
2011-02-01 18:34:11 -------- d-----w- c:\users\user\AbiSuite
2011-01-31 19:04:02 -------- d-----w- c:\progra~2\eMule
2011-01-31 19:03:47 -------- d-----w- c:\users\user\appdata\local\eMule
2011-01-31 19:03:46 -------- d-----w- c:\program files\eMule
2011-01-31 11:28:28 -------- d-----w- c:\users\user\appdata\roaming\Malwarebytes
2011-01-31 11:28:23 -------- d-----w- c:\progra~2\Malwarebytes

==================== Find3M ====================

2011-02-23 15:04:21 40648 ----a-w- c:\windows\avastSS.scr
2011-02-02 20:40:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-01-07 07:27:11 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-07 05:33:11 294400 ----a-w- c:\windows\system32\atmfd.dll
2010-12-21 05:38:24 73728 ----a-w- c:\windows\system32\wscsvc.dll
2010-12-21 05:38:24 51200 ----a-w- c:\windows\system32\wscapi.dll
2010-12-21 05:38:22 981504 ----a-w- c:\windows\system32\wininet.dll
2010-12-21 05:38:22 350720 ----a-w- c:\windows\system32\winhttp.dll
2010-12-21 05:38:21 204800 ----a-w- c:\windows\system32\WebClnt.dll
2010-12-21 05:38:19 204288 ----a-w- c:\windows\system32\upnp.dll
2010-12-21 05:38:16 14336 ----a-w- c:\windows\system32\slwga.dll
2010-12-21 05:36:17 1389568 ----a-w- c:\windows\system32\msxml6.dll
2010-12-21 05:36:16 1236992 ----a-w- c:\windows\system32\msxml3.dll
2010-12-21 05:34:12 80384 ----a-w- c:\windows\system32\davclnt.dll
2010-12-18 05:29:40 44544 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-18 04:20:55 386048 ----a-w- c:\windows\system32\html.iec
2010-12-18 03:47:59 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-12-11 14:40:16 98304 ----a-w- c:\users\user\pkcs11wrapper.dll

============= FINISH: 16:01:14,16 ===============

Help :(

I'm add Attach log

EDIT: Posts merged ~BP

Attached Files


Edited by Budapest, 24 February 2011 - 05:42 PM.


BC AdBot (Login to Remove)

 


#2 imusewindows

imusewindows
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:06 PM

Posted 25 February 2011 - 09:11 AM

Gmer log
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-02-25 15:09:17
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.PC3O
Running: gmer.exe; Driver: C:\Users\User\AppData\Local\Temp\kwldapob.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x905249CA]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x90E17A68]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x90526EAC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x90526F04]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x9052701A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x90526E02]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x90526F54]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x90526E56]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x90526FC8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x905249EE]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x90E17B18]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x905247B8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x90524A12]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x90527412]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x905254AA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x90526EDC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x90526F2C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x90527044]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x90526E2E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x90526F94]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x90526E84]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x90526FF2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x90E17BB0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x90525370]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x90524A36]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x90524A5A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x90524812]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x9052494E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x9052492A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x90524972]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x90524A7E]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x90E2C8DE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13BD 82E4B589 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82E70092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 214 82E77824 4 Bytes [CA, 49, 52, 90] {RETF 0x5249; NOP }
.text ntkrnlpa.exe!RtlSidHashLookup + 23C 82E7784C 4 Bytes [68, 7A, E1, 90]
.text ntkrnlpa.exe!RtlSidHashLookup + 2F0 82E77900 8 Bytes [AC, 6E, 52, 90, 04, 6F, 52, ...] {LODSB ; OUTSB ; PUSH EDX; NOP ; ADD AL, 0x6f; PUSH EDX; NOP }
.text ntkrnlpa.exe!RtlSidHashLookup + 2FC 82E7790C 4 Bytes [1A, 70, 52, 90] {SBB DH, [EAX+0x52]; NOP }
.text ntkrnlpa.exe!RtlSidHashLookup + 318 82E77928 4 Bytes [02, 6E, 52, 90] {ADD CH, [ESI+0x52]; NOP }
.text ...
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 830112CB 5 Bytes JMP 90E2829E \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject + 27 8302B003 5 Bytes JMP 90E29D50 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108 830755CA 4 Bytes CALL 90525E3B \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122 8307D6A5 4 Bytes CALL 90525E51 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 830E32F4 7 Bytes JMP 90E2C8E2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text user32.dll!UnhookWindowsHookEx 765BCC7B 5 Bytes JMP 00310120
.text user32.dll!UnhookWinEvent 765BD924 5 Bytes JMP 0031006C
.text user32.dll!SetWindowsHookExW 765C210A 5 Bytes JMP 003100E4
.text user32.dll!SetWinEventHook 765C507E 5 Bytes JMP 00310030
.text user32.dll!SetWindowsHookExA 765E6DFA 5 Bytes JMP 003100A8

---- User code sections - GMER 1.0.15 ----

.text C:\windows\system32\igfxsrvc.exe[124] ntdll.dll!LdrUnloadDll 7733BEAF 5 Bytes JMP 0016006C
.text C:\windows\system32\igfxsrvc.exe[124] ntdll.dll!LdrLoadDll 7733F5B5 5 Bytes JMP 00160030
.text C:\windows\system32\igfxsrvc.exe[124] USER32.dll!UnhookWindowsHookEx 765BCC7B 5 Bytes JMP 001F0120
.text C:\windows\system32\igfxsrvc.exe[124] USER32.dll!UnhookWinEvent 765BD924 5 Bytes JMP 001F006C
.text C:\windows\system32\igfxsrvc.exe[124] USER32.dll!SetWindowsHookExW 765C210A 5 Bytes JMP 001F00E4
.text C:\windows\system32\igfxsrvc.exe[124] USER32.dll!SetWinEventHook 765C507E 5 Bytes JMP 001F0030
.text C:\windows\system32\igfxsrvc.exe[124] USER32.dll!SetWindowsHookExA 765E6DFA 5 Bytes JMP 001F00A8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[472] ntdll.dll!LdrUnloadDll 7733BEAF 5 Bytes JMP 0017006C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[472] ntdll.dll!LdrLoadDll 7733F5B5 5 Bytes JMP 00170030
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[472] USER32.dll!UnhookWindowsHookEx 765BCC7B 5 Bytes JMP 00310120
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[472] USER32.dll!UnhookWinEvent 765BD924 5 Bytes JMP 0031006C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[472] USER32.dll!SetWindowsHookExW 765C210A 5 Bytes JMP 003100E4
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[472] USER32.dll!SetWinEventHook 765C507E 5 Bytes JMP 00310030
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[472] USER32.dll!SetWindowsHookExA 765E6DFA 5 Bytes JMP 003100A8
.text C:\windows\system32\wininit.exe[528] ntdll.dll!LdrUnloadDll 7733BEAF 5 Bytes JMP 0003006C
.text C:\windows\system32\wininit.exe[528] ntdll.dll!LdrLoadDll 7733F5B5 5 Bytes JMP 00030030
.text C:\windows\system32\wininit.exe[528] USER32.dll!UnhookWindowsHookEx 765BCC7B 5 Bytes JMP 00050120
.text C:\windows\system32\wininit.exe[528] USER32.dll!UnhookWinEvent 765BD924 5 Bytes JMP 0005006C
.text C:\windows\system32\wininit.exe[528] USER32.dll!SetWindowsHookExW 765C210A 5 Bytes JMP 000500E4
.text C:\windows\system32\wininit.exe[528] USER32.dll!SetWinEventHook 765C507E 5 Bytes JMP 00050030
.text C:\windows\system32\wininit.exe[528] USER32.dll!SetWindowsHookExA 765E6DFA 5 Bytes JMP 000500A8
.text C:\windows\system32\services.exe[584] ntdll.dll!LdrUnloadDll 7733BEAF 5 Bytes JMP 0006006C
.text C:\windows\system32\services.exe[584] ntdll.dll!LdrLoadDll 7733F5B5 5 Bytes JMP 00060030
.text C:\windows\system32\lsass.exe[600] ntdll.dll!LdrUnloadDll 7733BEAF 5 Bytes JMP 0006006C
.text C:\windows\system32\lsass.exe[600] ntdll.dll!LdrLoadDll 7733F5B5 5 Bytes JMP 00060030
.text C:\windows\system32\lsm.exe[608] ntdll.dll!LdrUnloadDll 7733BEAF 5 Bytes JMP 0006006C
.text C:\windows\system32\lsm.exe[608] ntdll.dll!LdrLoadDll 7733F5B5 5 Bytes JMP 00060030
.text C:\windows\system32\svchost.exe[720] ntdll.dll!LdrUnloadDll 7733BEAF 5 Bytes JMP 0006006C
.text C:\windows\system32\svchost.exe[720] ntdll.dll!LdrLoadDll 7733F5B5 5 Bytes JMP 00060030
.text C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe[808] ntdll.dll!LdrUnloadDll 7733BEAF 5 Bytes JMP 0016006C
.text C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe[808] ntdll.dll!LdrLoadDll 7733F5B5 5 Bytes JMP 00160030
.text C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe[808] USER32.dll!UnhookWindowsHookEx 765BCC7B 5 Bytes JMP 00340120
.text C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe[808] USER32.dll!UnhookWinEvent 765BD924 5 Bytes JMP 0034006C
.text C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe[808] USER32.dll!SetWindowsHookExW 765C210A 5 Bytes JMP 003400E4
.text C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe[808] USER32.dll!SetWinEventHook 765C507E 5 Bytes JMP 00340030
.text C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe[808] USER32.dll!SetWindowsHookExA 765E6DFA 5 Bytes JMP 003400A8
.text C:\windows\system32\svchost.exe[816] ntdll.dll!LdrUnloadDll 7733BEAF 5 Bytes JMP 0006006C
.text C:\windows\system32\svchost.exe[816] ntdll.dll!LdrLoadDll 7733F5B5 5 Bytes JMP 00060030
.text C:\windows\system32\svchost.exe[816] user32.dll!UnhookWindowsHookEx 765BCC7B 5 Bytes JMP 00200120
.text C:\windows\system32\svchost.exe[816] user32.dll!UnhookWinEvent 765BD924 5 Bytes JMP 0020006C
.text C:\windows\system32\svchost.exe[816] user32.dll!SetWindowsHookExW 765C210A 5 Bytes JMP 002000E4
.text C:\windows\system32\svchost.exe[816] user32.dll!SetWinEventHook 765C507E 5 Bytes JMP 00200030
.text C:\windows\system32\svchost.exe[816] user32.dll!SetWindowsHookExA 765E6DFA 5 Bytes JMP 002000A8
.text C:\windows\System32\svchost.exe[880] ntdll.dll!LdrUnloadDll 7733BEAF 5 Bytes JMP 000B006C
.text C:\windows\System32\svchost.exe[880] ntdll.dll!LdrLoadDll 7733F5B5 5 Bytes JMP 000B0030
.text C:\windows\System32\svchost.exe[880] USER32.dll!UnhookWindowsHookEx 765BCC7B 5 Bytes JMP 003F0120
.text C:\windows\System32\svchost.exe[880] USER32.dll!UnhookWinEvent 765BD924 5 Bytes JMP 003F006C
.text C:\windows\System32\svchost.exe[880] USER32.dll!SetWindowsHookExW 765C210A 5 Bytes JMP 003F00E4
.text C:\windows\System32\svchost.exe[880] USER32.dll!SetWinEventHook 765C507E 5 Bytes JMP 003F0030
.text C:\windows\System32\svchost.exe[880] USER32.dll!SetWindowsHookExA 765E6DFA 5 Bytes JMP 003F00A8
.text C:\windows\System32\svchost.exe[912] ntdll.dll!LdrUnloadDll 7733BEAF 5 Bytes JMP 0006006C
.text C:\windows\System32\svchost.exe[912] ntdll.dll!LdrLoadDll 7733F5B5 5 Bytes JMP 00060030
.text C:\windows\System32\svchost.exe[912] USER32.dll!UnhookWindowsHookEx 765BCC7B 5 Bytes JMP 001D0120
.text C:\windows\System32\svchost.exe[912] USER32.dll!UnhookWinEvent 765BD924 5 Bytes JMP 001D006C
.text C:\windows\System32\svchost.exe[912] USER32.dll!SetWindowsHookExW 765C210A 5 Bytes JMP 001D00E4
.text C:\windows\System32\svchost.exe[912] USER32.dll!SetWinEventHook 765C507E 5 Bytes JMP 001D0030
.text C:\windows\System32\svchost.exe[912] USER32.dll!SetWindowsHookExA 765E6DFA 5 Bytes JMP 001D00A8
.text C:\windows\system32\svchost.exe[948] ntdll.dll!LdrUnloadDll 7733BEAF 5 Bytes JMP 0006006C
.text C:\windows\system32\svchost.exe[948] ntdll.dll!LdrLoadDll 7733F5B5 5 Bytes JMP 00060030
.text C:\windows\system32\svchost.exe[948] USER32.dll!UnhookWindowsHookEx 765BCC7B 5 Bytes JMP 00A00120
.text C:\windows\system32\svchost.exe[948] USER32.dll!UnhookWinEvent 765BD924 5 Bytes JMP 00A0006C
.text C:\windows\system32\svchost.exe[948] USER32.dll!SetWindowsHookExW 765C210A 5 Bytes JMP 00A000E4
.text C:\windows\system32\svchost.exe[948] USER32.dll!SetWinEventHook 765C507E 5 Bytes JMP 00A00030
.text C:\windows\system32\svchost.exe[948] USER32.dll!SetWindowsHookExA 765E6DFA 5 Bytes JMP 00A000A8
.text C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9fc8b38ddee9fbba\STacSV.exe[988] ntdll.dll!LdrUnloadDll 7733BEAF 5 Bytes JMP 0016006C
.text C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9fc8b38ddee9fbba\STacSV.exe[988] ntdll.dll!LdrLoadDll 7733F5B5 5 Bytes JMP 00160030
.text C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9fc8b38ddee9fbba\STacSV.exe[988] USER32.dll!UnhookWindowsHookEx 765BCC7B 5 Bytes JMP 00200120
.text C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9fc8b38ddee9fbba\STacSV.exe[988] USER32.dll!UnhookWinEvent 765BD924 5 Bytes JMP 0020006C
.text C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9fc8b38ddee9fbba\STacSV.exe[988] USER32.dll!SetWindowsHookExW 765C210A 5 Bytes JMP 002000E4
.text C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9fc8b38ddee9fbba\STacSV.exe[988] USER32.dll!SetWinEventHook 765C507E 5 Bytes JMP 00200030
.text C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9fc8b38ddee9fbba\STacSV.exe[988] USER32.dll!SetWindowsHookExA 765E6DFA 5 Bytes JMP 002000A8
.text C:\windows\system32\winlogon.exe[1108] ntdll.dll!LdrUnloadDll 7733BEAF 5 Bytes JMP 0003006C
.text C:\windows\system32\winlogon.exe[1108] ntdll.dll!LdrLoadDll 7733F5B5 5 Bytes JMP 00030030
.text C:\windows\system32\winlogon.exe[1108] USER32.dll!UnhookWindowsHookEx 765BCC7B 5 Bytes JMP 00050120
.text C:\windows\system32\winlogon.exe[1108] USER32.dll!UnhookWinEvent 765BD924 5 Bytes JMP 0005006C
.text C:\windows\system32\winlogon.exe[1108] USER32.dll!SetWindowsHookExW 765C210A 5 Bytes JMP 000500E4
.text C:\windows\system32\winlogon.exe[1108] USER32.dll!SetWinEventHook 765C507E 5 Bytes JMP 00050030
.text C:\windows\system32\winlogon.exe[1108] USER32.dll!SetWindowsHookExA 765E6DFA 5 Bytes JMP 000500A8
.text C:\windows\system32\svchost.exe[1188] ntdll.dll!LdrUnloadDll 7733BEAF 5 Bytes JMP 0006006C
.text C:\windows\system32\svchost.exe[1188] ntdll.dll!LdrLoadDll 7733F5B5 5 Bytes JMP 00060030
.text C:\windows\system32\svchost.exe[1188] USER32.dll!UnhookWindowsHookEx 765BCC7B 5 Bytes JMP 00920120
.text C:\windows\system32\svchost.exe[1188] USER32.dll!UnhookWinEvent 765BD924 5 Bytes JMP 0092006C
.text C:\windows\system32\svchost.exe[1188] USER32.dll!SetWindowsHookExW 765C210A 5 Bytes JMP 009200E4
.text C:\windows\system32\svchost.exe[1188] USER32.dll!SetWinEventHook 765C507E 5 Bytes JMP 00920030
.text C:\windows\system32\svchost.exe[1188] USER32.dll!SetWindowsHookExA 765E6DFA 5 Bytes JMP 009200A8
.text C:\windows\system32\Hpservice.exe[1240] ntdll.dll!LdrUnloadDll 7733BEAF 5 Bytes JMP 000A006C
.text C:\windows\system32\Hpservice.exe[1240] ntdll.dll!LdrLoadDll 7733F5B5 5 Bytes JMP 000A0030
.text C:\windows\system32\Hpservice.exe[1240] USER32.dll!UnhookWindowsHookEx 765BCC7B 5 Bytes JMP 00140120
.text C:\windows\system32\Hpservice.exe[1240] USER32.dll!UnhookWinEvent 765BD924 5 Bytes JMP 0014006C
.text C:\windows\system32\Hpservice.exe[1240] USER32.dll!SetWindowsHookExW 765C210A 5 Bytes JMP 001400E4
.text C:\windows\system32\Hpservice.exe[1240] USER32.dll!SetWinEventHook 765C507E 5 Bytes JMP 00140030
.text C:\windows\system32\Hpservice.exe[1240] USER32.dll!SetWindowsHookExA 765E6DFA 5 Bytes JMP 001400A8
.text C:\windows\system32\vcsFPService.exe[1312] ntdll.dll!LdrUnloadDll 7733BEAF 5 Bytes JMP 0006006C
.text C:\windows\system32\vcsFPService.exe[1312] ntdll.dll!LdrLoadDll 7733F5B5 5 Bytes JMP 00060030
.text C:\windows\system32\vcsFPService.exe[1312] USER32.dll!UnhookWindowsHookEx 765BCC7B 5 Bytes JMP 001F0120
.text C:\windows\system32\vcsFPService.exe[1312] USER32.dll!UnhookWinEvent 765BD924 5 Bytes JMP 001F006C
.text C:\windows\system32\vcsFPService.exe[1312] USER32.dll!SetWindowsHookExW 765C210A 5 Bytes JMP 001F00E4
.text C:\windows\system32\vcsFPService.exe[1312] USER32.dll!SetWinEventHook 765C507E 5 Bytes JMP 001F0030
.text C:\windows\system32\vcsFPService.exe[1312] USER32.dll!SetWindowsHookExA 765E6DFA 5 Bytes JMP 001F00A8
.text C:\windows\system32\svchost.exe[1380] ntdll.dll!LdrUnloadDll 7733BEAF 5 Bytes JMP 0006006C
.text C:\windows\system32\svchost.exe[1380] ntdll.dll!LdrLoadDll 7733F5B5 5 Bytes JMP 00060030
.text C:\windows\system32\svchost.exe[1380] USER32.dll!UnhookWindowsHookEx 765BCC7B 5 Bytes JMP 00270120
.text C:\windows\system32\svchost.exe[1380] USER32.dll!UnhookWinEvent 765BD924 5 Bytes JMP 0027006C
.text C:\windows\system32\svchost.exe[1380] USER32.dll!SetWindowsHookExW 765C210A 5 Bytes JMP 002700E4
.text C:\windows\system32\svchost.exe[1380] USER32.dll!SetWinEventHook 765C507E 5 Bytes JMP 00270030
.text C:\windows\system32\svchost.exe[1380] USER32.dll!SetWindowsHookExA 765E6DFA 5 Bytes JMP 002700A8
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1468] kernel32.dll!SetUnhandledExceptionFilter 76D93162 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\windows\system32\Dwm.exe[1676] ntdll.dll!LdrUnloadDll 7733BEAF 5 Bytes JMP 0006006C
.text C:\windows\system32\Dwm.exe[1676] ntdll.dll!LdrLoadDll 7733F5B5 5 Bytes JMP 00060030
.text C:\windows\system32\Dwm.exe[1676] USER32.dll!UnhookWindowsHookEx 765BCC7B 5 Bytes JMP 000F0120
.text C:\windows\system32\Dwm.exe[1676] USER32.dll!UnhookWinEvent 765BD924 5 Bytes JMP 000F006C
.text C:\windows\system32\Dwm.exe[1676] USER32.dll!SetWindowsHookExW 765C210A 5 Bytes JMP 000F00E4
.text C:\windows\system32\Dwm.exe[1676] USER32.dll!SetWinEventHook 765C507E 5 Bytes JMP 000F0030
.text C:\windows\system32\Dwm.exe[1676] USER32.dll!SetWindowsHookExA 765E6DFA 5 Bytes JMP 000F00A8
.text C:\windows\Explorer.EXE[1700] ntdll.dll!LdrUnloadDll 7733BEAF 5 Bytes JMP 0006006C
.text C:\windows\Explorer.EXE[1700] ntdll.dll!LdrLoadDll 7733F5B5 5 Bytes JMP 00060030
.text C:\windows\Explorer.EXE[1700] USER32.dll!UnhookWindowsHookEx 765BCC7B 5 Bytes JMP 00110120
.text C:\windows\Explorer.EXE[1700] USER32.dll!UnhookWinEvent 765BD924 5 Bytes JMP 0011006C
.text C:\windows\Explorer.EXE[1700] USER32.dll!SetWindowsHookExW 765C210A 5 Bytes JMP 001100E4
.text C:\windows\Explorer.EXE[1700] USER32.dll!SetWinEventHook 765C507E 5 Bytes JMP 00110030
.text C:\windows\Explorer.EXE[1700] USER32.dll!SetWindowsHookExA 765E6DFA 5 Bytes JMP 001100A8
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[1804] ntdll.dll!LdrUnloadDll 7733BEAF 5 Bytes JMP 0016006C
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[1804] ntdll.dll!LdrLoadDll 7733F5B5 5 Bytes JMP 00160030
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[1804] USER32.dll!UnhookWindowsHookEx 765BCC7B 5 Bytes JMP 001F0120
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[1804] USER32.dll!UnhookWinEvent 765BD924 5 Bytes JMP 001F006C
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[1804] USER32.dll!SetWindowsHookExW 765C210A 5 Bytes JMP 001F00E4
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[1804] USER32.dll!SetWinEventHook 765C507E 5 Bytes JMP 001F0030
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[1804] USER32.dll!SetWindowsHookExA 765E6DFA 5 Bytes JMP 001F00A8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1816] ntdll.dll!LdrUnloadDll 7733BEAF 5 Bytes JMP 0016006C
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1816] ntdll.dll!LdrLoadDll 7733F5B5 5 Bytes JMP 00160030
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1816] USER32.dll!UnhookWindowsHookEx 765BCC7B 5 Bytes JMP 00180120
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1816] USER32.dll!UnhookWinEvent 765BD924 5 Bytes JMP 0018006C
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1816] USER32.dll!SetWindowsHookExW 765C210A 5 Bytes JMP 001800E4
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1816] USER32.dll!SetWinEventHook 765C507E 5 Bytes JMP 00180030
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1816] USER32.dll!SetWindowsHookExA 765E6DFA 5 Bytes JMP 001800A8
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1868] ntdll.dll!LdrUnloadDll 7733BEAF 5 Bytes JMP 0016006C
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1868] ntdll.dll!LdrLoadDll 7733F5B5 5 Bytes JMP 00160030
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1868] USER32.dll!UnhookWindowsHookEx 765BCC7B 5 Bytes JMP 001F0120
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1868] USER32.dll!UnhookWinEvent 765BD924 5 Bytes JMP 001F006C
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1868] USER32.dll!SetWindowsHookExW 765C210A 5 Bytes JMP 001F00E4
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1868] USER32.dll!SetWinEventHook 765C507E 5 Bytes JMP 001F0030
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1868] USER32.dll!SetWindowsHookExA 765E6DFA 5 Bytes JMP 001F00A8
.text C:\Users\User\Desktop\gmer.exe[1892] ntdll.dll!LdrUnloadDll 7733BEAF 5 Bytes JMP 0016006C
.text C:\Users\User\Desktop\gmer.exe[1892] ntdll.dll!LdrLoadDll 7733F5B5 5 Bytes JMP 00160030
.text C:\Users\User\Desktop\gmer.exe[1892] USER32.dll!UnhookWindowsHookEx 765BCC7B 5 Bytes JMP 00310120
.text C:\Users\User\Desktop\gmer.exe[1892] USER32.dll!UnhookWinEvent 765BD924 5 Bytes JMP 0031006C
.text C:\Users\User\Desktop\gmer.exe[1892] USER32.dll!SetWindowsHookExW 765C210A 5 Bytes JMP 003100E4
.text C:\Users\User\Desktop\gmer.exe[1892] USER32.dll!SetWinEventHook 765C507E 5 Bytes JMP 00310030
.text C:\Users\User\Desktop\gmer.exe[1892] USER32.dll!SetWindowsHookExA 765E6DFA 5 Bytes JMP 003100A8
.text C:\Windows\System32\igfxtray.exe[1984] ntdll.dll!LdrUnloadDll 7733BEAF 5 Bytes JMP 0016006C
.text C:\Windows\System32\igfxtray.exe[1984] ntdll.dll!LdrLoadDll 7733F5B5 5 Bytes JMP 00160030
.text C:\Windows\System32\igfxtray.exe[1984] USER32.dll!UnhookWindowsHookEx 765BCC7B 5 Bytes JMP 00200120
.text C:\Windows\System32\igfxtray.exe[1984] USER32.dll!UnhookWinEvent 765BD924 5 Bytes JMP 0020006C
.text C:\Windows\System32\igfxtray.exe[1984] USER32.dll!SetWindowsHookExW 765C210A 5 Bytes JMP 002000E4
.text C:\Windows\System32\igfxtray.exe[1984] USER32.dll!SetWinEventHook 765C507E 5 Bytes JMP 00200030
.text C:\Windows\System32\igfxtray.exe[1984] USER32.dll!SetWindowsHookExA 765E6DFA 5 Bytes JMP 002000A8
.text C:\Windows\System32\hkcmd.exe[1992] ntdll.dll!LdrUnloadDll 7733BEAF 5 Bytes JMP 0016006C
.text C:\Windows\System32\hkcmd.exe[1992] ntdll.dll!LdrLoadDll 7733F5B5 5 Bytes JMP 00160030
.text C:\Windows\System32\hkcmd.exe[1992] USER32.dll!UnhookWindowsHookEx 765BCC7B 5 Bytes JMP 00300120
.text C:\Windows\System32\hkcmd.exe[1992] USER32.dll!UnhookWinEvent 765BD924 5 Bytes JMP 0030006C
.text C:\Windows\System32\hkcmd.exe[1992] USER32.dll!SetWindowsHookExW 765C210A 5 Bytes JMP 003000E4
.text C:\Windows\System32\hkcmd.exe[1992] USER32.dll!SetWinEventHook 765C507E 5 Bytes JMP 00300030
.text C:\Windows\System32\hkcmd.exe[1992] USER32.dll!SetWindowsHookExA 765E6DFA 5 Bytes JMP 003000A8
.text C:\Windows\System32\igfxpers.exe[2004] ntdll.dll!LdrUnloadDll 7733BEAF 5 Bytes JMP 0016006C
.text C:\Windows\System32\igfxpers.exe[2004] ntdll.dll!LdrLoadDll 7733F5B5 5 Bytes JMP 00160030
.text C:\Windows\System32\igfxpers.exe[2004] USER32.dll!UnhookWindowsHookEx 765BCC7B 5 Bytes JMP 00200120
.text C:\Windows\System32\igfxpers.exe[2004] USER32.dll!UnhookWinEvent 765BD924 5 Bytes JMP 0020006C
.text C:\Windows\System32\igfxpers.exe[2004] USER32.dll!SetWindowsHookExW 765C210A 5 Bytes JMP 002000E4
.text C:\Windows\System32\igfxpers.exe[2004] USER32.dll!SetWinEventHook 765C507E 5 Bytes JMP 00200030
.text C:\Windows\System32\igfxpers.exe[2004] USER32.dll!SetWindowsHookExA 765E6DFA 5 Bytes JMP 002000A8
.text C:\Program Files\IDT\WDM\sttray.exe[2016] ntdll.dll!LdrUnloadDll 7733BEAF 5 Bytes JMP 0016006C
.text C:\Program Files\IDT\WDM\sttray.exe[2016] ntdll.dll!LdrLoadDll 7733F5B5 5 Bytes JMP 00160030
.text C:\Program Files\IDT\WDM\sttray.exe[2016] USER32.dll!UnhookWindowsHookEx 765BCC7B 5 Bytes JMP 002F0120
.text C:\Program Files\IDT\WDM\sttray.exe[2016] USER32.dll!UnhookWinEvent 765BD924 5 Bytes JMP 002F006C
.text C:\Program Files\IDT\WDM\sttray.exe[2016] USER32.dll!SetWindowsHookExW 765C210A 5 Bytes JMP 002F00E4
.text C:\Program Files\IDT\WDM\sttray.exe[2016] USER32.dll!SetWinEventHook 765C507E 5 Bytes JMP 002F0030
.text C:\Program Files\IDT\WDM\sttray.exe[2016] USER32.dll!SetWindowsHookExA 765E6DFA 5 Bytes JMP 002F00A8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2136] ntdll.dll!LdrUnloadDll 7733BEAF 5 Bytes JMP 0006006C
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2136] ntdll.dll!LdrLoadDll 7733F5B5 5 Bytes JMP 00060030
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2136] USER32.dll!UnhookWindowsHookEx 765BCC7B 5 Bytes JMP 00100120
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2136] USER32.dll!UnhookWinEvent 765BD924 5 Bytes JMP 0010006C
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2136] USER32.dll!SetWindowsHookExW 765C210A 5 Bytes JMP 001000E4
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2136] USER32.dll!SetWinEventHook 765C507E 5 Bytes JMP 00100030
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2136] USER32.dll!SetWindowsHookExA 765E6DFA 5 Bytes JMP 001000A8
.text C:\windows\System32\spoolsv.exe[2176] ntdll.dll!LdrUnloadDll 7733BEAF 5 Bytes JMP 0006006C
.text C:\windows\System32\spoolsv.exe[2176] ntdll.dll!LdrLoadDll 7733F5B5 5 Bytes JMP 00060030
.text C:\windows\System32\spoolsv.exe[2176] USER32.dll!UnhookWindowsHookEx 765BCC7B 5 Bytes JMP 00100120
.text C:\windows\System32\spoolsv.exe[2176] USER32.dll!UnhookWinEvent 765BD924 5 Bytes JMP 0010006C
.text C:\windows\System32\spoolsv.exe[2176] USER32.dll!SetWindowsHookExW 765C210A 5 Bytes JMP 001000E4
.text C:\windows\System32\spoolsv.exe[2176] USER32.dll!SetWinEventHook 765C507E 5 Bytes JMP 00100030
.text C:\windows\System32\spoolsv.exe[2176] USER32.dll!SetWindowsHookExA 765E6DFA 5 Bytes JMP 001000A8
.text C:\windows\system32\svchost.exe[2204] ntdll.dll!LdrUnloadDll 7733BEAF 5 Bytes JMP 0006006C
.text C:\windows\system32\svchost.exe[2204] ntdll.dll!LdrLoadDll 7733F5B5 5 Bytes JMP 00060030
.text C:\windows\system32\svchost.exe[2204] USER32.dll!UnhookWindowsHookEx 765BCC7B 5 Bytes JMP 00880120
.text C:\windows\system32\svchost.exe[2204] USER32.dll!UnhookWinEvent 765BD924 5 Bytes JMP 0088006C
.text C:\windows\system32\svchost.exe[2204] USER32.dll!SetWindowsHookExW 765C210A 5 Bytes JMP 008800E4
.text C:\windows\system32\svchost.exe[2204] USER32.dll!SetWinEventHook 765C507E 5 Bytes JMP 00880030
.text C:\windows\system32\svchost.exe[2204] USER32.dll!SetWindowsHookExA 765E6DFA 5 Bytes JMP 008800A8
.text C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9fc8b38ddee9fbba\aestsrv.exe[2292] ntdll.dll!LdrUnloadDll 7733BEAF 5 Bytes JMP 0016006C
.text C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9fc8b38ddee9fbba\aestsrv.exe[2292] ntdll.dll!LdrLoadDll 7733F5B5 5 Bytes JMP 00160030
.text C:\windows\System32\svchost.exe[2352] ntdll.dll!LdrUnloadDll 7733BEAF 5 Bytes JMP 0006006C
.text C:\windows\System32\svchost.exe[2352] ntdll.dll!LdrLoadDll 7733F5B5 5 Bytes JMP 00060030
.text C:\windows\System32\svchost.exe[2352] USER32.dll!UnhookWindowsHookEx 765BCC7B 5 Bytes JMP 001D0120
.text C:\windows\System32\svchost.exe[2352] USER32.dll!UnhookWinEvent 765BD924 5 Bytes JMP 001D006C
.text C:\windows\System32\svchost.exe[2352] USER32.dll!SetWindowsHookExW 765C210A 5 Bytes JMP 001D00E4
.text C:\windows\System32\svchost.exe[2352] USER32.dll!SetWinEventHook 765C507E 5 Bytes JMP 001D0030
.text C:\windows\System32\svchost.exe[2352] USER32.dll!SetWindowsHookExA 765E6DFA 5 Bytes JMP 001D00A8
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2404] ntdll.dll!LdrUnloadDll 7733BEAF 5 Bytes JMP 0016006C
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2404] ntdll.dll!LdrLoadDll 7733F5B5 5 Bytes JMP 00160030
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2404] USER32.dll!UnhookWindowsHookEx 765BCC7B 5 Bytes JMP 00200120
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2404] USER32.dll!UnhookWinEvent 765BD924 5 Bytes JMP 0020006C
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2404] USER32.dll!SetWindowsHookExW 765C210A 5 Bytes JMP 002000E4
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2404] USER32.dll!SetWinEventHook 765C507E 5 Bytes JMP 00200030
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2404] USER32.dll!SetWindowsHookExA 765E6DFA 5 Bytes JMP 002000A8
.text C:\Program Files\Hewlett-Packard\HP QuickLook\HPDayStarterService.exe[2444] ntdll.dll!LdrUnloadDll 7733BEAF 5 Bytes JMP 0016006C
.text C:\Program Files\Hewlett-Packard\HP QuickLook\HPDayStarterService.exe[2444] ntdll.dll!LdrLoadDll 7733F5B5 5 Bytes JMP 00160030
.text C:\Program Files\Hewlett-Packard\HP QuickLook\HPDayStarterService.exe[2444] USER32.dll!UnhookWindowsHookEx 765BCC7B 5 Bytes JMP 001F0120
.text C:\Program Files\Hewlett-Packard\HP QuickLook\HPDayStarterService.exe[2444] USER32.dll!UnhookWinEvent 765BD924 5 Bytes JMP 001F006C
.text C:\Program Files\Hewlett-Packard\HP QuickLook\HPDayStarterService.exe[2444] USER32.dll!SetWindowsHookExW 765C210A 5 Bytes JMP 001F00E4
.text C:\Program Files\Hewlett-Packard\HP QuickLook\HPDayStarterService.exe[2444] USER32.dll!SetWinEventHook 765C507E 5 Bytes JMP 001F0030
.text C:\Program Files\Hewlett-Packard\HP QuickLook\HPDayStarterService.exe[2444] USER32.dll!SetWindowsHookExA 765E6DFA 5 Bytes JMP 001F00A8
.text C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe[2492] ntdll.dll!LdrUnloadDll 7733BEAF 5 Bytes JMP 0006006C
.text C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe[2492] ntdll.dll!LdrLoadDll 7733F5B5 5 Bytes JMP 00060030
.text C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe[2492] USER32.dll!UnhookWindowsHookEx 765BCC7B 5 Bytes JMP 00080120
.text C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe[2492] USER32.dll!UnhookWinEvent 765BD924 5 Bytes JMP 0008006C
.text C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe[2492] USER32.dll!SetWindowsHookExW 765C210A 5 Bytes JMP 000800E4
.text C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe[2492] USER32.dll!SetWinEventHook 765C507E 5 Bytes JMP 00080030
.text C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe[2492] USER32.dll!SetWindowsHookExA 765E6DFA 5 Bytes JMP 000800A8
.text C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe[2516] ntdll.dll!LdrUnloadDll 7733BEAF 5 Bytes JMP 0006006C
.text C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe[2516] ntdll.dll!LdrLoadDll 7733F5B5 5 Bytes JMP 00060030
.text C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe[2516] USER32.dll!UnhookWindowsHookEx 765BCC7B 5 Bytes JMP 00100120
.text C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe[2516] USER32.dll!UnhookWinEvent 765BD924 5 Bytes JMP 0010006C
.text C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe[2516] USER32.dll!SetWindowsHookExW 765C210A 5 Bytes JMP 001000E4
.text C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe[2516] USER32.dll!SetWinEventHook 765C507E 5 Bytes JMP 00100030
.text C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe[2516] USER32.dll!SetWindowsHookExA 765E6DFA 5 Bytes JMP 001000A8
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2576] ntdll.dll!LdrUnloadDll 7733BEAF 5 Bytes JMP 0016006C
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2576] ntdll.dll!LdrLoadDll 7733F5B5 5 Bytes JMP 00160030
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2576] USER32.dll!UnhookWindowsHookEx 765BCC7B 5 Bytes JMP 00220120
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2576] USER32.dll!UnhookWinEvent 765BD924 5 Bytes JMP 0022006C
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2576] USER32.dll!SetWindowsHookExW 765C210A 5 Bytes JMP 002200E4
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2576] USER32.dll!SetWinEventHook 765C507E 5 Bytes JMP 00220030
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2576] USER32.dll!SetWindowsHookExA 765E6DFA 5 Bytes JMP 002200A8
.text C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe[2604] ntdll.dll!LdrUnloadDll 7733BEAF 5 Bytes JMP 0016006C
.text C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe[2604] ntdll.dll!LdrLoadDll 7733F5B5 5 Bytes JMP 00160030
.text C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe[2604] USER32.dll!UnhookWindowsHookEx 765BCC7B 5 Bytes JMP 00200120
.text C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe[2604] USER32.dll!UnhookWinEvent 765BD924 5 Bytes JMP 0020006C
.text C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe[2604] USER32.dll!SetWindowsHookExW 765C210A 5 Bytes JMP 002000E4
.text C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe[2604] USER32.dll!SetWinEventHook 765C507E 5 Bytes JMP 00200030
.text C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe[2604] USER32.dll!SetWindowsHookExA 765E6DFA 5 Bytes JMP 002000A8
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2632] ntdll.dll!LdrUnloadDll 7733BEAF 5 Bytes JMP 0015006C
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2632] ntdll.dll!LdrLoadDll 7733F5B5 5 Bytes JMP 00150030
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2632] USER32.dll!UnhookWindowsHookEx 765BCC7B 5 Bytes JMP 002F0120
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2632] USER32.dll!UnhookWinEvent 765BD924 5 Bytes JMP 002F006C
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2632] USER32.dll!SetWindowsHookExW 765C210A 5 Bytes JMP 002F00E4
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2632] USER32.dll!SetWinEventHook 765C507E 5 Bytes JMP 002F0030
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2632] USER32.dll!SetWindowsHookExA 765E6DFA 5 Bytes JMP 002F00A8
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2668] ntdll.dll!LdrUnloadDll 7733BEAF 5 Bytes JMP 0016006C
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2668] ntdll.dll!LdrLoadDll 7733F5B5 5 Bytes JMP 00160030
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2668] USER32.dll!UnhookWindowsHookEx 765BCC7B 5 Bytes JMP 00300120
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2668] USER32.dll!UnhookWinEvent 765BD924 5 Bytes JMP 0030006C
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2668] USER32.dll!SetWindowsHookExW 765C210A 5 Bytes JMP 003000E4
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2668] USER32.dll!SetWinEventHook 765C507E 5 Bytes JMP 00300030
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2668] USER32.dll!SetWindowsHookExA 765E6DFA 5 Bytes JMP 003000A8
.text C:\windows\system32\svchost.exe[2720] ntdll.dll!LdrUnloadDll 7733BEAF 5 Bytes JMP 0006006C
.text C:\windows\system32\svchost.exe[2720] ntdll.dll!LdrLoadDll 7733F5B5 5 Bytes JMP 00060030
.text C:\windows\system32\uArcCapture.exe[2748] ntdll.dll!LdrUnloadDll 7733BEAF 5 Bytes JMP 0016006C
.text C:\windows\system32\uArcCapture.exe[2748] ntdll.dll!LdrLoadDll 7733F5B5 5 Bytes JMP 00160030
.text C:\windows\system32\uArcCapture.exe[2748] USER32.dll!UnhookWindowsHookEx 765BCC7B 5 Bytes JMP 001F0120
.text C:\windows\system32\uArcCapture.exe[2748] USER32.dll!UnhookWinEvent 765BD924 5 Bytes JMP 001F006C
.text C:\windows\system32\uArcCapture.exe[2748] USER32.dll!SetWindowsHookExW 765C210A 5 Bytes JMP 001F00E4
.text C:\windows\system32\uArcCapture.exe[2748] USER32.dll!SetWinEventHook 765C507E 5 Bytes JMP 001F0030
.text C:\windows\system32\uArcCapture.exe[2748] USER32.dll!SetWindowsHookExA 765E6DFA 5 Bytes JMP 001F00A8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2848] ntdll.dll!LdrUnloadDll 7733BEAF 5 Bytes JMP 0006006C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2848] ntdll.dll!LdrLoadDll 7733F5B5 5 Bytes JMP 00060030
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2848] USER32.dll!UnhookWindowsHookEx 765BCC7B 5 Bytes JMP 00100120
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2848] USER32.dll!UnhookWinEvent 765BD924 5 Bytes JMP 0010006C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2848] USER32.dll!SetWindowsHookExW 765C210A 5 Bytes JMP 001000E4
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2848] USER32.dll!SetWinEventHook 765C507E 5 Bytes JMP 00100030
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2848] USER32.dll!SetWindowsHookExA 765E6DFA 5 Bytes JMP 001000A8
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2896] ntdll.dll!LdrUnloadDll 7733BEAF 5 Bytes JMP 0016006C
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2896] ntdll.dll!LdrLoadDll 7733F5B5 5 Bytes JMP 00160030
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2896] USER32.dll!UnhookWindowsHookEx 765BCC7B 5 Bytes JMP 001F0120
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2896] USER32.dll!UnhookWinEvent 765BD924 5 Bytes JMP 001F006C
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2896] USER32.dll!SetWindowsHookExW 765C210A 5 Bytes JMP 001F00E4
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2896] USER32.dll!SetWinEventHook 765C507E 5 Bytes JMP 001F0030
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2896] USER32.dll!SetWindowsHookExA 765E6DFA 5 Bytes JMP 001F00A8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3000] ntdll.dll!LdrUnloadDll 7733BEAF 5 Bytes JMP 0006006C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3000] ntdll.dll!LdrLoadDll 7733F5B5 5 Bytes JMP 00060030
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3000] USER32.dll!UnhookWindowsHookEx 765BCC7B 5 Bytes JMP 00100120
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3000] USER32.dll!UnhookWinEvent 765BD924 5 Bytes JMP 0010006C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3000] USER32.dll!SetWindowsHookExW 765C210A 5 Bytes JMP 001000E4
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3000] USER32.dll!SetWinEventHook 765C507E 5 Bytes JMP 00100030
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3000] USER32.dll!SetWindowsHookExA 765E6DFA 5 Bytes JMP 001000A8
.text C:\windows\system32\wbem\unsecapp.exe[3252] ntdll.dll!LdrUnloadDll 7733BEAF 5 Bytes JMP 0006006C
.text C:\windows\system32\wbem\unsecapp.exe[3252] ntdll.dll!LdrLoadDll 7733F5B5 5 Bytes JMP 00060030
.text C:\windows\system32\wbem\unsecapp.exe[3252] USER32.dll!UnhookWindowsHookEx 765BCC7B 5 Bytes JMP 000F0120
.text C:\windows\system32\wbem\unsecapp.exe[3252] USER32.dll!UnhookWinEvent 765BD924 5 Bytes JMP 000F006C
.text C:\windows\system32\wbem\unsecapp.exe[3252] USER32.dll!SetWindowsHookExW 765C210A 5 Bytes JMP 000F00E4
.text C:\windows\system32\wbem\unsecapp.exe[3252] USER32.dll!SetWinEventHook 765C507E 5 Bytes JMP 000F0030
.text C:\windows\system32\wbem\unsecapp.exe[3252] USER32.dll!SetWindowsHookExA 765E6DFA 5 Bytes JMP 000F00A8
.text C:\windows\System32\svchost.exe[3332] ntdll.dll!LdrUnloadDll 7733BEAF 5 Bytes JMP 0006006C
.text C:\windows\System32\svchost.exe[3332] ntdll.dll!LdrLoadDll 7733F5B5 5 Bytes JMP 00060030
.text C:\windows\System32\svchost.exe[3332] USER32.dll!UnhookWindowsHookEx 765BCC7B 5 Bytes JMP 00150120
.text C:\windows\System32\svchost.exe[3332] USER32.dll!UnhookWinEvent 765BD924 5 Bytes JMP 0015006C
.text C:\windows\System32\svchost.exe[3332] USER32.dll!SetWindowsHookExW 765C210A 5 Bytes JMP 001500E4
.text C:\windows\System32\svchost.exe[3332] USER32.dll!SetWinEventHook 765C507E 5 Bytes JMP 00150030
.text C:\windows\System32\svchost.exe[3332] USER32.dll!SetWindowsHookExA 765E6DFA 5 Bytes JMP 001500A8
.text C:\windows\system32\svchost.exe[3380] ntdll.dll!LdrUnloadDll 7733BEAF 5 Bytes JMP 0006006C
.text C:\windows\system32\svchost.exe[3380] ntdll.dll!LdrLoadDll 7733F5B5 5 Bytes JMP 00060030
.text C:\windows\system32\wbem\wmiprvse.exe[3392] ntdll.dll!LdrUnloadDll 7733BEAF 5 Bytes JMP 0006006C
.text C:\windows\system32\wbem\wmiprvse.exe[3392] ntdll.dll!LdrLoadDll 7733F5B5 5 Bytes JMP 00060030
.text C:\windows\system32\wbem\wmiprvse.exe[3392] USER32.dll!UnhookWindowsHookEx 765BCC7B 5 Bytes JMP 00100120
.text C:\windows\system32\wbem\wmiprvse.exe[3392] USER32.dll!UnhookWinEvent 765BD924 5 Bytes JMP 0010006C
.text C:\windows\system32\wbem\wmiprvse.exe[3392] USER32.dll!SetWindowsHookExW 765C210A 5 Bytes JMP 001000E4
.text C:\windows\system32\wbem\wmiprvse.exe[3392] USER32.dll!SetWinEventHook 765C507E 5 Bytes JMP 00100030
.text C:\windows\system32\wbem\wmiprvse.exe[3392] USER32.dll!SetWindowsHookExA 765E6DFA 5 Bytes JMP 001000A8
.text C:\windows\system32\svchost.exe[3508] ntdll.dll!LdrUnloadDll 7733BEAF 5 Bytes JMP 0006006C
.text C:\windows\system32\svchost.exe[3508] ntdll.dll!LdrLoadDll 7733F5B5 5 Bytes JMP 00060030
.text C:\windows\system32\svchost.exe[3508] USER32.dll!UnhookWindowsHookEx 765BCC7B 5 Bytes JMP 00520120
.text C:\windows\system32\svchost.exe[3508] USER32.dll!UnhookWinEvent 765BD924 5 Bytes JMP 0052006C
.text C:\windows\system32\svchost.exe[3508] USER32.dll!SetWindowsHookExW 765C210A 5 Bytes JMP 005200E4
.text C:\windows\system32\svchost.exe[3508] USER32.dll!SetWinEventHook 765C507E 5 Bytes JMP 00520030
.text C:\windows\system32\svchost.exe[3508] USER32.dll!SetWindowsHookExA 765E6DFA 5 Bytes JMP 005200A8
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3592] ntdll.dll!LdrUnloadDll 7733BEAF 5 Bytes JMP 0016006C
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3592] ntdll.dll!LdrLoadDll 7733F5B5 5 Bytes JMP 00160030
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3592] USER32.dll!UnhookWindowsHookEx 765BCC7B 5 Bytes JMP 00200120
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3592] USER32.dll!UnhookWinEvent 765BD924 5 Bytes JMP 0020006C
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3592] USER32.dll!SetWindowsHookExW 765C210A 5 Bytes JMP 002000E4
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3592] USER32.dll!SetWinEventHook 765C507E 5 Bytes JMP 00200030
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3592] USER32.dll!SetWindowsHookExA 765E6DFA 5 Bytes JMP 002000A8
.text C:\windows\system32\SearchIndexer.exe[3764] ntdll.dll!LdrUnloadDll 7733BEAF 5 Bytes JMP 0006006C
.text C:\windows\system32\SearchIndexer.exe[3764] ntdll.dll!LdrLoadDll 7733F5B5 5 Bytes JMP 00060030
.text C:\windows\system32\SearchIndexer.exe[3764] USER32.dll!UnhookWindowsHookEx 765BCC7B 5 Bytes JMP 00100120
.text C:\windows\system32\SearchIndexer.exe[3764] USER32.dll!UnhookWinEvent 765BD924 5 Bytes JMP 0010006C
.text C:\windows\system32\SearchIndexer.exe[3764] USER32.dll!SetWindowsHookExW 765C210A 5 Bytes JMP 001000E4
.text C:\windows\system32\SearchIndexer.exe[3764] USER32.dll!SetWinEventHook 765C507E 5 Bytes JMP 00100030
.text C:\windows\system32\SearchIndexer.exe[3764] USER32.dll!SetWindowsHookExA 765E6DFA 5 Bytes JMP 001000A8
.text C:\windows\system32\wbem\wmiprvse.exe[4828] ntdll.dll!LdrUnloadDll 7733BEAF 5 Bytes JMP 0006006C
.text C:\windows\system32\wbem\wmiprvse.exe[4828] ntdll.dll!LdrLoadDll 7733F5B5 5 Bytes JMP 00060030
.text C:\windows\system32\wbem\wmiprvse.exe[4828] USER32.dll!UnhookWindowsHookEx 765BCC7B 5 Bytes JMP 00100120
.text C:\windows\system32\wbem\wmiprvse.exe[4828] USER32.dll!UnhookWinEvent 765BD924 5 Bytes JMP 0010006C
.text C:\windows\system32\wbem\wmiprvse.exe[4828] USER32.dll!SetWindowsHookExW 765C210A 5 Bytes JMP 001000E4
.text C:\windows\system32\wbem\wmiprvse.exe[4828] USER32.dll!SetWinEventHook 765C507E 5 Bytes JMP 00100030
.text C:\windows\system32\wbem\wmiprvse.exe[4828] USER32.dll!SetWindowsHookExA 765E6DFA 5 Bytes JMP 001000A8
.text C:\windows\servicing\TrustedInstaller.exe[5076] ntdll.dll!LdrUnloadDll 7733BEAF 5 Bytes JMP 0005006C
.text C:\windows\servicing\TrustedInstaller.exe[5076] ntdll.dll!LdrLoadDll 7733F5B5 5 Bytes JMP 00050030
.text C:\windows\servicing\TrustedInstaller.exe[5076] USER32.dll!UnhookWindowsHookEx 765BCC7B 5 Bytes JMP 000F0120
.text C:\windows\servicing\TrustedInstaller.exe[5076] USER32.dll!UnhookWinEvent 765BD924 5 Bytes JMP 000F006C
.text C:\windows\servicing\TrustedInstaller.exe[5076] USER32.dll!SetWindowsHookExW 765C210A 5 Bytes JMP 000F00E4
.text C:\windows\servicing\TrustedInstaller.exe[5076] USER32.dll!SetWinEventHook 765C507E 5 Bytes JMP 000F0030
.text C:\windows\servicing\TrustedInstaller.exe[5076] USER32.dll!SetWindowsHookExA 765E6DFA 5 Bytes JMP 000F00A8
.text C:\Program Files\Opera\opera.exe[5876] ntdll.dll!LdrUnloadDll 7733BEAF 5 Bytes JMP 0006006C
.text C:\Program Files\Opera\opera.exe[5876] ntdll.dll!LdrLoadDll 7733F5B5 5 Bytes JMP 00060030
.text C:\Program Files\Opera\opera.exe[5876] USER32.dll!UnhookWindowsHookEx 765BCC7B 5 Bytes JMP 00080120
.text C:\Program Files\Opera\opera.exe[5876] USER32.dll!UnhookWinEvent 765BD924 5 Bytes JMP 0008006C
.text C:\Program Files\Opera\opera.exe[5876] USER32.dll!SetWindowsHookExW 765C210A 5 Bytes JMP 000800E4
.text C:\Program Files\Opera\opera.exe[5876] USER32.dll!SetWinEventHook 765C507E 5 Bytes JMP 00080030
.text C:\Program Files\Opera\opera.exe[5876] USER32.dll!SetWindowsHookExA 765E6DFA 5 Bytes JMP 000800A8

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Aparat wykonawczy struktury sterowników trybu jądra/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Aparat wykonawczy struktury sterowników trybu jądra/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\0000004c halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Udp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Menedżer filtrów systemu plików firmy Microsoft/Microsoft Corporation)

---- Threads - GMER 1.0.15 ----

Thread System [4:4812] AF8ADF2E

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002713a5a6da
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002713a5a6da@001d6ea4a2eb 0xCB 0xF0 0x61 0xD6 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002713a5a6da (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002713a5a6da@001d6ea4a2eb 0xCB 0xF0 0x61 0xD6 ...

---- Files - GMER 1.0.15 ----

File C:\Users\User\AppData\Local\Opera\Opera\cache\g_0024\opr00G79.tmp 0 bytes
File C:\Users\User\AppData\Local\Opera\Opera\cache\g_0024\opr00G8H.tmp 0 bytes
File C:\Users\User\AppData\Local\Opera\Opera\cache\g_0024\opr00G98.tmp 0 bytes

---- EOF - GMER 1.0.15 ----

if nobody will help me

#3 imusewindows

imusewindows
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:06 PM

Posted 25 February 2011 - 12:06 PM

Why no one will help me

===========

Hello

While we understand your frustration at having to wait, please note that Bleeping Computer deals with several hundred requests for assistance such as yours on a daily basis. As a result, our backlog is quite large as are other comparable sites that help others with malware issues. Although our MRT Team members work on hundreds of requests each day, they are all volunteers who work logs when they can and are able to do so. No one is paid by Bleeping Computer for their assistance to our members.

Further, our malware removal staff is comprised of team members with various levels of skill and expertise to deal with thousands of malware variants, some more complex than others. Although we try to take DDS/HJT logs in order (starting with the oldest), it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastrous results. In other instances, the helper may not be familiar with the operating system that you are using, since they use another. In either case, neither of us want someone to assist you who is not familiar with your issue and attempt to fix it.

We ask that once you have posted your log and are waiting, please DO NOT "bump" your thread or make further replies until it has been responded to by a member of the MRT Team. The reason we ask this or do not respond to your requests is because that would remove you from the active queue that Techs and Staff have access to. The malware staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response, there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

That is why I have made an edit to your last post, instead of a reply. Please do not multiple post here, as that only pushes you further down the queue and causes confusion to the staff.

Please be patient. It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

Thank you for understanding.

Orange Blossom ~ forum moderator

Edited by Orange Blossom, 25 February 2011 - 09:05 PM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:06 PM

Posted 27 February 2011 - 12:02 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.


We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.


In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply





Scan With RKUnHooker

  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


"just click on Cancel, then Accept".


information and logs:

  • In your next post I need the following

  • .logs from DDS
  • log from RKUnHooker
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 imusewindows

imusewindows
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:06 PM

Posted 28 February 2011 - 09:02 AM

DDS (Ver_10-12-12.02) - NTFSx86
Run by User at 14:52:38,85 on 2011-02-28
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.48.1045.18.2934.1935 [GMT 1:00]

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9fc8b38ddee9fbba\STacSV.exe
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\Hpservice.exe
C:\windows\system32\vcsFPService.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9fc8b38ddee9fbba\aestsrv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\Hewlett-Packard\HP QuickLook\HPDayStarterService.exe
C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\uArcCapture.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\windows\servicing\TrustedInstaller.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\SearchProtocolHost.exe
C:\Users\User\Desktop\dds.scr
C:\windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.pl/
uDefault_Page_URL = hxxp://www.bing.com
mDefault_Page_URL = hxxp://www.bing.com
mStart Page = hxxp://www.bing.com
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [HPWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\delayedappstarter.exe 120 c:\program files\hewlett-packard\hp wireless assistant\HPWA_Main.exe /hidden
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [HPPowerAssistant] c:\program files\hewlett-packard\hp power assistant\HPPA_Main.exe /hidden
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&ksport do programu Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Wyślij obraz do urządzenia &Bluetooth... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Wyślij stronę do urządzenia &Bluetooth... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

============= SERVICES / DRIVERS ===============

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-2-23 371544]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-7-23 301528]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-2-2 214024]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutral_9fc8b38ddee9fbba\AEstSrv.exe [2010-3-7 81920]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-7-23 19544]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-7-23 53592]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2011-2-23 42184]
R2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\hewlett-packard\hp power assistant\HPPA_Service.exe [2010-8-23 103992]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\hewlett-packard\hp wireless assistant\HPWA_Service.exe [2009-12-16 102968]
R2 HPDayStarterService;HP DayStarter Service;c:\program files\hewlett-packard\hp quicklook\HPDayStarterService.exe [2010-1-7 81920]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\hewlett-packard\shared\HPDrvMntSvc.exe [2010-10-14 92216]
R2 hpHotkeyMonitor;HP Hotkey Monitor;c:\program files\hewlett-packard\hp hotkey support\hpHotkeyMonitor.exe [2010-1-5 264248]
R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2010-6-15 26168]
R2 uArcCapture;ArcCapture;c:\windows\system32\uArcCapture.exe [2010-3-7 506472]
R2 UNS;Intel® Management & Security Application User Notification Service;c:\program files\intel\intel® management engine components\uns\UNS.exe [2010-3-7 2320920]
R2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2009-12-14 1639728]
R3 ARCVCAM;ARCVCAM, ArcSoft Webcam Sharing Manager Driver;c:\windows\system32\drivers\ArcSoftVCapture.sys [2010-3-7 29824]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2009-10-26 125696]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2009-10-30 209920]
R3 rtsuvc;HP Webcam [2 MP Fixed];c:\windows\system32\drivers\rtsuvc.sys [2010-3-7 73344]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 KMService;KMService;c:\windows\system32\srvany.exe [2010-9-14 8192]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-3-7 29472]
S3 MfeAVFK;McAfee Inc. MfeAVFK;c:\windows\system32\drivers\mfeavfk.sys [2010-2-2 79816]
S3 MfeBOPK;McAfee Inc. MfeBOPK;c:\windows\system32\drivers\mfebopk.sys [2010-2-2 35272]
S3 MfeRKDK;McAfee Inc. MfeRKDK;c:\windows\system32\drivers\mferkdk.sys [2010-2-2 34248]
S3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2009-10-3 6114816]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2010-2-2 181792]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-2-2 249888]
S3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-26 1343400]

=============== Created Last 30 ================

2011-02-27 10:26:15 -------- d-----w- c:\users\user\appdata\local\Last.fm
2011-02-26 17:37:29 -------- d-----w- c:\program files\PlayReady
2011-02-26 17:21:14 -------- d-----w- c:\users\user\appdata\roaming\RDRM
2011-02-26 17:21:13 -------- d-----w- c:\users\user\appdata\roaming\ipla
2011-02-26 17:21:13 -------- d-----w- c:\progra~2\ipla
2011-02-26 17:20:57 -------- d-----w- c:\program files\ipla
2011-02-26 17:20:47 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2011-02-25 13:39:19 5943120 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{c2d6db0f-7c86-4b53-95dd-0cf08e0e9619}\mpengine.dll
2011-02-23 17:23:34 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-02-23 14:19:22 276992 ----a-w- c:\windows\system32\wcncsvc.dll
2011-02-23 11:38:40 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2011-02-23 11:38:40 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-21 17:03:51 -------- d-----w- c:\users\user\appdata\local\Adobe
2011-02-21 09:57:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-18 16:19:51 -------- d-----w- c:\users\user\DoctorWeb
2011-02-15 18:47:06 -------- d-----w- c:\windows\system32\wbem\repository
2011-02-10 14:50:40 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-10 14:50:36 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-10 08:23:02 2329088 ----a-w- c:\windows\system32\win32k.sys
2011-02-10 08:23:01 541184 ----a-w- c:\windows\system32\kerberos.dll
2011-02-10 08:23:01 428032 ----a-w- c:\windows\system32\vbscript.dll
2011-02-02 11:11:17 80896 ----a-w- c:\windows\system32\ff_vfw.dll
2011-02-02 11:11:16 -------- d-----w- c:\program files\ffdshow
2011-02-01 18:34:11 -------- d-----w- c:\users\user\AbiSuite
2011-01-31 19:04:02 -------- d-----w- c:\progra~2\eMule
2011-01-31 19:03:47 -------- d-----w- c:\users\user\appdata\local\eMule
2011-01-31 19:03:46 -------- d-----w- c:\program files\eMule
2011-01-31 11:28:28 -------- d-----w- c:\users\user\appdata\roaming\Malwarebytes
2011-01-31 11:28:23 -------- d-----w- c:\progra~2\Malwarebytes

==================== Find3M ====================

2011-02-23 15:04:21 40648 ----a-w- c:\windows\avastSS.scr
2011-02-02 20:40:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-02 16:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-07 07:27:11 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-07 05:33:11 294400 ----a-w- c:\windows\system32\atmfd.dll
2010-12-21 05:38:24 73728 ----a-w- c:\windows\system32\wscsvc.dll
2010-12-21 05:38:24 51200 ----a-w- c:\windows\system32\wscapi.dll
2010-12-21 05:38:22 981504 ----a-w- c:\windows\system32\wininet.dll
2010-12-21 05:38:22 350720 ----a-w- c:\windows\system32\winhttp.dll
2010-12-21 05:38:21 204800 ----a-w- c:\windows\system32\WebClnt.dll
2010-12-21 05:38:19 204288 ----a-w- c:\windows\system32\upnp.dll
2010-12-21 05:38:16 14336 ----a-w- c:\windows\system32\slwga.dll
2010-12-21 05:36:17 1389568 ----a-w- c:\windows\system32\msxml6.dll
2010-12-21 05:36:16 1236992 ----a-w- c:\windows\system32\msxml3.dll
2010-12-21 05:34:12 80384 ----a-w- c:\windows\system32\davclnt.dll
2010-12-18 05:29:40 44544 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-18 04:20:55 386048 ----a-w- c:\windows\system32\html.iec
2010-12-18 03:47:59 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-12-11 14:40:16 98304 ----a-w- c:\users\user\pkcs11wrapper.dll

============= FINISH: 14:53:18,23 ===============

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows 7
Version 6.1.7600
Number of processors #4
==============================================
>SSDT State
==============================================
ntkrnlpa.exe-->NtAddBootEntry, Type: Address change 0x83156BC4-->8B9A39CA [C:\windows\System32\Drivers\aswSnx.SYS]
ntkrnlpa.exe-->NtAllocateVirtualMemory, Type: Address change 0x8309F2EB-->90C3EA68 [C:\windows\System32\Drivers\aswSP.SYS]
ntkrnlpa.exe-->NtCreateEvent, Type: Address change 0x830B4AB9-->8B9A5EAC [C:\windows\System32\Drivers\aswSnx.SYS]
ntkrnlpa.exe-->NtCreateEventPair, Type: Address change 0x8315C8C4-->8B9A5F04 [C:\windows\System32\Drivers\aswSnx.SYS]
ntkrnlpa.exe-->NtCreateIoCompletion, Type: Address change 0x830B7675-->8B9A601A [C:\windows\System32\Drivers\aswSnx.SYS]
ntkrnlpa.exe-->NtCreateMutant, Type: Address change 0x830D20F5-->8B9A5E02 [C:\windows\System32\Drivers\aswSnx.SYS]
ntkrnlpa.exe-->NtCreateSection, Type: Address change 0x830841B3-->8B9A5F54 [C:\windows\System32\Drivers\aswSnx.SYS]
ntkrnlpa.exe-->NtCreateSemaphore, Type: Address change 0x830D44E9-->8B9A5E56 [C:\windows\System32\Drivers\aswSnx.SYS]
ntkrnlpa.exe-->NtCreateTimer, Type: Address change 0x8304D4A7-->8B9A5FC8 [C:\windows\System32\Drivers\aswSnx.SYS]
ntkrnlpa.exe-->NtDeleteBootEntry, Type: Address change 0x83156BF7-->8B9A39EE [C:\windows\System32\Drivers\aswSnx.SYS]
ntkrnlpa.exe-->NtFreeVirtualMemory, Type: Address change 0x82F06921-->90C3EB18 [C:\windows\System32\Drivers\aswSP.SYS]
ntkrnlpa.exe-->NtLoadDriver, Type: Address change 0x82FF428F-->8B9A37B8 [C:\windows\System32\Drivers\aswSnx.SYS]
ntkrnlpa.exe-->NtModifyBootEntry, Type: Address change 0x83156DC8-->8B9A3A12 [C:\windows\System32\Drivers\aswSnx.SYS]
ntkrnlpa.exe-->NtNotifyChangeKey, Type: Address change 0x8304D047-->8B9A6412 [C:\windows\System32\Drivers\aswSnx.SYS]
ntkrnlpa.exe-->NtNotifyChangeMultipleKeys, Type: Address change 0x8304C3F1-->8B9A44AA [C:\windows\System32\Drivers\aswSnx.SYS]
ntkrnlpa.exe-->NtOpenEvent, Type: Address change 0x830D4A47-->8B9A5EDC [C:\windows\System32\Drivers\aswSnx.SYS]
ntkrnlpa.exe-->NtOpenEventPair, Type: Address change 0x8315C9C5-->8B9A5F2C [C:\windows\System32\Drivers\aswSnx.SYS]
ntkrnlpa.exe-->NtOpenIoCompletion, Type: Address change 0x8310C811-->8B9A6044 [C:\windows\System32\Drivers\aswSnx.SYS]
ntkrnlpa.exe-->NtOpenMutant, Type: Address change 0x8306FA53-->8B9A5E2E [C:\windows\System32\Drivers\aswSnx.SYS]
ntkrnlpa.exe-->NtOpenSection, Type: Address change 0x830D269A-->8B9A5F94 [C:\windows\System32\Drivers\aswSnx.SYS]
ntkrnlpa.exe-->NtOpenSemaphore, Type: Address change 0x830373E3-->8B9A5E84 [C:\windows\System32\Drivers\aswSnx.SYS]
ntkrnlpa.exe-->NtOpenTimer, Type: Address change 0x8315C66B-->8B9A5FF2 [C:\windows\System32\Drivers\aswSnx.SYS]
ntkrnlpa.exe-->NtProtectVirtualMemory, Type: Address change 0x830D3121-->90C3EBB0 [C:\windows\System32\Drivers\aswSP.SYS]
ntkrnlpa.exe-->NtQueryObject, Type: Address change 0x83060023-->8B9A4370 [C:\windows\System32\Drivers\aswSnx.SYS]
ntkrnlpa.exe-->NtSetBootEntryOrder, Type: Address change 0x831574DB-->8B9A3A36 [C:\windows\System32\Drivers\aswSnx.SYS]
ntkrnlpa.exe-->NtSetBootOptions, Type: Address change 0x831579C7-->8B9A3A5A [C:\windows\System32\Drivers\aswSnx.SYS]
ntkrnlpa.exe-->NtSetSystemInformation, Type: Address change 0x830DE2D5-->8B9A3812 [C:\windows\System32\Drivers\aswSnx.SYS]
ntkrnlpa.exe-->NtSetSystemPowerState, Type: Address change 0x83174355-->8B9A394E [C:\windows\System32\Drivers\aswSnx.SYS]
ntkrnlpa.exe-->NtShutdownSystem, Type: Address change 0x83154DF9-->8B9A392A [C:\windows\System32\Drivers\aswSnx.SYS]
ntkrnlpa.exe-->NtSystemDebugControl, Type: Address change 0x8305C66E-->8B9A3972 [C:\windows\System32\Drivers\aswSnx.SYS]
ntkrnlpa.exe-->NtVdmControl, Type: Address change 0x8314A237-->8B9A3A7E [C:\windows\System32\Drivers\aswSnx.SYS]
==============================================
>Shadow
==============================================
win32k.sys-->NtGdiAlphaBlend, Type: Address change 0x825C4860-->8B9A4A88 [C:\windows\System32\Drivers\aswSnx.SYS]
win32k.sys-->NtGdiBitBlt, Type: Address change 0x825D504F-->8B9A4A2E [C:\windows\System32\Drivers\aswSnx.SYS]
win32k.sys-->NtGdiDeleteObjectApp, Type: Address change 0x825BFBCD-->8B9A64CA [C:\windows\System32\Drivers\aswSnx.SYS]
win32k.sys-->NtGdiGetPixel, Type: Address change 0x82575AB4-->8B9A4A1C [C:\windows\System32\Drivers\aswSnx.SYS]
win32k.sys-->NtGdiMaskBlt, Type: Address change 0x82561592-->8B9A4A52 [C:\windows\System32\Drivers\aswSnx.SYS]
win32k.sys-->NtGdiOpenDCW, Type: Address change 0x825B41DC-->8B9A6488 [C:\windows\System32\Drivers\aswSnx.SYS]
win32k.sys-->NtGdiPlgBlt, Type: Address change 0x82607DCA-->8B9A4A64 [C:\windows\System32\Drivers\aswSnx.SYS]
win32k.sys-->NtGdiStretchBlt, Type: Address change 0x8265CD49-->8B9A4A40 [C:\windows\System32\Drivers\aswSnx.SYS]
win32k.sys-->NtGdiTransparentBlt, Type: Address change 0x8262B760-->8B9A4A76 [C:\windows\System32\Drivers\aswSnx.SYS]
win32k.sys-->NtUserBlockInput, Type: Address change 0x826560AF-->8B9A4960 [C:\windows\System32\Drivers\aswSnx.SYS]
win32k.sys-->NtUserCallHwndParamLock, Type: Address change 0x82574DAF-->8B9A48B0 [C:\windows\System32\Drivers\aswSnx.SYS]
win32k.sys-->NtUserDestroyWindow, Type: Address change 0x82597900-->8B9A4908 [C:\windows\System32\Drivers\aswSnx.SYS]
win32k.sys-->NtUserSendInput, Type: Address change 0x8265A0CC-->8B9A4990 [C:\windows\System32\Drivers\aswSnx.SYS]
win32k.sys-->NtUserSetClipboardViewer, Type: Address change 0x8261B71C-->8B9A49F2 [C:\windows\System32\Drivers\aswSnx.SYS]
win32k.sys-->NtUserSetSysColors, Type: Address change 0x82665A05-->8B9A4884 [C:\windows\System32\Drivers\aswSnx.SYS]
win32k.sys-->NtUserSetWindowsHookEx, Type: Address change 0x825985E7-->8B9A4804 [C:\windows\System32\Drivers\aswSnx.SYS]
win32k.sys-->NtUserSetWinEventHook, Type: Address change 0x825B6591-->8B9A473E [C:\windows\System32\Drivers\aswSnx.SYS]
win32k.sys-->NtUserSystemParametersInfo, Type: Address change 0x825D7A8A-->8B9A4816 [C:\windows\System32\Drivers\aswSnx.SYS]
==============================================
>Processes
==============================================
0x873D26C8 [360] C:\Windows\System32\smss.exe (Microsoft Corporation, Menedżer sesji systemu Windows)
0x879C63D0 [476] C:\Windows\System32\csrss.exe (Microsoft Corporation, Proces wykonawczy klienta/serwera)
0x8590C8E8 [488] C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation, User Notification Service)
0x879EC7E0 [528] C:\Windows\System32\wininit.exe (Microsoft Corporation, Aplikacja uruchamiania systemu Windows)
0x879F53F8 [536] C:\Windows\System32\csrss.exe (Microsoft Corporation, Proces wykonawczy klienta/serwera)
0x87B88D40 [584] C:\Windows\System32\services.exe (Microsoft Corporation, Usługi i aplikacja Kontroler)
0x87B924E8 [600] C:\Windows\System32\lsass.exe (Microsoft Corporation, Local Security Authority Process)
0x87B92D40 [608] C:\Windows\System32\lsm.exe (Microsoft Corporation, Usługa Menedżer sesji lokalnej)
0x87BEC3A8 [720] C:\Windows\System32\svchost.exe (Microsoft Corporation, Proces hosta dla usług systemu Windows)
0x8862D030 [804] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc., Java™ Update Scheduler)
0x86411370 [820] C:\Windows\System32\svchost.exe (Microsoft Corporation, Proces hosta dla usług systemu Windows)
0x87CBC030 [884] C:\Windows\System32\svchost.exe (Microsoft Corporation, Proces hosta dla usług systemu Windows)
0x888733C0 [920] C:\Windows\System32\svchost.exe (Microsoft Corporation, Proces hosta dla usług systemu Windows)
0x888AD030 [956] C:\Windows\System32\svchost.exe (Microsoft Corporation, Proces hosta dla usług systemu Windows)
0x888B5030 [992] C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9fc8b38ddee9fbba\stacsv.exe (IDT, Inc., IDT PC Audio TPE)
0x888CBD40 [1108] C:\Windows\System32\winlogon.exe (Microsoft Corporation, Aplikacja logowania systemu Windows)
0x888E57B8 [1204] C:\Windows\System32\svchost.exe (Microsoft Corporation, Proces hosta dla usług systemu Windows)
0x8890D030 [1252] C:\Windows\System32\hpservice.exe (Hewlett-Packard Company, HpService)
0x8893AD40 [1328] C:\Windows\System32\vcsFPService.exe (Validity Sensors, Inc., Validity Sensors Fingerprint Service)
0x8895B570 [1392] C:\Windows\System32\svchost.exe (Microsoft Corporation, Proces hosta dla usług systemu Windows)
0x8897A558 [1472] C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software, avast! Service)
0x889D2BE8 [1676] C:\Windows\System32\dwm.exe (Microsoft Corporation, Menedżer okien pulpitu)
0x87930568 [1700] C:\Windows\explorer.exe (Microsoft Corporation, Eksplorator Windows)
0x87937B18 [1800] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation, Event Monitor User Notification Tool)
0x8791C2B0 [1812] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated, Synaptics TouchPad Enhancements)
0x884DA2F0 [1828] C:\Windows\System32\igfxtray.exe (Intel Corporation, igfxTray Module)
0x88596370 [1836] C:\Windows\System32\hkcmd.exe (Intel Corporation, hkcmd Module)
0x885B3D40 [1848] C:\Windows\System32\igfxpers.exe (Intel Corporation, persistence Module)
0x885C04A0 [1868] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc., IDT PC Audio TPE)
0x885CA9A8 [1888] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software, avast! Antivirus)
0x8796E6C0 [1936] C:\Windows\System32\igfxsrvc.exe (Intel Corporation, igfxsrvc Module)
0x885CF950 [1956] C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe (Hewlett-Packard Company, HP Power Assistant)
0x8791A830 [2004] C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Synaptics Incorporated, Synaptics Pointing Device Helper)
0x8589C8A0 [2104] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe (Hewlett-Packard Company, HP Support Assistant)
0x8950BD40 [2260] C:\Windows\System32\svchost.exe (Microsoft Corporation, Proces hosta dla usług systemu Windows)
0x892A1B18 [2284] C:\Windows\System32\spoolsv.exe (Microsoft Corporation, Spooler SubSystem App)
0x88870030 [2292] C:\Windows\System32\wbem\WmiPrvSE.exe (Microsoft Corporation, WMI Provider Host)
0x893DCB18 [2312] C:\Windows\System32\svchost.exe (Microsoft Corporation, Proces hosta dla usług systemu Windows)
0x894A1030 [2468] C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9fc8b38ddee9fbba\AEstSrv.exe (Andrea Electronics Corporation, Andrea filters APO access service (32-bit))
0x899CE6B8 [2476] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe (Hewlett-Packard, HP Wireless Assistant)
0x894274E8 [2496] C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation., Bluetooth Support Server)
0x892AF4A0 [2528] C:\Program Files\Hewlett-Packard\HP QuickLook\HPDayStarterService.exe (Hewlett-Packard Company, HP DayStarter service)
0x8958F608 [2584] C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company, HP Quick Synchronization Service)
0x895EF5E8 [2612] C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe (Hewlett-Packard Company, hpHotkeyMonitor Service)
0x895D78F0 [2676] C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company, LightScribe Service)
0x89608A10 [2708] C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation, Local Manageability Service)
0x895FEA00 [2740] C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE (Microsoft Corporation, Machine Debug Manager)
0x892BCD40 [2804] C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc., PsiService PsiService)
0x8941E328 [2812] C:\Windows\System32\svchost.exe (Microsoft Corporation, Proces hosta dla usług systemu Windows)
0x892D73C0 [2844] C:\Windows\System32\svchost.exe (Microsoft Corporation, Proces hosta dla usług systemu Windows)
0x892E6610 [2892] C:\Windows\System32\uArcCapture.exe (ArcSoft, Inc., ArcVCapture)
0x8939FD40 [2960] C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp., Microsoft® Windows Live ID Service)
0x893BA030 [2984] C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation, RAID Monitor)
0x89774BC0 [3036] C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp., Microsoft® Windows Live ID Service Monitor)
0x8940D8F0 [3120] C:\Windows\System32\wbem\unsecapp.exe (Microsoft Corporation, Sink to receive asynchronous callbacks for WMI client application)
0x8782D878 [3300] C:\Windows\System32\wbem\WmiPrvSE.exe (Microsoft Corporation, WMI Provider Host)
0x858D84A8 [3536] C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe (Hewlett-Packard Company, HPPA_Service)
0x87939B18 [3548] C:\Windows\System32\svchost.exe (Microsoft Corporation, Proces hosta dla usług systemu Windows)
0x885F8A48 [3580] C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe (Hewlett-Packard Company, hpqwmiex Module)
0x899258F0 [3636] C:\Windows\System32\SearchIndexer.exe (Microsoft Corporation, Indeksator programu Microsoft Windows Search)
0x8928EAE0 [3852] C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation, Usługa udostępniania w sieci programu Windows Media Player)
0x859127E0 [4052] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Hewlett-Packard, HPPA_Service)
0x859947C0 [4132] C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation, PresentationFontCache.exe)
0x8915BB38 [4212] C:\Windows\System32\svchost.exe (Microsoft Corporation, Proces hosta dla usług systemu Windows)
0x857A8A60 [4372] C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe (Hewlett-Packard Development Company L.P., hpCaslNotification)
0x8846F188 [4740] C:\Windows\servicing\TrustedInstaller.exe (Microsoft Corporation, Instalator modułów systemu Windows)
0x8895DC20 [6044] C:\Users\User\Desktop\RKUnhookerLE.EXE (UG North, RKULE, SR2 Normandy)
0x8565CD40 [4] System
0x888C94A0 [1068] C:\Windows\System32\audiodg.exe (Microsoft Corporation, Izolacja wykresu urządzenia audio systemu Windows )
==============================================
>Drivers
==============================================
0x91A38000 C:\windows\system32\DRIVERS\igdkmd32.sys 6787072 bytes (Intel Corporation, Intel Graphics Kernel Mode Driver)
0x82E53000 C:\windows\system32\ntkrnlpa.exe 4259840 bytes (Microsoft Corporation, NT Kernel & System)
0x82E53000 PnpManager 4259840 bytes
0x82E53000 RAW 4259840 bytes
0x82E53000 WMIxWDM 4259840 bytes
0x82510000 Win32k 2404352 bytes
0x82510000 C:\windows\System32\win32k.sys 2404352 bytes (Microsoft Corporation, Współużytkowany sterownik Win32)
0x8B633000 C:\windows\System32\drivers\tcpip.sys 1347584 bytes (Microsoft Corporation, Sterownik TCP/IP)
0x92831000 C:\windows\system32\DRIVERS\SynTP.sys 1298432 bytes (Synaptics Incorporated, Synaptics Touchpad Driver)
0x8B40B000 C:\windows\System32\Drivers\Ntfs.sys 1241088 bytes (Microsoft Corporation, Sterownik systemu plików NT)
0x9262C000 C:\windows\system32\DRIVERS\athr.sys 1232896 bytes (Atheros Communications, Inc., Atheros Extensible Wireless LAN device driver)
0x93C9B000 C:\windows\System32\Drivers\dump_iaStor.sys 892928 bytes
0x8B221000 C:\windows\system32\DRIVERS\iaStor.sys 892928 bytes (Intel Corporation, Intel Matrix Storage Manager driver - ia32)
0x920B1000 C:\windows\System32\drivers\dxgkrnl.sys 749568 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x8B349000 C:\windows\system32\drivers\ndis.sys 749568 bytes (Microsoft Corporation, Sterownik NDIS 6.20)
0x8AF01000 C:\windows\system32\CI.dll 700416 bytes (Microsoft Corporation, Code Integrity Module)
0x940D9000 C:\windows\system32\drivers\peauth.sys 618496 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x8B8D2000 C:\windows\system32\drivers\HTTP.sys 544768 bytes (Microsoft Corporation, Stos protokołu HTTP)
0x8AE2E000 C:\windows\system32\mcupdate_GenuineIntel.dll 491520 bytes (Microsoft Corporation, Intel Microcode Update Library)
0x8B00B000 C:\windows\system32\drivers\Wdf01000.sys 462848 bytes (Microsoft Corporation, Aparat wykonawczy struktury sterowników trybu jądra)
0x90D73000 C:\windows\system32\DRIVERS\stwrt.sys 442368 bytes (IDT, Inc., IDT PC Audio TPE)
0x8B991000 C:\windows\System32\Drivers\aswSnx.SYS 385024 bytes (AVAST Software, avast! Virtualization Driver)
0x8B578000 C:\windows\System32\Drivers\cng.sys 380928 bytes (Microsoft Corporation, Kernel Cryptography, Next Generation)
0x8FE63000 C:\windows\system32\drivers\afd.sys 368640 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xAF803000 C:\windows\System32\DRIVERS\srv.sys 331776 bytes (Microsoft Corporation, Server driver)
0x941A8000 C:\windows\System32\DRIVERS\srv2.sys 323584 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x82400000 C:\windows\System32\ATMFD.DLL 315392 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0x90CB0000 C:\windows\system32\DRIVERS\USBPORT.SYS 307200 bytes (Microsoft Corporation, Sterownik portów USB 1.1 i 2.0)
0x8B14C000 C:\windows\System32\drivers\volmgrx.sys 307200 bytes (Microsoft Corporation, Sterownik rozszerzenia menedżera woluminów)
0x8B08A000 C:\windows\system32\DRIVERS\ACPI.sys 294912 bytes (Microsoft Corporation, Sterownik ACPI dla systemu NT)
0x90C35000 C:\windows\System32\Drivers\aswSP.SYS 294912 bytes (AVAST Software, avast! self protection module)
0x8B87A000 C:\windows\system32\DRIVERS\nwifi.sys 286720 bytes (Microsoft Corporation, Sterownik NativeWiFi Miniport)
0x90D2F000 C:\windows\system32\DRIVERS\usbhub.sys 278528 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x8AEBF000 C:\windows\system32\CLFS.SYS 270336 bytes (Microsoft Corporation, Common Log File System Driver)
0x8FF2A000 C:\windows\system32\DRIVERS\rdbss.sys 266240 bytes (Microsoft Corporation, Sterownik podsystemu buforowania przekierowanego dysku)
0x8B7AD000 C:\windows\system32\DRIVERS\volsnap.sys 258048 bytes (Microsoft Corporation, Sterownik kopiowania woluminów w tle)
0x8B1AD000 C:\windows\system32\drivers\NETIO.SYS 253952 bytes (Microsoft Corporation, Network I/O Subsystem)
0x9406B000 C:\windows\system32\DRIVERS\mrxsmb10.sys 241664 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x93C1A000 C:\windows\system32\DRIVERS\IntcDAud.sys 237568 bytes (Intel® Corporation, Intel® Display HD Audio driver)
0x92192000 C:\windows\System32\drivers\dxgmms1.sys 233472 bytes (Microsoft Corporation, DirectX Graphics MMS)
0x93DC3000 C:\windows\system32\drivers\aswMonFlt.sys 229376 bytes (AVAST Software, avast! File System Minifilter for Windows 2003/Vista)
0x82E1C000 ACPI_HAL 225280 bytes
0x82E1C000 C:\windows\system32\halmacpi.dll 225280 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x8B304000 C:\windows\system32\drivers\fltmgr.sys 212992 bytes (Microsoft Corporation, Menedżer filtrów systemu plików firmy Microsoft)
0x90CFB000 C:\windows\system32\DRIVERS\ks.sys 212992 bytes (Microsoft Corporation, Kernel CSA Library)
0x8FF7F000 C:\windows\system32\drivers\mfehidk.sys 208896 bytes (McAfee, Inc., Host Intrusion Detection Link Driver)
0x8B812000 C:\windows\System32\DRIVERS\fvevol.sys 204800 bytes (Microsoft Corporation, BitLocker Drive Encryption Driver)
0x8FE31000 C:\windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x8B77C000 C:\windows\System32\drivers\fwpkclnt.sys 200704 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x92763000 C:\windows\system32\DRIVERS\RMCAST.sys 200704 bytes (Microsoft Corporation, Reliable Multicast Transport)
0x90C00000 C:\windows\system32\DRIVERS\portcls.sys 192512 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x8B600000 C:\windows\System32\drivers\rdyboost.sys 184320 bytes (Microsoft Corporation, ReadyBoost Driver)
0x8B53A000 C:\windows\System32\Drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x92168000 C:\windows\System32\Drivers\fastfat.SYS 172032 bytes (Microsoft Corporation, Fast FAT File System Driver)
0x8B0E3000 C:\windows\system32\DRIVERS\pci.sys 172032 bytes (Microsoft Corporation, Licznik NT Plug and Play PCI)
0x8B855000 C:\windows\system32\DRIVERS\CLASSPNP.SYS 151552 bytes (Microsoft Corporation, SCSI Class System Dll)
0x8AFAC000 C:\windows\System32\Drivers\ksecpkg.sys 151552 bytes (Microsoft Corporation, Kernel Security Support Provider Interface Packages)
0x94048000 C:\windows\system32\DRIVERS\mrxsmb.sys 143360 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x927D0000 C:\windows\system32\DRIVERS\ndiswan.sys 139264 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x9417A000 C:\windows\System32\DRIVERS\srvnet.sys 135168 bytes (Microsoft Corporation, Server Network driver)
0x90C7D000 C:\windows\system32\DRIVERS\tunnel.sys 135168 bytes (Microsoft Corporation, Sterownik interfejsu tunelu firmy Microsoft)
0x8B200000 C:\windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x8B972000 C:\windows\system32\DRIVERS\cdrom.sys 126976 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x91A00000 C:\windows\system32\DRIVERS\HDAudBus.sys 126976 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x92985000 C:\windows\system32\DRIVERS\Impcd.sys 126976 bytes (Intel Corporation, Intel® Turbo Boost Technology Driver)
0x8FEC9000 C:\windows\system32\DRIVERS\pacer.sys 126976 bytes (Microsoft Corporation, Harmonogram pakietów QoS)
0x827A0000 C:\windows\System32\cdd.dll 122880 bytes (Microsoft Corporation, Canonical Display Driver)
0x93DA8000 C:\windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, Sterownik filtru wirtualizacji plików LUA)
0x940A6000 C:\windows\system32\DRIVERS\mrxsmb20.sys 110592 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x93C00000 C:\windows\system32\drivers\WudfPf.sys 106496 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0x8B957000 C:\windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x90DDF000 C:\windows\system32\DRIVERS\drmk.sys 102400 bytes (Microsoft Corporation, Microsoft Trusted Audio Drivers)
0x8FFBE000 C:\windows\System32\Drivers\dfsc.sys 98304 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x927A2000 C:\windows\system32\DRIVERS\i8042prt.sys 98304 bytes (Microsoft Corporation, Sterownik portu i8042)
0x92800000 C:\windows\system32\DRIVERS\rasl2tp.sys 98304 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x92600000 C:\windows\system32\DRIVERS\raspppoe.sys 98304 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x91A1F000 C:\windows\system32\DRIVERS\raspptp.sys 94208 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x921E5000 C:\windows\system32\DRIVERS\rassstp.sys 94208 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x8AE00000 C:\windows\system32\DRIVERS\tdx.sys 94208 bytes (Microsoft Corporation, TDI Translation Driver)
0x93D91000 C:\windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0x8B197000 C:\windows\System32\drivers\mountmgr.sys 90112 bytes (Microsoft Corporation, Menedżer punktów instalacji)
0x93C5F000 C:\windows\system32\DRIVERS\HIDCLASS.SYS 77824 bytes (Microsoft Corporation, Hid Class Library)
0x8B565000 C:\windows\System32\Drivers\ksecdd.sys 77824 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x8FE10000 C:\windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x8FF07000 C:\windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x929DD000 C:\windows\system32\DRIVERS\AgileVpn.sys 73728 bytes (Microsoft Corporation, RAS Agile Vpn Miniport Call Manager)
0x90C9E000 C:\windows\system32\DRIVERS\intelppm.sys 73728 bytes (Microsoft Corporation, Processor Device Driver)
0x94036000 C:\windows\System32\drivers\mpsdrv.sys 73728 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x8B8C0000 C:\windows\system32\DRIVERS\rtsuvc.sys 73728 bytes (Realtek Semiconductor Corp., Realtek UVC Driver for XP/Vista/Win7)
0x8B844000 C:\windows\system32\DRIVERS\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x93D75000 C:\windows\System32\Drivers\dump_dumpfve.sys 69632 bytes
0x8B338000 C:\windows\system32\drivers\fileinfo.sys 69632 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x92618000 C:\windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x8B118000 C:\windows\System32\drivers\partmgr.sys 69632 bytes (Microsoft Corporation, Partition Management Driver)
0x8AEA6000 C:\windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Sterownik błędów sprzętowych charakterystycznych dla platformy)
0x8FEE8000 C:\windows\system32\DRIVERS\vwififlt.sys 69632 bytes (Microsoft Corporation, Virtual WiFi Filter Driver)
0x8FFE4000 C:\windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x8B5EC000 C:\windows\System32\Drivers\mup.sys 65536 bytes (Microsoft Corporation, Multiple UNC Provider Driver)
0x8FE00000 C:\windows\system32\DRIVERS\ndisuio.sys 65536 bytes (Microsoft Corporation, Sterownik NDIS I/O trybu użytkownika)
0x8FF1A000 C:\windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Remote Desktop Server Driver)
0x8B13C000 C:\windows\system32\DRIVERS\volmgr.sys 65536 bytes (Microsoft Corporation, Volume Manager Driver)
0x921D6000 C:\windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x8FFD6000 C:\windows\system32\DRIVERS\blbdrive.sys 57344 bytes (Microsoft Corporation, BLB Drive Driver)
0x8FEF9000 C:\windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x8AFE4000 C:\windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x8B5D5000 C:\windows\System32\drivers\pcw.sys 57344 bytes (Microsoft Corporation, Performance Counters for Windows Driver)
0x929CF000 C:\windows\system32\DRIVERS\STREAM.SYS 57344 bytes (Microsoft Corporation, WDM CODEC Class Device Driver 2.0)
0x929EF000 C:\windows\system32\DRIVERS\umbus.sys 57344 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x8B07C000 C:\windows\system32\drivers\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
0x929BC000 C:\windows\system32\DRIVERS\CompositeBus.sys 53248 bytes (Microsoft Corporation, Multi-Transport Composite Bus Enumerator)
0x93C8E000 C:\windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x927C3000 C:\windows\system32\DRIVERS\kbdclass.sys 53248 bytes (Microsoft Corporation, Sterownik klasy klawiatury)
0x92970000 C:\windows\system32\DRIVERS\mouclass.sys 53248 bytes (Microsoft Corporation, Sterownik klasy myszy)
0x9419B000 C:\windows\System32\drivers\tcpipreg.sys 53248 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x8B1EB000 C:\windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)
0x8FFB2000 C:\windows\System32\drivers\discache.sys 49152 bytes (Microsoft Corporation, System Indexer/Cache Driver)
0x8AE22000 C:\windows\system32\drivers\mfetdik.sys 49152 bytes (McAfee, Inc., Anti-Virus Mini-Firewall Driver)
0x8B800000 C:\windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x929A4000 C:\windows\system32\DRIVERS\Accelerometer.sys 45056 bytes (Hewlett-Packard Company, HP Accelerometer)
0x8B131000 C:\windows\system32\DRIVERS\BATTC.SYS 45056 bytes (Microsoft Corporation, Battery Class Driver)
0x921CB000 C:\windows\system32\DRIVERS\HECI.sys 45056 bytes (Intel Corporation, Intel® Management Engine Interface)
0x93C54000 C:\windows\system32\DRIVERS\hidusb.sys 45056 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0x93D86000 C:\windows\system32\DRIVERS\monitor.sys 45056 bytes (Microsoft Corporation, Monitor Driver)
0x93C79000 C:\windows\system32\DRIVERS\mouhid.sys 45056 bytes (Microsoft Corporation, Sterownik filtru myszy HID)
0x8AFD9000 C:\windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x92818000 C:\windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x8AE17000 C:\windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x8B10D000 C:\windows\system32\DRIVERS\vdrvroot.sys 45056 bytes (Microsoft Corporation, Główny moduł wyliczający dysku wirtualnego)
0x8AFF2000 C:\windows\System32\Drivers\aswTdi.SYS 40960 bytes (AVAST Software, avast! TDI Filter Driver)
0x93C84000 C:\windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x8FF75000 C:\windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x8FF6B000 C:\windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0x94170000 C:\windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x92759000 C:\windows\system32\DRIVERS\vwifibus.sys 40960 bytes (Microsoft Corporation, Sterownik wirtualnej magistrali WiFi)
0x8B2FB000 C:\windows\system32\DRIVERS\amdxata.sys 36864 bytes (Advanced Micro Devices, Storage Filter Driver)
0x8B5E3000 C:\windows\System32\Drivers\Fs_Rec.sys 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x8B400000 C:\windows\system32\DRIVERS\hpdskflt.sys 36864 bytes (Hewlett-Packard Company, HP Disk Filter - SATA/RAID)
0x927BA000 C:\windows\system32\DRIVERS\HpqKbFiltr.sys 36864 bytes (Hewlett-Packard Development Company, L.P., HpqKbFiltr Keyboard Filter Driver)
0xAF8CE000 C:\windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0x82770000 C:\windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x92825000 C:\windows\system32\DRIVERS\vwifimp.sys 36864 bytes (Microsoft Corporation, Virtual WiFi Miniport Driver)
0x929B3000 C:\windows\system32\DRIVERS\wmiacpi.sys 36864 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0x8B0D2000 C:\windows\system32\DRIVERS\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x9297D000 C:\windows\system32\drivers\Afc.sys 32768 bytes (Arcsoft, Inc., Arcsoft® ASPI Shell)
0x8AEB7000 C:\windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x8B129000 C:\windows\system32\DRIVERS\compbatt.sys 32768 bytes (Microsoft Corporation, Composite Battery Driver)
0x8B7F4000 C:\windows\System32\drivers\hwpolicy.sys 32768 bytes (Microsoft Corporation, Hardware Policy Driver)
0x80B9C000 C:\windows\system32\kdcom.dll 32768 bytes (Microsoft Corporation, Serial Kernel Debugger)
0x8B0DB000 C:\windows\system32\DRIVERS\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x8B1F8000 C:\windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8B000000 C:\windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Encoder Miniport)
0x8AFD1000 C:\windows\system32\drivers\rdprefmp.sys 32768 bytes (Microsoft Corporation, RDP Reflector Driver Miniport)
0x8B7EC000 C:\windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x8B9F6000 C:\windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x93C72000 C:\windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xAF8BE000 C:\Users\User\AppData\Local\Temp\mbr.sys 28672 bytes
0x8B9EF000 C:\windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x8FEC2000 C:\windows\system32\DRIVERS\wfplwf.sys 28672 bytes (Microsoft Corporation, WFP NDIS 6.20 Lightweight Filter Driver)
0x929C9000 C:\windows\system32\DRIVERS\ArcSoftVCapture.sys 24576 bytes (ArcSoft, Inc., ArcSoft Magic-i Driver)
0x8FEBD000 C:\windows\System32\Drivers\aswRdr.SYS 20480 bytes (AVAST Software, avast! TDI RDR Driver)
0x929AF000 C:\windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0x93DFB000 C:\windows\System32\Drivers\aswFsBlk.SYS 12288 bytes (AVAST Software, avast! File System Access Blocking Driver)
0x92823000 C:\windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x9296E000 C:\windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
==============================================
>Stealth
==============================================
0xAF87EF2E Unknown thread object [ ETHREAD 0x858C1840 ] , 600 bytes
==============================================
>Files
==============================================
==============================================
>Hooks
==============================================
ntkrnlpa.exe+0x0006F900, Type: Inline - RelativeCall 0x82EC2900-->9A5F048B [unknown_code_page]
ntkrnlpa.exe+0x0006F950, Type: Inline - RelativeCall 0x82EC2950-->9A5E568B [unknown_code_page]
ntkrnlpa.exe+0x0006FA0C, Type: Inline - PushRet 0x82EC2A0C-->F24ABC90 [unknown_code_page]
ntkrnlpa.exe+0x0006FAB0, Type: Inline - RelativeCall 0x82EC2AB0-->FF19C78B [unknown_code_page]
ntkrnlpa.exe+0x0006FAC4, Type: Inline - RelativeCall 0x82EC2AC4-->9A5F2C8B [unknown_code_page]
ntkrnlpa.exe+0x0006FB08, Type: Inline - RelativeCall 0x82EC2B08-->9A5E848B [unknown_code_page]
ntkrnlpa.exe+0x0006FBE0, Type: Inline - RelativeJump 0x82EC2BE0-->82EC2C29 [ntkrnlpa.exe]
ntkrnlpa.exe+0x0006FD78, Type: Inline - RelativeCall 0x82EC2D78-->9A394E8B [unknown_code_page]
ntkrnlpa.exe+0x0006FDC0, Type: Inline - RelativeJump 0x82EC2DC0-->82EC2DFF [ntkrnlpa.exe]
ntkrnlpa.exe+0x0006FE08, Type: Inline - RelativeJump 0x82EC2E08-->82EC2E48 [ntkrnlpa.exe]
ntkrnlpa.exe+0x00223003, Type: Inline - RelativeJump 0x83076003-->90C50D50 [aswSP.SYS]
ntkrnlpa.exe-->NtCreateProcessEx, Type: Inline - RelativeJump 0x8312E2F4-->90C538E2 [aswSP.SYS]
ntkrnlpa.exe-->ObMakeTemporaryObject, Type: Inline - RelativeJump 0x8305C2CB-->90C4F29E [aswSP.SYS]
[1108]winlogon.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x76E6F5B5-->00000000 [unknown_code_page]
[1108]winlogon.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x76E6BEAF-->00000000 [unknown_code_page]
[1108]winlogon.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x75D06DFA-->00000000 [unknown_code_page]
[1108]winlogon.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x75CE210A-->00000000 [unknown_code_page]
[1108]winlogon.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x75CE507E-->00000000 [unknown_code_page]
[1108]winlogon.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x75CDCC7B-->00000000 [unknown_code_page]
[1108]winlogon.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x75CDD924-->00000000 [unknown_code_page]
[1204]svchost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x76E6F5B5-->00000000 [unknown_code_page]
[1204]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x76E6BEAF-->00000000 [unknown_code_page]
[1204]svchost.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x75D06DFA-->00000000 [unknown_code_page]
[1204]svchost.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x75CE210A-->00000000 [unknown_code_page]
[1204]svchost.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x75CE507E-->00000000 [unknown_code_page]
[1204]svchost.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x75CDCC7B-->00000000 [unknown_code_page]
[1204]svchost.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x75CDD924-->00000000 [unknown_code_page]
[1252]hpservice.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x76E6F5B5-->00000000 [unknown_code_page]
[1252]hpservice.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x76E6BEAF-->00000000 [unknown_code_page]
[1252]hpservice.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x75D06DFA-->00000000 [unknown_code_page]
[1252]hpservice.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x75CE210A-->00000000 [unknown_code_page]
[1252]hpservice.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x75CE507E-->00000000 [unknown_code_page]
[1252]hpservice.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x75CDCC7B-->00000000 [unknown_code_page]
[1252]hpservice.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x75CDD924-->00000000 [unknown_code_page]
[1328]vcsFPService.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x76E6F5B5-->00000000 [unknown_code_page]
[1328]vcsFPService.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x76E6BEAF-->00000000 [unknown_code_page]
[1328]vcsFPService.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x75D06DFA-->00000000 [unknown_code_page]
[1328]vcsFPService.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x75CE210A-->00000000 [unknown_code_page]
[1328]vcsFPService.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x75CE507E-->00000000 [unknown_code_page]
[1328]vcsFPService.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x75CDCC7B-->00000000 [unknown_code_page]
[1328]vcsFPService.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x75CDD924-->00000000 [unknown_code_page]
[1392]svchost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x76E6F5B5-->00000000 [unknown_code_page]
[1392]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x76E6BEAF-->00000000 [unknown_code_page]
[1392]svchost.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x75D06DFA-->00000000 [unknown_code_page]
[1392]svchost.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x75CE210A-->00000000 [unknown_code_page]
[1392]svchost.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x75CE507E-->00000000 [unknown_code_page]
[1392]svchost.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x75CDCC7B-->00000000 [unknown_code_page]
[1392]svchost.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x75CDD924-->00000000 [unknown_code_page]
[1472]AvastSvc.exe-->kernel32.dll-->SetUnhandledExceptionFilter, Type: Inline - PushRet 0x75BA3162-->00000000 [unknown_code_page]
[1676]dwm.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x76E6F5B5-->00000000 [unknown_code_page]
[1676]dwm.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x76E6BEAF-->00000000 [unknown_code_page]
[1676]dwm.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x75D06DFA-->00000000 [unknown_code_page]
[1676]dwm.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x75CE210A-->00000000 [unknown_code_page]
[1676]dwm.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x75CE507E-->00000000 [unknown_code_page]
[1676]dwm.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x75CDCC7B-->00000000 [unknown_code_page]
[1676]dwm.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x75CDD924-->00000000 [unknown_code_page]
[1700]explorer.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x76E6F5B5-->00000000 [unknown_code_page]
[1700]explorer.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x76E6BEAF-->00000000 [unknown_code_page]
[1700]explorer.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x75D06DFA-->00000000 [unknown_code_page]
[1700]explorer.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x75CE210A-->00000000 [unknown_code_page]
[1700]explorer.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x75CE507E-->00000000 [unknown_code_page]
[1700]explorer.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x75CDCC7B-->00000000 [unknown_code_page]
[1700]explorer.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x75CDD924-->00000000 [unknown_code_page]
[1800]IAAnotif.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x76E6F5B5-->00000000 [unknown_code_page]
[1800]IAAnotif.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x76E6BEAF-->00000000 [unknown_code_page]
[1800]IAAnotif.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x75D06DFA-->00000000 [unknown_code_page]
[1800]IAAnotif.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x75CE210A-->00000000 [unknown_code_page]
[1800]IAAnotif.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x75CE507E-->00000000 [unknown_code_page]
[1800]IAAnotif.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x75CDCC7B-->00000000 [unknown_code_page]
[1800]IAAnotif.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x75CDD924-->00000000 [unknown_code_page]
[1812]SynTPEnh.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x76E6F5B5-->00000000 [unknown_code_page]
[1812]SynTPEnh.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x76E6BEAF-->00000000 [unknown_code_page]
[1812]SynTPEnh.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x75D06DFA-->00000000 [unknown_code_page]
[1812]SynTPEnh.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x75CE210A-->00000000 [unknown_code_page]
[1812]SynTPEnh.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x75CE507E-->00000000 [unknown_code_page]
[1812]SynTPEnh.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x75CDCC7B-->00000000 [unknown_code_page]
[1812]SynTPEnh.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x75CDD924-->00000000 [unknown_code_page]
[1828]igfxtray.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x76E6F5B5-->00000000 [unknown_code_page]
[1828]igfxtray.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x76E6BEAF-->00000000 [unknown_code_page]
[1828]igfxtray.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x75D06DFA-->00000000 [unknown_code_page]
[1828]igfxtray.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x75CE210A-->00000000 [unknown_code_page]
[1828]igfxtray.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x75CE507E-->00000000 [unknown_code_page]
[1828]igfxtray.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x75CDCC7B-->00000000 [unknown_code_page]
[1828]igfxtray.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x75CDD924-->00000000 [unknown_code_page]
[1836]hkcmd.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x76E6F5B5-->00000000 [unknown_code_page]
[1836]hkcmd.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x76E6BEAF-->00000000 [unknown_code_page]
[1836]hkcmd.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x75D06DFA-->00000000 [unknown_code_page]
[1836]hkcmd.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x75CE210A-->00000000 [unknown_code_page]
[1836]hkcmd.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x75CE507E-->00000000 [unknown_code_page]
[1836]hkcmd.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x75CDCC7B-->00000000 [unknown_code_page]
[1836]hkcmd.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x75CDD924-->00000000 [unknown_code_page]
[1848]igfxpers.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x76E6F5B5-->00000000 [unknown_code_page]
[1848]igfxpers.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x76E6BEAF-->00000000 [unknown_code_page]
[1848]igfxpers.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x75D06DFA-->00000000 [unknown_code_page]
[1848]igfxpers.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x75CE210A-->00000000 [unknown_code_page]
[1848]igfxpers.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x75CE507E-->00000000 [unknown_code_page]
[1848]igfxpers.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x75CDCC7B-->00000000 [unknown_code_page]
[1848]igfxpers.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x75CDD924-->00000000 [unknown_code_page]
[1868]sttray.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x76E6F5B5-->00000000 [unknown_code_page]
[1868]sttray.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x76E6BEAF-->00000000 [unknown_code_page]
[1868]sttray.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x75D06DFA-->00000000 [unknown_code_page]
[1868]sttray.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x75CE210A-->00000000 [unknown_code_page]
[1868]sttray.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x75CE507E-->00000000 [unknown_code_page]
[1868]sttray.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x75CDCC7B-->00000000 [unknown_code_page]
[1868]sttray.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x75CDD924-->00000000 [unknown_code_page]
[1936]igfxsrvc.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x76E6F5B5-->00000000 [unknown_code_page]
[1936]igfxsrvc.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x76E6BEAF-->00000000 [unknown_code_page]
[1936]igfxsrvc.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x75D06DFA-->00000000 [unknown_code_page]
[1936]igfxsrvc.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x75CE210A-->00000000 [unknown_code_page]
[1936]igfxsrvc.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x75CE507E-->00000000 [unknown_code_page]
[1936]igfxsrvc.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x75CDCC7B-->00000000 [unknown_code_page]
[1936]igfxsrvc.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x75CDD924-->00000000 [unknown_code_page]
[2004]SynTPHelper.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x76E6F5B5-->00000000 [unknown_code_page]
[2004]SynTPHelper.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x76E6BEAF-->00000000 [unknown_code_page]
[2004]SynTPHelper.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x75D06DFA-->00000000 [unknown_code_page]
[2004]SynTPHelper.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x75CE210A-->00000000 [unknown_code_page]
[2004]SynTPHelper.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x75CE507E-->00000000 [unknown_code_page]
[2004]SynTPHelper.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x75CDCC7B-->00000000 [unknown_code_page]
[2004]SynTPHelper.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x75CDD924-->00000000 [unknown_code_page]
[2260]svchost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x76E6F5B5-->00000000 [unknown_code_page]
[2260]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x76E6BEAF-->00000000 [unknown_code_page]
[2284]spoolsv.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x76E6F5B5-->00000000 [unknown_code_page]
[2284]spoolsv.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x76E6BEAF-->00000000 [unknown_code_page]
[2284]spoolsv.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x75D06DFA-->00000000 [unknown_code_page]
[2284]spoolsv.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x75CE210A-->00000000 [unknown_code_page]
[2284]spoolsv.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x75CE507E-->00000000 [unknown_code_page]
[2284]spoolsv.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x75CDCC7B-->00000000 [unknown_code_page]
[2284]spoolsv.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x75CDD924-->00000000 [unknown_code_page]
[2292]WmiPrvSE.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x76E6F5B5-->00000000 [unknown_code_page]
[2292]WmiPrvSE.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x76E6BEAF-->00000000 [unknown_code_page]
[2292]WmiPrvSE.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x75D06DFA-->00000000 [unknown_code_page]
[2292]WmiPrvSE.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x75CE210A-->00000000 [unknown_code_page]
[2292]WmiPrvSE.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x75CE507E-->00000000 [unknown_code_page]
[2292]WmiPrvSE.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x75CDCC7B-->00000000 [unknown_code_page]
[2292]WmiPrvSE.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x75CDD924-->00000000 [unknown_code_page]
[2312]svchost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x76E6F5B5-->00000000 [unknown_code_page]
[2312]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x76E6BEAF-->00000000 [unknown_code_page]
[2312]svchost.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x75D06DFA-->00000000 [unknown_code_page]
[2312]svchost.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x75CE210A-->00000000 [unknown_code_page]
[2312]svchost.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x75CE507E-->00000000 [unknown_code_page]
[2312]svchost.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x75CDCC7B-->00000000 [unknown_code_page]
[2312]svchost.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x75CDD924-->00000000 [unknown_code_page]
[2468]AEstSrv.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x76E6F5B5-->00000000 [unknown_code_page]
[2468]AEstSrv.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x76E6BEAF-->00000000 [unknown_code_page]
[2496]btwdins.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x76E6F5B5-->00000000 [unknown_code_page]
[2496]btwdins.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x76E6BEAF-->00000000 [unknown_code_page]
[2496]btwdins.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x75D06DFA-->00000000 [unknown_code_page]
[2496]btwdins.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x75CE210A-->00000000 [unknown_code_page]
[2496]btwdins.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x75CE507E-->00000000 [unknown_code_page]
[2496]btwdins.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x75CDCC7B-->00000000 [unknown_code_page]
[2496]btwdins.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x75CDD924-->00000000 [unknown_code_page]
[2528]HPDayStarterService.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x76E6F5B5-->00000000 [unknown_code_page]
[2528]HPDayStarterService.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x76E6BEAF-->00000000 [unknown_code_page]
[2528]HPDayStarterService.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x75D06DFA-->00000000 [unknown_code_page]
[2528]HPDayStarterService.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x75CE210A-->00000000 [unknown_code_page]
[2528]HPDayStarterService.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x75CE507E-->00000000 [unknown_code_page]
[2528]HPDayStarterService.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x75CDCC7B-->00000000 [unknown_code_page]
[2528]HPDayStarterService.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x75CDD924-->00000000 [unknown_code_page]
[2584]HPDrvMntSvc.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x76E6F5B5-->00000000 [unknown_code_page]
[2584]HPDrvMntSvc.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x76E6BEAF-->00000000 [unknown_code_page]
[2584]HPDrvMntSvc.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x75D06DFA-->00000000 [unknown_code_page]
[2584]HPDrvMntSvc.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x75CE210A-->00000000 [unknown_code_page]
[2584]HPDrvMntSvc.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x75CE507E-->00000000 [unknown_code_page]
[2584]HPDrvMntSvc.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x75CDCC7B-->00000000 [unknown_code_page]
[2584]HPDrvMntSvc.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x75CDD924-->00000000 [unknown_code_page]
[2612]hpHotkeyMonitor.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x76E6F5B5-->00000000 [unknown_code_page]
[2612]hpHotkeyMonitor.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x76E6BEAF-->00000000 [unknown_code_page]
[2612]hpHotkeyMonitor.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x75D06DFA-->00000000 [unknown_code_page]
[2612]hpHotkeyMonitor.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x75CE210A-->00000000 [unknown_code_page]
[2612]hpHotkeyMonitor.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x75CE507E-->00000000 [unknown_code_page]
[2612]hpHotkeyMonitor.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x75CDCC7B-->00000000 [unknown_code_page]
[2612]hpHotkeyMonitor.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x75CDD924-->00000000 [unknown_code_page]
[2676]LSSrvc.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x76E6F5B5-->00000000 [unknown_code_page]
[2676]LSSrvc.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x76E6BEAF-->00000000 [unknown_code_page]
[2676]LSSrvc.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x75D06DFA-->00000000 [unknown_code_page]
[2676]LSSrvc.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x75CE210A-->00000000 [unknown_code_page]
[2676]LSSrvc.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x75CE507E-->00000000 [unknown_code_page]
[2676]LSSrvc.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x75CDCC7B-->00000000 [unknown_code_page]
[2676]LSSrvc.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x75CDD924-->00000000 [unknown_code_page]
[2708]LMS.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x76E6F5B5-->00000000 [unknown_code_page]
[2708]LMS.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x76E6BEAF-->00000000 [unknown_code_page]
[2708]LMS.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x75D06DFA-->00000000 [unknown_code_page]
[2708]LMS.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x75CE210A-->00000000 [unknown_code_page]
[2708]LMS.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x75CE507E-->00000000 [unknown_code_page]
[2708]LMS.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x75CDCC7B-->00000000 [unknown_code_page]
[2708]LMS.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x75CDD924-->00000000 [unknown_code_page]
[2740]MDM.EXE-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x76E6F5B5-->00000000 [unknown_code_page]
[2740]MDM.EXE-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x76E6BEAF-->00000000 [unknown_code_page]
[2740]MDM.EXE-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x75D06DFA-->00000000 [unknown_code_page]
[2740]MDM.EXE-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x75CE210A-->00000000 [unknown_code_page]
[2740]MDM.EXE-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x75CE507E-->00000000 [unknown_code_page]
[2740]MDM.EXE-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x75CDCC7B-->00000000 [unknown_code_page]
[2740]MDM.EXE-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x75CDD924-->00000000 [unknown_code_page]
[2804]PsiService_2.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x76E6F5B5-->00000000 [unknown_code_page]
[2804]PsiService_2.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x76E6BEAF-->00000000 [unknown_code_page]
[2804]PsiService_2.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x75D06DFA-->00000000 [unknown_code_page]
[2804]PsiService_2.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x75CE210A-->00000000 [unknown_code_page]
[2804]PsiService_2.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x75CE507E-->00000000 [unknown_code_page]
[2804]PsiService_2.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x75CDCC7B-->00000000 [unknown_code_page]
[2804]PsiService_2.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x75CDD924-->00000000 [unknown_code_page]
[2812]svchost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x76E6F5B5-->00000000 [unknown_code_page]
[2812]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x76E6BEAF-->00000000 [unknown_code_page]
[2812]svchost.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x75D06DFA-->00000000 [unknown_code_page]
[2812]svchost.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x75CE210A-->00000000 [unknown_code_page]
[2812]svchost.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x75CE507E-->00000000 [unknown_code_page]
[2812]svchost.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x75CDCC7B-->00000000 [unknown_code_page]
[2812]svchost.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x75CDD924-->00000000 [unknown_code_page]
[2844]svchost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x76E6F5B5-->00000000 [unknown_code_page]
[2844]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x76E6BEAF-->00000000 [unknown_code_page]
[2892]uArcCapture.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x76E6F5B5-->00000000 [unknown_code_page]
[2892]uArcCapture.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x76E6BEAF-->00000000 [unknown_code_page]
[2892]uArcCapture.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x75D06DFA-->00000000 [unknown_code_page]
[2892]uArcCapture.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x75CE210A-->00000000 [unknown_code_page]
[2892]uArcCapture.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x75CE507E-->00000000 [unknown_code_page]
[2892]uArcCapture.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x75CDCC7B-->00000000 [unknown_code_page]
[2892]uArcCapture.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x75CDD924-->00000000 [unknown_code_page]
[2960]WLIDSVC.EXE-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x76E6F5B5-->00000000 [unknown_code_page]
[2960]WLIDSVC.EXE-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x76E6BEAF-->00000000 [unknown_code_page]
[2960]WLIDSVC.EXE-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x75D06DFA-->00000000 [unknown_code_page]
[2960]WLIDSVC.EXE-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x75CE210A-->00000000 [unknown_code_page]
[2960]WLIDSVC.EXE-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x75CE507E-->00000000 [unknown_code_page]
[2960]WLIDSVC.EXE-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x75CDCC7B-->00000000 [unknown_code_page]
[2960]WLIDSVC.EXE-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x75CDD924-->00000000 [unknown_code_page]
[2984]IAANTmon.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x76E6F5B5-->00000000 [unknown_code_page]
[2984]IAANTmon.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x76E6BEAF-->00000000 [unknown_code_page]
[2984]IAANTmon.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x75D06DFA-->00000000 [unknown_code_page]
[2984]IAANTmon.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x75CE210A-->00000000 [unknown_code_page]
[2984]IAANTmon.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x75CE507E-->00000000 [unknown_code_page]
[2984]IAANTmon.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x75CDCC7B-->00000000 [unknown_code_page]
[2984]IAANTmon.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x75CDD924-->00000000 [unknown_code_page]
[3036]WLIDSVCM.EXE-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x76E6F5B5-->00000000 [unknown_code_page]
[3036]WLIDSVCM.EXE-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x76E6BEAF-->00000000 [unknown_code_page]
[3036]WLIDSVCM.EXE-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x75D06DFA-->00000000 [unknown_code_page]
[3036]WLIDSVCM.EXE-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x75CE210A-->00000000 [unknown_code_page]
[3036]WLIDSVCM.EXE-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x75CE507E-->00000000 [unknown_code_page]
[3036]WLIDSVCM.EXE-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x75CDCC7B-->00000000 [unknown_code_page]
[3036]WLIDSVCM.EXE-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x75CDD924-->00000000 [unknown_code_page]
[3120]unsecapp.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x76E6F5B5-->00000000 [unknown_code_page]
[3120]unsecapp.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x76E6BEAF-->00000000 [unknown_code_page]
[3120]unsecapp.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x75D06DFA-->00000000 [unknown_code_page]
[3120]unsecapp.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x75CE210A-->00000000 [unknown_code_page]
[3120]unsecapp.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x75CE507E-->00000000 [unknown_code_page]
[3120]unsecapp.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x75CDCC7B-->00000000 [unknown_code_page]
[3120]unsecapp.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x75CDD924-->00000000 [unknown_code_page]
[3300]WmiPrvSE.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x76E6F5B5-->00000000 [unknown_code_page]
[3300]WmiPrvSE.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x76E6BEAF-->00000000 [unknown_code_page]
[3300]WmiPrvSE.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x75D06DFA-->00000000 [unknown_code_page]
[3300]WmiPrvSE.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x75CE210A-->00000000 [unknown_code_page]
[3300]WmiPrvSE.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x75CE507E-->00000000 [unknown_code_page]
[3300]WmiPrvSE.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x75CDCC7B-->00000000 [unknown_code_page]
[3300]WmiPrvSE.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x75CDD924-->00000000 [unknown_code_page]
[3548]svchost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x76E6F5B5-->00000000 [unknown_code_page]
[3548]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x76E6BEAF-->00000000 [unknown_code_page]
[3548]svchost.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x75D06DFA-->00000000 [unknown_code_page]
[3548]svchost.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x75CE210A-->00000000 [unknown_code_page]
[3548]svchost.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x75CE507E-->00000000 [unknown_code_page]
[3548]svchost.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x75CDCC7B-->00000000 [unknown_code_page]
[3548]svchost.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x75CDD924-->00000000 [unknown_code_page]
[3580]hpqWmiEx.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x76E6F5B5-->00000000 [unknown_code_page]
[3580]hpqWmiEx.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x76E6BEAF-->00000000 [unknown_code_page]
[3580]hpqWmiEx.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x75D06DFA-->00000000 [unknown_code_page]
[3580]hpqWmiEx.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x75CE210A-->00000000 [unknown_code_page]
[3580]hpqWmiEx.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x75CE507E-->00000000 [unknown_code_page]
[3580]hpqWmiEx.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x75CDCC7B-->00000000 [unknown_code_page]
[3580]hpqWmiEx.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x75CDD924-->00000000 [unknown_code_page]
[3636]SearchIndexer.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x76E6F5B5-->00000000 [unknown_code_page]
[3636]SearchIndexer.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x76E6BEAF-->00000000 [unknown_code_page]
[3636]SearchIndexer.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x75D06DFA-->00000000 [unknown_code_page]
[3636]SearchIndexer.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x75CE210A-->00000000 [unknown_code_page]
[3636]SearchIndexer.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x75CE507E-->00000000 [unknown_code_page]
[3636]SearchIndexer.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x75CDCC7B-->00000000 [unknown_code_page]
[3636]SearchIndexer.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x75CDD924-->00000000 [unknown_code_page]
[3852]wmpnetwk.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x76E6F5B5-->00000000 [unknown_code_page]
[3852]wmpnetwk.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x76E6BEAF-->00000000 [unknown_code_page]
[3852]wmpnetwk.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x75D06DFA-->00000000 [unknown_code_page]
[3852]wmpnetwk.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x75CE210A-->00000000 [unknown_code_page]
[3852]wmpnetwk.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x75CE507E-->00000000 [unknown_code_page]
[3852]wmpnetwk.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x75CDCC7B-->00000000 [unknown_code_page]
[3852]wmpnetwk.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x75CDD924-->00000000 [unknown_code_page]
[488]UNS.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x76E6F5B5-->00000000 [unknown_code_page]
[488]UNS.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x76E6BEAF-->00000000 [unknown_code_page]
[488]UNS.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x75D06DFA-->00000000 [unknown_code_page]
[488]UNS.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x75CE210A-->00000000 [unknown_code_page]
[488]UNS.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x75CE507E-->00000000 [unknown_code_page]
[488]UNS.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x75CDCC7B-->00000000 [unknown_code_page]
[488]UNS.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x75CDD924-->00000000 [unknown_code_page]
[528]wininit.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x76E6F5B5-->00000000 [unknown_code_page]
[528]wininit.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x76E6BEAF-->00000000 [unknown_code_page]
[528]wininit.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x75D06DFA-->00000000 [unknown_code_page]
[528]wininit.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x75CE210A-->00000000 [unknown_code_page]
[528]wininit.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x75CE507E-->00000000 [unknown_code_page]
[528]wininit.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x75CDCC7B-->00000000 [unknown_code_page]
[528]wininit.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x75CDD924-->00000000 [unknown_code_page]
[584]services.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x76E6F5B5-->00000000 [unknown_code_page]
[584]services.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x76E6BEAF-->00000000 [unknown_code_page]
[600]lsass.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x76E6F5B5-->00000000 [unknown_code_page]
[600]lsass.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x76E6BEAF-->00000000 [unknown_code_page]
[608]lsm.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x76E6F5B5-->00000000 [unknown_code_page]
[608]lsm.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x76E6BEAF-->00000000 [unknown_code_page]
[720]svchost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x76E6F5B5-->00000000 [unknown_code_page]
[720]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x76E6BEAF-->00000000 [unknown_code_page]
[804]jusched.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x76E6F5B5-->00000000 [unknown_code_page]
[804]jusched.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x76E6BEAF-->00000000 [unknown_code_page]
[804]jusched.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x75D06DFA-->00000000 [unknown_code_page]
[804]jusched.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x75CE210A-->00000000 [unknown_code_page]
[804]jusched.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x75CE507E-->00000000 [unknown_code_page]
[804]jusched.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x75CDCC7B-->00000000 [unknown_code_page]
[804]jusched.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x75CDD924-->00000000 [unknown_code_page]
[820]svchost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x76E6F5B5-->00000000 [unknown_code_page]
[820]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x76E6BEAF-->00000000 [unknown_code_page]
[884]svchost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x76E6F5B5-->00000000 [unknown_code_page]
[884]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x76E6BEAF-->00000000 [unknown_code_page]
[884]svchost.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x75D06DFA-->00000000 [unknown_code_page]
[884]svchost.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x75CE210A-->00000000 [unknown_code_page]
[884]svchost.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x75CE507E-->00000000 [unknown_code_page]
[884]svchost.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x75CDCC7B-->00000000 [unknown_code_page]
[884]svchost.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x75CDD924-->00000000 [unknown_code_page]
[920]svchost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x76E6F5B5-->00000000 [unknown_code_page]
[920]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x76E6BEAF-->00000000 [unknown_code_page]
[920]svchost.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x75D06DFA-->00000000 [unknown_code_page]
[920]svchost.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x75CE210A-->00000000 [unknown_code_page]
[920]svchost.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x75CE507E-->00000000 [unknown_code_page]
[920]svchost.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x75CDCC7B-->00000000 [unknown_code_page]
[920]svchost.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x75CDD924-->00000000 [unknown_code_page]
[956]svchost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x76E6F5B5-->00000000 [unknown_code_page]
[956]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x76E6BEAF-->00000000 [unknown_code_page]
[956]svchost.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x75D06DFA-->00000000 [unknown_code_page]
[956]svchost.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x75CE210A-->00000000 [unknown_code_page]
[956]svchost.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x75CE507E-->00000000 [unknown_code_page]
[956]svchost.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x75CDCC7B-->00000000 [unknown_code_page]
[956]svchost.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x75CDD924-->00000000 [unknown_code_page]
[992]stacsv.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x76E6F5B5-->00000000 [unknown_code_page]
[992]stacsv.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x76E6BEAF-->00000000 [unknown_code_page]
[992]stacsv.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x75D06DFA-->00000000 [unknown_code_page]
[992]stacsv.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x75CE210A-->00000000 [unknown_code_page]
[992]stacsv.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x75CE507E-->00000000 [unknown_code_page]
[992]stacsv.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x75CDCC7B-->00000000 [unknown_code_page]
[992]stacsv.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x75CDD924-->00000000 [unknown_code_page]

Attached Files



#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:06 PM

Posted 28 February 2011 - 09:19 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 imusewindows

imusewindows
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:06 PM

Posted 02 March 2011 - 06:08 AM

ComboFix 11-03-01.03 - User 2011-03-02 11:57:07.1.4 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.48.1045.18.2934.1986 [GMT 1:00]
Uruchomiony z: c:\users\User\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Pliki utworzone od 2011-02-02 do 2011-03-02 )))))))))))))))))))))))))))))))
.

2011-03-02 11:02 . 2011-03-02 11:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-01 13:39 . 2011-02-11 06:54 5943120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4582E74E-9C1F-45AE-B654-0053B2C643B0}\mpengine.dll
2011-02-28 19:27 . 2011-02-28 19:27 -------- d--h--w- c:\windows\PIF
2011-02-28 15:14 . 2011-02-28 15:14 -------- d-----w- C:\rsit
2011-02-28 15:09 . 2011-02-28 15:14 -------- d-----w- c:\program files\trend micro
2011-02-27 10:26 . 2011-02-27 11:01 -------- d-----w- c:\users\User\AppData\Local\Last.fm
2011-02-26 17:37 . 2011-02-26 17:37 -------- d-----w- c:\program files\PlayReady
2011-02-26 17:21 . 2011-02-26 17:21 -------- d-----w- c:\users\User\AppData\Roaming\RDRM
2011-02-26 17:21 . 2011-02-26 17:38 -------- d-----w- c:\users\User\AppData\Roaming\ipla
2011-02-26 17:21 . 2011-02-26 17:37 -------- d-----w- c:\programdata\ipla
2011-02-26 17:20 . 2011-02-26 17:21 -------- d-----w- c:\program files\ipla
2011-02-26 17:20 . 2011-02-26 17:20 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2011-02-23 17:23 . 2011-02-23 14:56 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-02-23 14:19 . 2010-09-14 06:07 276992 ----a-w- c:\windows\system32\wcncsvc.dll
2011-02-23 11:38 . 2011-01-07 07:31 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2011-02-23 11:38 . 2011-01-07 07:31 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-21 17:03 . 2011-02-21 17:03 -------- d-----w- c:\users\User\AppData\Local\Adobe
2011-02-21 15:23 . 2011-02-21 15:23 -------- d-----w- c:\program files\Common Files\Java
2011-02-21 09:57 . 2011-02-21 09:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-18 16:19 . 2011-02-18 16:19 -------- d-----w- c:\users\User\DoctorWeb
2011-02-15 18:47 . 2011-03-02 10:50 -------- d-----w- c:\windows\system32\wbem\repository
2011-02-10 14:50 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-10 14:50 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-10 08:23 . 2011-01-05 03:37 2329088 ----a-w- c:\windows\system32\win32k.sys
2011-02-10 08:23 . 2011-01-05 05:37 428032 ----a-w- c:\windows\system32\vbscript.dll
2011-02-10 08:23 . 2010-12-18 05:29 541184 ----a-w- c:\windows\system32\kerberos.dll
2011-02-02 11:11 . 2010-12-21 22:41 80896 ----a-w- c:\windows\system32\ff_vfw.dll
2011-02-02 11:11 . 2011-02-02 11:11 -------- d-----w- c:\program files\ffdshow
2011-02-02 10:16 . 2011-02-02 10:16 -------- d-----w- c:\program files\Common Files\Skype
2011-02-01 18:34 . 2011-02-01 18:38 -------- d-----w- c:\users\User\AbiSuite
2011-01-31 19:04 . 2011-01-31 19:04 -------- d-----w- c:\programdata\eMule
2011-01-31 19:03 . 2011-01-31 19:03 -------- d-----w- c:\users\User\AppData\Local\eMule
2011-01-31 19:03 . 2011-01-31 19:03 -------- d-----w- c:\program files\eMule
2011-01-31 11:28 . 2011-01-31 11:28 -------- d-----w- c:\users\User\AppData\Roaming\Malwarebytes
2011-01-31 11:28 . 2011-01-31 11:28 -------- d-----w- c:\programdata\Malwarebytes

.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-23 15:04 . 2010-07-23 14:15 40648 ----a-w- c:\windows\avastSS.scr
2011-02-23 15:04 . 2010-07-23 14:15 190016 ----a-w- c:\windows\system32\aswBoot.exe
2011-02-23 14:56 . 2010-07-23 14:15 301528 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-02-23 14:55 . 2010-07-23 14:15 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-02-23 14:55 . 2010-07-23 14:15 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-02-23 14:55 . 2010-07-23 14:15 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-02-23 14:54 . 2010-07-23 14:15 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-02-02 20:40 . 2010-06-07 12:47 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-02 16:11 . 2010-05-27 13:14 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-12-11 14:40 . 2010-12-11 14:40 98304 ----a-w- c:\users\User\pkcs11wrapper.dll
.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 15:04 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-25 186904]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2009-12-16 8192]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-12-17 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-12-17 175640]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-12-17 166936]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-12-03 495711]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-02-23 3451496]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"HPPowerAssistant"="c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe" [2010-08-23 1691192]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-15 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 KMService;KMService;c:\windows\system32\srvany.exe [2010-09-14 8192]
R3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt [x]
R3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2009-10-03 6114816]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-11-11 181792]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-12-20 249888]
R3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-26 1343400]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9fc8b38ddee9fbba\aestsrv.exe [2009-03-03 81920]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-02-23 53592]
S2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2010-08-23 103992]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2009-12-16 102968]
S2 HPDayStarterService;HP DayStarter Service;c:\program files\Hewlett-Packard\HP QuickLook\HPDayStarterService.exe [2010-01-07 81920]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216]
S2 hpHotkeyMonitor;HP Hotkey Monitor;c:\program files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [2010-01-05 264248]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2010-06-15 26168]
S2 uArcCapture;ArcCapture;c:\windows\system32\uArcCapture.exe [2009-12-04 506472]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-11-04 2320920]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2009-12-14 1639728]
S3 ARCVCAM;ARCVCAM, ArcSoft Webcam Sharing Manager Driver;c:\windows\system32\DRIVERS\ArcSoftVCapture.sys [2009-12-04 29824]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-09-17 29472]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-26 125696]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2009-10-30 209920]
S3 rtsuvc;HP Webcam [2 MP Fixed];c:\windows\system32\DRIVERS\rtsuvc.sys [2009-12-22 21:37 73344]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 20:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Zawartość folderu 'Zaplanowane zadania'

2011-02-22 c:\windows\Tasks\HPCeeScheduleForUser.job
- c:\program files\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 12:22]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.google.pl/
mStart Page = hxxp://www.bing.com
IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Wyślij obraz do urządzenia &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Wyślij stronę do urządzenia &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
.
- - - - USUNIĘTO PUSTE WPISY - - - -

HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{08DB3902-2CE0-474D-BCE3-0177766CE9F1} - c:\program files\InstallShield Installation Information\{08DB3902-2CE0-474D-BCE3-0177766CE9F1}\setup.exe



[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt"
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Czas ukończenia: 2011-03-02 12:03:53
ComboFix-quarantined-files.txt 2011-03-02 11:03

Przed: 262 326 697 984 bajtów wolnych
Po: 262 005 415 936 bajtów wolnych

- - End Of File - - 5793C5F60B97766DA4D92338B20E7BA1

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:06 PM

Posted 02 March 2011 - 11:36 AM

Hello

How is the computer doing at this time??

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 imusewindows

imusewindows
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:06 PM

Posted 02 March 2011 - 12:56 PM

not found virus
Still the same

Attached Files


Edited by imusewindows, 02 March 2011 - 01:08 PM.


#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:06 PM

Posted 02 March 2011 - 01:10 PM

we are going to check the router

Create and Run Batch File
Open Notepad and copy/paste the entire contents of the codebox below, into Notepad:
@echo off
>Log1.txt (
ipconfig /all
nslookup google.com
nslookup yahoo.com
ping -n 2 google.com
ping -n 2 yahoo.com
route print
)
start Log1.txt
del %0
Save this as router.bat Choose to Save type as - All Files and where to save - Desktop - then close the Notepad file.

It should look like this: Posted Image <--XP
Double-click on router.bat to run it. it will open notepad when done please post back the results
gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 imusewindows

imusewindows
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:06 PM

Posted 03 March 2011 - 07:56 AM

Konfiguracja IP systemu Windows

Nazwa hosta . . . . . . . . . . . : User-HP
Sufiks podstawowej domeny DNS . . :
Typ w©zˆa . . . . . . . . . . . . : Hybrydowy
Routing IP wˆĄczony . . . . . . . : Nie
Serwer WINS Proxy wˆĄczony. . . . : Nie

Karta bezprzewodowej sieci LAN PoˆĄczenie sieci bezprzewodowej 2:

Stan no˜nika . . . . . . . . . . .: No˜nik odˆĄczony
Sufiks DNS konkretnego poˆĄczenia :
Opis. . . . . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Adres fizyczny. . . . . . . . . . : 76-1A-04-F9-BC-59
DHCP wˆĄczone . . . . . . . . . . : Tak
Autokonfiguracja wˆĄczona . . . . : Tak

Karta Ethernet PoˆĄczenie sieciowe Bluetooth:

Stan no˜nika . . . . . . . . . . .: No˜nik odˆĄczony
Sufiks DNS konkretnego poˆĄczenia :
Opis. . . . . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
Adres fizyczny. . . . . . . . . . : 00-27-13-A5-A6-DA
DHCP wˆĄczone . . . . . . . . . . : Tak
Autokonfiguracja wˆĄczona . . . . : Tak

Karta bezprzewodowej sieci LAN PoˆĄczenie sieci bezprzewodowej:

Sufiks DNS konkretnego poˆĄczenia :
Opis. . . . . . . . . . . . . . . : Atheros AR9285 802.11b/g/n WiFi Adapter
Adres fizyczny. . . . . . . . . . : 70-1A-04-F9-BC-59
DHCP wˆĄczone . . . . . . . . . . : Tak
Autokonfiguracja wˆĄczona . . . . : Tak
Adres IPv4. . . . . . . . . . . . . : 192.168.1.2(Preferowane)
Maska podsieci. . . . . . . . . . : 255.255.255.0
Dzierľawa uzyskana. . . . . . . . : 3 marca 2011 13:48:39
Dzierľawa wygasa. . . . . . . . . : 6 marca 2011 13:48:43
Brama domy˜lna. . . . . . . . . . : 192.168.1.1
Serwer DHCP . . . . . . . . . . . : 192.168.1.1
Serwery DNS . . . . . . . . . . . : 173.193.227.124
173.192.105.217
NetBIOS przez Tcpip . . . . . . . : WˆĄczony

Karta tunelowa PoˆĄczenie lokalne* 9:

Stan no˜nika . . . . . . . . . . .: No˜nik odˆĄczony
Sufiks DNS konkretnego poˆĄczenia :
Opis. . . . . . . . . . . . . . . : Microsoft 6to4 Adapter
Adres fizyczny. . . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP wˆĄczone . . . . . . . . . . : Nie
Autokonfiguracja wˆĄczona . . . . : Tak

Karta tunelowa isatap.{1EE82BE7-6568-4653-9C49-3499D8E9480E}:

Stan no˜nika . . . . . . . . . . .: No˜nik odˆĄczony
Sufiks DNS konkretnego poˆĄczenia :
Opis. . . . . . . . . . . . . . . : Karta Microsoft ISATAP
Adres fizyczny. . . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP wˆĄczone . . . . . . . . . . : Nie
Autokonfiguracja wˆĄczona . . . . : Tak

Karta tunelowa Teredo Tunneling Pseudo-Interface:

Sufiks DNS konkretnego poˆĄczenia :
Opis. . . . . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Adres fizyczny. . . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP wˆĄczone . . . . . . . . . . : Nie
Autokonfiguracja wˆĄczona . . . . : Tak
Adres IPv6. . . . . . . . . . . . : 2001:0:4137:9e76:c2:3e85:3f57:fefd(Preferowane)
Adres IPv6 poˆĄczenia lokalnego . : fe80::c2:3e85:3f57:fefd%21(Preferowane)
Brama domy˜lna. . . . . . . . . . : ::
NetBIOS przez Tcpip . . . . . . . : WyˆĄczony
Serwer: 173.193.227.124-static.reverse.softlayer.com
Address: 173.193.227.124

Nazwa: google.com
Addresses: 209.85.147.99
209.85.147.103
209.85.147.104
209.85.147.105
209.85.147.106
209.85.147.147

Serwer: 173.193.227.124-static.reverse.softlayer.com
Address: 173.193.227.124

Nazwa: yahoo.com
Addresses: 98.137.149.56
209.191.122.70
67.195.160.76
69.147.125.65
72.30.2.43


Badanie google.com [209.85.147.103] z 32 bajtami danych:
Odpowied« z 209.85.147.103: bajt˘w=32 czas=66ms TTL=54
Odpowied« z 209.85.147.103: bajt˘w=32 czas=65ms TTL=53

Statystyka badania ping dla 209.85.147.103:
Pakiety: Wysˆane = 2, Odebrane = 2, Utracone = 0
(0% straty),
Szacunkowy czas bˆĄdzenia pakiet˘w w millisekundach:
Minimum = 65 ms, Maksimum = 66 ms, Czas ˜redni = 65 ms

Badanie yahoo.com [72.30.2.43] z 32 bajtami danych:
Odpowied« z 72.30.2.43: bajt˘w=32 czas=212ms TTL=53
Odpowied« z 72.30.2.43: bajt˘w=32 czas=212ms TTL=53

Statystyka badania ping dla 72.30.2.43:
Pakiety: Wysˆane = 2, Odebrane = 2, Utracone = 0
(0% straty),
Szacunkowy czas bˆĄdzenia pakiet˘w w millisekundach:
Minimum = 212 ms, Maksimum = 212 ms, Czas ˜redni = 212 ms
===========================================================================
Lista interfejs˘w
16...76 1a 04 f9 bc 59 ......Microsoft Virtual WiFi Miniport Adapter
14...00 27 13 a5 a6 da ......Bluetooth Device (Personal Area Network)
11...70 1a 04 f9 bc 59 ......Atheros AR9285 802.11b/g/n WiFi Adapter
1...........................Software Loopback Interface 1
13...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
22...00 00 00 00 00 00 00 e0 Karta Microsoft ISATAP
21...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

Tabela tras IPv4
===========================================================================
Aktywne trasy:
Miejsce docelowe w sieci Maska sieci Brama Interfejs Metryka
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.2 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.2 281
192.168.1.2 255.255.255.255 On-link 192.168.1.2 281
192.168.1.255 255.255.255.255 On-link 192.168.1.2 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.2 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.2 281
===========================================================================
Trasy trwaˆe:
Brak

Tabela tras IPv6
===========================================================================
Aktywne trasy:
Je˜li Metryka Miejsce docelowe w sieci Brama
21 58 ::/0 On-link
1 306 ::1/128 On-link
21 58 2001::/32 On-link
21 306 2001:0:4137:9e76:c2:3e85:3f57:fefd/128
On-link
21 306 fe80::/64 On-link
21 306 fe80::c2:3e85:3f57:fefd/128
On-link
1 306 ff00::/8 On-link
21 306 ff00::/8 On-link
===========================================================================
Trasy trwaˆe:
Brak

#12 imusewindows

imusewindows
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:06 PM

Posted 03 March 2011 - 01:09 PM

On my second computer connected to the router have the same problem


Konfiguracja IP systemu Windows



Nazwa hosta . . . . . . . . . . . : PCXP

Sufiks podstawowej domeny DNS . . . . . . :

Typ węzła . . . . . . . . . . . . : Nieznany

Routing IP włączony . . . . . . . : Nie

Serwer WINS Proxy włączony. . . . : Nie



Karta Ethernet Połączenie lokalne:



Sufiks DNS konkretnego połączenia :

Opis . . . . . . . . . . . . . . : NVIDIA nForce Networking Controller

Adres fizyczny. . . . . . . . . . : 00-13-8F-18-39-43

DHCP włączone . . . . . . . . . . : Nie

Adres IP. . . . . . . . . . . . . : 192.168.1.10

Maska podsieci. . . . . . . . . . : 255.255.255.0

Brama domyślna. . . . . . . . . . : 192.168.1.1

Serwery DNS . . . . . . . . . . . : 192.168.1.1

NetBIOS przez Tcpip . . . . . . . : Wyłączony

Serwer: UnKnown
Address: 192.168.1.1

Nazwa: google.com
Addresses: 209.85.147.105, 209.85.147.106, 209.85.147.147, 209.85.147.99
209.85.147.103, 209.85.147.104

Serwer: UnKnown
Address: 192.168.1.1

Nazwa: yahoo.com
Addresses: 209.191.122.70, 67.195.160.76, 69.147.125.65, 72.30.2.43
98.137.149.56



Badanie google.com [209.85.147.99] z uľyciem 32 bajt˘w danych:



Odpowied« z 209.85.147.99: bajt˘w=32 czas=65ms TTL=55

Odpowied« z 209.85.147.99: bajt˘w=32 czas=65ms TTL=55



Statystyka badania ping dla 209.85.147.99:

Pakiety: Wysˆane = 2, Odebrane = 2, Utracone = 0 (0% straty),

Szacunkowy czas bˆĄdzenia pakiet˘w w millisekundach:

Minimum = 65 ms, Maksimum = 65 ms, Czas ˜redni = 65 ms



Badanie yahoo.com [98.137.149.56] z uľyciem 32 bajt˘w danych:



Odpowied« z 98.137.149.56: bajt˘w=32 czas=220ms TTL=52

Odpowied« z 98.137.149.56: bajt˘w=32 czas=275ms TTL=52



Statystyka badania ping dla 98.137.149.56:

Pakiety: Wysˆane = 2, Odebrane = 2, Utracone = 0 (0% straty),

Szacunkowy czas bˆĄdzenia pakiet˘w w millisekundach:

Minimum = 220 ms, Maksimum = 275 ms, Czas ˜redni = 247 ms

===========================================================================
Lista interfejs˘w
0x1 ........................... MS TCP Loopback interface
0x2 ...00 13 8f 18 39 43 ...... NVIDIA nForce Networking Controller - Sterownik miniport Harmonogramu pakietów
===========================================================================
===========================================================================
Aktywne trasy:
Miejsce docelowe w sieci Maska sieci Brama Interfejs Metryka
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.10 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.10 192.168.1.10 20
192.168.1.10 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.10 192.168.1.10 20
224.0.0.0 240.0.0.0 192.168.1.10 192.168.1.10 20
255.255.255.255 255.255.255.255 192.168.1.10 192.168.1.10 1
Domy˜lna brama: 192.168.1.1.
===========================================================================
Trasy trwaˆe:
Brak

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:06 PM

Posted 03 March 2011 - 06:31 PM

Resetting Router

Let’s try to reset the router to its default configuration.
  • This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router.
  • Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds).
  • If you don’t know the router's default password, you can look it up. Here
  • You also need to reconfigure any security settings you had in place prior to the reset.
  • You may also need to consult with your Internet service provider to find out which DNS servers your network should be using or you can use OpenDNS
Note: After resetting your router, it is important to set a non-default password, and if possible, username, on the router. This will assist in eliminating the possibility of the router being hijacked again.

flush the DNS:

Now lets flush the DNS on the computer:

  • click on Start
  • select run
  • enter cmd and hit enter
  • a black window will open.
  • please enter the following text into that window and hit enter:


    ipconfig /flushdns

Now lets check the router again

Create and Run Batch File
Open Notepad and copy/paste the entire contents of the codebox below, into Notepad:
@echo off
>Log1.txt (
ipconfig /all
nslookup google.com
nslookup yahoo.com
ping -n 2 google.com
ping -n 2 yahoo.com
route print
)
start Log1.txt
del %0
Save this as router.bat Choose to Save type as - All Files and where to save - Desktop - then close the Notepad file.

It should look like this: Posted Image <--XP
Double-click on router.bat to run it. it will open notepad when done please post back the results

gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 imusewindows

imusewindows
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:06 PM

Posted 05 March 2011 - 04:20 AM

Konfiguracja IP systemu Windows

Nazwa hosta . . . . . . . . . . . : User-HP
Sufiks podstawowej domeny DNS . . :
Typ w©zˆa . . . . . . . . . . . . : Hybrydowy
Routing IP wˆĄczony . . . . . . . : Nie
Serwer WINS Proxy wˆĄczony. . . . : Nie

Karta bezprzewodowej sieci LAN PoˆĄczenie sieci bezprzewodowej 2:

Stan no˜nika . . . . . . . . . . .: No˜nik odˆĄczony
Sufiks DNS konkretnego poˆĄczenia :
Opis. . . . . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Adres fizyczny. . . . . . . . . . : 76-1A-04-F9-BC-59
DHCP wˆĄczone . . . . . . . . . . : Tak
Autokonfiguracja wˆĄczona . . . . : Tak

Karta Ethernet PoˆĄczenie sieciowe Bluetooth:

Stan no˜nika . . . . . . . . . . .: No˜nik odˆĄczony
Sufiks DNS konkretnego poˆĄczenia :
Opis. . . . . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
Adres fizyczny. . . . . . . . . . : 00-27-13-A5-A6-DA
DHCP wˆĄczone . . . . . . . . . . : Tak
Autokonfiguracja wˆĄczona . . . . : Tak

Karta bezprzewodowej sieci LAN PoˆĄczenie sieci bezprzewodowej:

Sufiks DNS konkretnego poˆĄczenia :
Opis. . . . . . . . . . . . . . . : Atheros AR9285 802.11b/g/n WiFi Adapter
Adres fizyczny. . . . . . . . . . : 70-1A-04-F9-BC-59
DHCP wˆĄczone . . . . . . . . . . : Tak
Autokonfiguracja wˆĄczona . . . . : Tak
Adres IPv4. . . . . . . . . . . . . : 192.168.1.2(Preferowane)
Maska podsieci. . . . . . . . . . : 255.255.255.0
Dzierľawa uzyskana. . . . . . . . : 5 marca 2011 08:33:54
Dzierľawa wygasa. . . . . . . . . : 8 marca 2011 08:33:58
Brama domy˜lna. . . . . . . . . . : 192.168.1.1
Serwer DHCP . . . . . . . . . . . : 192.168.1.1
Serwery DNS . . . . . . . . . . . : 192.168.1.1
NetBIOS przez Tcpip . . . . . . . : WˆĄczony

Karta tunelowa PoˆĄczenie lokalne* 9:

Stan no˜nika . . . . . . . . . . .: No˜nik odˆĄczony
Sufiks DNS konkretnego poˆĄczenia :
Opis. . . . . . . . . . . . . . . : Microsoft 6to4 Adapter
Adres fizyczny. . . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP wˆĄczone . . . . . . . . . . : Nie
Autokonfiguracja wˆĄczona . . . . : Tak

Karta tunelowa isatap.{1EE82BE7-6568-4653-9C49-3499D8E9480E}:

Stan no˜nika . . . . . . . . . . .: No˜nik odˆĄczony
Sufiks DNS konkretnego poˆĄczenia :
Opis. . . . . . . . . . . . . . . : Karta Microsoft ISATAP
Adres fizyczny. . . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP wˆĄczone . . . . . . . . . . : Nie
Autokonfiguracja wˆĄczona . . . . : Tak

Karta tunelowa Teredo Tunneling Pseudo-Interface:

Sufiks DNS konkretnego poˆĄczenia :
Opis. . . . . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Adres fizyczny. . . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP wˆĄczone . . . . . . . . . . : Nie
Autokonfiguracja wˆĄczona . . . . : Tak
Adres IPv6. . . . . . . . . . . . : 2001:0:5ef5:79fd:5a:205a:3f57:fefd(Preferowane)
Adres IPv6 poˆĄczenia lokalnego . : fe80::5a:205a:3f57:fefd%21(Preferowane)
Brama domy˜lna. . . . . . . . . . : ::
NetBIOS przez Tcpip . . . . . . . : WyˆĄczony

Karta tunelowa isatap.{5012D2B3-E302-499D-9AC4-1B4E291860A3}:

Stan no˜nika . . . . . . . . . . .: No˜nik odˆĄczony
Sufiks DNS konkretnego poˆĄczenia :
Opis. . . . . . . . . . . . . . . : Karta Microsoft ISATAP #3
Adres fizyczny. . . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP wˆĄczone . . . . . . . . . . : Nie
Autokonfiguracja wˆĄczona . . . . : Tak

Karta tunelowa isatap.{D446FC32-8BA9-4CCB-8EB9-FDAD0A0277D6}:

Stan no˜nika . . . . . . . . . . .: No˜nik odˆĄczony
Sufiks DNS konkretnego poˆĄczenia :
Opis. . . . . . . . . . . . . . . : Karta Microsoft ISATAP #4
Adres fizyczny. . . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP wˆĄczone . . . . . . . . . . : Nie
Autokonfiguracja wˆĄczona . . . . : Tak
Serwer: UnKnown
Address: 192.168.1.1

Nazwa: google.com
Addresses: 74.125.230.84
74.125.230.83
74.125.230.82
74.125.230.81
74.125.230.80

Serwer: UnKnown
Address: 192.168.1.1

Nazwa: yahoo.com
Addresses: 98.137.149.56
209.191.122.70
67.195.160.76
69.147.125.65
72.30.2.43


Badanie google.com [74.125.230.82] z 32 bajtami danych:
Odpowied« z 74.125.230.82: bajt˘w=32 czas=61ms TTL=55
Odpowied« z 74.125.230.82: bajt˘w=32 czas=54ms TTL=56

Statystyka badania ping dla 74.125.230.82:
Pakiety: Wysˆane = 2, Odebrane = 2, Utracone = 0
(0% straty),
Szacunkowy czas bˆĄdzenia pakiet˘w w millisekundach:
Minimum = 54 ms, Maksimum = 61 ms, Czas ˜redni = 57 ms

Badanie yahoo.com [98.137.149.56] z 32 bajtami danych:
Odpowied« z 98.137.149.56: bajt˘w=32 czas=210ms TTL=52
Odpowied« z 98.137.149.56: bajt˘w=32 czas=209ms TTL=52

Statystyka badania ping dla 98.137.149.56:
Pakiety: Wysˆane = 2, Odebrane = 2, Utracone = 0
(0% straty),
Szacunkowy czas bˆĄdzenia pakiet˘w w millisekundach:
Minimum = 209 ms, Maksimum = 210 ms, Czas ˜redni = 209 ms
===========================================================================
Lista interfejs˘w
16...76 1a 04 f9 bc 59 ......Microsoft Virtual WiFi Miniport Adapter
14...00 27 13 a5 a6 da ......Bluetooth Device (Personal Area Network)
11...70 1a 04 f9 bc 59 ......Atheros AR9285 802.11b/g/n WiFi Adapter
1...........................Software Loopback Interface 1
13...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
22...00 00 00 00 00 00 00 e0 Karta Microsoft ISATAP
21...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
33...00 00 00 00 00 00 00 e0 Karta Microsoft ISATAP #3
34...00 00 00 00 00 00 00 e0 Karta Microsoft ISATAP #4
===========================================================================

Tabela tras IPv4
===========================================================================
Aktywne trasy:
Miejsce docelowe w sieci Maska sieci Brama Interfejs Metryka
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.2 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.2 281
192.168.1.2 255.255.255.255 On-link 192.168.1.2 281
192.168.1.255 255.255.255.255 On-link 192.168.1.2 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.2 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.2 281
===========================================================================
Trasy trwaˆe:
Brak

Tabela tras IPv6
===========================================================================
Aktywne trasy:
Je˜li Metryka Miejsce docelowe w sieci Brama
21 58 ::/0 On-link
1 306 ::1/128 On-link
21 58 2001::/32 On-link
21 306 2001:0:5ef5:79fd:5a:205a:3f57:fefd/128
On-link
21 306 fe80::/64 On-link
21 306 fe80::5a:205a:3f57:fefd/128
On-link
1 306 ff00::/8 On-link
21 306 ff00::/8 On-link
===========================================================================
Trasy trwaˆe:
Brak

I guess is ok

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:06 PM

Posted 05 March 2011 - 09:31 AM

How are the redirects now?


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users