Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect fixed ( I think) but still experiencing blue screen of death


  • This topic is locked This topic is locked
2 replies to this topic

#1 Glow Of Love

Glow Of Love

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:08:10 AM

Posted 11 April 2011 - 05:32 PM

Hi there.

This all began when my Mcafee software seemed to be working but somehow the firewall had stopped working and I didn't know it. I downloaded something (because I had no idea my firewall was down)and BAM! I started having blue screen restarts, google search redirects, and my machine began running veeery slowly. So I uninstalled Mcaffee because it was a 60 day trial and I knew no way of unistalling it. So I have here Avast pro now. It found and removed some things and scans with no results anymore, as does Malwarebytes. I just don't know what else to do. I am a part time graphic designer at home and I can't finifhs the work I am into for my clients if my computer gives up on me!

Thanks for listening,

Vicky

here are my logs:
GMER 1.0.15.15570 - http://www.gmer.net
Rootkit scan 2011-04-11 16:49:51
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdePort0 FUJITSU_MHZ2160BH_G1 rev.0040020C
Running: gmer.exe; Driver: C:\Users\user\AppData\Local\Temp\kxldapob.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x8E62F9CA]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x8F12AA68]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x8E631EAC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x8E631F04]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x8E63201A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x8E631E02]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x8E631F54]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x8E631E56]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x8E631FC8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x8E62F9EE]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x8F12AB18]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x8E62F7B8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x8E62FA12]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x8E632412]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x8E6304AA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x8E631EDC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x8E631F2C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x8E632044]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x8E631E2E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x8E631F94]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x8E631E84]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x8E631FF2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x8F12ABB0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x8E630370]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x8E62FA36]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x8E62FA5A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x8E62F812]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x8E62F94E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x8E62F92A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x8E62F972]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x8E62FA7E]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13BD 8308F589 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 830B4092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 214 830BB824 4 Bytes [CA, F9, 62, 8E]
.text ntkrnlpa.exe!RtlSidHashLookup + 23C 830BB84C 4 Bytes [68, AA, 12, 8F]
.text ntkrnlpa.exe!RtlSidHashLookup + 2F0 830BB900 8 Bytes [AC, 1E, 63, 8E, 04, 1F, 63, ...] {LODSB ; PUSH DS; ARPL [ESI-0x719ce0fc], CX}
.text ntkrnlpa.exe!RtlSidHashLookup + 2FC 830BB90C 4 Bytes [1A, 20, 63, 8E]
.text ntkrnlpa.exe!RtlSidHashLookup + 318 830BB928 4 Bytes [02, 1E, 63, 8E]
.text ...
.text user32.dll!UnhookWindowsHookEx 7765CC7B 5 Bytes JMP 00250120
.text user32.dll!UnhookWinEvent 7765D924 5 Bytes JMP 0025006C
.text user32.dll!SetWindowsHookExW 7766210A 5 Bytes JMP 002500E4
.text user32.dll!SetWinEventHook 7766507E 5 Bytes JMP 00250030
.text user32.dll!SetWindowsHookExA 77686DFA 5 Bytes JMP 002500A8

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\System32\igfxpers.exe[112] ntdll.dll!LdrUnloadDll 7797BEAF 5 Bytes JMP 0016006C
.text C:\Windows\System32\igfxpers.exe[112] ntdll.dll!LdrLoadDll 7797F5B5 5 Bytes JMP 00160030
.text C:\Windows\System32\igfxpers.exe[112] USER32.dll!UnhookWindowsHookEx 7765CC7B 5 Bytes JMP 00240120
.text C:\Windows\System32\igfxpers.exe[112] USER32.dll!UnhookWinEvent 7765D924 5 Bytes JMP 0024006C
.text C:\Windows\System32\igfxpers.exe[112] USER32.dll!SetWindowsHookExW 7766210A 5 Bytes JMP 002400E4
.text C:\Windows\System32\igfxpers.exe[112] USER32.dll!SetWinEventHook 7766507E 5 Bytes JMP 00240030
.text C:\Windows\System32\igfxpers.exe[112] USER32.dll!SetWindowsHookExA 77686DFA 5 Bytes JMP 002400A8
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[276] ntdll.dll!LdrUnloadDll 7797BEAF 5 Bytes JMP 0016006C
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[276] ntdll.dll!LdrLoadDll 7797F5B5 5 Bytes JMP 00160030
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[276] USER32.dll!UnhookWindowsHookEx 7765CC7B 5 Bytes JMP 00340120
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[276] USER32.dll!UnhookWinEvent 7765D924 5 Bytes JMP 0034006C
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[276] USER32.dll!SetWindowsHookExW 7766210A 5 Bytes JMP 003400E4
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[276] USER32.dll!SetWinEventHook 7766507E 5 Bytes JMP 00340030
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[276] USER32.dll!SetWindowsHookExA 77686DFA 5 Bytes JMP 003400A8
.text C:\Windows\system32\svchost.exe[328] ntdll.dll!LdrUnloadDll 7797BEAF 5 Bytes JMP 0006006C
.text C:\Windows\system32\svchost.exe[328] ntdll.dll!LdrLoadDll 7797F5B5 5 Bytes JMP 00060030
.text C:\Windows\system32\svchost.exe[328] USER32.dll!UnhookWindowsHookEx 7765CC7B 5 Bytes JMP 00170120
.text C:\Windows\system32\svchost.exe[328] USER32.dll!UnhookWinEvent 7765D924 5 Bytes JMP 0017006C
.text C:\Windows\system32\svchost.exe[328] USER32.dll!SetWindowsHookExW 7766210A 5 Bytes JMP 001700E4
.text C:\Windows\system32\svchost.exe[328] USER32.dll!SetWinEventHook 7766507E 5 Bytes JMP 00170030
.text C:\Windows\system32\svchost.exe[328] USER32.dll!SetWindowsHookExA 77686DFA 5 Bytes JMP 001700A8
.text C:\Windows\system32\SearchIndexer.exe[332] ntdll.dll!LdrUnloadDll 7797BEAF 5 Bytes JMP 0006006C
.text C:\Windows\system32\SearchIndexer.exe[332] ntdll.dll!LdrLoadDll 7797F5B5 5 Bytes JMP 00060030
.text C:\Windows\system32\SearchIndexer.exe[332] USER32.dll!UnhookWindowsHookEx 7765CC7B 5 Bytes JMP 00130120
.text C:\Windows\system32\SearchIndexer.exe[332] USER32.dll!UnhookWinEvent 7765D924 5 Bytes JMP 0013006C
.text C:\Windows\system32\SearchIndexer.exe[332] USER32.dll!SetWindowsHookExW 7766210A 5 Bytes JMP 001300E4
.text C:\Windows\system32\SearchIndexer.exe[332] USER32.dll!SetWinEventHook 7766507E 5 Bytes JMP 00130030
.text C:\Windows\system32\SearchIndexer.exe[332] USER32.dll!SetWindowsHookExA 77686DFA 5 Bytes JMP 001300A8
.text C:\Program Files\Free Desktop Clock\DesktopClock.exe[368] ntdll.dll!LdrUnloadDll 7797BEAF 5 Bytes JMP 0016006C
.text C:\Program Files\Free Desktop Clock\DesktopClock.exe[368] ntdll.dll!LdrLoadDll 7797F5B5 5 Bytes JMP 00160030
.text C:\Program Files\Free Desktop Clock\DesktopClock.exe[368] user32.dll!UnhookWindowsHookEx 7765CC7B 5 Bytes JMP 00250120
.text C:\Program Files\Free Desktop Clock\DesktopClock.exe[368] user32.dll!UnhookWinEvent 7765D924 5 Bytes JMP 0025006C
.text C:\Program Files\Free Desktop Clock\DesktopClock.exe[368] user32.dll!SetWindowsHookExW 7766210A 5 Bytes JMP 002500E4
.text C:\Program Files\Free Desktop Clock\DesktopClock.exe[368] user32.dll!SetWinEventHook 7766507E 5 Bytes JMP 00250030
.text C:\Program Files\Free Desktop Clock\DesktopClock.exe[368] user32.dll!SetWindowsHookExA 77686DFA 5 Bytes JMP 002500A8
.text C:\Windows\system32\wininit.exe[412] ntdll.dll!LdrUnloadDll 7797BEAF 5 Bytes JMP 0003006C
.text C:\Windows\system32\wininit.exe[412] ntdll.dll!LdrLoadDll 7797F5B5 5 Bytes JMP 00030030
.text C:\Windows\system32\wininit.exe[412] USER32.dll!UnhookWindowsHookEx 7765CC7B 5 Bytes JMP 000F0120
.text C:\Windows\system32\wininit.exe[412] USER32.dll!UnhookWinEvent 7765D924 5 Bytes JMP 000F006C
.text C:\Windows\system32\wininit.exe[412] USER32.dll!SetWindowsHookExW 7766210A 5 Bytes JMP 000F00E4
.text C:\Windows\system32\wininit.exe[412] USER32.dll!SetWinEventHook 7766507E 5 Bytes JMP 000F0030
.text C:\Windows\system32\wininit.exe[412] USER32.dll!SetWindowsHookExA 77686DFA 5 Bytes JMP 000F00A8
.text C:\Program Files\DAP\DAP.exe[476] ntdll.dll!LdrUnloadDll 7797BEAF 5 Bytes JMP 0016006C
.text C:\Program Files\DAP\DAP.exe[476] ntdll.dll!LdrLoadDll 7797F5B5 5 Bytes JMP 00160030
.text C:\Program Files\DAP\DAP.exe[476] USER32.dll!UnhookWindowsHookEx 7765CC7B 5 Bytes JMP 00320120
.text C:\Program Files\DAP\DAP.exe[476] USER32.dll!UnhookWinEvent 7765D924 5 Bytes JMP 0032006C
.text C:\Program Files\DAP\DAP.exe[476] USER32.dll!SetWindowsHookExW 7766210A 5 Bytes JMP 003200E4
.text C:\Program Files\DAP\DAP.exe[476] USER32.dll!SetWinEventHook 7766507E 5 Bytes JMP 00320030
.text C:\Program Files\DAP\DAP.exe[476] USER32.dll!SetWindowsHookExA 77686DFA 5 Bytes JMP 003200A8
.text C:\Windows\system32\winlogon.exe[484] ntdll.dll!LdrUnloadDll 7797BEAF 5 Bytes JMP 0007006C
.text C:\Windows\system32\winlogon.exe[484] ntdll.dll!LdrLoadDll 7797F5B5 5 Bytes JMP 00070030
.text C:\Windows\system32\winlogon.exe[484] USER32.dll!UnhookWindowsHookEx 7765CC7B 5 Bytes JMP 00140120
.text C:\Windows\system32\winlogon.exe[484] USER32.dll!UnhookWinEvent 7765D924 5 Bytes JMP 0014006C
.text C:\Windows\system32\winlogon.exe[484] USER32.dll!SetWindowsHookExW 7766210A 5 Bytes JMP 001400E4
.text C:\Windows\system32\winlogon.exe[484] USER32.dll!SetWinEventHook 7766507E 5 Bytes JMP 00140030
.text C:\Windows\system32\winlogon.exe[484] USER32.dll!SetWindowsHookExA 77686DFA 5 Bytes JMP 001400A8
.text C:\Windows\system32\services.exe[492] ntdll.dll!LdrUnloadDll 7797BEAF 5 Bytes JMP 0006006C
.text C:\Windows\system32\services.exe[492] ntdll.dll!LdrLoadDll 7797F5B5 5 Bytes JMP 00060030
.text C:\Windows\system32\services.exe[492] USER32.dll!UnhookWindowsHookEx 7765CC7B 5 Bytes JMP 001B0120
.text C:\Windows\system32\services.exe[492] USER32.dll!UnhookWinEvent 7765D924 5 Bytes JMP 001B006C
.text C:\Windows\system32\services.exe[492] USER32.dll!SetWindowsHookExW 7766210A 5 Bytes JMP 001B00E4
.text C:\Windows\system32\services.exe[492] USER32.dll!SetWinEventHook 7766507E 5 Bytes JMP 001B0030
.text C:\Windows\system32\services.exe[492] USER32.dll!SetWindowsHookExA 77686DFA 5 Bytes JMP 001B00A8
.text C:\Windows\system32\lsass.exe[508] ntdll.dll!LdrUnloadDll 7797BEAF 5 Bytes JMP 0006006C
.text C:\Windows\system32\lsass.exe[508] ntdll.dll!LdrLoadDll 7797F5B5 5 Bytes JMP 00060030
.text C:\Windows\system32\lsass.exe[508] USER32.dll!UnhookWindowsHookEx 7765CC7B 5 Bytes JMP 00290120
.text C:\Windows\system32\lsass.exe[508] USER32.dll!UnhookWinEvent 7765D924 5 Bytes JMP 0029006C
.text C:\Windows\system32\lsass.exe[508] USER32.dll!SetWindowsHookExW 7766210A 5 Bytes JMP 002900E4
.text C:\Windows\system32\lsass.exe[508] USER32.dll!SetWinEventHook 7766507E 5 Bytes JMP 00290030
.text C:\Windows\system32\lsass.exe[508] USER32.dll!SetWindowsHookExA 77686DFA 5 Bytes JMP 002900A8
.text C:\Windows\system32\lsm.exe[516] ntdll.dll!LdrUnloadDll 7797BEAF 5 Bytes JMP 0006006C
.text C:\Windows\system32\lsm.exe[516] ntdll.dll!LdrLoadDll 7797F5B5 5 Bytes JMP 00060030
.text C:\Windows\system32\lsm.exe[516] USER32.dll!UnhookWindowsHookEx 7765CC7B 5 Bytes JMP 00400120
.text C:\Windows\system32\lsm.exe[516] USER32.dll!UnhookWinEvent 7765D924 5 Bytes JMP 0040006C
.text C:\Windows\system32\lsm.exe[516] USER32.dll!SetWindowsHookExW 7766210A 5 Bytes JMP 004000E4
.text C:\Windows\system32\lsm.exe[516] USER32.dll!SetWinEventHook 7766507E 5 Bytes JMP 00400030
.text C:\Windows\system32\lsm.exe[516] USER32.dll!SetWindowsHookExA 77686DFA 5 Bytes JMP 004000A8
.text C:\Windows\system32\svchost.exe[656] ntdll.dll!LdrUnloadDll 7797BEAF 5 Bytes JMP 0006006C
.text C:\Windows\system32\svchost.exe[656] ntdll.dll!LdrLoadDll 7797F5B5 5 Bytes JMP 00060030
.text C:\Windows\system32\svchost.exe[656] USER32.dll!UnhookWindowsHookEx 7765CC7B 5 Bytes JMP 00310120
.text C:\Windows\system32\svchost.exe[656] USER32.dll!UnhookWinEvent 7765D924 5 Bytes JMP 0031006C
.text C:\Windows\system32\svchost.exe[656] USER32.dll!SetWindowsHookExW 7766210A 5 Bytes JMP 003100E4
.text C:\Windows\system32\svchost.exe[656] USER32.dll!SetWinEventHook 7766507E 5 Bytes JMP 00310030
.text C:\Windows\system32\svchost.exe[656] USER32.dll!SetWindowsHookExA 77686DFA 5 Bytes JMP 003100A8
.text C:\Windows\system32\svchost.exe[744] ntdll.dll!LdrUnloadDll 7797BEAF 5 Bytes JMP 0006006C
.text C:\Windows\system32\svchost.exe[744] ntdll.dll!LdrLoadDll 7797F5B5 5 Bytes JMP 00060030
.text C:\Windows\system32\svchost.exe[744] USER32.dll!UnhookWindowsHookEx 7765CC7B 5 Bytes JMP 00170120
.text C:\Windows\system32\svchost.exe[744] USER32.dll!UnhookWinEvent 7765D924 5 Bytes JMP 0017006C
.text C:\Windows\system32\svchost.exe[744] USER32.dll!SetWindowsHookExW 7766210A 5 Bytes JMP 001700E4
.text C:\Windows\system32\svchost.exe[744] USER32.dll!SetWinEventHook 7766507E 5 Bytes JMP 00170030
.text C:\Windows\system32\svchost.exe[744] USER32.dll!SetWindowsHookExA 77686DFA 5 Bytes JMP 001700A8
.text C:\Windows\System32\svchost.exe[808] ntdll.dll!LdrUnloadDll 7797BEAF 5 Bytes JMP 0006006C
.text C:\Windows\System32\svchost.exe[808] ntdll.dll!LdrLoadDll 7797F5B5 5 Bytes JMP 00060030
.text C:\Windows\System32\svchost.exe[808] USER32.dll!UnhookWindowsHookEx 7765CC7B 5 Bytes JMP 001B0120
.text C:\Windows\System32\svchost.exe[808] USER32.dll!UnhookWinEvent 7765D924 5 Bytes JMP 001B006C
.text C:\Windows\System32\svchost.exe[808] USER32.dll!SetWindowsHookExW 7766210A 5 Bytes JMP 001B00E4
.text C:\Windows\System32\svchost.exe[808] USER32.dll!SetWinEventHook 7766507E 5 Bytes JMP 001B0030
.text C:\Windows\System32\svchost.exe[808] USER32.dll!SetWindowsHookExA 77686DFA 5 Bytes JMP 001B00A8
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[832] ntdll.dll!LdrUnloadDll 7797BEAF 5 Bytes JMP 0016006C
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[832] ntdll.dll!LdrLoadDll 7797F5B5 5 Bytes JMP 00160030
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[832] USER32.dll!UnhookWindowsHookEx 7765CC7B 5 Bytes JMP 00330120
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[832] USER32.dll!UnhookWinEvent 7765D924 5 Bytes JMP 0033006C
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[832] USER32.dll!SetWindowsHookExW 7766210A 5 Bytes JMP 003300E4
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[832] USER32.dll!SetWinEventHook 7766507E 5 Bytes JMP 00330030
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[832] USER32.dll!SetWindowsHookExA 77686DFA 5 Bytes JMP 003300A8
.text C:\Windows\System32\svchost.exe[880] ntdll.dll!LdrUnloadDll 7797BEAF 5 Bytes JMP 000A006C
.text C:\Windows\System32\svchost.exe[880] ntdll.dll!LdrLoadDll 7797F5B5 5 Bytes JMP 000A0030
.text C:\Windows\System32\svchost.exe[880] USER32.dll!UnhookWindowsHookEx 7765CC7B 5 Bytes JMP 00970120
.text C:\Windows\System32\svchost.exe[880] USER32.dll!UnhookWinEvent 7765D924 5 Bytes JMP 0097006C
.text C:\Windows\System32\svchost.exe[880] USER32.dll!SetWindowsHookExW 7766210A 5 Bytes JMP 009700E4
.text C:\Windows\System32\svchost.exe[880] USER32.dll!SetWinEventHook 7766507E 5 Bytes JMP 00970030
.text C:\Windows\System32\svchost.exe[880] USER32.dll!SetWindowsHookExA 77686DFA 5 Bytes JMP 009700A8
.text C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe[912] ntdll.dll!LdrUnloadDll 7797BEAF 5 Bytes JMP 0016006C
.text C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe[912] ntdll.dll!LdrLoadDll 7797F5B5 5 Bytes JMP 00160030
.text C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe[912] user32.dll!UnhookWindowsHookEx 7765CC7B 5 Bytes JMP 00230120
.text C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe[912] user32.dll!UnhookWinEvent 7765D924 5 Bytes JMP 0023006C
.text C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe[912] user32.dll!SetWindowsHookExW 7766210A 5 Bytes JMP 002300E4
.text C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe[912] user32.dll!SetWinEventHook 7766507E 5 Bytes JMP 00230030
.text C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe[912] user32.dll!SetWindowsHookExA 77686DFA 5 Bytes JMP 002300A8
.text C:\Windows\system32\svchost.exe[936] ntdll.dll!NtProtectVirtualMemory 779651C0 5 Bytes JMP 0043000A
.text C:\Windows\system32\svchost.exe[936] ntdll.dll!NtWriteVirtualMemory 77965D40 5 Bytes JMP 009A000A
.text C:\Windows\system32\svchost.exe[936] ntdll.dll!KiUserExceptionDispatcher 77966298 5 Bytes JMP 0042000A
.text C:\Windows\system32\svchost.exe[936] ole32.dll!CoCreateInstance 7641590C 5 Bytes JMP 00A8000A
.text C:\Windows\system32\svchost.exe[936] USER32.dll!GetCursorPos 7765C198 5 Bytes JMP 010C000A
.text C:\Windows\system32\svchost.exe[936] USER32.dll!UnhookWindowsHookEx 7765CC7B 5 Bytes JMP 00410120
.text C:\Windows\system32\svchost.exe[936] USER32.dll!UnhookWinEvent 7765D924 5 Bytes JMP 0041006C
.text C:\Windows\system32\svchost.exe[936] USER32.dll!SetWindowsHookExW 7766210A 5 Bytes JMP 004100E4
.text C:\Windows\system32\svchost.exe[936] USER32.dll!SetWinEventHook 7766507E 5 Bytes JMP 00410030
.text C:\Windows\system32\svchost.exe[936] USER32.dll!GetForegroundWindow 7766565D 5 Bytes JMP 010E000A
.text C:\Windows\system32\svchost.exe[936] USER32.dll!WindowFromPoint 77686D0C 5 Bytes JMP 010D000A
.text C:\Windows\system32\svchost.exe[936] USER32.dll!SetWindowsHookExA 77686DFA 5 Bytes JMP 004100A8
.text C:\Windows\system32\svchost.exe[1092] ntdll.dll!LdrUnloadDll 7797BEAF 5 Bytes JMP 0006006C
.text C:\Windows\system32\svchost.exe[1092] ntdll.dll!LdrLoadDll 7797F5B5 5 Bytes JMP 00060030
.text C:\Windows\system32\svchost.exe[1092] USER32.dll!UnhookWindowsHookEx 7765CC7B 5 Bytes JMP 001B0120
.text C:\Windows\system32\svchost.exe[1092] USER32.dll!UnhookWinEvent 7765D924 5 Bytes JMP 001B006C
.text C:\Windows\system32\svchost.exe[1092] USER32.dll!SetWindowsHookExW 7766210A 5 Bytes JMP 001B00E4
.text C:\Windows\system32\svchost.exe[1092] USER32.dll!SetWinEventHook 7766507E 5 Bytes JMP 001B0030
.text C:\Windows\system32\svchost.exe[1092] USER32.dll!SetWindowsHookExA 77686DFA 5 Bytes JMP 001B00A8
.text C:\Windows\system32\svchost.exe[1240] ntdll.dll!LdrUnloadDll 7797BEAF 5 Bytes JMP 0006006C
.text C:\Windows\system32\svchost.exe[1240] ntdll.dll!LdrLoadDll 7797F5B5 5 Bytes JMP 00060030
.text C:\Windows\system32\svchost.exe[1240] USER32.dll!UnhookWindowsHookEx 7765CC7B 5 Bytes JMP 00240120
.text C:\Windows\system32\svchost.exe[1240] USER32.dll!UnhookWinEvent 7765D924 5 Bytes JMP 0024006C
.text C:\Windows\system32\svchost.exe[1240] USER32.dll!SetWindowsHookExW 7766210A 5 Bytes JMP 002400E4
.text C:\Windows\system32\svchost.exe[1240] USER32.dll!SetWinEventHook 7766507E 5 Bytes JMP 00240030
.text C:\Windows\system32\svchost.exe[1240] USER32.dll!SetWindowsHookExA 77686DFA 5 Bytes JMP 002400A8
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1332] kernel32.dll!SetUnhandledExceptionFilter 76133162 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Windows\system32\Dwm.exe[1404] ntdll.dll!LdrUnloadDll 7797BEAF 5 Bytes JMP 0006006C
.text C:\Windows\system32\Dwm.exe[1404] ntdll.dll!LdrLoadDll 7797F5B5 5 Bytes JMP 00060030
.text C:\Windows\system32\Dwm.exe[1404] USER32.dll!UnhookWindowsHookEx 7765CC7B 5 Bytes JMP 00160120
.text C:\Windows\system32\Dwm.exe[1404] USER32.dll!UnhookWinEvent 7765D924 5 Bytes JMP 0016006C
.text C:\Windows\system32\Dwm.exe[1404] USER32.dll!SetWindowsHookExW 7766210A 5 Bytes JMP 001600E4
.text C:\Windows\system32\Dwm.exe[1404] USER32.dll!SetWinEventHook 7766507E 5 Bytes JMP 00160030
.text C:\Windows\system32\Dwm.exe[1404] USER32.dll!SetWindowsHookExA 77686DFA 5 Bytes JMP 001600A8
.text C:\Windows\Explorer.EXE[1456] ntdll.dll!NtProtectVirtualMemory 779651C0 5 Bytes JMP 019E000A
.text C:\Windows\Explorer.EXE[1456] ntdll.dll!NtWriteVirtualMemory 77965D40 5 Bytes JMP 019F000A
.text C:\Windows\Explorer.EXE[1456] ntdll.dll!KiUserExceptionDispatcher 77966298 5 Bytes JMP 019D000A
.text C:\Windows\Explorer.EXE[1456] USER32.dll!UnhookWindowsHookEx 7765CC7B 5 Bytes JMP 00180120
.text C:\Windows\Explorer.EXE[1456] USER32.dll!UnhookWinEvent 7765D924 5 Bytes JMP 0018006C
.text C:\Windows\Explorer.EXE[1456] USER32.dll!SetWindowsHookExW 7766210A 5 Bytes JMP 001800E4
.text C:\Windows\Explorer.EXE[1456] USER32.dll!SetWinEventHook 7766507E 5 Bytes JMP 00180030
.text C:\Windows\Explorer.EXE[1456] USER32.dll!SetWindowsHookExA 77686DFA 5 Bytes JMP 001800A8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1856] ntdll.dll!LdrUnloadDll 7797BEAF 5 Bytes JMP 0015006C
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1856] ntdll.dll!LdrLoadDll 7797F5B5 5 Bytes JMP 00150030
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1856] USER32.dll!UnhookWindowsHookEx 7765CC7B 5 Bytes JMP 00310120
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1856] USER32.dll!UnhookWinEvent 7765D924 5 Bytes JMP 0031006C
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1856] USER32.dll!SetWindowsHookExW 7766210A 5 Bytes JMP 003100E4
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1856] USER32.dll!SetWinEventHook 7766507E 5 Bytes JMP 00310030
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1856] USER32.dll!SetWindowsHookExA 77686DFA 5 Bytes JMP 003100A8
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1872] ntdll.dll!LdrUnloadDll 7797BEAF 5 Bytes JMP 0017006C
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1872] ntdll.dll!LdrLoadDll 7797F5B5 5 Bytes JMP 00170030
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1872] USER32.dll!UnhookWindowsHookEx 7765CC7B 5 Bytes JMP 001C0120
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1872] USER32.dll!UnhookWinEvent 7765D924 5 Bytes JMP 001C006C
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1872] USER32.dll!SetWindowsHookExW 7766210A 5 Bytes JMP 001C00E4
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1872] USER32.dll!SetWinEventHook 7766507E 5 Bytes JMP 001C0030
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1872] USER32.dll!SetWindowsHookExA 77686DFA 5 Bytes JMP 001C00A8
.text C:\Windows\System32\spoolsv.exe[1912] ntdll.dll!LdrUnloadDll 7797BEAF 5 Bytes JMP 0006006C
.text C:\Windows\System32\spoolsv.exe[1912] ntdll.dll!LdrLoadDll 7797F5B5 5 Bytes JMP 00060030
.text C:\Windows\System32\spoolsv.exe[1912] USER32.dll!UnhookWindowsHookEx 7765CC7B 5 Bytes JMP 00130120
.text C:\Windows\System32\spoolsv.exe[1912] USER32.dll!UnhookWinEvent 7765D924 5 Bytes JMP 0013006C
.text C:\Windows\System32\spoolsv.exe[1912] USER32.dll!SetWindowsHookExW 7766210A 5 Bytes JMP 001300E4
.text C:\Windows\System32\spoolsv.exe[1912] USER32.dll!SetWinEventHook 7766507E 5 Bytes JMP 00130030
.text C:\Windows\System32\spoolsv.exe[1912] USER32.dll!SetWindowsHookExA 77686DFA 5 Bytes JMP 001300A8
.text C:\Windows\system32\svchost.exe[1932] ntdll.dll!LdrUnloadDll 7797BEAF 5 Bytes JMP 0006006C
.text C:\Windows\system32\svchost.exe[1932] ntdll.dll!LdrLoadDll 7797F5B5 5 Bytes JMP 00060030
.text C:\Windows\system32\svchost.exe[1932] USER32.dll!UnhookWindowsHookEx 7765CC7B 5 Bytes JMP 00390120
.text C:\Windows\system32\svchost.exe[1932] USER32.dll!UnhookWinEvent 7765D924 5 Bytes JMP 0039006C
.text C:\Windows\system32\svchost.exe[1932] USER32.dll!SetWindowsHookExW 7766210A 5 Bytes JMP 003900E4
.text C:\Windows\system32\svchost.exe[1932] USER32.dll!SetWinEventHook 7766507E 5 Bytes JMP 00390030
.text C:\Windows\system32\svchost.exe[1932] USER32.dll!SetWindowsHookExA 77686DFA 5 Bytes JMP 003900A8
.text C:\Windows\system32\taskhost.exe[1936] ntdll.dll!LdrUnloadDll 7797BEAF 5 Bytes JMP 0005006C
.text C:\Windows\system32\taskhost.exe[1936] ntdll.dll!LdrLoadDll 7797F5B5 5 Bytes JMP 00050030
.text C:\Windows\system32\taskhost.exe[1936] USER32.dll!UnhookWindowsHookEx 7765CC7B 5 Bytes JMP 00110120
.text C:\Windows\system32\taskhost.exe[1936] USER32.dll!UnhookWinEvent 7765D924 5 Bytes JMP 0011006C
.text C:\Windows\system32\taskhost.exe[1936] USER32.dll!SetWindowsHookExW 7766210A 5 Bytes JMP 001100E4
.text C:\Windows\system32\taskhost.exe[1936] USER32.dll!SetWinEventHook 7766507E 5 Bytes JMP 00110030
.text C:\Windows\system32\taskhost.exe[1936] USER32.dll!SetWindowsHookExA 77686DFA 5 Bytes JMP 001100A8
.text C:\Program Files\iCall\iCall.exe[1952] ntdll.dll!LdrUnloadDll 7797BEAF 5 Bytes JMP 0016006C
.text C:\Program Files\iCall\iCall.exe[1952] ntdll.dll!LdrLoadDll 7797F5B5 5 Bytes JMP 00160030
.text C:\Program Files\iCall\iCall.exe[1952] USER32.dll!UnhookWindowsHookEx 7765CC7B 5 Bytes JMP 008F0120
.text C:\Program Files\iCall\iCall.exe[1952] USER32.dll!UnhookWinEvent 7765D924 5 Bytes JMP 008F006C
.text C:\Program Files\iCall\iCall.exe[1952] USER32.dll!SetWindowsHookExW 7766210A 5 Bytes JMP 008F00E4
.text C:\Program Files\iCall\iCall.exe[1952] USER32.dll!SetWinEventHook 7766507E 5 Bytes JMP 008F0030
.text C:\Program Files\iCall\iCall.exe[1952] USER32.dll!SetWindowsHookExA 77686DFA 5 Bytes JMP 008F00A8
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2024] ntdll.dll!LdrUnloadDll 7797BEAF 5 Bytes JMP 0016006C
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2024] ntdll.dll!LdrLoadDll 7797F5B5 5 Bytes JMP 00160030
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2024] USER32.dll!UnhookWindowsHookEx 7765CC7B 5 Bytes JMP 00320120
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2024] USER32.dll!UnhookWinEvent 7765D924 5 Bytes JMP 0032006C
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2024] USER32.dll!SetWindowsHookExW 7766210A 5 Bytes JMP 003200E4
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2024] USER32.dll!SetWinEventHook 7766507E 5 Bytes JMP 00320030
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2024] USER32.dll!SetWindowsHookExA 77686DFA 5 Bytes JMP 003200A8
.text C:\Windows\System32\hkcmd.exe[2040] ntdll.dll!LdrUnloadDll 7797BEAF 5 Bytes JMP 0016006C
.text C:\Windows\System32\hkcmd.exe[2040] ntdll.dll!LdrLoadDll 7797F5B5 5 Bytes JMP 00160030
.text C:\Windows\System32\hkcmd.exe[2040] USER32.dll!UnhookWindowsHookEx 7765CC7B 5 Bytes JMP 00230120
.text C:\Windows\System32\hkcmd.exe[2040] USER32.dll!UnhookWinEvent 7765D924 5 Bytes JMP 0023006C
.text C:\Windows\System32\hkcmd.exe[2040] USER32.dll!SetWindowsHookExW 7766210A 5 Bytes JMP 002300E4
.text C:\Windows\System32\hkcmd.exe[2040] USER32.dll!SetWinEventHook 7766507E 5 Bytes JMP 00230030
.text C:\Windows\System32\hkcmd.exe[2040] USER32.dll!SetWindowsHookExA 77686DFA 5 Bytes JMP 002300A8
.text C:\Windows\System32\svchost.exe[2232] ntdll.dll!LdrUnloadDll 7797BEAF 5 Bytes JMP 0006006C
.text C:\Windows\System32\svchost.exe[2232] ntdll.dll!LdrLoadDll 7797F5B5 5 Bytes JMP 00060030
.text C:\Windows\System32\svchost.exe[2232] USER32.dll!UnhookWindowsHookEx 7765CC7B 5 Bytes JMP 001B0120
.text C:\Windows\System32\svchost.exe[2232] USER32.dll!UnhookWinEvent 7765D924 5 Bytes JMP 001B006C
.text C:\Windows\System32\svchost.exe[2232] USER32.dll!SetWindowsHookExW 7766210A 5 Bytes JMP 001B00E4
.text C:\Windows\System32\svchost.exe[2232] USER32.dll!SetWinEventHook 7766507E 5 Bytes JMP 001B0030
.text C:\Windows\System32\svchost.exe[2232] USER32.dll!SetWindowsHookExA 77686DFA 5 Bytes JMP 001B00A8
.text C:\Program Files\Ant.com\IE add-on\AntUpdaterService.exe[2488] ntdll.dll!LdrUnloadDll 7797BEAF 5 Bytes JMP 0007006C
.text C:\Program Files\Ant.com\IE add-on\AntUpdaterService.exe[2488] ntdll.dll!LdrLoadDll 7797F5B5 5 Bytes JMP 00070030
.text C:\Program Files\Ant.com\IE add-on\AntUpdaterService.exe[2488] USER32.dll!UnhookWindowsHookEx 7765CC7B 5 Bytes JMP 001C0120
.text C:\Program Files\Ant.com\IE add-on\AntUpdaterService.exe[2488] USER32.dll!UnhookWinEvent 7765D924 5 Bytes JMP 001C006C
.text C:\Program Files\Ant.com\IE add-on\AntUpdaterService.exe[2488] USER32.dll!SetWindowsHookExW 7766210A 5 Bytes JMP 001C00E4
.text C:\Program Files\Ant.com\IE add-on\AntUpdaterService.exe[2488] USER32.dll!SetWinEventHook 7766507E 5 Bytes JMP 001C0030
.text C:\Program Files\Ant.com\IE add-on\AntUpdaterService.exe[2488] USER32.dll!SetWindowsHookExA 77686DFA 5 Bytes JMP 001C00A8
.text C:\Program Files\Mozilla Firefox\firefox.exe[2688] ntdll.dll!NtProtectVirtualMemory 779651C0 5 Bytes JMP 006F000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2688] ntdll.dll!NtWriteVirtualMemory 77965D40 5 Bytes JMP 0173000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2688] ntdll.dll!KiUserExceptionDispatcher 77966298 5 Bytes JMP 0027000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2688] USER32.dll!UnhookWindowsHookEx 7765CC7B 5 Bytes JMP 00170120
.text C:\Program Files\Mozilla Firefox\firefox.exe[2688] USER32.dll!UnhookWinEvent 7765D924 5 Bytes JMP 0017006C
.text C:\Program Files\Mozilla Firefox\firefox.exe[2688] USER32.dll!SetWindowsHookExW 7766210A 5 Bytes JMP 001700E4
.text C:\Program Files\Mozilla Firefox\firefox.exe[2688] USER32.dll!SetWinEventHook 7766507E 5 Bytes JMP 00170030
.text C:\Program Files\Mozilla Firefox\firefox.exe[2688] USER32.dll!SetWindowsHookExA 77686DFA 5 Bytes JMP 001700A8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2776] ntdll.dll!LdrUnloadDll 7797BEAF 5 Bytes JMP 0006006C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2776] ntdll.dll!LdrLoadDll 7797F5B5 5 Bytes JMP 00060030
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2776] USER32.dll!UnhookWindowsHookEx 7765CC7B 5 Bytes JMP 00230120
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2776] USER32.dll!UnhookWinEvent 7765D924 5 Bytes JMP 0023006C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2776] USER32.dll!SetWindowsHookExW 7766210A 5 Bytes JMP 002300E4
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2776] USER32.dll!SetWinEventHook 7766507E 5 Bytes JMP 00230030
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2776] USER32.dll!SetWindowsHookExA 77686DFA 5 Bytes JMP 002300A8
.text C:\Program Files\Bonjour\mDNSResponder.exe[2912] ntdll.dll!LdrUnloadDll 7797BEAF 5 Bytes JMP 0006006C
.text C:\Program Files\Bonjour\mDNSResponder.exe[2912] ntdll.dll!LdrLoadDll 7797F5B5 5 Bytes JMP 00060030
.text C:\Program Files\Bonjour\mDNSResponder.exe[2912] USER32.dll!UnhookWindowsHookEx 7765CC7B 5 Bytes JMP 00130120
.text C:\Program Files\Bonjour\mDNSResponder.exe[2912] USER32.dll!UnhookWinEvent 7765D924 5 Bytes JMP 0013006C
.text C:\Program Files\Bonjour\mDNSResponder.exe[2912] USER32.dll!SetWindowsHookExW 7766210A 5 Bytes JMP 001300E4
.text C:\Program Files\Bonjour\mDNSResponder.exe[2912] USER32.dll!SetWinEventHook 7766507E 5 Bytes JMP 00130030
.text C:\Program Files\Bonjour\mDNSResponder.exe[2912] USER32.dll!SetWindowsHookExA 77686DFA 5 Bytes JMP 001300A8
.text C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe[2952] ntdll.dll!LdrUnloadDll 7797BEAF 5 Bytes JMP 0016006C
.text C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe[2952] ntdll.dll!LdrLoadDll 7797F5B5 5 Bytes JMP 00160030
.text C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe[2952] USER32.dll!UnhookWindowsHookEx 7765CC7B 5 Bytes JMP 00220120
.text C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe[2952] USER32.dll!UnhookWinEvent 7765D924 5 Bytes JMP 0022006C
.text C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe[2952] USER32.dll!SetWindowsHookExW 7766210A 5 Bytes JMP 002200E4
.text C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe[2952] USER32.dll!SetWinEventHook 7766507E 5 Bytes JMP 00220030
.text C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe[2952] USER32.dll!SetWindowsHookExA 77686DFA 5 Bytes JMP 002200A8
.text C:\Windows\system32\svchost.exe[3060] ntdll.dll!LdrUnloadDll 7797BEAF 5 Bytes JMP 0006006C
.text C:\Windows\system32\svchost.exe[3060] ntdll.dll!LdrLoadDll 7797F5B5 5 Bytes JMP 00060030
.text C:\Windows\system32\svchost.exe[3060] USER32.dll!UnhookWindowsHookEx 7765CC7B 5 Bytes JMP 00170120
.text C:\Windows\system32\svchost.exe[3060] USER32.dll!UnhookWinEvent 7765D924 5 Bytes JMP 0017006C
.text C:\Windows\system32\svchost.exe[3060] USER32.dll!SetWindowsHookExW 7766210A 5 Bytes JMP 001700E4
.text C:\Windows\system32\svchost.exe[3060] USER32.dll!SetWinEventHook 7766507E 5 Bytes JMP 00170030
.text C:\Windows\system32\svchost.exe[3060] USER32.dll!SetWindowsHookExA 77686DFA 5 Bytes JMP 001700A8
.text C:\Program Files\iWin Games\iWinTrusted.exe[3084] ntdll.dll!LdrUnloadDll 7797BEAF 5 Bytes JMP 0016006C
.text C:\Program Files\iWin Games\iWinTrusted.exe[3084] ntdll.dll!LdrLoadDll 7797F5B5 5 Bytes JMP 00160030
.text C:\Program Files\iWin Games\iWinTrusted.exe[3084] USER32.dll!UnhookWindowsHookEx 7765CC7B 5 Bytes JMP 00220120
.text C:\Program Files\iWin Games\iWinTrusted.exe[3084] USER32.dll!UnhookWinEvent 7765D924 5 Bytes JMP 0022006C
.text C:\Program Files\iWin Games\iWinTrusted.exe[3084] USER32.dll!SetWindowsHookExW 7766210A 5 Bytes JMP 002200E4
.text C:\Program Files\iWin Games\iWinTrusted.exe[3084] USER32.dll!SetWinEventHook 7766507E 5 Bytes JMP 00220030
.text C:\Program Files\iWin Games\iWinTrusted.exe[3084] USER32.dll!SetWindowsHookExA 77686DFA 5 Bytes JMP 002200A8
.text C:\Windows\System32\svchost.exe[3184] ntdll.dll!LdrUnloadDll 7797BEAF 5 Bytes JMP 0006006C
.text C:\Windows\System32\svchost.exe[3184] ntdll.dll!LdrLoadDll 7797F5B5 5 Bytes JMP 00060030
.text C:\Windows\System32\svchost.exe[3184] USER32.dll!UnhookWindowsHookEx 7765CC7B 5 Bytes JMP 00140120
.text C:\Windows\System32\svchost.exe[3184] USER32.dll!UnhookWinEvent 7765D924 5 Bytes JMP 0014006C
.text C:\Windows\System32\svchost.exe[3184] USER32.dll!SetWindowsHookExW 7766210A 5 Bytes JMP 001400E4
.text C:\Windows\System32\svchost.exe[3184] USER32.dll!SetWinEventHook 7766507E 5 Bytes JMP 00140030
.text C:\Windows\System32\svchost.exe[3184] USER32.dll!SetWindowsHookExA 77686DFA 5 Bytes JMP 001400A8
.text C:\Program Files\Norton Safe Web Lite\Engine\1.0.1.8\ccSvcHst.exe[3284] ntdll.dll!LdrUnloadDll 7797BEAF 5 Bytes JMP 000A006C
.text C:\Program Files\Norton Safe Web Lite\Engine\1.0.1.8\ccSvcHst.exe[3284] ntdll.dll!LdrLoadDll 7797F5B5 5 Bytes JMP 000A0030
.text C:\Program Files\Norton Safe Web Lite\Engine\1.0.1.8\ccSvcHst.exe[3284] USER32.dll!UnhookWindowsHookEx 7765CC7B 5 Bytes JMP 00160120
.text C:\Program Files\Norton Safe Web Lite\Engine\1.0.1.8\ccSvcHst.exe[3284] USER32.dll!UnhookWinEvent 7765D924 5 Bytes JMP 0016006C
.text C:\Program Files\Norton Safe Web Lite\Engine\1.0.1.8\ccSvcHst.exe[3284] USER32.dll!SetWindowsHookExW 7766210A 5 Bytes JMP 001600E4
.text C:\Program Files\Norton Safe Web Lite\Engine\1.0.1.8\ccSvcHst.exe[3284] USER32.dll!SetWinEventHook 7766507E 5 Bytes JMP 00160030
.text C:\Program Files\Norton Safe Web Lite\Engine\1.0.1.8\ccSvcHst.exe[3284] USER32.dll!SetWindowsHookExA 77686DFA 5 Bytes JMP 001600A8
.text C:\Windows\System32\svchost.exe[3444] ntdll.dll!LdrUnloadDll 7797BEAF 5 Bytes JMP 0006006C
.text C:\Windows\System32\svchost.exe[3444] ntdll.dll!LdrLoadDll 7797F5B5 5 Bytes JMP 00060030
.text C:\Windows\System32\svchost.exe[3444] USER32.dll!UnhookWindowsHookEx 7765CC7B 5 Bytes JMP 00320120
.text C:\Windows\System32\svchost.exe[3444] USER32.dll!UnhookWinEvent 7765D924 5 Bytes JMP 0032006C
.text C:\Windows\System32\svchost.exe[3444] USER32.dll!SetWindowsHookExW 7766210A 5 Bytes JMP 003200E4
.text C:\Windows\System32\svchost.exe[3444] USER32.dll!SetWinEventHook 7766507E 5 Bytes JMP 00320030
.text C:\Windows\System32\svchost.exe[3444] USER32.dll!SetWindowsHookExA 77686DFA 5 Bytes JMP 003200A8
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[3468] ntdll.dll!LdrUnloadDll 7797BEAF 5 Bytes JMP 0016006C
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[3468] ntdll.dll!LdrLoadDll 7797F5B5 5 Bytes JMP 00160030
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[3468] USER32.dll!UnhookWindowsHookEx 7765CC7B 5 Bytes JMP 00230120
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[3468] USER32.dll!UnhookWinEvent 7765D924 5 Bytes JMP 0023006C
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[3468] USER32.dll!SetWindowsHookExW 7766210A 5 Bytes JMP 002300E4
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[3468] USER32.dll!SetWinEventHook 7766507E 5 Bytes JMP 00230030
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[3468] USER32.dll!SetWindowsHookExA 77686DFA 5 Bytes JMP 002300A8
.text C:\Windows\system32\svchost.exe[3492] ntdll.dll!LdrUnloadDll 7797BEAF 5 Bytes JMP 0006006C
.text C:\Windows\system32\svchost.exe[3492] ntdll.dll!LdrLoadDll 7797F5B5 5 Bytes JMP 00060030
.text C:\Windows\system32\svchost.exe[3492] USER32.dll!UnhookWindowsHookEx 7765CC7B 5 Bytes JMP 00320120
.text C:\Windows\system32\svchost.exe[3492] USER32.dll!UnhookWinEvent 7765D924 5 Bytes JMP 0032006C
.text C:\Windows\system32\svchost.exe[3492] USER32.dll!SetWindowsHookExW 7766210A 5 Bytes JMP 003200E4
.text C:\Windows\system32\svchost.exe[3492] USER32.dll!SetWinEventHook 7766507E 5 Bytes JMP 00320030
.text C:\Windows\system32\svchost.exe[3492] USER32.dll!SetWindowsHookExA 77686DFA 5 Bytes JMP 003200A8
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[3560] ntdll.dll!LdrUnloadDll 7797BEAF 5 Bytes JMP 0006006C
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[3560] ntdll.dll!LdrLoadDll 7797F5B5 5 Bytes JMP 00060030
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[3560] USER32.dll!UnhookWindowsHookEx 7765CC7B 5 Bytes JMP 00130120
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[3560] USER32.dll!UnhookWinEvent 7765D924 5 Bytes JMP 0013006C
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[3560] USER32.dll!SetWindowsHookExW 7766210A 5 Bytes JMP 001300E4
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[3560] USER32.dll!SetWinEventHook 7766507E 5 Bytes JMP 00130030
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[3560] USER32.dll!SetWindowsHookExA 77686DFA 5 Bytes JMP 001300A8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3636] ntdll.dll!LdrUnloadDll 7797BEAF 5 Bytes JMP 0006006C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3636] ntdll.dll!LdrLoadDll 7797F5B5 5 Bytes JMP 00060030
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3636] USER32.dll!UnhookWindowsHookEx 7765CC7B 5 Bytes JMP 00170120
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3636] USER32.dll!UnhookWinEvent 7765D924 5 Bytes JMP 0017006C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3636] USER32.dll!SetWindowsHookExW 7766210A 5 Bytes JMP 001700E4
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3636] USER32.dll!SetWinEventHook 7766507E 5 Bytes JMP 00170030
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3636] USER32.dll!SetWindowsHookExA 77686DFA 5 Bytes JMP 001700A8
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[3664] ntdll.dll!LdrUnloadDll 7797BEAF 5 Bytes JMP 0016006C
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[3664] ntdll.dll!LdrLoadDll 7797F5B5 5 Bytes JMP 00160030
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[3664] USER32.dll!UnhookWindowsHookEx 7765CC7B 5 Bytes JMP 00320120
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[3664] USER32.dll!UnhookWinEvent 7765D924 5 Bytes JMP 0032006C
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[3664] USER32.dll!SetWindowsHookExW 7766210A 5 Bytes JMP 003200E4
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[3664] USER32.dll!SetWinEventHook 7766507E 5 Bytes JMP 00320030
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[3664] USER32.dll!SetWindowsHookExA 77686DFA 5 Bytes JMP 003200A8
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3728] ntdll.dll!LdrUnloadDll 7797BEAF 5 Bytes JMP 0017006C
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3728] ntdll.dll!LdrLoadDll 7797F5B5 5 Bytes JMP 00170030
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3728] USER32.dll!UnhookWindowsHookEx 7765CC7B 5 Bytes JMP 00240120
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3728] USER32.dll!UnhookWinEvent 7765D924 5 Bytes JMP 0024006C
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3728] USER32.dll!SetWindowsHookExW 7766210A 5 Bytes JMP 002400E4
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3728] USER32.dll!SetWinEventHook 7766507E 5 Bytes JMP 00240030
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3728] USER32.dll!SetWindowsHookExA 77686DFA 5 Bytes JMP 002400A8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3752] ntdll.dll!LdrUnloadDll 7797BEAF 5 Bytes JMP 0006006C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3752] ntdll.dll!LdrLoadDll 7797F5B5 5 Bytes JMP 00060030
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3752] USER32.dll!UnhookWindowsHookEx 7765CC7B 5 Bytes JMP 00130120
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3752] USER32.dll!UnhookWinEvent 7765D924 5 Bytes JMP 0013006C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3752] USER32.dll!SetWindowsHookExW 7766210A 5 Bytes JMP 001300E4
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3752] USER32.dll!SetWinEventHook 7766507E 5 Bytes JMP 00130030
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3752] USER32.dll!SetWindowsHookExA 77686DFA 5 Bytes JMP 001300A8
.text C:\Windows\System32\svchost.exe[4056] ntdll.dll!LdrUnloadDll 7797BEAF 5 Bytes JMP 0006006C
.text C:\Windows\System32\svchost.exe[4056] ntdll.dll!LdrLoadDll 7797F5B5 5 Bytes JMP 00060030
.text C:\Windows\System32\svchost.exe[4056] USER32.dll!UnhookWindowsHookEx 7765CC7B 5 Bytes JMP 00530120
.text C:\Windows\System32\svchost.exe[4056] USER32.dll!UnhookWinEvent 7765D924 5 Bytes JMP 0053006C
.text C:\Windows\System32\svchost.exe[4056] USER32.dll!SetWindowsHookExW 7766210A 5 Bytes JMP 005300E4
.text C:\Windows\System32\svchost.exe[4056] USER32.dll!SetWinEventHook 7766507E 5 Bytes JMP 00530030
.text C:\Windows\System32\svchost.exe[4056] USER32.dll!SetWindowsHookExA 77686DFA 5 Bytes JMP 005300A8
.text C:\Windows\system32\svchost.exe[4076] ntdll.dll!LdrUnloadDll 7797BEAF 5 Bytes JMP 0006006C
.text C:\Windows\system32\svchost.exe[4076] ntdll.dll!LdrLoadDll 7797F5B5 5 Bytes JMP 00060030
.text C:\Windows\system32\svchost.exe[4076] USER32.dll!UnhookWindowsHookEx 7765CC7B 5 Bytes JMP 00410120
.text C:\Windows\system32\svchost.exe[4076] USER32.dll!UnhookWinEvent 7765D924 5 Bytes JMP 0041006C
.text C:\Windows\system32\svchost.exe[4076] USER32.dll!SetWindowsHookExW 7766210A 5 Bytes JMP 004100E4
.text C:\Windows\system32\svchost.exe[4076] USER32.dll!SetWinEventHook 7766507E 5 Bytes JMP 00410030
.text C:\Windows\system32\svchost.exe[4076] USER32.dll!SetWindowsHookExA 77686DFA 5 Bytes JMP 004100A8
.text C:\Windows\system32\svchost.exe[4532] ntdll.dll!LdrUnloadDll 7797BEAF 5 Bytes JMP 000A006C
.text C:\Windows\system32\svchost.exe[4532] ntdll.dll!LdrLoadDll 7797F5B5 5 Bytes JMP 000A0030
.text C:\Windows\system32\svchost.exe[4532] USER32.dll!UnhookWindowsHookEx 7765CC7B 5 Bytes JMP 00330120
.text C:\Windows\system32\svchost.exe[4532] USER32.dll!UnhookWinEvent 7765D924 5 Bytes JMP 0033006C
.text C:\Windows\system32\svchost.exe[4532] USER32.dll!SetWindowsHookExW 7766210A 5 Bytes JMP 003300E4
.text C:\Windows\system32\svchost.exe[4532] USER32.dll!SetWinEventHook 7766507E 5 Bytes JMP 00330030
.text C:\Windows\system32\svchost.exe[4532] USER32.dll!SetWindowsHookExA 77686DFA 5 Bytes JMP 003300A8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4748] ntdll.dll!LdrUnloadDll 7797BEAF 5 Bytes JMP 0006006C
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4748] ntdll.dll!LdrLoadDll 7797F5B5 5 Bytes JMP 00060030
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4748] USER32.dll!UnhookWindowsHookEx 7765CC7B 5 Bytes JMP 00130120
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4748] USER32.dll!UnhookWinEvent 7765D924 5 Bytes JMP 0013006C
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4748] USER32.dll!SetWindowsHookExW 7766210A 5 Bytes JMP 001300E4
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4748] USER32.dll!SetWinEventHook 7766507E 5 Bytes JMP 00130030
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4748] USER32.dll!SetWindowsHookExA 77686DFA 5 Bytes JMP 001300A8
.text C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe[4844] ntdll.dll!LdrUnloadDll 7797BEAF 5 Bytes JMP 0016006C
.text C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe[4844] ntdll.dll!LdrLoadDll 7797F5B5 5 Bytes JMP 00160030
.text C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe[4844] USER32.dll!UnhookWindowsHookEx 7765CC7B 5 Bytes JMP 00220120
.text C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe[4844] USER32.dll!UnhookWinEvent 7765D924 5 Bytes JMP 0022006C
.text C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe[4844] USER32.dll!SetWindowsHookExW 7766210A 5 Bytes JMP 002200E4
.text C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe[4844] USER32.dll!SetWinEventHook 7766507E 5 Bytes JMP 00220030
.text C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe[4844] USER32.dll!SetWindowsHookExA 77686DFA 5 Bytes JMP 002200A8
.text C:\Windows\System32\svchost.exe[5072] ntdll.dll!LdrUnloadDll 7797BEAF 5 Bytes JMP 0006006C
.text C:\Windows\System32\svchost.exe[5072] ntdll.dll!LdrLoadDll 7797F5B5 5 Bytes JMP 00060030
.text C:\Windows\System32\svchost.exe[5072] USER32.dll!UnhookWindowsHookEx 7765CC7B 5 Bytes JMP 00240120
.text C:\Windows\System32\svchost.exe[5072] USER32.dll!UnhookWinEvent 7765D924 5 Bytes JMP 0024006C
.text C:\Windows\System32\svchost.exe[5072] USER32.dll!SetWindowsHookExW 7766210A 5 Bytes JMP 002400E4
.text C:\Windows\System32\svchost.exe[5072] USER32.dll!SetWinEventHook 7766507E 5 Bytes JMP 00240030
.text C:\Windows\System32\svchost.exe[5072] USER32.dll!SetWindowsHookExA 77686DFA 5 Bytes JMP 002400A8
.text C:\Users\user\Desktop\gmer.exe[5152] ntdll.dll!LdrUnloadDll 7797BEAF 5 Bytes JMP 0016006C
.text C:\Users\user\Desktop\gmer.exe[5152] ntdll.dll!LdrLoadDll 7797F5B5 5 Bytes JMP 00160030
.text C:\Users\user\Desktop\gmer.exe[5152] USER32.dll!UnhookWindowsHookEx 7765CC7B 5 Bytes JMP 00250120
.text C:\Users\user\Desktop\gmer.exe[5152] USER32.dll!UnhookWinEvent 7765D924 5 Bytes JMP 0025006C
.text C:\Users\user\Desktop\gmer.exe[5152] USER32.dll!SetWindowsHookExW 7766210A 5 Bytes JMP 002500E4
.text C:\Users\user\Desktop\gmer.exe[5152] USER32.dll!SetWinEventHook 7766507E 5 Bytes JMP 00250030
.text C:\Users\user\Desktop\gmer.exe[5152] USER32.dll!SetWindowsHookExA 77686DFA 5 Bytes JMP 002500A8
.text C:\Windows\System32\svchost.exe[5252] ntdll.dll!LdrUnloadDll 7797BEAF 5 Bytes JMP 0006006C
.text C:\Windows\System32\svchost.exe[5252] ntdll.dll!LdrLoadDll 7797F5B5 5 Bytes JMP 00060030
.text C:\Windows\System32\svchost.exe[5252] USER32.dll!UnhookWindowsHookEx 7765CC7B 5 Bytes JMP 00410120
.text C:\Windows\System32\svchost.exe[5252] USER32.dll!UnhookWinEvent 7765D924 5 Bytes JMP 0041006C
.text C:\Windows\System32\svchost.exe[5252] USER32.dll!SetWindowsHookExW 7766210A 5 Bytes JMP 004100E4
.text C:\Windows\System32\svchost.exe[5252] USER32.dll!SetWinEventHook 7766507E 5 Bytes JMP 00410030
.text C:\Windows\System32\svchost.exe[5252] USER32.dll!SetWindowsHookExA 77686DFA 5 Bytes JMP 004100A8
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5608] ntdll.dll!LdrUnloadDll 7797BEAF 5 Bytes JMP 0006006C
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5608] ntdll.dll!LdrLoadDll 7797F5B5 5 Bytes JMP 00060030
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5608] USER32.dll!UnhookWindowsHookEx 7765CC7B 5 Bytes JMP 00130120
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5608] USER32.dll!UnhookWinEvent 7765D924 5 Bytes JMP 0013006C
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5608] USER32.dll!SetWindowsHookExW 7766210A 5 Bytes JMP 001300E4
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5608] USER32.dll!SetWinEventHook 7766507E 5 Bytes JMP 00130030
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5608] USER32.dll!TrackPopupMenu 77684B3B 5 Bytes JMP 6D0B2024 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5608] USER32.dll!SetWindowsHookExA 77686DFA 5 Bytes JMP 001300A8

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\DAP\DAP.exe[476] @ C:\Windows\system32\ole32.dll [USER32.dll!LoadCursorW] 01C5C7B0
IAT C:\Program Files\DAP\DAP.exe[476] @ C:\Windows\system32\ole32.dll [USER32.dll!LoadIconW] 01C5C810
IAT C:\Program Files\DAP\DAP.exe[476] @ C:\Windows\system32\ole32.dll [USER32.dll!CreateDialogParamW] 01C5CA00
IAT C:\Program Files\DAP\DAP.exe[476] @ C:\Windows\system32\ole32.dll [USER32.dll!DialogBoxParamW] 01C5CAA0
IAT C:\Program Files\DAP\DAP.exe[476] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GlobalLock] 01C5C1B0
IAT C:\Program Files\DAP\DAP.exe[476] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GlobalUnlock] 01C5C170
IAT C:\Program Files\DAP\DAP.exe[476] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 01C599A0
IAT C:\Program Files\DAP\DAP.exe[476] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 01C59920
IAT C:\Program Files\DAP\DAP.exe[476] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetVersion] 01C5C540
IAT C:\Windows\Explorer.EXE[1456] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [745C2494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1456] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [745A5624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1456] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [745A56E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1456] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [745C250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1456] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [745B8573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1456] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [745B4D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1456] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [745B50CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1456] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [745B51A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1456] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [745B66D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1456] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [745B82CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1456] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [745B8819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1456] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [745B907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1456] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [745BE21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1456] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [745B4C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3728] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [759C5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3728] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [759C5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3728] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [759C5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3728] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [759C5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3728] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [759C5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3728] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [759C5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3728] @ C:\Windows\system32\secur32.dll [KERNEL32.dll!GetProcAddress] [759C5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\00000052 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Tcp aswFW.SYS (avast! Filtering TDI driver/AVAST Software)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp aswFW.SYS (avast! Filtering TDI driver/AVAST Software)

Device \Device\Ide\IdeDeviceP0T0L0-0 -> \??\IDE#DiskFUJITSU_MHZ2160BH_G1____________________0040020C#5&38781d8&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found <-- ROOTKIT !!!
Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

---- Files - GMER 1.0.15 ----

File C:\## aswSnx private storage 0 bytes
File C:\## aswSnx private storage\snx_rhive 262144 bytes
File C:\## aswSnx private storage\snx_rhive.LOG1 5120 bytes
File C:\## aswSnx private storage\snx_rhive.LOG2 0 bytes
File C:\## aswSnx private storage\snx_rhive{520c40ff-640d-11e0-92ee-001e3391c00f}.TM.blf 65536 bytes
File C:\## aswSnx private storage\snx_rhive{520c40ff-640d-11e0-92ee-001e3391c00f}.TMContainer00000000000000000001.regtrans-ms 524288 bytes
File C:\## aswSnx private storage\snx_rhive{520c40ff-640d-11e0-92ee-001e3391c00f}.TMContainer00000000000000000002.regtrans-ms 524288 bytes
File C:\## aswSnx private storage\webStorage 0 bytes
File C:\## aswSnx private storage\webStorage\attrib 0 bytes
File C:\## aswSnx private storage\webStorage\image 0 bytes
File C:\## aswSnx private storage\webStorage\image\Windows 0 bytes
File C:\## aswSnx private storage\webStorage\image\Windows\Prefetch 0 bytes
File C:\## aswSnx private storage\webStorage\image\Windows\Prefetch\CONHOST.EXE-3218E401.pf 19122 bytes
File C:\## aswSnx private storage\webStorage\snx_fs.dat 474 bytes

---- EOF - GMER 1.0.15 ----

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by user at 15:37:09.45 on 11/04/2011
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_23
Microsoft Windows 7 Professional 6.1.7600.0.1252.44.1033.18.1916.441 [GMT -7:00]
.
AV: avast! Internet Security *Enabled/Outdated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Internet Security *Enabled/Outdated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: avast! Internet Security *Enabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Windows\System32\svchost.exe -k Akamai
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\iCall\iCall.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Free Desktop Clock\DesktopClock.exe
C:\Program Files\DAP\DAP.exe
C:\Program Files\Ant.com\IE add-on\AntUpdaterService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\iWin Games\iWinTrusted.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Norton Safe Web Lite\Engine\1.0.1.8\ccSvcHst.exe
C:\Windows\System32\svchost.exe -k HPZ12
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\user\Desktop\dds.scr
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page =
uStart Page = hxxp://www.google.com/
uSearch Bar =
mStart Page = hxxp://www.bigseekpro.com/videodownloadtoolbar/{5E68D1C8-2D01-4604-BB1E-9D1FE5DFE6E6}
uInternet Settings,ProxyOverride = *.local
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: SBCONVERT Class: {3017fb3e-9a77-4396-88c5-0ec9548fb42f} - c:\program files\speedbit video downloader\toolbar\tbcore3.dll
BHO: Ant.com browser helper (video detector): {346fde31-dff9-418a-90c8-ba31dc9ff2ef} - c:\program files\ant.com\ie add-on\Download.dll
BHO: SearchPredictObj Class: {389943b0-c3a2-4e69-82cb-8596a84cb3dc} - c:\progra~1\search~1\SEARCH~1.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: IEHlprObj Class: {8ca5ed52-f3fb-4414-a105-2e3491156990} - c:\program files\iwin games\iWinGamesHookIE.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Norton Safe Web Lite BHO: {f0da78e9-6b60-42fb-bc26-ef2cfb8c8ff3} - c:\program files\norton safe web lite\engine\1.0.1.8\coIEPlg.dll
BHO: Download Accelerator Plus Integration: {ff6c3cf0-4b15-11d1-abed-709549c10000} - c:\progra~1\dap\DAPIEL~1.DLL
BHO: GrabberObj Class: {ff7c3cf0-4b15-11d1-abed-709549c10000} - c:\progra~1\speedb~1\toolbar\grabber.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: SpeedBit Video Downloader: {0329e7d6-6f54-462d-93f6-f5c3118badf2} - c:\program files\speedbit video downloader\toolbar\tbcore3.dll
TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
TB: Norton Safe Web Lite: {30ceeea2-3742-40e4-85dd-812bf1cbb83d} - c:\program files\norton safe web lite\engine\1.0.1.8\coIEPlg.dll
TB: Ant.com Download Toolbar: {2e924f4f-67f0-4bd8-9560-49f468e843d2} - c:\program files\ant.com\ie add-on\AntToolbar.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: {CF745ACA-6FA6-45ED-AB49-E10A0D1870C5} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [SkinClock] c:\program files\free desktop clock\DesktopClock.exe
uRun: [DownloadAccelerator] "c:\program files\dap\DAP.EXE" /STARTUP
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iCall Internet Phone] "c:\program files\icall\iCall.exe" /startup
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: &Clean Traces - c:\program files\dap\privacy package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\dap\dapextie.htm
IE: Download &all with DAP - c:\program files\dap\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~1\office12\ONBttnIE.dll
IE: {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - c:\program files\ant.com\ie add-on\Download.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\dap\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\dap\dapie.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\user\appdata\roaming\mozilla\firefox\profiles\4wlmak4r.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&ai=13054
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=mcafee&p=
FF - component: c:\program files\dap\dapfirefox\components\DAPFireFox.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBook.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBookDB.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpNeoLogger.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSaturn.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSeymour.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartSelect.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartWebPrinting.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSWPOperation.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPLogging.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTC.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTL.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXREStub.dll
FF - component: c:\program files\mozilla firefox\extensions\firefoxextensions@keynote.com\components\FFConnectorLauncher.dll
FF - component: c:\program files\mozilla firefox\extensions\firefoxextensions@keynote.com\components\FFSource.dll
FF - component: c:\program files\speedbit video downloader\spfirefox\components\Engine.dll
FF - component: c:\programdata\norton\{92622aad-05e8-4459-b256-765ce1e929fb}\nst_1.0.1.8\coffnst\components\coFFNST.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\plugins\nphpclipbook.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\windows\system32\npmirage.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Keynote Connector Extension: firefoxextensions@keynote.com - c:\program files\mozilla firefox\extensions\firefoxextensions@keynote.com
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Personas: personas@christopher.beard - %profile%\extensions\personas@christopher.beard
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: 1-Click YouTube Video Downloader: YoutubeDownloader@PeterOlayev.com - %profile%\extensions\YoutubeDownloader@PeterOlayev.com
FF - Ext: SpeedBit Video Downloader: {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - c:\program files\speedbit video downloader\SPFireFox
FF - Ext: Norton Safe Web Lite Toolbar: {203FB6B2-2E1E-4474-863B-4C483ECCE78E} - c:\programdata\norton\{92622aad-05e8-4459-b256-765ce1e929fb}\nst_1.0.1.8\coFFNST
FF - Ext: iWinGames Plugin: {98e34367-8df7-42b4-837b-20b892ff0849} - c:\programdata\iwin games\firefox
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\hp\digital imaging\smart web printing\MozillaAddOn3
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\avast software\avast\webrep\FF
FF - Ext: Download Accelerator Plus (DAP) extension: {F17C1572-C9EC-4e5c-A542-D05CBB5C5A08} - c:\program files\dap\DAPFireFox
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\hp\digital imaging\smart web printing\MozillaAddOn3
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
============= SERVICES / DRIVERS ===============
.
R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [2011-4-10 12112]
R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [2011-4-10 192728]
R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [2011-4-10 101976]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-4-10 371544]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-4-10 301528]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-4-10 19544]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-4-10 53592]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2010-6-8 7168]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
.
=============== Created Last 30 ================
.
2011-04-11 22:36:41 -------- d--h--w- c:\windows\PIF
2011-04-11 22:01:43 -------- d-----w- c:\program files\CCleaner
2011-04-11 07:48:03 189520 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-04-11 06:01:33 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-11 06:01:17 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-11 05:29:53 101976 ----a-w- c:\windows\system32\drivers\aswFW.sys
2011-04-11 05:29:17 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-04-11 05:29:17 192728 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2011-04-11 05:29:16 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-04-11 05:28:10 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys
2011-04-11 05:28:09 40648 ----a-w- c:\windows\avastSS.scr
2011-04-11 05:27:57 -------- d-----w- c:\program files\AVAST Software
2011-04-11 05:27:57 -------- d-----w- c:\progra~2\AVAST Software
2011-04-11 05:04:24 -------- d-----w- c:\users\user\appdata\local\Immunet
2011-04-11 05:04:24 -------- d-----w- c:\progra~2\Immunet
2011-04-11 04:42:16 6084944 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\backup\mpengine.dll
2011-04-11 04:42:12 6792528 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{e71e5a2f-4527-4daa-b099-6d59a18674dd}\mpengine.dll
2011-04-07 00:50:18 -------- d-----w- c:\program files\Living Books
2011-04-07 00:50:13 289280 ----a-w- c:\windows\uninst.exe
2011-03-23 07:23:26 94040 ----a-w- c:\program files\common files\windows live\.cache\32cf4c421cbe92b18\DSETUP.dll
2011-03-23 07:23:26 525656 ----a-w- c:\program files\common files\windows live\.cache\32cf4c421cbe92b18\DXSETUP.exe
2011-03-23 07:23:26 1691480 ----a-w- c:\program files\common files\windows live\.cache\32cf4c421cbe92b18\dsetup32.dll
2011-03-23 07:21:48 -------- d-----w- c:\users\user\appdata\local\Windows Live
2011-03-23 07:18:25 276992 ----a-w- c:\windows\system32\wcncsvc.dll
2011-03-23 07:16:51 850432 ----a-w- c:\windows\system32\sbe.dll
2011-03-23 07:16:51 642048 ----a-w- c:\windows\system32\CPFilters.dll
2011-03-23 07:16:51 534528 ----a-w- c:\windows\system32\EncDec.dll
2011-03-23 07:16:51 199680 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-23 07:16:35 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2011-03-23 07:16:35 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-03-23 07:16:31 2690560 ----a-w- c:\windows\system32\mstscax.dll
2011-03-23 07:16:31 1034240 ----a-w- c:\windows\system32\mstsc.exe
2011-03-15 03:44:38 -------- d-----w- c:\program files\iPod
2011-03-15 03:44:28 -------- d-----w- c:\program files\iTunes
.
==================== Find3M ====================
.
2011-02-14 09:30:55 503808 ----a-w- c:\windows\Data Papers Clock.scr
2011-02-14 09:30:49 606848 ----a-w- c:\windows\flashax.exe
2011-02-14 09:30:49 12288 ----a-w- c:\windows\impborl.dll
2011-02-14 07:51:17 45056 ----a-w- c:\windows\system32\sstunst3.exe
2011-02-14 07:34:12 2262648 ----a-w- c:\windows\system32\Flash9b.ocx
2011-02-03 01:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-02-01 20:14:16 101888 ----a-w- c:\windows\system32\gpkcsp.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7600 Disk: FUJITSU_MHZ2160BH_G1 rev.0040020C -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-0
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x861CE439]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x861d47d0]; MOV EAX, [0x861d484c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x8303D448] -> \Device\Harddisk0\DR0[0x853D9598]
3 CLASSPNP[0x88C0459E] -> ntkrnlpa!IofCallDriver[0x8303D448] -> [0x85CC4900]
5 ACPI[0x838913B2] -> ntkrnlpa!IofCallDriver[0x8303D448] -> \IdeDeviceP0T0L0-0[0x85CC1908]
\Driver\atapi[0x861B4870] -> IRP_MJ_CREATE -> 0x861CE439
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x147; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-0 -> \??\IDE#DiskFUJITSU_MHZ2160BH_G1____________________0040020C#5&38781d8&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user != kernel MBR !!!
sectors 312581806 (+255): user != kernel
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.
.
============= FINISH: 15:40:56.40 ===============

Edited by Glow Of Love, 11 April 2011 - 06:51 PM.


BC AdBot (Login to Remove)

 


#2 heir

heir

  • Malware Response Team
  • 763 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:10 PM

Posted 16 April 2011 - 02:52 PM

:welcome: to BC.

We'll start of with this.

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.


Please also attach the file Attach.txt on your desktop in your reply.

Edited by heir, 16 April 2011 - 03:13 PM.

Please do not PM me asking for support. Post on the forums instead.
Please post the final results, good or bad. We like to know!
Posted Image
Unified Network of Instructors and Trained Eliminators
My help is always free, but if you want to donate to help me continue my fight against malware then click Posted Image


#3 heir

heir

  • Malware Response Team
  • 763 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:10 PM

Posted 23 April 2011 - 02:03 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

Please do not PM me asking for support. Post on the forums instead.
Please post the final results, good or bad. We like to know!
Posted Image
Unified Network of Instructors and Trained Eliminators
My help is always free, but if you want to donate to help me continue my fight against malware then click Posted Image





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users