Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Search Redirects, Script Errors, Sound Clips


  • This topic is locked This topic is locked
3 replies to this topic

#1 DBaker5

DBaker5

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:04:27 PM

Posted 17 May 2011 - 11:54 PM

Hello, my name is David and I have followed several of the other forum posts which seem to have similar problems. It appears that each posts takes a specific resolve based on my system and thus I am posting my information. Thanks in Advance for your help.

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by David Baker at 21:29:24.79 on Tue 05/17/2011
Internet Explorer: 9.0.8112.16421
.
============== Running Processes ===============
.
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [ZumoDrive] c:\program files\hewlett-packard\hp clouddrive\ZumoLauncher.lnk
uRun: [Syncables] c:\program files\hewlett-packard\hp quicksync\QuickSync.exe
mRun: [AmIcoSinglun] c:\program files\amicosinglun\AmIcoSinglun.exe
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [HP Quick Launch] c:\program files\hewlett-packard\hp quick launch\HPMSGSVC.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [ZumoDrive] "c:\program files\hewlett-packard\hp clouddrive\ZumoLauncher.lnk"
mRun: [HPWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\delayedappstarter.exe 120 c:\program files\hewlett-packard\hp wireless assistant\HPWA_Main.exe /hidden
mRun: [IAStorIcon] c:\program files\intel\intel® rapid storage technology\IAStorIcon.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - c:\program files\evernote\evernote3.5\enbar.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
mASetup: {4FB2407C-C8E4-BBC8-BB1C-FCCB2EF5914B} - c:\program files\hewlett-packard\hp media suite\home\HPMediaSuite.exe "/installer"
mASetup: {4FB2AA7C-C8E4-BBC8-BB1C-FAAB2EF5914B} - c:\windows\system32\wscript.exe "c:\program files\hewlett-packard\hp media suite\home\PinItem.vbs"
.
============= SERVICES / DRIVERS ===============
.
R? AVG Security Toolbar Service;AVG Security Toolbar Service
R? b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? MpKsl47bc74b0;MpKsl47bc74b0
R? MpKsl74721035;MpKsl74721035
R? MpKsld8eb7ebd;MpKsld8eb7ebd
R? netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit
R? osppsvc;Office Software Protection Platform
R? SrvHsfHDA;SrvHsfHDA
R? SrvHsfV92;SrvHsfV92
R? SrvHsfWinac;SrvHsfWinac
R? yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller
S? AESTFilters;Andrea ST Filters Service
S? aswFsBlk;aswFsBlk
S? aswMonFlt;aswMonFlt
S? aswSnx;aswSnx
S? aswSP;aswSP
S? avast! Antivirus;avast! Antivirus
S? AVGIDSAgent;AVGIDSAgent
S? AVGIDSDriver;AVGIDSDriver
S? AVGIDSEH;AVGIDSEH
S? AVGIDSFilter;AVGIDSFilter
S? AVGIDSShim;AVGIDSShim
S? Avgldx86;AVG AVI Loader Driver
S? Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield
S? Avgrkx86;AVG Anti-Rootkit Driver
S? Avgtdix;AVG TDI Driver
S? avgwd;AVG WatchDog
S? CbFs;CbFs
S? CinemaNow Service;CinemaNow Service
S? cvhsvc;Client Virtualization Handler
S? DVMIO;DeviceVM IO Service
S? DvmMDES;DeviceVM Meta Data Export Service
S? HP Wireless Assistant Service;HP Wireless Assistant Service
S? HPDrvMntSvc.exe;HP Quick Synchronization Service
S? HPWMISVC;HPWMISVC
S? IAStorDataMgrSvc;Intel® Rapid Storage Technology
S? MpFilter;Microsoft Malware Protection Driver
S? MpKsl131e66ef;MpKsl131e66ef
S? MpKslef3d9bb2;MpKslef3d9bb2
S? MpNWMon;Microsoft Malware Protection Network Driver
S? NisDrv;Microsoft Network Inspection System
S? NisSrv;Microsoft Network Inspection
S? RTL8167;Realtek 8167 NT Driver
S? Sftfs;Sftfs
S? sftlist;Application Virtualization Client
S? Sftplay;Sftplay
S? Sftredir;Sftredir
S? Sftvol;Sftvol
S? sftvsa;Application Virtualization Service Agent
S? vwififlt;Virtual WiFi Filter Driver
.
=============== Created Last 30 ================
.
2011-05-17 04:44:00 28752 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{ae2d5880-2a2c-49fe-ad8f-89852cb3efa4}\MpKslef3d9bb2.sys
2011-05-17 04:42:42 7071056 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{ae2d5880-2a2c-49fe-ad8f-89852cb3efa4}\mpengine.dll
2011-05-16 02:42:19 -------- d-----w- c:\program files\iPod
2011-05-16 02:34:03 -------- d-----w- c:\program files\Bonjour
2011-05-15 17:22:33 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-05-15 17:22:32 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-05-15 17:21:06 40112 ----a-w- c:\windows\avastSS.scr
2011-05-15 17:20:12 -------- d-----w- c:\program files\AVAST Software
2011-05-15 17:20:12 -------- d-----w- c:\progra~2\AVAST Software
2011-05-15 17:12:34 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-11 04:16:47 -------- d-----w- c:\users\davidb~1\appdata\roaming\AVG10
2011-05-11 04:15:24 -------- d--h--w- c:\progra~2\Common Files
2011-05-11 04:15:05 -------- d-----w- c:\progra~2\AVG Security Toolbar
2011-05-11 04:12:01 -------- d-----w- c:\windows\system32\drivers\AVG
2011-05-11 04:12:01 -------- d-----w- c:\progra~2\AVG10
2011-05-11 04:09:50 -------- d-----w- c:\program files\AVG
2011-05-11 04:00:12 -------- d-----w- c:\progra~2\MFAData
2011-05-09 00:42:13 -------- d-----w- c:\windows\system32\SPReview
2011-05-09 00:12:11 7071056 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2011-05-08 18:22:42 -------- d-----w- c:\users\davidb~1\appdata\local\{00E841EA-BA66-4BD8-BA46-21477D140193}
2011-05-08 10:17:42 439632 ------w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{73e3fae6-2cc4-48c6-b848-e814c4afa558}\gapaengine.dll
2011-05-08 10:08:24 -------- d-----w- c:\windows\system32\EventProviders
2011-05-08 10:07:48 -------- d-----w- c:\windows\system32\x64
2011-05-08 10:02:52 -------- d-----w- c:\program files\Microsoft Security Client
2011-05-08 10:02:20 240008 ----a-w- c:\windows\system32\drivers\netio.sys
2011-05-08 09:17:21 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2011-05-06 16:46:01 7071056 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{7ec5b1b2-6607-44c9-8722-77f0167b0928}\mpengine.dll
2011-04-28 16:00:48 -------- d-----w- c:\users\davidb~1\appdata\local\{36B3A18F-2D5B-425B-AE4C-DC693DB0114C}
2011-04-28 15:56:00 31232 ----a-w- c:\windows\system32\prevhost.exe
2011-04-28 15:55:48 143744 ----a-w- c:\windows\system32\drivers\nvstor.sys
2011-04-28 15:55:48 1210240 ----a-w- c:\windows\system32\drivers\ntfs.sys
2011-04-28 15:55:47 80256 ----a-w- c:\windows\system32\drivers\amdsata.sys
2011-04-28 15:55:47 74240 ----a-w- c:\windows\system32\fsutil.exe
2011-04-28 15:55:47 332160 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2011-04-28 15:55:47 22400 ----a-w- c:\windows\system32\drivers\amdxata.sys
2011-04-28 15:55:47 1686016 ----a-w- c:\windows\system32\esent.dll
2011-04-28 15:55:47 146304 ----a-w- c:\windows\system32\drivers\storport.sys
2011-04-28 15:55:47 117120 ----a-w- c:\windows\system32\drivers\nvraid.sys
2011-04-28 15:55:43 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2011-04-28 15:55:42 2614784 ----a-w- c:\windows\explorer.exe
2011-04-26 07:13:25 -------- d-----w- c:\users\davidb~1\appdata\local\LogMeIn
2011-04-26 07:13:25 -------- d-----w- c:\progra~2\LogMeIn
2011-04-22 08:51:31 -------- d-----w- c:\users\davidb~1\appdata\roaming\Malwarebytes
2011-04-22 08:51:16 -------- d-----w- c:\progra~2\Malwarebytes
2011-04-22 08:51:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-22 04:03:35 -------- d-----w- c:\users\davidb~1\appdata\local\{B7B269F2-9BEF-4815-AD25-1259E2EDE22B}
2011-04-22 03:58:19 -------- d-----w- c:\program files\Microsoft
2011-04-22 03:51:17 -------- d-----w- c:\users\davidb~1\appdata\local\Google
2011-04-22 03:17:15 -------- d-sh--w- C:\$RECYCLE.BIN
2011-04-21 04:26:13 -------- d-----w- c:\users\davidb~1\appdata\local\temp
2011-04-21 04:03:47 98816 ----a-w- c:\windows\sed.exe
2011-04-21 04:03:47 89088 ----a-w- c:\windows\MBR.exe
2011-04-21 04:03:47 256512 ----a-w- c:\windows\PEV.exe
2011-04-21 04:03:47 161792 ----a-w- c:\windows\SWREG.exe
2011-04-21 03:47:24 -------- d-----w- C:\temp
2011-04-20 21:33:26 -------- d-----w- c:\users\davidb~1\appdata\local\{5F09927E-07B2-468F-993A-16FF4B9F4CF0}
2011-04-20 05:31:40 -------- d-----w- c:\users\davidb~1\appdata\local\{5F7B6CB3-8FAC-4580-BD32-81107AADB2F9}
.
==================== Find3M ====================
.
2011-04-06 23:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 23:20:16 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2011-04-06 23:20:16 197920 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 23:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-03-11 05:40:24 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-11 05:40:24 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-03-08 05:38:13 740864 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-03 05:29:23 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-03-03 05:27:30 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-03-03 03:31:32 2331136 ----a-w- c:\windows\system32\win32k.sys
2011-02-24 05:32:52 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-19 05:33:11 802304 ----a-w- c:\windows\system32\FntCache.dll
2011-02-19 05:32:48 1074176 ----a-w- c:\windows\system32\DWrite.dll
2011-02-19 05:32:35 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-02-19 05:32:08 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-02-19 03:37:02 294912 ----a-w- c:\windows\system32\atmfd.dll
2011-02-18 23:36:58 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
.
============= FINISH: 21:45:35.54 ===============

.
==== Installed Programs ======================
.
Acrobat.com
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.4.4 MUI
Adobe Shockwave Player 11.5
Alcor Micro USB Card Reader
Apple Application Support
Apple Mobile Device Support
Apple Software Update
avast! Free Antivirus
AVG 2011
Bejeweled 2 Deluxe
Bonjour
Broadcom 802.11 Wireless LAN Adapter
Chuzzle Deluxe
CinemaNow Media Manager
CyberLink DVD Suite
D3DX10
Diner Dash 2 Restaurant Rescue
Dream Chronicles
Energy Star Digital Logo
ESU for Microsoft Windows 7
Evernote
FATE
HP CloudDrive
HP Customer Experience Enhancements
HP Documentation
HP Game Console
HP Games
HP HomeBase
HP Media Suite CinemaNow
HP Power Manager
HP Quick Launch
HP QuickSync
HP QuickWeb Installer
HP Setup
HP Software Framework
HP Wireless Assistant
HPAsset component for HP Active Support Library
IDT Audio
Insaniquarium Deluxe
Intel® Graphics Media Accelerator Driver
Intel® Rapid Storage Technology
iTunes
Java Auto Updater
Java™ 6 Update 24
Jewel Quest - Heritage
Jewel Quest II
Jewel Quest Solitaire
JoJo's Fashion Show
Junk Mail filter update
Mahjongg Artifacts
Malwarebytes' Anti-Malware
Microsoft .NET Framework 4 Client Profile
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft WSE 3.0 Runtime
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Penguins!
Plants vs. Zombies
Polar Bowler
Power2Go
QuickTime
Realtek Ethernet Controller Driver For Windows 7
Recovery Manager
Roxio CinemaNow 2.0
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Skip-Bo - Castaway Caper
Slingo Deluxe
Synaptics Pointing Device Driver
Tradewinds Legends
Virtual Villagers - The Secret City
Wedding Dash
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Zuma Deluxe
.
==== End Of File ===========================

GMER 1.0.15.15627 - http://www.gmer.net
Rootkit scan 2011-05-16 23:09:03
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 ST925041 rev.0006
Running: gmer.exe; Driver: C:\Users\DAVIDB~1\AppData\Local\Temp\uwldquod.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x8A84C202]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x8B109CB2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x8A84E81C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x8A84E874]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x8A84E98A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x8A84E772]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x8A84E8C4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x8A84E7C6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x8A84E938]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x8A84C226]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x8B109D62]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x8A84BFF0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x8A84C24A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x8A84ED82]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x8A84CCDA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x8A84E84C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x8A84E89C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x8A84E9B4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x8A84E79E]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xA7BAC7A0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x8A84E904]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x8A84E7F4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x8A84E962]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x8B109DFA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x8A84CBA0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x8A84C26E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x8A84C292]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x8A84C04A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x8A84C186]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x8A84C162]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x8A84C1AA]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xA7BAC848]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xA7BAC8E4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x8A84C2B6]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xA7BAC980]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8B11F902]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13BD 81A85589 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 81AAA092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 214 81AB1824 4 Bytes [02, C2, 84, 8A]
.text ntkrnlpa.exe!RtlSidHashLookup + 23C 81AB184C 4 Bytes [B2, 9C, 10, 8B]
.text ntkrnlpa.exe!RtlSidHashLookup + 2F0 81AB1900 8 Bytes [1C, E8, 84, 8A, 74, E8, 84, ...] {SBB AL, 0xe8; TEST [EDX-0x757b178c], CL}
.text ntkrnlpa.exe!RtlSidHashLookup + 2FC 81AB190C 4 Bytes [8A, E9, 84, 8A]
.text ntkrnlpa.exe!RtlSidHashLookup + 318 81AB1928 4 Bytes [72, E7, 84, 8A]
.text ...
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 81C4B2CB 5 Bytes JMP 8B11B2BE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject + 27 81C65003 5 Bytes JMP 8B11CD74 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108 81CAF5CA 4 Bytes CALL 8A84D34B \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122 81CB76A5 4 Bytes CALL 8A84D361 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 81D1D2F4 7 Bytes JMP 8B11F906 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
? c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CCB3D817-409C-40BD-BE02-D2C7B1E6635C}\MpKsl131e66ef.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\Explorer.EXE[112] ntdll.dll!LdrUnloadDll 7734BEAF 5 Bytes JMP 000603FC
.text C:\Windows\Explorer.EXE[112] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 000601F8
.text C:\Windows\Explorer.EXE[112] kernel32.dll!GetBinaryTypeW + 70 75F77984 1 Byte [62]
.text C:\Windows\Explorer.EXE[112] USER32.dll!UnhookWindowsHookEx 7623CC7B 5 Bytes JMP 00150A08
.text C:\Windows\Explorer.EXE[112] USER32.dll!UnhookWinEvent 7623D924 5 Bytes JMP 001503FC
.text C:\Windows\Explorer.EXE[112] USER32.dll!SetWindowsHookExW 7624210A 5 Bytes JMP 00150804
.text C:\Windows\Explorer.EXE[112] USER32.dll!SetWinEventHook 7624507E 5 Bytes JMP 001501F8
.text C:\Windows\Explorer.EXE[112] USER32.dll!SetWindowsHookExA 76266DFA 5 Bytes JMP 00150600
.text C:\Windows\Explorer.EXE[112] WININET.dll!HttpAddRequestHeadersA 76AB1B9C 5 Bytes JMP 002118D5
.text C:\Windows\Explorer.EXE[112] WININET.dll!HttpAddRequestHeadersW 76AFF7A8 5 Bytes JMP 00211A9D
.text C:\Windows\system32\svchost.exe[232] ntdll.dll!LdrUnloadDll 7734BEAF 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[232] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[232] kernel32.dll!GetBinaryTypeW + 70 75F77984 1 Byte [62]
.text C:\Windows\system32\svchost.exe[232] USER32.dll!UnhookWindowsHookEx 7623CC7B 5 Bytes JMP 00180A08
.text C:\Windows\system32\svchost.exe[232] USER32.dll!UnhookWinEvent 7623D924 5 Bytes JMP 001803FC
.text C:\Windows\system32\svchost.exe[232] USER32.dll!SetWindowsHookExW 7624210A 5 Bytes JMP 00180804
.text C:\Windows\system32\svchost.exe[232] USER32.dll!SetWinEventHook 7624507E 5 Bytes JMP 001801F8
.text C:\Windows\system32\svchost.exe[232] USER32.dll!SetWindowsHookExA 76266DFA 5 Bytes JMP 00180600
.text C:\Windows\system32\csrss.exe[600] kernel32.dll!GetBinaryTypeW + 70 75F77984 1 Byte [62]
.text C:\Windows\System32\spoolsv.exe[652] ntdll.dll!LdrUnloadDll 7734BEAF 5 Bytes JMP 000603FC
.text C:\Windows\System32\spoolsv.exe[652] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 000601F8
.text C:\Windows\System32\spoolsv.exe[652] kernel32.dll!GetBinaryTypeW + 70 75F77984 1 Byte [62]
.text C:\Windows\System32\spoolsv.exe[652] USER32.dll!UnhookWindowsHookEx 7623CC7B 5 Bytes JMP 00100A08
.text C:\Windows\System32\spoolsv.exe[652] USER32.dll!UnhookWinEvent 7623D924 5 Bytes JMP 001003FC
.text C:\Windows\System32\spoolsv.exe[652] USER32.dll!SetWindowsHookExW 7624210A 5 Bytes JMP 00100804
.text C:\Windows\System32\spoolsv.exe[652] USER32.dll!SetWinEventHook 7624507E 5 Bytes JMP 001001F8
.text C:\Windows\System32\spoolsv.exe[652] USER32.dll!SetWindowsHookExA 76266DFA 5 Bytes JMP 00100600
.text C:\Windows\system32\wininit.exe[748] ntdll.dll!LdrUnloadDll 7734BEAF 5 Bytes JMP 000303FC
.text C:\Windows\system32\wininit.exe[748] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 000301F8
.text C:\Windows\system32\wininit.exe[748] kernel32.dll!GetBinaryTypeW + 70 75F77984 1 Byte [62]
.text C:\Windows\system32\wininit.exe[748] USER32.dll!UnhookWindowsHookEx 7623CC7B 5 Bytes JMP 00050A08
.text C:\Windows\system32\wininit.exe[748] USER32.dll!UnhookWinEvent 7623D924 5 Bytes JMP 000503FC
.text C:\Windows\system32\wininit.exe[748] USER32.dll!SetWindowsHookExW 7624210A 5 Bytes JMP 00050804
.text C:\Windows\system32\wininit.exe[748] USER32.dll!SetWinEventHook 7624507E 5 Bytes JMP 000501F8
.text C:\Windows\system32\wininit.exe[748] USER32.dll!SetWindowsHookExA 76266DFA 5 Bytes JMP 00050600
.text C:\Windows\system32\csrss.exe[756] kernel32.dll!GetBinaryTypeW + 70 75F77984 1 Byte [62]
.text C:\Windows\system32\winlogon.exe[816] ntdll.dll!LdrUnloadDll 7734BEAF 5 Bytes JMP 000303FC
.text C:\Windows\system32\winlogon.exe[816] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 000301F8
.text C:\Windows\system32\winlogon.exe[816] kernel32.dll!GetBinaryTypeW + 70 75F77984 1 Byte [62]
.text C:\Windows\system32\winlogon.exe[816] USER32.dll!UnhookWindowsHookEx 7623CC7B 5 Bytes JMP 000C0A08
.text C:\Windows\system32\winlogon.exe[816] USER32.dll!UnhookWinEvent 7623D924 5 Bytes JMP 000C03FC
.text C:\Windows\system32\winlogon.exe[816] USER32.dll!SetWindowsHookExW 7624210A 5 Bytes JMP 000C0804
.text C:\Windows\system32\winlogon.exe[816] USER32.dll!SetWinEventHook 7624507E 5 Bytes JMP 000C01F8
.text C:\Windows\system32\winlogon.exe[816] USER32.dll!SetWindowsHookExA 76266DFA 5 Bytes JMP 000C0600
.text C:\Windows\system32\services.exe[840] ntdll.dll!LdrUnloadDll 7734BEAF 5 Bytes JMP 000603FC
.text C:\Windows\system32\services.exe[840] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 000601F8
.text C:\Windows\system32\services.exe[840] kernel32.dll!GetBinaryTypeW + 70 75F77984 1 Byte [62]
.text C:\Windows\system32\lsass.exe[864] ntdll.dll!LdrUnloadDll 7734BEAF 5 Bytes JMP 000603FC
.text C:\Windows\system32\lsass.exe[864] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 000601F8
.text C:\Windows\system32\lsass.exe[864] kernel32.dll!GetBinaryTypeW + 70 75F77984 1 Byte [62]
.text C:\Windows\system32\lsm.exe[872] ntdll.dll!LdrUnloadDll 7734BEAF 5 Bytes JMP 000A03FC
.text C:\Windows\system32\lsm.exe[872] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 000A01F8
.text C:\Windows\system32\lsm.exe[872] kernel32.dll!GetBinaryTypeW + 70 75F77984 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1004] ntdll.dll!LdrUnloadDll 7734BEAF 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[1004] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[1004] kernel32.dll!GetBinaryTypeW + 70 75F77984 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1112] ntdll.dll!LdrUnloadDll 7734BEAF 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[1112] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[1112] kernel32.dll!GetBinaryTypeW + 70 75F77984 1 Byte [62]
.text c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1172] ntdll.dll!LdrUnloadDll 7734BEAF 5 Bytes JMP 000A03FC
.text c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1172] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 000A01F8
.text c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1172] kernel32.dll!GetBinaryTypeW + 70 75F77984 1 Byte [62]
.text c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1172] USER32.dll!UnhookWindowsHookEx 7623CC7B 5 Bytes JMP 00130A08
.text c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1172] USER32.dll!UnhookWinEvent 7623D924 5 Bytes JMP 001303FC
.text c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1172] USER32.dll!SetWindowsHookExW 7624210A 5 Bytes JMP 00130804
.text c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1172] USER32.dll!SetWinEventHook 7624507E 5 Bytes JMP 001301F8
.text c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1172] USER32.dll!SetWindowsHookExA 76266DFA 5 Bytes JMP 00130600
.text C:\Windows\System32\svchost.exe[1276] ntdll.dll!LdrUnloadDll 7734BEAF 5 Bytes JMP 000603FC
.text C:\Windows\System32\svchost.exe[1276] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 000601F8
.text C:\Windows\System32\svchost.exe[1276] kernel32.dll!GetBinaryTypeW + 70 75F77984 1 Byte [62]
.text C:\Windows\System32\svchost.exe[1276] USER32.dll!UnhookWindowsHookEx 7623CC7B 5 Bytes JMP 00360A08
.text C:\Windows\System32\svchost.exe[1276] USER32.dll!UnhookWinEvent 7623D924 5 Bytes JMP 003603FC
.text C:\Windows\System32\svchost.exe[1276] USER32.dll!SetWindowsHookExW 7624210A 5 Bytes JMP 00360804
.text C:\Windows\System32\svchost.exe[1276] USER32.dll!SetWinEventHook 7624507E 5 Bytes JMP 003601F8
.text C:\Windows\System32\svchost.exe[1276] USER32.dll!SetWindowsHookExA 76266DFA 5 Bytes JMP 00360600
.text C:\Windows\System32\svchost.exe[1324] ntdll.dll!LdrUnloadDll 7734BEAF 5 Bytes JMP 000603FC
.text C:\Windows\System32\svchost.exe[1324] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 000601F8
.text C:\Windows\System32\svchost.exe[1324] kernel32.dll!GetBinaryTypeW + 70 75F77984 1 Byte [62]
.text C:\Windows\System32\svchost.exe[1324] USER32.dll!UnhookWindowsHookEx 7623CC7B 5 Bytes JMP 002E0A08
.text C:\Windows\System32\svchost.exe[1324] USER32.dll!UnhookWinEvent 7623D924 5 Bytes JMP 002E03FC
.text C:\Windows\System32\svchost.exe[1324] USER32.dll!SetWindowsHookExW 7624210A 5 Bytes JMP 002E0804
.text C:\Windows\System32\svchost.exe[1324] USER32.dll!SetWinEventHook 7624507E 5 Bytes JMP 002E01F8
.text C:\Windows\System32\svchost.exe[1324] USER32.dll!SetWindowsHookExA 76266DFA 5 Bytes JMP 002E0600
.text C:\Windows\system32\svchost.exe[1380] ntdll.dll!LdrUnloadDll 7734BEAF 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[1380] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[1380] kernel32.dll!GetBinaryTypeW + 70 75F77984 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1380] USER32.dll!UnhookWindowsHookEx 7623CC7B 5 Bytes JMP 00DF0A08
.text C:\Windows\system32\svchost.exe[1380] USER32.dll!UnhookWinEvent 7623D924 5 Bytes JMP 00DF03FC
.text C:\Windows\system32\svchost.exe[1380] USER32.dll!SetWindowsHookExW 7624210A 5 Bytes JMP 00DF0804
.text C:\Windows\system32\svchost.exe[1380] USER32.dll!SetWinEventHook 7624507E 5 Bytes JMP 00DF01F8
.text C:\Windows\system32\svchost.exe[1380] USER32.dll!SetWindowsHookExA 76266DFA 5 Bytes JMP 00DF0600
.text C:\Program Files\IDT\WDM\STacSV.exe[1436] ntdll.dll!LdrUnloadDll 7734BEAF 5 Bytes JMP 001603FC
.text C:\Program Files\IDT\WDM\STacSV.exe[1436] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 001601F8
.text C:\Program Files\IDT\WDM\STacSV.exe[1436] kernel32.dll!GetBinaryTypeW + 70 75F77984 1 Byte [62]
.text C:\Program Files\IDT\WDM\STacSV.exe[1436] USER32.dll!UnhookWindowsHookEx 7623CC7B 5 Bytes JMP 00190A08
.text C:\Program Files\IDT\WDM\STacSV.exe[1436] USER32.dll!UnhookWinEvent 7623D924 5 Bytes JMP 001903FC
.text C:\Program Files\IDT\WDM\STacSV.exe[1436] USER32.dll!SetWindowsHookExW 7624210A 5 Bytes JMP 00190804
.text C:\Program Files\IDT\WDM\STacSV.exe[1436] USER32.dll!SetWinEventHook 7624507E 5 Bytes JMP 001901F8
.text C:\Program Files\IDT\WDM\STacSV.exe[1436] USER32.dll!SetWindowsHookExA 76266DFA 5 Bytes JMP 00190600
.text C:\Windows\system32\svchost.exe[1656] ntdll.dll!LdrUnloadDll 7734BEAF 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[1656] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[1656] kernel32.dll!GetBinaryTypeW + 70 75F77984 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1656] USER32.dll!UnhookWindowsHookEx 7623CC7B 5 Bytes JMP 002D0A08
.text C:\Windows\system32\svchost.exe[1656] USER32.dll!UnhookWinEvent 7623D924 5 Bytes JMP 002D03FC
.text C:\Windows\system32\svchost.exe[1656] USER32.dll!SetWindowsHookExW 7624210A 5 Bytes JMP 002D0804
.text C:\Windows\system32\svchost.exe[1656] USER32.dll!SetWinEventHook 7624507E 5 Bytes JMP 002D01F8
.text C:\Windows\system32\svchost.exe[1656] USER32.dll!SetWindowsHookExA 76266DFA 5 Bytes JMP 002D0600
.text C:\Windows\system32\svchost.exe[1780] ntdll.dll!LdrUnloadDll 7734BEAF 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[1780] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[1780] kernel32.dll!GetBinaryTypeW + 70 75F77984 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1780] USER32.dll!UnhookWindowsHookEx 7623CC7B 5 Bytes JMP 00340A08
.text C:\Windows\system32\svchost.exe[1780] USER32.dll!UnhookWinEvent 7623D924 5 Bytes JMP 003403FC
.text C:\Windows\system32\svchost.exe[1780] USER32.dll!SetWindowsHookExW 7624210A 5 Bytes JMP 00340804
.text C:\Windows\system32\svchost.exe[1780] USER32.dll!SetWinEventHook 7624507E 5 Bytes JMP 003401F8
.text C:\Windows\system32\svchost.exe[1780] USER32.dll!SetWindowsHookExA 76266DFA 5 Bytes JMP 00340600
.text C:\Windows\system32\WLANExt.exe[1868] ntdll.dll!LdrUnloadDll 7734BEAF 5 Bytes JMP 000603FC
.text C:\Windows\system32\WLANExt.exe[1868] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 000601F8
.text C:\Windows\system32\WLANExt.exe[1868] kernel32.dll!GetBinaryTypeW + 70 75F77984 1 Byte [62]
.text C:\Windows\system32\WLANExt.exe[1868] USER32.dll!UnhookWindowsHookEx 7623CC7B 5 Bytes JMP 000A0A08
.text C:\Windows\system32\WLANExt.exe[1868] USER32.dll!UnhookWinEvent 7623D924 5 Bytes JMP 000A03FC
.text C:\Windows\system32\WLANExt.exe[1868] USER32.dll!SetWindowsHookExW 7624210A 5 Bytes JMP 000A0804
.text C:\Windows\system32\WLANExt.exe[1868] USER32.dll!SetWinEventHook 7624507E 5 Bytes JMP 000A01F8
.text C:\Windows\system32\WLANExt.exe[1868] USER32.dll!SetWindowsHookExA 76266DFA 5 Bytes JMP 000A0600
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1876] kernel32.dll!SetUnhandledExceptionFilter 75F63162 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1876] kernel32.dll!GetBinaryTypeW + 70 75F77984 1 Byte [62]
.text C:\Windows\system32\conhost.exe[1884] ntdll.dll!LdrUnloadDll 7734BEAF 5 Bytes JMP 000303FC
.text C:\Windows\system32\conhost.exe[1884] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 000301F8
.text C:\Windows\system32\conhost.exe[1884] kernel32.dll!GetBinaryTypeW + 70 75F77984 1 Byte [62]
.text C:\Windows\system32\conhost.exe[1884] USER32.dll!UnhookWindowsHookEx 7623CC7B 5 Bytes JMP 00050A08
.text C:\Windows\system32\conhost.exe[1884] USER32.dll!UnhookWinEvent 7623D924 5 Bytes JMP 000503FC
.text C:\Windows\system32\conhost.exe[1884] USER32.dll!SetWindowsHookExW 7624210A 5 Bytes JMP 00050804
.text C:\Windows\system32\conhost.exe[1884] USER32.dll!SetWinEventHook 7624507E 5 Bytes JMP 000501F8
.text C:\Windows\system32\conhost.exe[1884] USER32.dll!SetWindowsHookExA 76266DFA 5 Bytes JMP 00050600
.text C:\Windows\system32\taskhost.exe[1920] ntdll.dll!LdrUnloadDll 7734BEAF 5 Bytes JMP 000503FC
.text C:\Windows\system32\taskhost.exe[1920] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 000501F8
.text C:\Windows\system32\taskhost.exe[1920] kernel32.dll!GetBinaryTypeW + 70 75F77984 1 Byte [62]
.text C:\Windows\system32\taskhost.exe[1920] USER32.dll!UnhookWindowsHookEx 7623CC7B 5 Bytes JMP 000E0A08
.text C:\Windows\system32\taskhost.exe[1920] USER32.dll!UnhookWinEvent 7623D924 5 Bytes JMP 000E03FC
.text C:\Windows\system32\taskhost.exe[1920] USER32.dll!SetWindowsHookExW 7624210A 5 Bytes JMP 000E0804
.text C:\Windows\system32\taskhost.exe[1920] USER32.dll!SetWinEventHook 7624507E 5 Bytes JMP 000E01F8
.text C:\Windows\system32\taskhost.exe[1920] USER32.dll!SetWindowsHookExA 76266DFA 5 Bytes JMP 000E0600
.text C:\Program Files\iPod\bin\iPodService.exe[2024] ntdll.dll!LdrUnloadDll 7734BEAF 5 Bytes JMP 001603FC
.text C:\Program Files\iPod\bin\iPodService.exe[2024] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 001601F8
.text C:\Program Files\iPod\bin\iPodService.exe[2024] kernel32.dll!GetBinaryTypeW + 70 75F77984 1 Byte [62]
.text C:\Program Files\iPod\bin\iPodService.exe[2024] USER32.dll!UnhookWindowsHookEx 7623CC7B 5 Bytes JMP 00190A08
.text C:\Program Files\iPod\bin\iPodService.exe[2024] USER32.dll!UnhookWinEvent 7623D924 5 Bytes JMP 001903FC
.text C:\Program Files\iPod\bin\iPodService.exe[2024] USER32.dll!SetWindowsHookExW 7624210A 5 Bytes JMP 00190804
.text C:\Program Files\iPod\bin\iPodService.exe[2024] USER32.dll!SetWinEventHook 7624507E 5 Bytes JMP 001901F8
.text C:\Program Files\iPod\bin\iPodService.exe[2024] USER32.dll!SetWindowsHookExA 76266DFA 5 Bytes JMP 00190600
.text C:\Windows\system32\Dwm.exe[2036] ntdll.dll!LdrUnloadDll 7734BEAF 5 Bytes JMP 000603FC
.text C:\Windows\system32\Dwm.exe[2036] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 000601F8
.text C:\Windows\system32\Dwm.exe[2036] kernel32.dll!GetBinaryTypeW + 70 75F77984 1 Byte [62]
.text C:\Windows\system32\Dwm.exe[2036] USER32.dll!UnhookWindowsHookEx 7623CC7B 5 Bytes JMP 000F0A08
.text C:\Windows\system32\Dwm.exe[2036] USER32.dll!UnhookWinEvent 7623D924 5 Bytes JMP 000F03FC
.text C:\Windows\system32\Dwm.exe[2036] USER32.dll!SetWindowsHookExW 7624210A 5 Bytes JMP 000F0804
.text C:\Windows\system32\Dwm.exe[2036] USER32.dll!SetWinEventHook 7624507E 5 Bytes JMP 000F01F8
.text C:\Windows\system32\Dwm.exe[2036] USER32.dll!SetWindowsHookExA 76266DFA 5 Bytes JMP 000F0600
.text C:\Program Files\IDT\WDM\aestsrv.exe[2136] ntdll.dll!LdrUnloadDll 7734BEAF 5 Bytes JMP 001603FC
.text C:\Program Files\IDT\WDM\aestsrv.exe[2136] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 001601F8
.text C:\Program Files\IDT\WDM\aestsrv.exe[2136] kernel32.dll!GetBinaryTypeW + 70 75F77984 1 Byte [62]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2172] ntdll.dll!LdrUnloadDll 7734BEAF 5 Bytes JMP 000603FC
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2172] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 000601F8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2172] kernel32.dll!GetBinaryTypeW + 70 75F77984 1 Byte [62]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2172] USER32.dll!UnhookWindowsHookEx 7623CC7B 5 Bytes JMP 00100A08
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2172] USER32.dll!UnhookWinEvent 7623D924 5 Bytes JMP 001003FC
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2172] USER32.dll!SetWindowsHookExW 7624210A 5 Bytes JMP 00100804
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2172] USER32.dll!SetWinEventHook 7624507E 5 Bytes JMP 001001F8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2172] USER32.dll!SetWindowsHookExA 76266DFA 5 Bytes JMP 00100600
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[2212] ntdll.dll!LdrUnloadDll 7734BEAF 5 Bytes JMP 000603FC
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[2212] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 000601F8
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[2212] kernel32.dll!GetBinaryTypeW + 70 75F77984 1 Byte [62]
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[2212] USER32.dll!UnhookWindowsHookEx 7623CC7B 5 Bytes JMP 00100A08
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[2212] USER32.dll!UnhookWinEvent 7623D924 5 Bytes JMP 001003FC
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[2212] USER32.dll!SetWindowsHookExW 7624210A 5 Bytes JMP 00100804
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[2212] USER32.dll!SetWinEventHook 7624507E 5 Bytes JMP 001001F8
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[2212] USER32.dll!SetWindowsHookExA 76266DFA 5 Bytes JMP 00100600
.text C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe[2256] ntdll.dll!LdrUnloadDll 7734BEAF 5 Bytes JMP 000603FC
.text C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe[2256] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 000601F8
.text C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe[2256] kernel32.dll!GetBinaryTypeW + 70 75F77984 1 Byte [62]
.text C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe[2256] USER32.dll!UnhookWindowsHookEx 7623CC7B 5 Bytes JMP 000F0A08
.text C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe[2256] USER32.dll!UnhookWinEvent 7623D924 5 Bytes JMP 000F03FC
.text C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe[2256] USER32.dll!SetWindowsHookExW 7624210A 5 Bytes JMP 000F0804
.text C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe[2256] USER32.dll!SetWinEventHook 7624507E 5 Bytes JMP 000F01F8
.text C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe[2256] USER32.dll!SetWindowsHookExA 76266DFA 5 Bytes JMP 000F0600
.text c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe[2288] ntdll.dll!LdrUnloadDll 7734BEAF 5 Bytes JMP 000903FC
.text c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe[2288] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 000901F8
.text c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe[2288] kernel32.dll!GetBinaryTypeW + 70 75F77984 1 Byte [62]
.text c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe[2288] USER32.dll!UnhookWindowsHookEx 7623CC7B 5 Bytes JMP 00130A08
.text c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe[2288] USER32.dll!UnhookWinEvent 7623D924 5 Bytes JMP 001303FC
.text c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe[2288] USER32.dll!SetWindowsHookExW 7624210A 5 Bytes JMP 00130804
.text c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe[2288] USER32.dll!SetWinEventHook 7624507E 5 Bytes JMP 001301F8
.text c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe[2288] USER32.dll!SetWindowsHookExA 76266DFA 5 Bytes JMP 00130600
.text C:\SwSetup\HPQWMM\QuickWeb\QW.SYS\config\DVMExportService.exe[2300] ntdll.dll!LdrUnloadDll 7734BEAF 5 Bytes JMP 001603FC
.text C:\SwSetup\HPQWMM\QuickWeb\QW.SYS\config\DVMExportService.exe[2300] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 001601F8
.text C:\SwSetup\HPQWMM\QuickWeb\QW.SYS\config\DVMExportService.exe[2300] kernel32.dll!GetBinaryTypeW + 70 75F77984 1 Byte [62]
.text C:\SwSetup\HPQWMM\QuickWeb\QW.SYS\config\DVMExportService.exe[2300] USER32.dll!UnhookWindowsHookEx 7623CC7B 5 Bytes JMP 002F0A08
.text C:\SwSetup\HPQWMM\QuickWeb\QW.SYS\config\DVMExportService.exe[2300] USER32.dll!UnhookWinEvent 7623D924 5 Bytes JMP 002F03FC
.text C:\SwSetup\HPQWMM\QuickWeb\QW.SYS\config\DVMExportService.exe[2300] USER32.dll!SetWindowsHookExW 7624210A 5 Bytes JMP 002F0804
.text C:\SwSetup\HPQWMM\QuickWeb\QW.SYS\config\DVMExportService.exe[2300] USER32.dll!SetWinEventHook 7624507E 5 Bytes JMP 002F01F8
.text C:\SwSetup\HPQWMM\QuickWeb\QW.SYS\config\DVMExportService.exe[2300] USER32.dll!SetWindowsHookExA 76266DFA 5 Bytes JMP 002F0600
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[2320] KERNEL32.dll!GetBinaryTypeW + 70 75F77984 1 Byte [62]
.text C:\Windows\system32\svchost.exe[2364] ntdll.dll!LdrUnloadDll 7734BEAF 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[2364] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[2364] kernel32.dll!GetBinaryTypeW + 70 75F77984 1 Byte [62]
.text C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe[2404] ntdll.dll!LdrUnloadDll 7734BEAF 5 Bytes JMP 000603FC
.text C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe[2404] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 000601F8
.text C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe[2404] kernel32.dll!GetBinaryTypeW + 70 75F77984 1 Byte [62]
.text C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe[2404] USER32.dll!UnhookWindowsHookEx 7623CC7B 5 Bytes JMP 000F0A08
.text C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe[2404] USER32.dll!UnhookWinEvent 7623D924 5 Bytes JMP 000F03FC
.text C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe[2404] USER32.dll!SetWindowsHookExW 7624210A 5 Bytes JMP 000F0804
.text C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe[2404] USER32.dll!SetWinEventHook 7624507E 5 Bytes JMP 000F01F8
.text C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe[2404] USER32.dll!SetWindowsHookExA 76266DFA 5 Bytes JMP 000F0600
.text C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2428] ntdll.dll!LdrUnloadDll 7734BEAF 5 Bytes JMP 000603FC
.text C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2428] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 000601F8
.text C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2428] kernel32.dll!GetBinaryTypeW + 70 75F77984 1 Byte [62]
.text C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2428] USER32.dll!UnhookWindowsHookEx 7623CC7B 5 Bytes JMP 00080A08
.text C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2428] USER32.dll!UnhookWinEvent 7623D924 5 Bytes JMP 000803FC
.text C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2428] USER32.dll!SetWindowsHookExW 7624210A 5 Bytes JMP 00080804
.text C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2428] USER32.dll!SetWinEventHook 7624507E 5 Bytes JMP 000801F8
.text C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2428] USER32.dll!SetWindowsHookExA 76266DFA 5 Bytes JMP 00080600
.text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[2672] ntdll.dll!LdrUnloadDll 7734BEAF 5 Bytes JMP 000603FC
.text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[2672] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 000601F8
.text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[2672] kernel32.dll!GetBinaryTypeW + 70 75F77984 1 Byte [62]
.text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[2672] USER32.dll!UnhookWindowsHookEx 7623CC7B 5 Bytes JMP 00090A08
.text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[2672] USER32.dll!UnhookWinEvent 7623D924 5 Bytes JMP 000903FC
.text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[2672] USER32.dll!SetWindowsHookExW 7624210A 5 Bytes JMP 00090804
.text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[2672] USER32.dll!SetWinEventHook 7624507E 5 Bytes JMP 000901F8
.text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[2672] USER32.dll!SetWindowsHookExA 76266DFA 5 Bytes JMP 00090600
.text C:\Windows\system32\svchost.exe[2708] ntdll.dll!LdrUnloadDll 7734BEAF 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[2708] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[2708] kernel32.dll!GetBinaryTypeW + 70 75F77984 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2760] ntdll.dll!LdrUnloadDll 7734BEAF 5 Bytes JMP 000603FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2760] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 000601F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2760] kernel32.dll!GetBinaryTypeW + 70 75F77984 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2760] USER32.dll!UnhookWindowsHookEx 7623CC7B 5 Bytes JMP 00090A08
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2760] USER32.dll!UnhookWinEvent 7623D924 5 Bytes JMP 000903FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2760] USER32.dll!SetWindowsHookExW 7624210A 5 Bytes JMP 00090804
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2760] USER32.dll!SetWinEventHook 7624507E 5 Bytes JMP 000901F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2760] USER32.dll!SetWindowsHookExA 76266DFA 5 Bytes JMP 00090600
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[2816] KERNEL32.dll!GetBinaryTypeW + 70 75F77984 1 Byte [62]
.text C:\Users\David Baker\Downloads\gmer\gmer.exe[2856] kernel32.dll!GetBinaryTypeW + 70 75F77984 1 Byte [62]
.text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[2932] ntdll.dll!LdrUnloadDll 7734BEAF 5 Bytes JMP 000603FC
.text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[2932] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 000601F8
.text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[2932] kernel32.dll!GetBinaryTypeW + 70 75F77984 1 Byte [62]
.text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[2932] USER32.dll!UnhookWindowsHookEx 7623CC7B 5 Bytes JMP 001F0A08
.text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[2932] USER32.dll!UnhookWinEvent 7623D924 5 Bytes JMP 001F03FC
.text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[2932] USER32.dll!SetWindowsHookExW 7624210A 5 Bytes JMP 001F0804
.text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[2932] USER32.dll!SetWinEventHook 7624507E 5 Bytes JMP 001F01F8
.text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[2932] USER32.dll!SetWindowsHookExA 76266DFA 5 Bytes JMP 001F0600
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3108] ntdll.dll!LdrUnloadDll 7734BEAF 5 Bytes JMP 000603FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3108] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 000601F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3108] kernel32.dll!GetBinaryTypeW + 70 75F77984 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3108] USER32.dll!UnhookWindowsHookEx 7623CC7B 5 Bytes JMP 00090A08
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3108] USER32.dll!UnhookWinEvent 7623D924 5 Bytes JMP 000903FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3108] USER32.dll!SetWindowsHookExW 7624210A 5 Bytes JMP 00090804
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3108] USER32.dll!SetWinEventHook 7624507E 5 Bytes JMP 000901F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3108] USER32.dll!SetWindowsHookExA 76266DFA 5 Bytes JMP 00090600
.text C:\Windows\system32\AUDIODG.EXE[3192] kernel32.dll!GetBinaryTypeW + 70 75F77984 1 Byte [62]
.text C:\Program Files\AVG\AVG10\avgam.exe[3296] ntdll.dll!LdrUnloadDll 7734BEAF 5 Bytes JMP 000603FC
.text C:\Program Files\AVG\AVG10\avgam.exe[3296] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 000601F8
.text C:\Program Files\AVG\AVG10\avgam.exe[3296] kernel32.dll!GetBinaryTypeW + 70 75F77984 1 Byte [62]
.text C:\Program Files\AVG\AVG10\avgam.exe[3296] USER32.dll!UnhookWindowsHookEx 7623CC7B 5 Bytes JMP 00080A08
.text C:\Program Files\AVG\AVG10\avgam.exe[3296] USER32.dll!UnhookWinEvent 7623D924 5 Bytes JMP 000803FC
.text C:\Program Files\AVG\AVG10\avgam.exe[3296] USER32.dll!SetWindowsHookExW 7624210A 5 Bytes JMP 00080804
.text C:\Program Files\AVG\AVG10\avgam.exe[3296] USER32.dll!SetWinEventHook 7624507E 5 Bytes JMP 000801F8
.text C:\Program Files\AVG\AVG10\avgam.exe[3296] USER32.dll!SetWindowsHookExA 76266DFA 5 Bytes JMP 00080600
.text C:\Windows\system32\svchost.exe[3488] ntdll.dll!LdrUnloadDll 7734BEAF 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[3488] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[3488] kernel32.dll!GetBinaryTypeW + 70 75F77984 1 Byte [62]
.text C:\Windows\system32\svchost.exe[3488] USER32.dll!UnhookWindowsHookEx 7623CC7B 5 Bytes JMP 002E0A08
.text C:\Windows\system32\svchost.exe[3488] USER32.dll!UnhookWinEvent 7623D924 5 Bytes JMP 002E03FC
.text C:\Windows\system32\svchost.exe[3488] USER32.dll!SetWindowsHookExW 7624210A 5 Bytes JMP 002E0804
.text C:\Windows\system32\svchost.exe[3488] USER32.dll!SetWinEventHook 7624507E 5 Bytes JMP 002E01F8
.text C:\Windows\system32\svchost.exe[3488] USER32.dll!SetWindowsHookExA 76266DFA 5 Bytes JMP 002E0600
.text C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe[3504] ntdll.dll!LdrUnloadDll 7734BEAF 5 Bytes JMP 000603FC
.text C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe[3504] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 000601F8
.text C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe[3504] kernel32.dll!GetBinaryTypeW + 70 75F77984 1 Byte [62]
.text C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe[3504] USER32.dll!UnhookWindowsHookEx 7623CC7B 5 Bytes JMP 00100A08
.text C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe[3504] USER32.dll!UnhookWinEvent 7623D924 5 Bytes JMP 001003FC
.text C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe[3504] USER32.dll!SetWindowsHookExW 7624210A 5 Bytes JMP 00100804
.text C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe[3504] USER32.dll!SetWinEventHook 7624507E 5 Bytes JMP 001001F8
.text C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe[3504] USER32.dll!SetWindowsHookExA 76266DFA 5 Bytes JMP 00100600
.text C:\Program Files\AVG\AVG10\avgnsx.exe[3608] ntdll.dll!LdrUnloadDll 7734BEAF 5 Bytes JMP 000603FC
.text C:\Program Files\AVG\AVG10\avgnsx.exe[3608] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 000601F8
.text C:\Program Files\AVG\AVG10\avgnsx.exe[3608] kernel32.dll!GetBinaryTypeW + 70 75F77984 1 Byte [62]
.text C:\Program Files\AVG\AVG10\avgnsx.exe[3608] USER32.dll!UnhookWindowsHookEx 7623CC7B 5 Bytes JMP 000F0A08
.text C:\Program Files\AVG\AVG10\avgnsx.exe[3608] USER32.dll!UnhookWinEvent 7623D924 5 Bytes JMP 000F03FC
.text C:\Program Files\AVG\AVG10\avgnsx.exe[3608] USER32.dll!SetWindowsHookExW 7624210A 5 Bytes JMP 000F0804
.text C:\Program Files\AVG\AVG10\avgnsx.exe[3608] USER32.dll!SetWinEventHook 7624507E 5 Bytes JMP 000F01F8
.text C:\Program Files\AVG\AVG10\avgnsx.exe[3608] USER32.dll!SetWindowsHookExA 76266DFA 5 Bytes JMP 000F0600
.text C:\Program Files\AVG\AVG10\avgemcx.exe[3624] ntdll.dll!LdrUnloadDll 7734BEAF 5 Bytes JMP 000603FC
.text C:\Program Files\AVG\AVG10\avgemcx.exe[3624] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 000601F8
.text C:\Program Files\AVG\AVG10\avgemcx.exe[3624] kernel32.dll!GetBinaryTypeW + 70 75F77984 1 Byte [62]
.text C:\Program Files\AVG\AVG10\avgemcx.exe[3624] USER32.dll!UnhookWindowsHookEx 7623CC7B 5 Bytes JMP 00200A08
.text C:\Program Files\AVG\AVG10\avgemcx.exe[3624] USER32.dll!UnhookWinEvent 7623D924 5 Bytes JMP 002003FC
.text C:\Program Files\AVG\AVG10\avgemcx.exe[3624] USER32.dll!SetWindowsHookExW 7624210A 5 Bytes JMP 00200804
.text C:\Program Files\AVG\AVG10\avgemcx.exe[3624] USER32.dll!SetWinEventHook 7624507E 5 Bytes JMP 002001F8
.text C:\Program Files\AVG\AVG10\avgemcx.exe[3624] USER32.dll!SetWindowsHookExA 76266DFA 5 Bytes JMP 00200600
.text C:\Windows\system32\conhost.exe[3640] ntdll.dll!LdrUnloadDll 7734BEAF 5 Bytes JMP 000303FC
.text C:\Windows\system32\conhost.exe[3640] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 000301F8
.text C:\Windows\system32\conhost.exe[3640] kernel32.dll!GetBinaryTypeW + 70 75F77984 1 Byte [62]
.text C:\Windows\system32\conhost.exe[3640] USER32.dll!UnhookWindowsHookEx 7623CC7B 5 Bytes JMP 000C0A08
.text C:\Windows\system32\conhost.exe[3640] USER32.dll!UnhookWinEvent 7623D924 5 Bytes JMP 000C03FC
.text C:\Windows\system32\conhost.exe[3640] USER32.dll!SetWindowsHookExW 7624210A 5 Bytes JMP 000C0804
.text C:\Windows\system32\conhost.exe[3640] USER32.dll!SetWinEventHook 7624507E 5 Bytes JMP 000C01F8
.text C:\Windows\system32\conhost.exe[3640] USER32.dll!SetWindowsHookExA 76266DFA 5 Bytes JMP 000C0600
.text C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe[3752] KERNEL32.dll!GetBinaryTypeW + 70 75F77984 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3804] ntdll.dll!LdrUnloadDll 7734BEAF 5 Bytes JMP 000603FC
.text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3804] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 000601F8
.text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3804] kernel32.dll!GetBinaryTypeW + 70 75F77984 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3804] USER32.dll!UnhookWindowsHookEx 7623CC7B 5 Bytes JMP 00210A08
.text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3804] USER32.dll!UnhookWinEvent 7623D924 5 Bytes JMP 002103FC
.text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3804] USER32.dll!SetWindowsHookExW 7624210A 5 Bytes JMP 00210804
.text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3804] USER32.dll!SetWinEventHook 7624507E 5 Bytes JMP 002101F8
.text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3804] USER32.dll!SetWindowsHookExA 76266DFA 5 Bytes JMP 00210600
.text C:\Program Files\Internet Explorer\iexplore.exe[4192] ntdll.dll!LdrUnloadDll 7734BEAF 5 Bytes JMP 000503FC
.text C:\Program Files\Internet Explorer\iexplore.exe[4192] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 000501F8
.text C:\Program Files\Internet Explorer\iexplore.exe[4192] kernel32.dll!GetBinaryTypeW + 70 75F77984 1 Byte [62]
.text C:\Program Files\Internet Explorer\iexplore.exe[4192] USER32.dll!EnableWindow 7623A72E 5 Bytes JMP 6F3C9884 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4192] USER32.dll!UnhookWindowsHookEx 7623CC7B 5 Bytes JMP 00130A08
.text C:\Program Files\Internet Explorer\iexplore.exe[4192] USER32.dll!UnhookWinEvent 7623D924 5 Bytes JMP 001303FC
.text C:\Program Files\Internet Explorer\iexplore.exe[4192] USER32.dll!SetWindowsHookExW 7624210A 5 Bytes JMP 00130804
.text C:\Program Files\Internet Explorer\iexplore.exe[4192] USER32.dll!SetWinEventHook 7624507E 5 Bytes JMP 001301F8
.text C:\Program Files\Internet Explorer\iexplore.exe[4192] USER32.dll!DialogBoxIndirectParamW 76264AA7 5 Bytes JMP 6F51590F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4192] USER32.dll!DialogBoxParamW 7626564A 5 Bytes JMP 6F3215BB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4192] USER32.dll!SetWindowsHookExA 76266DFA 5 Bytes JMP 00130600
.text C:\Program Files\Internet Explorer\iexplore.exe[4192] USER32.dll!DialogBoxParamA 7627CF6A 5 Bytes JMP 6F5158AA C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4192] USER32.dll!DialogBoxIndirectParamA 7627D29C 5 Bytes JMP 6F515974 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4192] USER32.dll!MessageBoxIndirectA 7628E8C9 5 Bytes JMP 6F515831 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4192] USER32.dll!MessageBoxIndirectW 7628E9C3 5 Bytes JMP 6F5157B8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4192] USER32.dll!MessageBoxExA 7628EA29 5 Bytes JMP 6F515754 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4192] USER32.dll!MessageBoxExW 7628EA4D 5 Bytes JMP 6F5156F0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4192] WS2_32.dll!closesocket 75FF3BED 5 Bytes JMP 0052000A
.text C:\Program Files\Internet Explorer\iexplore.exe[4192] WS2_32.dll!recv 75FF47DF 5 Bytes JMP 0050000A
.text C:\Program Files\Internet Explorer\iexplore.exe[4192] WS2_32.dll!connect 75FF48BE 5 Bytes JMP 0051000A
.text C:\Program Files\Internet Explorer\iexplore.exe[4192] WS2_32.dll!getaddrinfo 75FF6737 5 Bytes JMP 0055000A
.text C:\Program Files\Internet Explorer\iexplore.exe[4192] WS2_32.dll!send 75FFC4C8 5 Bytes JMP 0053000A
.text C:\Program Files\Internet Explorer\iexplore.exe[4192] WS2_32.dll!gethostbyname 76007133 5 Bytes JMP 0054000A
.text C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe[4204] ntdll.dll!LdrUnloadDll 7734BEAF 5 Bytes JMP 001503FC
.text C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe[4204] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 001501F8
.text C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe[4204] kernel32.dll!GetBinaryTypeW + 70 75F77984 1 Byte [62]
.text C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe[4204] USER32.dll!UnhookWindowsHookEx 7623CC7B 5 Bytes JMP 00180A08
.text C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe[4204] USER32.dll!UnhookWinEvent 7623D924 5 Bytes JMP 001803FC
.text C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe[4204] USER32.dll!SetWindowsHookExW 7624210A 5 Bytes JMP 00180804
.text C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe[4204] USER32.dll!SetWinEventHook 7624507E 5 Bytes JMP 001801F8
.text C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe[4204] USER32.dll!SetWindowsHookExA 76266DFA 5 Bytes JMP 00180600
.text C:\Program Files\IDT\WDM\sttray.exe[4280] ntdll.dll!LdrUnloadDll 7734BEAF 5 Bytes JMP 001603FC
.text C:\Program Files\IDT\WDM\sttray.exe[4280] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 001601F8
.text C:\Program Files\IDT\WDM\sttray.exe[4280] kernel32.dll!GetBinaryTypeW + 70 75F77984 1 Byte [62]
.text C:\Program Files\IDT\WDM\sttray.exe[4280] USER32.dll!UnhookWindowsHookEx 7623CC7B 5 Bytes JMP 001F0A08
.text C:\Program Files\IDT\WDM\sttray.exe[4280] USER32.dll!UnhookWinEvent 7623D924 5 Bytes JMP 001F03FC
.text C:\Program Files\IDT\WDM\sttray.exe[4280] USER32.dll!SetWindowsHookExW 7624210A 5 Bytes JMP 001F0804
.text C:\Program Files\IDT\WDM\sttray.exe[4280] USER32.dll!SetWinEventHook 7624507E 5 Bytes JMP 001F01F8
.text C:\Program Files\IDT\WDM\sttray.exe[4280] USER32.dll!SetWindowsHookExA 76266DFA 5 Bytes JMP 001F0600
.text C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[4292] ntdll.dll!LdrUnloadDll 7734BEAF 5 Bytes JMP 000603FC
.text C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[4292] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 000601F8
.text C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[4292] kernel32.dll!GetBinaryTypeW + 70 75F77984 1 Byte [62]
.text C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[4292] USER32.dll!UnhookWindowsHookEx 7623CC7B 5 Bytes JMP 00080A08
.text C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[4292] USER32.dll!UnhookWinEvent 7623D924 5 Bytes JMP 000803FC
.text C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[4292] USER32.dll!SetWindowsHookExW 7624210A 5 Bytes JMP 00080804
.text C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[4292] USER32.dll!SetWinEventHook 7624507E 5 Bytes JMP 000801F8
.text C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[4292] USER32.dll!SetWindowsHookExA 76266DFA 5 Bytes JMP 00080600
.text C:\Windows\system32\wbem\wmiprvse.exe[4384] ntdll.dll!LdrUnloadDll 7734BEAF 5 Bytes JMP 000603FC
.text C:\Windows\system32\wbem\wmiprvse.exe[4384] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 000601F8
.text C:\Windows\system32\wbem\wmiprvse.exe[4384] kernel32.dll!GetBinaryTypeW + 70 75F77984 1 Byte [62]
.text C:\Windows\system32\wbem\wmiprvse.exe[4384] USER32.dll!UnhookWindowsHookEx 7623CC7B 5 Bytes JMP 00140A08
.text C:\Windows\system32\wbem\wmiprvse.exe[4384] USER32.dll!UnhookWinEvent 7623D924 5 Bytes JMP 001403FC
.text C:\Windows\system32\wbem\wmiprvse.exe[4384] USER32.dll!SetWindowsHookExW 7624210A 5 Bytes JMP 00140804
.text C:\Windows\system32\wbem\wmiprvse.exe[4384] USER32.dll!SetWinEventHook 7624507E 5 Bytes JMP 001401F8
.text C:\Windows\system32\wbem\wmiprvse.exe[4384] USER32.dll!SetWindowsHookExA 76266DFA 5 Bytes JMP 00140600
.text C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe[4396] KERNEL32.dll!GetBinaryTypeW + 70 75F77984 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4572] ntdll.dll!LdrUnloadDll 7734BEAF 5 Bytes JMP 001703FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4572] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 001701F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4572] kernel32.dll!GetBinaryTypeW + 70 75F77984 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4572] USER32.dll!UnhookWindowsHookEx 7623CC7B 5 Bytes JMP 001A0A08
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4572] USER32.dll!UnhookWinEvent 7623D924 5 Bytes JMP 001A03FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4572] USER32.dll!SetWindowsHookExW 7624210A 5 Bytes JMP 001A0804
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4572] USER32.dll!SetWinEventHook 7624507E 5 Bytes JMP 001A01F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4572] USER32.dll!SetWindowsHookExA 76266DFA 5 Bytes JMP 001A0600
.text C:\Program Files\Microsoft Security Client\msseces.exe[4592] ntdll.dll!LdrUnloadDll 7734BEAF 5 Bytes JMP 000603FC
.text C:\Program Files\Microsoft Security Client\msseces.exe[4592] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 000601F8
.text C:\Program Files\Microsoft Security Client\msseces.exe[4592] kernel32.dll!GetBinaryTypeW + 70 75F77984 1 Byte [62]
.text C:\Program Files\Microsoft Security Client\msseces.exe[4592] USER32.dll!UnhookWindowsHookEx 7623CC7B 5 Bytes JMP 000F0A08
.text C:\Program Files\Microsoft Security Client\msseces.exe[4592] USER32.dll!UnhookWinEvent 7623D924 5 Bytes JMP 000F03FC
.text C:\Program Files\Microsoft Security Client\msseces.exe[4592] USER32.dll!SetWindowsHookExW 7624210A 5 Bytes JMP 000F0804
.text C:\Program Files\Microsoft Security Client\msseces.exe[4592] USER32.dll!SetWinEventHook 7624507E 5 Bytes JMP 000F01F8
.text C:\Program Files\Microsoft Security Client\msseces.exe[4592] USER32.dll!SetWindowsHookExA 76266DFA 5 Bytes JMP 000F0600
.text C:\Windows\System32\igfxtray.exe[4612] ntdll.dll!LdrUnloadDll 7734BEAF 5 Bytes JMP 001603FC
.text C:\Windows\System32\igfxtray.exe[4612] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 001601F8
.text C:\Windows\System32\igfxtray.exe[4612] kernel32.dll!GetBinaryTypeW + 70 75F77984 1 Byte [62]
.text C:\Windows\System32\igfxtray.exe[4612] USER32.dll!UnhookWindowsHookEx 7623CC7B 5 Bytes JMP 00200A08
.text C:\Windows\System32\igfxtray.exe[4612] USER32.dll!UnhookWinEvent 7623D924 5 Bytes JMP 002003FC
.text C:\Windows\System32\igfxtray.exe[4612] USER32.dll!SetWindowsHookExW 7624210A 5 Bytes JMP 00200804
.text C:\Windows\System32\igfxtray.exe[4612] USER32.dll!SetWinEventHook 7624507E 5 Bytes JMP 002001F8
.text C:\Windows\System32\igfxtray.exe[4612] USER32.dll!SetWindowsHookExA 76266DFA 5 Bytes JMP 00200600
.text C:\Windows\System32\hkcmd.exe[4664] ntdll.dll!LdrUnloadDll 7734BEAF 5 Bytes JMP 001603FC
.text C:\Windows\System32\hkcmd.exe[4664] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 001601F8
.text C:\Windows\System32\hkcmd.exe[4664] kernel32.dll!GetBinaryTypeW + 70 75F77984 1 Byte [62]
.text C:\Windows\System32\hkcmd.exe[4664] USER32.dll!UnhookWindowsHookEx 7623CC7B 5 Bytes JMP 00200A08
.text C:\Windows\System32\hkcmd.exe[4664] USER32.dll!UnhookWinEvent 7623D924 5 Bytes JMP 002003FC
.text C:\Windows\System32\hkcmd.exe[4664] USER32.dll!SetWindowsHookExW 7624210A 5 Bytes JMP 00200804
.text C:\Windows\System32\hkcmd.exe[4664] USER32.dll!SetWinEventHook 7624507E 5 Bytes JMP 002001F8
.text C:\Windows\System32\hkcmd.exe[4664] USER32.dll!SetWindowsHookExA 76266DFA 5 Bytes JMP 00200600
.text C:\Windows\System32\igfxpers.exe[4672] ntdll.dll!LdrUnloadDll 7734BEAF 5 Bytes JMP 001603FC
.text C:\Windows\System32\igfxpers.exe[4672] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 001601F8
.text C:\Windows\System32\igfxpers.exe[4672] kernel32.dll!GetBinaryTypeW + 70 75F77984 1 Byte [62]
.text C:\Windows\System32\igfxpers.exe[4672] USER32.dll!UnhookWindowsHookEx 7623CC7B 5 Bytes JMP 00190A08
.text C:\Windows\System32\igfxpers.exe[4672] USER32.dll!UnhookWinEvent 7623D924 5 Bytes JMP 001903FC
.text C:\Windows\System32\igfxpers.exe[4672] USER32.dll!SetWindowsHookExW 7624210A 5 Bytes JMP 00190804
.text C:\Windows\System32\igfxpers.exe[4672] USER32.dll!SetWinEventHook 7624507E 5 Bytes JMP 001901F8
.text C:\Windows\System32\igfxpers.exe[4672] USER32.dll!SetWindowsHookExA 76266DFA 5 Bytes JMP 00190600
.text C:\Windows\system32\igfxsrvc.exe[4784] ntdll.dll!LdrUnloadDll 7734BEAF 5 Bytes JMP 001603FC
.text C:\Windows\system32\igfxsrvc.exe[4784] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 001601F8
.text C:\Windows\system32\igfxsrvc.exe[4784] kernel32.dll!GetBinaryTypeW + 70 75F77984 1 Byte [62]
.text C:\Windows\system32\igfxsrvc.exe[4784] USER32.dll!UnhookWindowsHookEx 7623CC7B 5 Bytes JMP 001F0A08
.text C:\Windows\system32\igfxsrvc.exe[4784] USER32.dll!UnhookWinEvent 7623D924 5 Bytes JMP 001F03FC
.text C:\Windows\system32\igfxsrvc.exe[4784] USER32.dll!SetWindowsHookExW 7624210A 5 Bytes JMP 001F0804
.text C:\Windows\system32\igfxsrvc.exe[4784] USER32.dll!SetWinEventHook 7624507E 5 Bytes JMP 001F01F8
.text C:\Windows\system32\igfxsrvc.exe[4784] USER32.dll!SetWindowsHookExA 76266DFA 5 Bytes JMP 001F0600
.text C:\Program Files\AVG\AVG10\avgtray.exe[4836] ntdll.dll!LdrUnloadDll 7734BEAF 5 Bytes JMP 000603FC
.text C:\Program Files\AVG\AVG10\avgtray.exe[4836] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 000601F8
.text C:\Program Files\AVG\AVG10\avgtray.exe[4836] kernel32.dll!GetBinaryTypeW + 70 75F77984 1 Byte [62]
.text C:\Program Files\AVG\AVG10\avgtray.exe[4836] USER32.dll!UnhookWindowsHookEx 7623CC7B 5 Bytes JMP 002F0A08
.text C:\Program Files\AVG\AVG10\avgtray.exe[4836] USER32.dll!UnhookWinEvent 7623D924 5 Bytes JMP 002F03FC
.text C:\Program Files\AVG\AVG10\avgtray.exe[4836] USER32.dll!SetWindowsHookExW 7624210A 5 Bytes JMP 002F0804
.text C:\Program Files\AVG\AVG10\avgtray.exe[4836] USER32.dll!SetWinEventHook 7624507E 5 Bytes JMP 002F01F8
.text C:\Program Files\AVG\AVG10\avgtray.exe[4836] USER32.dll!SetWindowsHookExA 76266DFA 5 Bytes JMP 002F0600
.text C:\Windows\system32\SearchIndexer.exe[4892] ntdll.dll!LdrUnloadDll 7734BEAF 5 Bytes JMP 000603FC
.text C:\Windows\system32\SearchIndexer.exe[4892] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 000601F8
.text C:\Windows\system32\SearchIndexer.exe[4892] kernel32.dll!GetBinaryTypeW + 70 75F77984 1 Byte [62]
.text C:\Windows\system32\SearchIndexer.exe[4892] USER32.dll!UnhookWindowsHookEx 7623CC7B 5 Bytes JMP 001B0A08
.text C:\Windows\system32\SearchIndexer.exe[4892] USER32.dll!UnhookWinEvent 7623D924 5 Bytes JMP 001B03FC
.text C:\Windows\system32\SearchIndexer.exe[4892] USER32.dll!SetWindowsHookExW 7624210A 5 Bytes JMP 001B0804
.text C:\Windows\system32\SearchIndexer.exe[4892] USER32.dll!SetWinEventHook 7624507E 5 Bytes JMP 001B01F8
.text C:\Windows\system32\SearchIndexer.exe[4892] USER32.dll!SetWindowsHookExA 76266DFA 5 Bytes JMP 001B0600
.text C:\Windows\system32\taskhost.exe[4904] ntdll.dll!LdrUnloadDll 7734BEAF 5 Bytes JMP 000503FC
.text C:\Windows\system32\taskhost.exe[4904] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 000501F8
.text C:\Windows\system32\taskhost.exe[4904] kernel32.dll!GetBinaryTypeW + 70 75F77984 1 Byte [62]
.text C:\Windows\system32\taskhost.exe[4904] USER32.dll!UnhookWindowsHookEx 7623CC7B 5 Bytes JMP 00220A08
.text C:\Windows\system32\taskhost.exe[4904] USER32.dll!UnhookWinEvent 7623D924 5 Bytes JMP 002203FC
.text C:\Windows\system32\taskhost.exe[4904] USER32.dll!SetWindowsHookExW 7624210A 5 Bytes JMP 00220804
.text C:\Windows\system32\taskhost.exe[4904] USER32.dll!SetWinEventHook 7624507E 5 Bytes JMP 002201F8
.text C:\Windows\system32\taskhost.exe[4904] USER32.dll!SetWindowsHookExA 76266DFA 5 Bytes JMP 00220600
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4908] kernel32.dll!GetBinaryTypeW + 70 75F77984 1 Byte [62]
.text C:\Program Files\Hewlett-Packard\HP CloudDrive\zumodrive.exe[5016] ntdll.dll!LdrUnloadDll 7734BEAF 5 Bytes JMP 002603FC
.text C:\Program Files\Hewlett-Packard\HP CloudDrive\zumodrive.exe[5016] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 002601F8
.text C:\Program Files\Hewlett-Packard\HP CloudDrive\zumodrive.exe[5016] kernel32.dll!GetBinaryTypeW + 70 75F77984 1 Byte [62]
.text C:\Program Files\Hewlett-Packard\HP CloudDrive\zumodrive.exe[5016] USER32.dll!UnhookWindowsHookEx 7623CC7B 5 Bytes JMP 00310A08
.text C:\Program Files\Hewlett-Packard\HP CloudDrive\zumodrive.exe[5016] USER32.dll!UnhookWinEvent 7623D924 5 Bytes JMP 003103FC
.text C:\Program Files\Hewlett-Packard\HP CloudDrive\zumodrive.exe[5016] USER32.dll!SetWindowsHookExW 7624210A 5 Bytes JMP 00310804
.text C:\Program Files\Hewlett-Packard\HP CloudDrive\zumodrive.exe[5016] USER32.dll!SetWinEventHook 7624507E 5 Bytes JMP 003101F8
.text C:\Program Files\Hewlett-Packard\HP CloudDrive\zumodrive.exe[5016] USER32.dll!SetWindowsHookExA 76266DFA 5 Bytes JMP 00310600
.text C:\Windows\system32\conhost.exe[5044] ntdll.dll!LdrUnloadDll 7734BEAF 5 Bytes JMP 000303FC
.text C:\Windows\system32\conhost.exe[5044] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 000301F8
.text C:\Windows\system32\conhost.exe[5044] kernel32.dll!GetBinaryTypeW + 70 75F77984 1 Byte [62]
.text C:\Windows\system32\conhost.exe[5044] USER32.dll!UnhookWindowsHookEx 7623CC7B 5 Bytes JMP 00100A08
.text C:\Windows\system32\conhost.exe[5044] USER32.dll!UnhookWinEvent 7623D924 5 Bytes JMP 001003FC
.text C:\Windows\system32\conhost.exe[5044] USER32.dll!SetWindowsHookExW 7624210A 5 Bytes JMP 00100804
.text C:\Windows\system32\conhost.exe[5044] USER32.dll!SetWinEventHook 7624507E 5 Bytes JMP 001001F8
.text C:\Windows\system32\conhost.exe[5044] USER32.dll!SetWindowsHookExA 76266DFA 5 Bytes JMP 00100600
.text C:\Windows\system32\wbem\wmiprvse.exe[5052] ntdll.dll!LdrUnloadDll 7734BEAF 5 Bytes JMP 000603FC
.text C:\Windows\system32\wbem\wmiprvse.exe[5052] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 000601F8
.text C:\Windows\system32\wbem\wmiprvse.exe[5052] kernel32.dll!GetBinaryTypeW + 70 75F77984 1 Byte [62]
.text C:\Windows\system32\wbem\wmiprvse.exe[5052] USER32.dll!UnhookWindowsHookEx 7623CC7B 5 Bytes JMP 00090A08
.text C:\Windows\system32\wbem\wmiprvse.exe[5052] USER32.dll!UnhookWinEvent 7623D924 5 Bytes JMP 000903FC
.text C:\Windows\system32\wbem\wmiprvse.exe[5052] USER32.dll!SetWindowsHookExW 7624210A 5 Bytes JMP 00090804
.text C:\Windows\system32\wbem\wmiprvse.exe[5052] USER32.dll!SetWinEventHook 7624507E 5 Bytes JMP 000901F8
.text C:\Windows\system32\wbem\wmiprvse.exe[5052] USER32.dll!SetWindowsHookExA 76266DFA 5 Bytes JMP 00090600
.text C:\Windows\system32\wuauclt.exe[5092] ntdll.dll!LdrUnloadDll 7734BEAF 5 Bytes JMP 000703FC
.text C:\Windows\system32\wuauclt.exe[5092] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 000701F8
.text C:\Windows\system32\wuauclt.exe[5092] kernel32.dll!GetBinaryTypeW + 70 75F77984 1 Byte [62]
.text C:\Windows\system32\wuauclt.exe[5092] USER32.dll!UnhookWindowsHookEx 7623CC7B 5 Bytes JMP 00100A08
.text C:\Windows\system32\wuauclt.exe[5092] USER32.dll!UnhookWinEvent 7623D924 5 Bytes JMP 001003FC
.text C:\Windows\system32\wuauclt.exe[5092] USER32.dll!SetWindowsHookExW 7624210A 5 Bytes JMP 00100804
.text C:\Windows\system32\wuauclt.exe[5092] USER32.dll!SetWinEventHook 7624507E 5 Bytes JMP 001001F8
.text C:\Windows\system32\wuauclt.exe[5092] USER32.dll!SetWindowsHookExA 76266DFA 5 Bytes JMP 00100600
.text C:\Program Files\Hewlett-Packard\HP QuickSync\QuickSync.exe[5132] ntdll.dll!LdrUnloadDll 7734BEAF 5 Bytes JMP 000603FC
.text C:\Program Files\Hewlett-Packard\HP QuickSync\QuickSync.exe[5132] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 000601F8
.text C:\Program Files\Hewlett-Packard\HP QuickSync\QuickSync.exe[5132] kernel32.dll!GetBinaryTypeW + 70 75F77984 1 Byte [62]
.text C:\Program Files\Hewlett-Packard\HP QuickSync\QuickSync.exe[5132] USER32.dll!UnhookWindowsHookEx 7623CC7B 5 Bytes JMP 000F0A08
.text C:\Program Files\Hewlett-Packard\HP QuickSync\QuickSync.exe[5132] USER32.dll!UnhookWinEvent 7623D924 5 Bytes JMP 000F03FC
.text C:\Program Files\Hewlett-Packard\HP QuickSync\QuickSync.exe[5132] USER32.dll!SetWindowsHookExW 7624210A 5 Bytes JMP 000F0804
.text C:\Program Files\Hewlett-Packard\HP QuickSync\QuickSync.exe[5132] USER32.dll!SetWinEventHook 7624507E 5 Bytes JMP 000F01F8
.text C:\Program Files\Hewlett-Packard\HP QuickSync\QuickSync.exe[5132] USER32.dll!SetWindowsHookExA 76266DFA 5 Bytes JMP 000F0600
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[5240] ntdll.dll!LdrUnloadDll 7734BEAF 5 Bytes JMP 001603FC
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[5240] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 001601F8
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[5240] kernel32.dll!GetBinaryTypeW + 70 75F77984 1 Byte [62]
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[5240] USER32.dll!UnhookWindowsHookEx 7623CC7B 5 Bytes JMP 00200A08
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[5240] USER32.dll!UnhookWinEvent 7623D924 5 Bytes JMP 002003FC
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[5240] USER32.dll!SetWindowsHookExW 7624210A 5 Bytes JMP 00200804
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[5240] USER32.dll!SetWinEventHook 7624507E 5 Bytes JMP 002001F8
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[5240] USER32.dll!SetWindowsHookExA 76266DFA 5 Bytes JMP 00200600
.text C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[5412] KERNEL32.dll!GetBinaryTypeW + 70 75F77984 1 Byte [62]
.text C:\Program Files\Hewlett-Packard\HP QuickSync\jre\bin\javaw.exe[5448] ntdll.dll!LdrUnloadDll 7734BEAF 5 Bytes JMP 000B03FC
.text C:\Program Files\Hewlett-Packard\HP QuickSync\jre\bin\javaw.exe[5448] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 000B01F8
.text C:\Program Files\Hewlett-Packard\HP QuickSync\jre\bin\javaw.exe[5448] kernel32.dll!GetBinaryTypeW + 70 75F77984 1 Byte [62]
.text C:\Program Files\Hewlett-Packard\HP QuickSync\jre\bin\javaw.exe[5448] USER32.dll!UnhookWindowsHookEx 7623CC7B 5 Bytes JMP 000E0A08
.text C:\Program Files\Hewlett-Packard\HP QuickSync\jre\bin\javaw.exe[5448] USER32.dll!UnhookWinEvent 7623D924 5 Bytes JMP 000E03FC
.text C:\Program Files\Hewlett-Packard\HP QuickSync\jre\bin\javaw.exe[5448] USER32.dll!SetWindowsHookExW 7624210A 5 Bytes JMP 000E0804
.text C:\Program Files\Hewlett-Packard\HP QuickSync\jre\bin\javaw.exe[5448] USER32.dll!SetWinEventHook 7624507E 5 Bytes JMP 000E01F8
.text C:\Program Files\Hewlett-Packard\HP QuickSync\jre\bin\javaw.exe[5448] USER32.dll!SetWindowsHookExA 76266DFA 5 Bytes JMP 000E0600
.text C:\Program Files\Bonjour\mDNSResponder.exe[5532] ntdll.dll!LdrUnloadDll 7734BEAF 5 Bytes JMP 000603FC
.text C:\Program Files\Bonjour\mDNSResponder.exe[5532] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 000601F8
.text C:\Program Files\Bonjour\mDNSResponder.exe[5532] kernel32.dll!GetBinaryTypeW + 70 75F77984 1 Byte [62]
.text C:\Program Files\Bonjour\mDNSResponder.exe[5532] USER32.dll!UnhookWindowsHookEx 7623CC7B 5 Bytes JMP 00200A08
.text C:\Program Files\Bonjour\mDNSResponder.exe[5532] USER32.dll!UnhookWinEvent 7623D924 5 Bytes JMP 002003FC
.text C:\Program Files\Bonjour\mDNSResponder.exe[5532] USER32.dll!SetWindowsHookExW 7624210A 5 Bytes JMP 00200804
.text C:\Program Files\Bonjour\mDNSResponder.exe[5532] USER32.dll!SetWinEventHook 7624507E 5 Bytes JMP 002001F8
.text C:\Program Files\Bonjour\mDNSResponder.exe[5532] USER32.dll!SetWindowsHookExA 76266DFA 5 Bytes JMP 00200600
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[5740] ntdll.dll!LdrUnloadDll 7734BEAF 5 Bytes JMP 000603FC
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[5740] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 000601F8
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[5740] kernel32.dll!GetBinaryTypeW + 70 75F77984 1 Byte [62]
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[5740] USER32.dll!UnhookWindowsHookEx 7623CC7B 5 Bytes JMP 00080A08
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[5740] USER32.dll!UnhookWinEvent 7623D924 5 Bytes JMP 000803FC
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[5740] USER32.dll!SetWindowsHookExW 7624210A 5 Bytes JMP 00080804
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[5740] USER32.dll!SetWinEventHook 7624507E 5 Bytes JMP 000801F8
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[5740] USER32.dll!SetWindowsHookExA 76266DFA 5 Bytes JMP 00080600
.text C:\Program Files\iTunes\iTunesHelper.exe[6488] ntdll.dll!LdrUnloadDll 7734BEAF 5 Bytes JMP 000603FC
.text C:\Program Files\iTunes\iTunesHelper.exe[6488] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 000601F8
.text C:\Program Files\iTunes\iTunesHelper.exe[6488] kernel32.dll!GetBinaryTypeW + 70 75F77984 1 Byte [62]
.text C:\Program Files\iTunes\iTunesHelper.exe[6488] USER32.dll!UnhookWindowsHookEx 7623CC7B 5 Bytes JMP 00100A08
.text C:\Program Files\iTunes\iTunesHelper.exe[6488] USER32.dll!UnhookWinEvent 7623D924 5 Bytes JMP 001003FC
.text C:\Program Files\iTunes\iTunesHelper.exe[6488] USER32.dll!SetWindowsHookExW 7624210A 5 Bytes JMP 00100804
.text C:\Program Files\iTunes\iTunesHelper.exe[6488] USER32.dll!SetWinEventHook 7624507E 5 Bytes JMP 001001F8
.text C:\Program Files\iTunes\iTunesHelper.exe[6488] USER32.dll!SetWindowsHookExA 76266DFA 5 Bytes JMP 00100600
.text C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe[6704] KERNEL32.dll!GetBinaryTypeW + 70 75F77984 1 Byte [62]
.text C:\Windows\system32\Macromed\Flash\FlashUtil10p_ActiveX.exe[7296] ntdll.dll!LdrUnloadDll 7734BEAF 5 Bytes JMP 000703FC
.text C:\Windows\system32\Macromed\Flash\FlashUtil10p_ActiveX.exe[7296] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 000701F8
.text C:\Windows\system32\Macromed\Flash\FlashUtil10p_ActiveX.exe[7296] kernel32.dll!GetBinaryTypeW + 70 75F77984 1 Byte [62]
.text C:\Windows\system32\Macromed\Flash\FlashUtil10p_ActiveX.exe[7296] USER32.dll!UnhookWindowsHookEx 7623CC7B 5 Bytes JMP 00250A08
.text C:\Windows\system32\Macromed\Flash\FlashUtil10p_ActiveX.exe[7296] USER32.dll!UnhookWinEvent 7623D924 5 Bytes JMP 002503FC
.text C:\Windows\system32\Macromed\Flash\FlashUtil10p_ActiveX.exe[7296] USER32.dll!SetWindowsHookExW 7624210A 5 Bytes JMP 00250804
.text C:\Windows\system32\Macromed\Flash\FlashUtil10p_ActiveX.exe[7296] USER32.dll!SetWinEventHook 7624507E 5 Bytes JMP 002501F8
.text C:\Windows\system32\Macromed\Flash\FlashUtil10p_ActiveX.exe[7296] USER32.dll!SetWindowsHookExA 76266DFA 5 Bytes JMP 00250600
.text C:\Program Files\Internet Explorer\iexplore.exe[7668] ntdll.dll!LdrUnloadDll 7734BEAF 5 Bytes JMP 001503FC
.text C:\Program Files\Internet Explorer\iexplore.exe[7668] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 001501F8
.text C:\Program Files\Internet Explorer\iexplore.exe[7668] kernel32.dll!CreateThread 75F6281D 5 Bytes JMP 6F387133 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7668] kernel32.dll!GetBinaryTypeW + 70 75F77984 1 Byte [62]
.text C:\Program Files\Internet Explorer\iexplore.exe[7668] USER32.dll!CreateDialogParamW 76239BFF 5 Bytes JMP 6F515C79 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7668] USER32.dll!EnableWindow 7623A72E 5 Bytes JMP 6F3C9884 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7668] USER32.dll!GetAsyncKeyState 7623C09A 5 Bytes JMP 6F36DC09 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7668] USER32.dll!UnhookWindowsHookEx 7623CC7B 5 Bytes JMP 6F40EB70 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7668] USER32.dll!CallNextHookEx 7623CC8F 5 Bytes JMP 6F3E7AEF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7668] USER32.dll!UnhookWinEvent 7623D924 5 Bytes JMP 003303FC
.text C:\Program Files\Internet Explorer\iexplore.exe[7668] USER32.dll!DefWindowProcA 7623E0E4 7 Bytes JMP 6F389345 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7668] USER32.dll!CreateWindowExA 7623E18A 5 Bytes JMP 6F393173 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7668] USER32.dll!CreateWindowExW 76240E51 5 Bytes JMP 6F3EFF57 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7668] USER32.dll!SetWindowsHookExW 7624210A 5 Bytes JMP 6F3C1FE4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7668] USER32.dll!GetKeyState 76244FDA 5 Bytes JMP 6F36DAE3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7668] USER32.dll!SetWinEventHook 7624507E 5 Bytes JMP 003301F8
.text C:\Program Files\Internet Explorer\iexplore.exe[7668] USER32.dll!IsDialogMessageW 76246F06 5 Bytes JMP 6F516406 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7668] USER32.dll!DefWindowProcW 7624724B 7 Bytes JMP 6F3E7B52 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7668] USER32.dll!CreateDialogParamA 76253E79 5 Bytes JMP 6F515C41 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7668] USER32.dll!IsDialogMessage 7625407A 5 Bytes JMP 6F5163DE C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7668] USER32.dll!CreateDialogIndirectParamA 76259110 5 Bytes JMP 6F515CB1 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7668] USER32.dll!CreateDialogIndirectParamW 762608AD 5 Bytes JMP 6F515CE9 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7668] USER32.dll!DialogBoxIndirectParamW 76264AA7 5 Bytes JMP 6F51590F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7668] USER32.dll!EndDialog 7626555C 5 Bytes JMP 6F5166B2 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7668] USER32.dll!DialogBoxParamW 7626564A 5 Bytes JMP 6F3215BB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7668] USER32.dll!SetKeyboardState 76266B52 5 Bytes JMP 6F516CCD C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7668] USER32.dll!SetWindowsHookExA 76266DFA 5 Bytes JMP 00330600
.text C:\Program Files\Internet Explorer\iexplore.exe[7668] USER32.dll!SendInput 76267055 5 Bytes JMP 6F516C75 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7668] USER32.dll!SetCursorPos 7627C1D8 5 Bytes JMP 6F516D4E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7668] USER32.dll!DialogBoxParamA 7627CF6A 5 Bytes JMP 6F5158AA C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7668] USER32.dll!DialogBoxIndirectParamA 7627D29C 5 Bytes JMP 6F515974 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7668] USER32.dll!MessageBoxIndirectA 7628E8C9 5 Bytes JMP 6F515831 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7668] USER32.dll!MessageBoxIndirectW 7628E9C3 5 Bytes JMP 6F5157B8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7668] USER32.dll!MessageBoxExA 7628EA29 5 Bytes JMP 6F515754 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7668] USER32.dll!MessageBoxExW 7628EA4D 5 Bytes JMP 6F5156F0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7668] USER32.dll!keybd_event 7628EC9B 5 Bytes JMP 6F516C32 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7668] SHELL32.dll!SHChangeNotification_Lock + 45BA 7534B440 4 Bytes [37, 01, 3C, 71] {AAA ; ADD [ECX+ESI*2], EDI}
.text C:\Program Files\Internet Explorer\iexplore.exe[7668] SHELL32.dll!SHChangeNotification_Lock + 45C2 7534B448 8 Bytes [60, 61, 3B, 71, E1, F6, 3B, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[7668] ole32.dll!OleLoadFromStream 765B5BF6 5 Bytes JMP 6F516110 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7668] ole32.dll!CoCreateInstance 7660590C 5 Bytes JMP 6F3EB6D4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7668] WS2_32.dll!closesocket 75FF3BED 5 Bytes JMP 0049000A
.text C:\Program Files\Internet Explorer\iexplore.exe[7668] WS2_32.dll!recv 75FF47DF 5 Bytes JMP 0047000A
.text C:\Program Files\Internet Explorer\iexplore.exe[7668] WS2_32.dll!connect 75FF48BE 5 Bytes JMP 0048000A
.text C:\Program Files\Internet Explorer\iexplore.exe[7668] WS2_32.dll!getaddrinfo 75FF6737 5 Bytes JMP 0070000A
.text C:\Program Files\Internet Explorer\iexplore.exe[7668] WS2_32.dll!send 75FFC4C8 5 Bytes JMP 004A000A
.text C:\Program Files\Internet Explorer\iexplore.exe[7668] WS2_32.dll!gethostbyname 76007133 5 Bytes JMP 004B000A

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs cbfs.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\00000059 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device \Driver\iaStor \Device\Ide\iaStor0 85B021ED
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 85B021ED

AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat cbfs.sys
AttachedDevice \FileSystem\fastfat \Fat AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

---- Threads - GMER 1.0.15 ----

Thread System [4:280] 85B06E7A
Thread System [4:284] 85B09008

---- Files - GMER 1.0.15 ----

File C:\Users\David Baker\AppData\Roaming\Microsoft\Windows\Cookies\david_baker@lycos[1].txt 0 bytes
File C:\Users\David Baker\AppData\Roaming\Microsoft\Windows\Cookies\david_baker@opt.fimserve[1].txt 0 bytes
File C:\Users\David Baker\AppData\Roaming\Microsoft\Windows\Cookies\david_baker@scorecardresearch[1].txt 0 bytes
File C:\Users\David Baker\AppData\Roaming\Microsoft\Windows\Cookies\david_baker@traffikcntr[1].txt 0 bytes
File C:\Users\David Baker\AppData\Roaming\Microsoft\Windows\Cookies\david_baker@yahoo[1].txt 0 bytes
File C:\Users\David Baker\AppData\Roaming\Microsoft\Windows\Cookies\david_baker@yellowpages.lycos[2].txt 0 bytes
File C:\## aswSnx private storage 0 bytes
File C:\## aswSnx private storage\r2 0 bytes
File C:\## aswSnx private storage\snx_rhive 262144 bytes
File C:\## aswSnx private storage\snx_rhive.LOG1 41984 bytes
File C:\## aswSnx private storage\snx_rhive.LOG2 0 bytes
File C:\## aswSnx private storage\snx_rhive{bdd2e40e-7f62-11e0-847c-68b5995b25ab}.TM.blf 65536 bytes
File C:\## aswSnx private storage\snx_rhive{bdd2e40e-7f62-11e0-847c-68b5995b25ab}.TMContainer00000000000000000001.regtrans-ms 524288 bytes
File C:\## aswSnx private storage\snx_rhive{bdd2e40e-7f62-11e0-847c-68b5995b25ab}.TMContainer00000000000000000002.regtrans-ms 524288 bytes

---- EOF - GMER 1.0.15 ----

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:27 PM

Posted 20 May 2011 - 07:43 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.


We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.


In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply





Scan With RKUnHooker

  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


"just click on Cancel, then Accept".


information and logs:

  • In your next post I need the following

  • .logs from DDS
  • log from RKUnHooker
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:27 PM

Posted 23 May 2011 - 07:54 PM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:27 PM

Posted 26 May 2011 - 03:06 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users