Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirecting Google Searches + Momentary Freezing


  • Please log in to reply
9 replies to this topic

#1 CptRetro

CptRetro

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Seattle, WA
  • Local time:12:15 PM

Posted 21 September 2011 - 03:36 AM

To start, I am running Windows 7 64-bit on an ASUS. I use Avast! Antivirus and nothing else. I use Firefox as my web browser.
Within the past two weeks, when I would click on a search result from google, I would be redirected to various scam sites. (Find-fast-answers or whatever) Occasionally I would get through to the site I wanted.

Additionally, my computer has been momentarily freezing what is on screen, for a second or two, and then returning to normal for about 30 seconds before another short freeze. When watching an .avi file, for instance, the video freezes but the audio continues and when the freeze ends, the video skips to where the audio is at in the movie.

I ran Malwarebytes and it found 2 trojans, 4 spyware, and 4 malware and said it took care of them. ( I have the log from that scan) Things were normal for about a day, and then it is back to the redirect issue and freezing. Malwarebytes' scans haven't found anything else.

I know you guys get this a lot. I would really appreciate some guidance into ridding my computer of this nuisance. I am heading to college in two days and can't have some virus or whatever ruining my laptop.

BC AdBot (Login to Remove)

 


#2 CptRetro

CptRetro
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Seattle, WA
  • Local time:12:15 PM

Posted 21 September 2011 - 04:13 AM

To start, I am running Windows 7 64-bit on an ASUS.


Correction: Windows 7, 32-bit

#3 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:11:15 AM

Posted 21 September 2011 - 08:57 PM

Welcome aboard Posted Image

Can you check if redirection happens in IE as well?

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#4 CptRetro

CptRetro
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Seattle, WA
  • Local time:12:15 PM

Posted 22 September 2011 - 12:11 AM

Thank you so much for your help!

Okay so after some tests, it does not redirect searches via Internet Explorer.

Here's the logs in order:

Results of screen317's Security Check version 0.99.7
Windows 7 Service Pack 1 (UAC is disabled!)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
avast! Free Antivirus
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Eusing Free Registry Cleaner
Java™ 6 Update 21
Out of date Java installed!
Adobe Flash Player 10.3.183.5
Adobe Reader 9.4.5
Out of date Adobe Reader installed!
Mozilla Firefox (3.6.22)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Alwil Software Avast5 AvastSvc.exe
Alwil Software Avast5 AvastUI.exe
``````````End of Log````````````


And now for MiniToolBox:

MiniToolBox by Farbar
Ran by Mini Cat (administrator) on 21-09-2011 at 20:47:51
Windows 7 Professional Service Pack 1 (X86)

***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
ProxyServer: :0

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================



========================= IP Configuration: ================================

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
add route prefix=0.0.0.0/0 interface="ethernet_10" nexthop=5.0.0.1 publish=Yes
set interface interface="ethernet_10" forwarding=disabled advertise=disabled metric=9000 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Recon-17
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel® Wireless WiFi Link 4965AGN
Physical Address. . . . . . . . . : 00-1F-3B-6F-D8-FD
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::a53e:d05a:39f1:8f50%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.7(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Wednesday, September 21, 2011 7:59:00 PM
Lease Expires . . . . . . . . . . : Thursday, September 22, 2011 7:59:00 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 218111803
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-82-31-DA-00-22-15-0A-4C-C9
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : domain.actdsltmp
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : 00-22-15-0A-4C-C9
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter 6TO4 Adapter:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:83d:3b75:b3e3:56d6(Preferred)
Link-local IPv6 Address . . . . . : fe80::83d:3b75:b3e3:56d6%17(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.{234BE2AE-60F2-4AEC-8094-E121B8174ACD}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 192.168.1.1

Name: google.com
Addresses: 173.194.33.51
173.194.33.52
173.194.33.49
173.194.33.48
173.194.33.50


Pinging google.com [173.194.33.50] with 32 bytes of data:
Reply from 173.194.33.50: bytes=32 time=14ms TTL=54
Reply from 173.194.33.50: bytes=32 time=11ms TTL=54

Ping statistics for 173.194.33.50:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 11ms, Maximum = 14ms, Average = 12ms
Server: UnKnown
Address: 192.168.1.1

Name: yahoo.com
Addresses: 98.137.149.56
209.191.122.70
67.195.160.76
69.147.125.65
72.30.2.43


Pinging yahoo.com [72.30.2.43] with 32 bytes of data:
Reply from 72.30.2.43: bytes=32 time=52ms TTL=51
Reply from 72.30.2.43: bytes=32 time=53ms TTL=51

Ping statistics for 72.30.2.43:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 52ms, Maximum = 53ms, Average = 52ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
11...00 1f 3b 6f d8 fd ......Intel® Wireless WiFi Link 4965AGN
10...00 22 15 0a 4c c9 ......Realtek PCIe GBE Family Controller
1...........................Software Loopback Interface 1
12...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
17...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
19...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.7 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.7 281
192.168.1.7 255.255.255.255 On-link 192.168.1.7 281
192.168.1.255 255.255.255.255 On-link 192.168.1.7 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.7 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.7 281
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 5.0.0.1 Default
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
17 58 ::/0 On-link
1 306 ::1/128 On-link
17 58 2001::/32 On-link
17 306 2001:0:4137:9e76:83d:3b75:b3e3:56d6/128
On-link
11 281 fe80::/64 On-link
17 306 fe80::/64 On-link
17 306 fe80::83d:3b75:b3e3:56d6/128
On-link
11 281 fe80::a53e:d05a:39f1:8f50/128
On-link
1 306 ff00::/8 On-link
17 306 ff00::/8 On-link
11 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/21/2011 08:31:18 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (09/21/2011 08:31:18 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (09/21/2011 08:31:16 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (09/21/2011 08:31:15 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (09/21/2011 08:31:15 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (09/21/2011 08:31:14 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (09/21/2011 08:31:13 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (09/21/2011 08:31:12 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (09/21/2011 08:31:12 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (09/21/2011 08:31:11 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.


System errors:
=============
Error: (09/21/2011 07:59:01 PM) (Source: Service Control Manager) (User: )
Description: The lxdiCATSCustConnectService service failed to start due to the following error:
%%1053

Error: (09/21/2011 07:59:01 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (60000 milliseconds) while waiting for the lxdiCATSCustConnectService service to connect.

Error: (09/21/2011 07:58:54 PM) (Source: Service Control Manager) (User: )
Description: The Offline Files service terminated with the following error:
%%3

Error: (09/21/2011 07:58:25 PM) (Source: atikmdag) (User: )
Description: Display is not active

Error: (09/21/2011 07:58:25 PM) (Source: atikmdag) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (09/19/2011 03:37:48 AM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (09/17/2011 10:30:08 AM) (Source: Service Control Manager) (User: )
Description: The lxdiCATSCustConnectService service failed to start due to the following error:
%%1053

Error: (09/17/2011 10:30:08 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (60000 milliseconds) while waiting for the lxdiCATSCustConnectService service to connect.

Error: (09/17/2011 10:30:02 AM) (Source: Service Control Manager) (User: )
Description: The Offline Files service terminated with the following error:
%%3

Error: (09/17/2011 10:30:01 AM) (Source: atikmdag) (User: )
Description: Display is not active


Microsoft Office Sessions:
=========================
Error: (10/04/2010 00:09:53 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 27619 seconds with 120 seconds of active time. This session ended with a crash.

Error: (09/28/2010 10:33:16 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 110342 seconds with 4980 seconds of active time. This session ended with a crash.

Error: (06/04/2010 10:07:06 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 88155 seconds with 2640 seconds of active time. This session ended with a crash.


=========================== Installed Programs ============================

µTorrent (Version: 2.2.0)
3D Desktop Zombies! Screensaver v2.0 Trial Version
7-Zip 9.20
ABBYY FineReader 6.0 Sprint (Version: 6.00.1990.41618)
Acrobat.com (Version: 2.1.0)
Acrobat.com (Version: 2.1.0.0)
Active@ ISO Burner (Version: 2.1.0)
Adobe AIR (Version: 2.0.2.12610)
Adobe Flash Player 10 ActiveX (Version: 10.1.82.76)
Adobe Flash Player 10 Plugin (Version: 10.3.183.5)
Adobe Reader 9.4.5 (Version: 9.4.5)
Adobe Shockwave Player 11.5 (Version: 11.5.9.615)
Apple Application Support (Version: 2.0.1)
Apple Mobile Device Support (Version: 3.4.1.2)
Apple Software Update (Version: 2.1.3.127)
Ask Toolbar (Version: 1.9.1.0)
ASUS Security Protect Manager (Version: 2.1.0.880.18)
ATK Generic Function Service (Version: 1.00.0008)
Audiosurf
AuthenTec Fingerprint Sensor Minimum Install (Version: 7.8.1)
AuthenTec TrueSuite (Version: 2.0.0.57)
avast! Free Antivirus (Version: 6.0.1125.0)
Bonjour (Version: 3.0.0.2)
CDDRV_Installer (Version: 4.60)
Click to Call with Skype (Version: 5.6.8153)
Comcast High-Speed Internet Install Wizard
D3DX10 (Version: 15.4.2368.0902)
Epson CreativeZone
Epson Easy Photo Print 2 (Version: 2.2.0.0)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (Version: 1.00.0000)
Epson Easy Photo Print Plug-in for Windows Live Photo Gallery
Epson Easy Photo Print Plug-in for Windows Live Photo Gallery Setup (Version: 1.00.0000)
Epson Event Manager (Version: 2.40.0001)
Epson FAX Utility (Version: 1.10.00)
Epson PC-FAX Driver
EPSON Scan
EPSON WorkForce 520 Series Printer Uninstall
EpsonNet Print (Version: 2.4i)
EpsonNet Setup 3.2 (Version: 3.2a)
erLT (Version: 1.20.0137)
Eusing Free Registry Cleaner
Fallout 3
Fallout Mod Manager 0.9.15
Fences
Fences (Version: 1.0)
FormatFactory 2.60 (Version: 2.60)
Fraps (remove only)
From Dust
GameSpy Arcade
GIMP 2.6.8
Gmask 1.70 English
Google Earth (Version: 6.0.3.2197)
Google Update Helper (Version: 1.3.21.69)
ITECIR Driver (Version: 1.00.000)
iTunes (Version: 10.4.1.10)
Java Auto Updater (Version: 2.0.2.4)
Java™ 6 Update 21 (Version: 6.0.210)
KhalInstallWrapper (Version: 2.00.0000)
Left 4 Dead 2
Left 4 Dead 2 Add-on Support
Lexmark 3500-4500 Series
Lexmark Fax Solutions
Logitech SetPoint (Version: 4.80)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Games for Windows - LIVE Redistributable (Version: 2.0.672.0)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (Version: 12.0.6425.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Rise Of Nations
Microsoft Silverlight (Version: 4.0.60531.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Motorola SM56 Speakerphone Modem (Version: 6.12.25.06)
Mozilla Firefox (3.6.22) (Version: 3.6.22 (en-US))
MSVCRT (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML4 Parser (Version: 1.0.0)
ObjectDock
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
PeerGuardian 2.0 (Version: 2.1.0.2)
Photomatix Pro version 4.0.2 (Version: 4.0.2)
PunkBuster Services (Version: 0.988)
Puran Defrag Free Edition 7.1
QuickTime (Version: 7.70.80.34)
Rainlendar2 (remove only)
Rainmeter (remove only)
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02 (Version: 3.52.02)
Skype™ 5.5 (Version: 5.5.114)
Steam (Version: 1.0.0.0)
System Requirements Lab CYRI (Version: 4.3.1.0)
TrackMania Nations Forever
Ubisoft Game Launcher (Version: 1.0.0.0)
Vegas Movie Studio HD 9.0 (Version: 9.0.30)
Ventrilo Client (Version: 3.0.7)
VLC media player 1.1.11 (Version: 1.1.11)
Vuze (Version: 4.5)
Winamp (Version: 5.601 )
Windows Driver Package - ITE Tech.Inc. (itecir) HIDClass (04/20/2007 5.0.0001.2) (Version: 04/20/2007 5.0.0001.2)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3538.0513)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live Sync (Version: 14.0.8117.416)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Mobile Device Updater Component (Version: 04.07.1404.00)
WinRAR archiver
Xvid 1.2.1 final uninstall (Version: 1.2)
yuPlay client 0.7.17
Zune (Version: 04.07.1404.00)
Zune Language Pack (DEU) (Version: 04.07.1404.00)
Zune Language Pack (ESP) (Version: 04.07.1404.00)
Zune Language Pack (FRA) (Version: 04.07.1404.00)
Zune Language Pack (ITA) (Version: 04.07.1404.00)
Zune Language Pack (NLD) (Version: 04.07.1404.00)
Zune Language Pack (PTB) (Version: 04.07.1404.00)
Zune Language Pack (PTG) (Version: 04.07.1404.00)

========================= Memory info: ===================================

Percentage of memory in use: 36%
Total physical RAM: 3071.24 MB
Available physical RAM: 1944.29 MB
Total Pagefile: 6140.77 MB
Available Pagefile: 5036.1 MB
Total Virtual: 2047.88 MB
Available Virtual: 1943.91 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:232.79 GB) (Free:79.68 GB) NTFS

========================= Users: ========================================

User accounts for \\RECON-17

Administrator Guest Mini Cat


**** End of log ****


Ok so for Malwarebytes, I did a scan a week ago and found some infections. The scan I did tonight came up clean, so I'll post both.


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 7731

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

9/17/2011 12:10:13 AM
mbam-log-2011-09-17 (00-10-13).txt

Scan type: Full scan (C:\|)
Objects scanned: 380210
Time elapsed: 2 hour(s), 37 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\csc (Spyware.Password) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Mini Cat\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\14a55bd4-346cbf0b (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\csc.sys (Spyware.Password) -> Quarantined and deleted successfully.
C:\Windows\winsxs\Backup\x86_microsoft-windows-offlinefiles-core_31bf3856ad364e35_6.1.7601.17514_none_a04fb2d2ba296321_csc.sys_06be9334 (Spyware.Password) -> Quarantined and deleted successfully.
C:\Windows\winsxs\x86_microsoft-windows-offlinefiles-core_31bf3856ad364e35_6.1.7601.17514_none_a04fb2d2ba296321\csc.sys (Spyware.Password) -> Quarantined and deleted successfully.
C:\Windows\System32\02000000bbc22f2f1406C.manifest (Malware.Trace) -> Quarantined and deleted successfully.
C:\Windows\System32\02000000bbc22f2f1406O.manifest (Malware.Trace) -> Quarantined and deleted successfully.
C:\Windows\System32\02000000bbc22f2f1406P.manifest (Malware.Trace) -> Quarantined and deleted successfully.
C:\Windows\System32\02000000bbc22f2f1406S.manifest (Malware.Trace) -> Quarantined and deleted successfully.


And the scan from tonight:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 7731

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

9/21/2011 8:58:57 PM
mbam-log-2011-09-21 (20-58-57).txt

Scan type: Quick scan
Objects scanned: 179006
Time elapsed: 9 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


And lastly for GMER:


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-09-21 22:10:11
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2 ST9250827AS rev.3.AAA
Running: cw78r8g9.exe; Driver: C:\Users\MINICA~1\AppData\Local\Temp\agdyrpog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x8B395202]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x90A1DCB2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x8B39781C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x8B397874]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x8B39798A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x8B397772]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x8B3978C4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x8B3977C6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x8B397938]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x8B395226]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x90A1DD62]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x8B394FF0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x8B39524A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x8B397D82]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x8B395CDA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x8B39784C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x8B39789C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x8B3979B4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x8B39779E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x8B397904]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x8B3977F4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x8B397962]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x90A1DDFA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x8B395BA0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x8B39526E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x8B395292]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x8B39504A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x8B395186]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x8B395162]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x8B3951AA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x8B3952B6]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x90A33902]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKey + 13D1 82C55349 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C8ED52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10CB 82C95D80 4 Bytes [02, 52, 39, 8B]
.text ntkrnlpa.exe!KeRemoveQueueEx + 10F3 82C95DA8 4 Bytes [B2, DC, A1, 90]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11A7 82C95E5C 8 Bytes [1C, 78, 39, 8B, 74, 78, 39, ...] {SBB AL, 0x78; CMP [EBX-0x74c6878c], ECX}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11B3 82C95E68 4 Bytes [8A, 79, 39, 8B]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11CF 82C95E84 4 Bytes [72, 77, 39, 8B]
.text ...
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 82E22BE8 5 Bytes JMP 90A2F2BE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject + 27 82E3B1B8 5 Bytes JMP 90A30D74 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108 82E502FF 4 Bytes CALL 8B39634B \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122 82E6A0D1 4 Bytes CALL 8B396361 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 82EF3F10 7 Bytes JMP 90A33906 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
? System32\Drivers\spsf.sys The system cannot find the path specified. !
init C:\Windows\System32\Drivers\ItSDisk.sys entry point in "init" section [0x8F385360]
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x91814000, 0x2D5378, 0xE8000020]
.text USBPORT.SYS!DllUnload 90AEEDB9 5 Bytes JMP 8685F1D8
PAGE peauth.sys 9D163B9B 72 Bytes [A7, E8, 7B, AC, AD, 99, C3, ...]
PAGE peauth.sys 9D16402C 102 Bytes [47, AB, E9, 8C, 19, 6F, B5, ...]
.text kernel32.dll!GetBinaryTypeW + 70 76BF69F4 1 Byte [62]

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\wbem\wmiprvse.exe[168] ntdll.dll!LdrUnloadDll 7796C8DE 5 Bytes JMP 000603FC
.text C:\Windows\system32\wbem\wmiprvse.exe[168] ntdll.dll!LdrLoadDll 779722B8 5 Bytes JMP 000601F8
.text C:\Windows\system32\wbem\wmiprvse.exe[168] kernel32.dll!GetBinaryTypeW + 70 76BF69F4 1 Byte [62]
.text C:\Windows\system32\wbem\wmiprvse.exe[168] USER32.dll!UnhookWindowsHookEx 7758ADF9 5 Bytes JMP 00100A08
.text C:\Windows\system32\wbem\wmiprvse.exe[168] USER32.dll!UnhookWinEvent 7758B750 5 Bytes JMP 001003FC
.text C:\Windows\system32\wbem\wmiprvse.exe[168] USER32.dll!SetWindowsHookExW 7758E30C 5 Bytes JMP 00100804
.text C:\Windows\system32\wbem\wmiprvse.exe[168] USER32.dll!SetWinEventHook 775924DC 5 Bytes JMP 001001F8
.text C:\Windows\system32\wbem\wmiprvse.exe[168] USER32.dll!SetWindowsHookExA 775B6D0C 5 Bytes JMP 00100600
.text C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe[380] ntdll.dll!LdrUnloadDll 7796C8DE 5 Bytes JMP 001503FC
.text C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe[380] ntdll.dll!LdrLoadDll 779722B8 5 Bytes JMP 001501F8
.text C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe[380] kernel32.dll!GetBinaryTypeW + 70 76BF69F4 1 Byte [62]
.text C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe[380] USER32.dll!UnhookWindowsHookEx 7758ADF9 5 Bytes JMP 002F0A08
.text C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe[380] USER32.dll!UnhookWinEvent 7758B750 5 Bytes JMP 002F03FC
.text C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe[380] USER32.dll!SetWindowsHookExW 7758E30C 5 Bytes JMP 002F0804
.text C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe[380] USER32.dll!SetWinEventHook 775924DC 5 Bytes JMP 002F01F8
.text C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe[380] USER32.dll!SetWindowsHookExA 775B6D0C 5 Bytes JMP 002F0600
.text C:\Windows\system32\csrss.exe[440] kernel32.dll!GetBinaryTypeW + 70 76BF69F4 1 Byte [62]
.text C:\Windows\system32\wininit.exe[516] ntdll.dll!LdrUnloadDll 7796C8DE 5 Bytes JMP 000303FC
.text C:\Windows\system32\wininit.exe[516] ntdll.dll!LdrLoadDll 779722B8 5 Bytes JMP 000301F8
.text C:\Windows\system32\wininit.exe[516] kernel32.dll!GetBinaryTypeW + 70 76BF69F4 1 Byte [62]
.text C:\Windows\system32\wininit.exe[516] USER32.dll!UnhookWindowsHookEx 7758ADF9 5 Bytes JMP 000C0A08
.text C:\Windows\system32\wininit.exe[516] USER32.dll!UnhookWinEvent 7758B750 5 Bytes JMP 000C03FC
.text C:\Windows\system32\wininit.exe[516] USER32.dll!SetWindowsHookExW 7758E30C 5 Bytes JMP 000C0804
.text C:\Windows\system32\wininit.exe[516] USER32.dll!SetWinEventHook 775924DC 5 Bytes JMP 000C01F8
.text C:\Windows\system32\wininit.exe[516] USER32.dll!SetWindowsHookExA 775B6D0C 5 Bytes JMP 000C0600
.text C:\Windows\system32\csrss.exe[528] kernel32.dll!GetBinaryTypeW + 70 76BF69F4 1 Byte [62]
.text C:\Windows\system32\services.exe[564] ntdll.dll!LdrUnloadDll 7796C8DE 5 Bytes JMP 000603FC
.text C:\Windows\system32\services.exe[564] ntdll.dll!LdrLoadDll 779722B8 5 Bytes JMP 000601F8
.text C:\Windows\system32\services.exe[564] kernel32.dll!GetBinaryTypeW + 70 76BF69F4 1 Byte [62]
.text C:\Windows\system32\lsass.exe[588] ntdll.dll!LdrUnloadDll 7796C8DE 5 Bytes JMP 000A03FC
.text C:\Windows\system32\lsass.exe[588] ntdll.dll!LdrLoadDll 779722B8 5 Bytes JMP 000A01F8
.text C:\Windows\system32\lsass.exe[588] kernel32.dll!GetBinaryTypeW + 70 76BF69F4 1 Byte [62]
.text C:\Windows\system32\lsass.exe[588] USER32.dll!UnhookWindowsHookEx 7758ADF9 5 Bytes JMP 00040A08
.text C:\Windows\system32\lsass.exe[588] USER32.dll!UnhookWinEvent 7758B750 5 Bytes JMP 000403FC
.text C:\Windows\system32\lsass.exe[588] USER32.dll!SetWindowsHookExW 7758E30C 5 Bytes JMP 00040804
.text C:\Windows\system32\lsass.exe[588] USER32.dll!SetWinEventHook 775924DC 5 Bytes JMP 000401F8
.text C:\Windows\system32\lsass.exe[588] USER32.dll!SetWindowsHookExA 775B6D0C 5 Bytes JMP 00040600
.text C:\Windows\system32\lsm.exe[596] ntdll.dll!LdrUnloadDll 7796C8DE 5 Bytes JMP 000603FC
.text C:\Windows\system32\lsm.exe[596] ntdll.dll!LdrLoadDll 779722B8 5 Bytes JMP 000601F8
.text C:\Windows\system32\lsm.exe[596] kernel32.dll!GetBinaryTypeW + 70 76BF69F4 1 Byte [62]
.text C:\Windows\system32\winlogon.exe[660] ntdll.dll!LdrUnloadDll 7796C8DE 5 Bytes JMP 000303FC
.text C:\Windows\system32\winlogon.exe[660] ntdll.dll!LdrLoadDll 779722B8 5 Bytes JMP 000301F8
.text C:\Windows\system32\winlogon.exe[660] kernel32.dll!GetBinaryTypeW + 70 76BF69F4 1 Byte [62]
.text C:\Windows\system32\winlogon.exe[660] USER32.dll!UnhookWindowsHookEx 7758ADF9 5 Bytes JMP 001C0A08
.text C:\Windows\system32\winlogon.exe[660] USER32.dll!UnhookWinEvent 7758B750 5 Bytes JMP 001C03FC
.text C:\Windows\system32\winlogon.exe[660] USER32.dll!SetWindowsHookExW 7758E30C 5 Bytes JMP 001C0804
.text C:\Windows\system32\winlogon.exe[660] USER32.dll!SetWinEventHook 775924DC 5 Bytes JMP 001C01F8
.text C:\Windows\system32\winlogon.exe[660] USER32.dll!SetWindowsHookExA 775B6D0C 5 Bytes JMP 001C0600
.text C:\Windows\system32\svchost.exe[748] ntdll.dll!LdrUnloadDll 7796C8DE 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[748] ntdll.dll!LdrLoadDll 779722B8 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[748] kernel32.dll!GetBinaryTypeW + 70 76BF69F4 1 Byte [62]
.text C:\Windows\System32\svchost.exe[820] ntdll.dll!LdrUnloadDll 7796C8DE 5 Bytes JMP 000603FC
.text C:\Windows\System32\svchost.exe[820] ntdll.dll!LdrLoadDll 779722B8 5 Bytes JMP 000601F8
.text C:\Windows\System32\svchost.exe[820] kernel32.dll!GetBinaryTypeW + 70 76BF69F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[864] ntdll.dll!LdrUnloadDll 7796C8DE 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[864] ntdll.dll!LdrLoadDll 779722B8 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[864] kernel32.dll!GetBinaryTypeW + 70 76BF69F4 1 Byte [62]
.text C:\Windows\system32\atiesrxx.exe[920] ntdll.dll!LdrUnloadDll 7796C8DE 5 Bytes JMP 001603FC
.text C:\Windows\system32\atiesrxx.exe[920] ntdll.dll!LdrLoadDll 779722B8 5 Bytes JMP 001601F8
.text C:\Windows\system32\atiesrxx.exe[920] kernel32.dll!GetBinaryTypeW + 70 76BF69F4 1 Byte [62]
.text C:\Windows\system32\atiesrxx.exe[920] USER32.dll!UnhookWindowsHookEx 7758ADF9 5 Bytes JMP 001F0A08
.text C:\Windows\system32\atiesrxx.exe[920] USER32.dll!UnhookWinEvent 7758B750 5 Bytes JMP 001F03FC
.text C:\Windows\system32\atiesrxx.exe[920] USER32.dll!SetWindowsHookExW 7758E30C 5 Bytes JMP 001F0804
.text C:\Windows\system32\atiesrxx.exe[920] USER32.dll!SetWinEventHook 775924DC 5 Bytes JMP 001F01F8
.text C:\Windows\system32\atiesrxx.exe[920] USER32.dll!SetWindowsHookExA 775B6D0C 5 Bytes JMP 001F0600
.text C:\Windows\System32\svchost.exe[1012] ntdll.dll!LdrUnloadDll 7796C8DE 5 Bytes JMP 000603FC
.text C:\Windows\System32\svchost.exe[1012] ntdll.dll!LdrLoadDll 779722B8 5 Bytes JMP 000601F8
.text C:\Windows\System32\svchost.exe[1012] kernel32.dll!GetBinaryTypeW + 70 76BF69F4 1 Byte [62]
.text C:\Windows\System32\svchost.exe[1012] USER32.dll!UnhookWindowsHookEx 7758ADF9 5 Bytes JMP 00400A08
.text C:\Windows\System32\svchost.exe[1012] USER32.dll!UnhookWinEvent 7758B750 5 Bytes JMP 004003FC
.text C:\Windows\System32\svchost.exe[1012] USER32.dll!SetWindowsHookExW 7758E30C 5 Bytes JMP 00400804
.text C:\Windows\System32\svchost.exe[1012] USER32.dll!SetWinEventHook 775924DC 5 Bytes JMP 004001F8
.text C:\Windows\System32\svchost.exe[1012] USER32.dll!SetWindowsHookExA 775B6D0C 5 Bytes JMP 00400600
.text C:\Windows\System32\svchost.exe[1064] ntdll.dll!LdrUnloadDll 7796C8DE 5 Bytes JMP 000603FC
.text C:\Windows\System32\svchost.exe[1064] ntdll.dll!LdrLoadDll 779722B8 5 Bytes JMP 000601F8
.text C:\Windows\System32\svchost.exe[1064] kernel32.dll!GetBinaryTypeW + 70 76BF69F4 1 Byte [62]
.text C:\Windows\System32\svchost.exe[1064] USER32.dll!UnhookWindowsHookEx 7758ADF9 5 Bytes JMP 00990A08
.text C:\Windows\System32\svchost.exe[1064] USER32.dll!UnhookWinEvent 7758B750 5 Bytes JMP 009903FC
.text C:\Windows\System32\svchost.exe[1064] USER32.dll!SetWindowsHookExW 7758E30C 5 Bytes JMP 00990804
.text C:\Windows\System32\svchost.exe[1064] USER32.dll!SetWinEventHook 775924DC 5 Bytes JMP 009901F8
.text C:\Windows\System32\svchost.exe[1064] USER32.dll!SetWindowsHookExA 775B6D0C 5 Bytes JMP 00990600
.text C:\Windows\system32\svchost.exe[1088] ntdll.dll!LdrUnloadDll 7796C8DE 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[1088] ntdll.dll!LdrLoadDll 779722B8 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[1088] kernel32.dll!GetBinaryTypeW + 70 76BF69F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1088] USER32.dll!UnhookWindowsHookEx 7758ADF9 5 Bytes JMP 00F40A08
.text C:\Windows\system32\svchost.exe[1088] USER32.dll!UnhookWinEvent 7758B750 5 Bytes JMP 00F403FC
.text C:\Windows\system32\svchost.exe[1088] USER32.dll!SetWindowsHookExW 7758E30C 5 Bytes JMP 00F40804
.text C:\Windows\system32\svchost.exe[1088] USER32.dll!SetWinEventHook 775924DC 5 Bytes JMP 00F401F8
.text C:\Windows\system32\svchost.exe[1088] USER32.dll!SetWindowsHookExA 775B6D0C 5 Bytes JMP 00F40600
.text C:\Windows\system32\svchost.exe[1204] ntdll.dll!LdrUnloadDll 7796C8DE 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[1204] ntdll.dll!LdrLoadDll 779722B8 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[1204] kernel32.dll!GetBinaryTypeW + 70 76BF69F4 1 Byte [62]
.text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[1228] ntdll.dll!LdrUnloadDll 7796C8DE 5 Bytes JMP 001603FC
.text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[1228] ntdll.dll!LdrLoadDll 779722B8 5 Bytes JMP 001601F8
.text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[1228] kernel32.dll!GetBinaryTypeW + 70 76BF69F4 1 Byte [62]
.text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[1228] USER32.dll!UnhookWindowsHookEx 7758ADF9 5 Bytes JMP 001F0A08
.text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[1228] USER32.dll!UnhookWinEvent 7758B750 5 Bytes JMP 001F03FC
.text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[1228] USER32.dll!SetWindowsHookExW 7758E30C 5 Bytes JMP 001F0804
.text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[1228] USER32.dll!SetWinEventHook 775924DC 5 Bytes JMP 001F01F8
.text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[1228] USER32.dll!SetWindowsHookExA 775B6D0C 5 Bytes JMP 001F0600
.text C:\Windows\system32\svchost.exe[1240] ntdll.dll!LdrUnloadDll 7796C8DE 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[1240] ntdll.dll!LdrLoadDll 779722B8 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[1240] kernel32.dll!GetBinaryTypeW + 70 76BF69F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1240] USER32.dll!UnhookWindowsHookEx 7758ADF9 5 Bytes JMP 00940A08
.text C:\Windows\system32\svchost.exe[1240] USER32.dll!UnhookWinEvent 7758B750 5 Bytes JMP 009403FC
.text C:\Windows\system32\svchost.exe[1240] USER32.dll!SetWindowsHookExW 7758E30C 5 Bytes JMP 00940804
.text C:\Windows\system32\svchost.exe[1240] USER32.dll!SetWinEventHook 775924DC 5 Bytes JMP 009401F8
.text C:\Windows\system32\svchost.exe[1240] USER32.dll!SetWindowsHookExA 775B6D0C 5 Bytes JMP 00940600
.text C:\Windows\system32\atieclxx.exe[1300] ntdll.dll!LdrUnloadDll 7796C8DE 5 Bytes JMP 001603FC
.text C:\Windows\system32\atieclxx.exe[1300] ntdll.dll!LdrLoadDll 779722B8 5 Bytes JMP 001601F8
.text C:\Windows\system32\atieclxx.exe[1300] kernel32.dll!GetBinaryTypeW + 70 76BF69F4 1 Byte [62]
.text C:\Windows\system32\atieclxx.exe[1300] USER32.dll!UnhookWindowsHookEx 7758ADF9 5 Bytes JMP 00180A08
.text C:\Windows\system32\atieclxx.exe[1300] USER32.dll!UnhookWinEvent 7758B750 5 Bytes JMP 001803FC
.text C:\Windows\system32\atieclxx.exe[1300] USER32.dll!SetWindowsHookExW 7758E30C 5 Bytes JMP 00180804
.text C:\Windows\system32\atieclxx.exe[1300] USER32.dll!SetWinEventHook 775924DC 5 Bytes JMP 001801F8
.text C:\Windows\system32\atieclxx.exe[1300] USER32.dll!SetWindowsHookExA 775B6D0C 5 Bytes JMP 00180600
.text C:\Windows\system32\svchost.exe[1372] ntdll.dll!LdrUnloadDll 7796C8DE 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[1372] ntdll.dll!LdrLoadDll 779722B8 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[1372] kernel32.dll!GetBinaryTypeW + 70 76BF69F4 1 Byte [62]
.text C:\Program Files\ATKGFNEX\GFNEXSrv.exe[1560] ntdll.dll!LdrUnloadDll 7796C8DE 5 Bytes JMP 001603FC
.text C:\Program Files\ATKGFNEX\GFNEXSrv.exe[1560] ntdll.dll!LdrLoadDll 779722B8 5 Bytes JMP 001601F8
.text C:\Program Files\ATKGFNEX\GFNEXSrv.exe[1560] kernel32.dll!GetBinaryTypeW + 70 76BF69F4 1 Byte [62]
.text C:\Program Files\ATKGFNEX\GFNEXSrv.exe[1560] USER32.dll!UnhookWindowsHookEx 7758ADF9 5 Bytes JMP 00180A08
.text C:\Program Files\ATKGFNEX\GFNEXSrv.exe[1560] USER32.dll!UnhookWinEvent 7758B750 5 Bytes JMP 001803FC
.text C:\Program Files\ATKGFNEX\GFNEXSrv.exe[1560] USER32.dll!SetWindowsHookExW 7758E30C 5 Bytes JMP 00180804
.text C:\Program Files\ATKGFNEX\GFNEXSrv.exe[1560] USER32.dll!SetWinEventHook 775924DC 5 Bytes JMP 001801F8
.text C:\Program Files\ATKGFNEX\GFNEXSrv.exe[1560] USER32.dll!SetWindowsHookExA 775B6D0C 5 Bytes JMP 00180600
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1584] kernel32.dll!SetUnhandledExceptionFilter 76BDF4FB 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1584] kernel32.dll!GetBinaryTypeW + 70 76BF69F4 1 Byte [62]
.text C:\Windows\System32\spoolsv.exe[1940] ntdll.dll!LdrUnloadDll 7796C8DE 5 Bytes JMP 000603FC
.text C:\Windows\System32\spoolsv.exe[1940] ntdll.dll!LdrLoadDll 779722B8 5 Bytes JMP 000601F8
.text C:\Windows\System32\spoolsv.exe[1940] kernel32.dll!GetBinaryTypeW + 70 76BF69F4 1 Byte [62]
.text C:\Windows\System32\spoolsv.exe[1940] USER32.dll!UnhookWindowsHookEx 7758ADF9 5 Bytes JMP 00110A08
.text C:\Windows\System32\spoolsv.exe[1940] USER32.dll!UnhookWinEvent 7758B750 5 Bytes JMP 001103FC
.text C:\Windows\System32\spoolsv.exe[1940] USER32.dll!SetWindowsHookExW 7758E30C 5 Bytes JMP 00110804
.text C:\Windows\System32\spoolsv.exe[1940] USER32.dll!SetWinEventHook 775924DC 5 Bytes JMP 001101F8
.text C:\Windows\System32\spoolsv.exe[1940] USER32.dll!SetWindowsHookExA 775B6D0C 5 Bytes JMP 00110600
.text C:\Program Files\Stardock\ObjectDock\ObjectDock.exe[1972] ntdll.dll!LdrUnloadDll 7796C8DE 5 Bytes JMP 001603FC
.text C:\Program Files\Stardock\ObjectDock\ObjectDock.exe[1972] ntdll.dll!LdrLoadDll 779722B8 5 Bytes JMP 001601F8
.text C:\Program Files\Stardock\ObjectDock\ObjectDock.exe[1972] kernel32.dll!GetBinaryTypeW + 70 76BF69F4 1 Byte [62]
.text C:\Program Files\Stardock\ObjectDock\ObjectDock.exe[1972] USER32.dll!UnhookWindowsHookEx 7758ADF9 5 Bytes JMP 001F0A08
.text C:\Program Files\Stardock\ObjectDock\ObjectDock.exe[1972] USER32.dll!UnhookWinEvent 7758B750 5 Bytes JMP 001F03FC
.text C:\Program Files\Stardock\ObjectDock\ObjectDock.exe[1972] USER32.dll!SetWindowsHookExW 7758E30C 5 Bytes JMP 001F0804
.text C:\Program Files\Stardock\ObjectDock\ObjectDock.exe[1972] USER32.dll!SetWinEventHook 775924DC 5 Bytes JMP 001F01F8
.text C:\Program Files\Stardock\ObjectDock\ObjectDock.exe[1972] USER32.dll!SetWindowsHookExA 775B6D0C 5 Bytes JMP 001F0600
.text C:\Windows\system32\svchost.exe[2032] ntdll.dll!LdrUnloadDll 7796C8DE 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[2032] ntdll.dll!LdrLoadDll 779722B8 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[2032] kernel32.dll!GetBinaryTypeW + 70 76BF69F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[2032] USER32.dll!UnhookWindowsHookEx 7758ADF9 5 Bytes JMP 00110A08
.text C:\Windows\system32\svchost.exe[2032] USER32.dll!UnhookWinEvent 7758B750 5 Bytes JMP 001103FC
.text C:\Windows\system32\svchost.exe[2032] USER32.dll!SetWindowsHookExW 7758E30C 5 Bytes JMP 00110804
.text C:\Windows\system32\svchost.exe[2032] USER32.dll!SetWinEventHook 775924DC 5 Bytes JMP 001101F8
.text C:\Windows\system32\svchost.exe[2032] USER32.dll!SetWindowsHookExA 775B6D0C 5 Bytes JMP 00110600
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2060] ntdll.dll!LdrUnloadDll 7796C8DE 5 Bytes JMP 000603FC
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2060] ntdll.dll!LdrLoadDll 779722B8 5 Bytes JMP 000601F8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2060] kernel32.dll!GetBinaryTypeW + 70 76BF69F4 1 Byte [62]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2060] USER32.dll!UnhookWindowsHookEx 7758ADF9 5 Bytes JMP 00210A08
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2060] USER32.dll!UnhookWinEvent 7758B750 5 Bytes JMP 002103FC
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2060] USER32.dll!SetWindowsHookExW 7758E30C 5 Bytes JMP 00210804
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2060] USER32.dll!SetWinEventHook 775924DC 5 Bytes JMP 002101F8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2060] USER32.dll!SetWindowsHookExA 775B6D0C 5 Bytes JMP 00210600
.text C:\Program Files\Bonjour\mDNSResponder.exe[2084] ntdll.dll!LdrUnloadDll 7796C8DE 5 Bytes JMP 000603FC
.text C:\Program Files\Bonjour\mDNSResponder.exe[2084] ntdll.dll!LdrLoadDll 779722B8 5 Bytes JMP 000601F8
.text C:\Program Files\Bonjour\mDNSResponder.exe[2084] kernel32.dll!GetBinaryTypeW + 70 76BF69F4 1 Byte [62]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2084] USER32.dll!UnhookWindowsHookEx 7758ADF9 5 Bytes JMP 00200A08
.text C:\Program Files\Bonjour\mDNSResponder.exe[2084] USER32.dll!UnhookWinEvent 7758B750 5 Bytes JMP 002003FC
.text C:\Program Files\Bonjour\mDNSResponder.exe[2084] USER32.dll!SetWindowsHookExW 7758E30C 5 Bytes JMP 00200804
.text C:\Program Files\Bonjour\mDNSResponder.exe[2084] USER32.dll!SetWinEventHook 775924DC 5 Bytes JMP 002001F8
.text C:\Program Files\Bonjour\mDNSResponder.exe[2084] USER32.dll!SetWindowsHookExA 775B6D0C 5 Bytes JMP 00200600
.text C:\Windows\system32\svchost.exe[2140] ntdll.dll!LdrUnloadDll 7796C8DE 5 Bytes JMP 000A03FC
.text C:\Windows\system32\svchost.exe[2140] ntdll.dll!LdrLoadDll 779722B8 5 Bytes JMP 000A01F8
.text C:\Windows\system32\svchost.exe[2140] kernel32.dll!GetBinaryTypeW + 70 76BF69F4 1 Byte [62]
.text C:\Windows\system32\lxdicoms.exe[2252] ntdll.dll!LdrUnloadDll 7796C8DE 5 Bytes JMP 001603FC
.text C:\Windows\system32\lxdicoms.exe[2252] ntdll.dll!LdrLoadDll 779722B8 5 Bytes JMP 001601F8
.text C:\Windows\system32\lxdicoms.exe[2252] kernel32.dll!GetBinaryTypeW + 70 76BF69F4 1 Byte [62]
.text C:\Windows\system32\lxdicoms.exe[2252] USER32.dll!UnhookWindowsHookEx 7758ADF9 5 Bytes JMP 001F0A08
.text C:\Windows\system32\lxdicoms.exe[2252] USER32.dll!UnhookWinEvent 7758B750 5 Bytes JMP 001F03FC
.text C:\Windows\system32\lxdicoms.exe[2252] USER32.dll!SetWindowsHookExW 7758E30C 5 Bytes JMP 001F0804
.text C:\Windows\system32\lxdicoms.exe[2252] USER32.dll!SetWinEventHook 775924DC 5 Bytes JMP 001F01F8
.text C:\Windows\system32\lxdicoms.exe[2252] USER32.dll!SetWindowsHookExA 775B6D0C 5 Bytes JMP 001F0600
.text C:\Windows\system32\PnkBstrA.exe[2300] ntdll.dll!LdrUnloadDll 7796C8DE 5 Bytes JMP 001503FC
.text C:\Windows\system32\PnkBstrA.exe[2300] ntdll.dll!LdrLoadDll 779722B8 5 Bytes JMP 001501F8
.text C:\Windows\system32\PnkBstrA.exe[2300] kernel32.dll!GetBinaryTypeW + 70 76BF69F4 1 Byte [62]
.text C:\Windows\system32\PnkBstrA.exe[2300] USER32.dll!UnhookWindowsHookEx 7758ADF9 5 Bytes JMP 001E0A08
.text C:\Windows\system32\PnkBstrA.exe[2300] USER32.dll!UnhookWinEvent 7758B750 5 Bytes JMP 001E03FC
.text C:\Windows\system32\PnkBstrA.exe[2300] USER32.dll!SetWindowsHookExW 7758E30C 5 Bytes JMP 001E0804
.text C:\Windows\system32\PnkBstrA.exe[2300] USER32.dll!SetWinEventHook 775924DC 5 Bytes JMP 001E01F8
.text C:\Windows\system32\PnkBstrA.exe[2300] USER32.dll!SetWindowsHookExA 775B6D0C 5 Bytes JMP 001E0600
.text C:\Windows\system32\PuranDefragS.exe[2368] ntdll.dll!LdrUnloadDll 7796C8DE 5 Bytes JMP 001603FC
.text C:\Windows\system32\PuranDefragS.exe[2368] ntdll.dll!LdrLoadDll 779722B8 5 Bytes JMP 001601F8
.text C:\Windows\system32\PuranDefragS.exe[2368] kernel32.dll!GetBinaryTypeW + 70 76BF69F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[2396] ntdll.dll!LdrUnloadDll 7796C8DE 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[2396] ntdll.dll!LdrLoadDll 779722B8 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[2396] kernel32.dll!GetBinaryTypeW + 70 76BF69F4 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2444] ntdll.dll!LdrUnloadDll 7796C8DE 5 Bytes JMP 000603FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2444] ntdll.dll!LdrLoadDll 779722B8 5 Bytes JMP 000601F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2444] kernel32.dll!GetBinaryTypeW + 70 76BF69F4 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2444] USER32.dll!UnhookWindowsHookEx 7758ADF9 5 Bytes JMP 000D0A08
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2444] USER32.dll!UnhookWinEvent 7758B750 5 Bytes JMP 000D03FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2444] USER32.dll!SetWindowsHookExW 7758E30C 5 Bytes JMP 000D0804
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2444] USER32.dll!SetWinEventHook 775924DC 5 Bytes JMP 000D01F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2444] USER32.dll!SetWindowsHookExA 775B6D0C 5 Bytes JMP 000D0600
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2616] ntdll.dll!LdrUnloadDll 7796C8DE 5 Bytes JMP 000603FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2616] ntdll.dll!LdrLoadDll 779722B8 5 Bytes JMP 000601F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2616] kernel32.dll!GetBinaryTypeW + 70 76BF69F4 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2616] USER32.dll!UnhookWindowsHookEx 7758ADF9 5 Bytes JMP 00100A08
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2616] USER32.dll!UnhookWinEvent 7758B750 5 Bytes JMP 001003FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2616] USER32.dll!SetWindowsHookExW 7758E30C 5 Bytes JMP 00100804
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2616] USER32.dll!SetWinEventHook 775924DC 5 Bytes JMP 001001F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2616] USER32.dll!SetWindowsHookExA 775B6D0C 5 Bytes JMP 00100600
.text C:\Windows\system32\svchost.exe[2948] ntdll.dll!LdrUnloadDll 7796C8DE 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[2948] ntdll.dll!LdrLoadDll 779722B8 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[2948] kernel32.dll!GetBinaryTypeW + 70 76BF69F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[2948] USER32.dll!UnhookWindowsHookEx 7758ADF9 5 Bytes JMP 001F0A08
.text C:\Windows\system32\svchost.exe[2948] USER32.dll!UnhookWinEvent 7758B750 5 Bytes JMP 001F03FC
.text C:\Windows\system32\svchost.exe[2948] USER32.dll!SetWindowsHookExW 7758E30C 5 Bytes JMP 001F0804
.text C:\Windows\system32\svchost.exe[2948] USER32.dll!SetWinEventHook 775924DC 5 Bytes JMP 001F01F8
.text C:\Windows\system32\svchost.exe[2948] USER32.dll!SetWindowsHookExA 775B6D0C 5 Bytes JMP 001F0600
.text C:\Windows\System32\svchost.exe[3084] kernel32.dll!GetBinaryTypeW + 70 76BF69F4 1 Byte [62]
.text C:\Program Files\iPod\bin\iPodService.exe[3252] ntdll.dll!LdrUnloadDll 7796C8DE 5 Bytes JMP 001603FC
.text C:\Program Files\iPod\bin\iPodService.exe[3252] ntdll.dll!LdrLoadDll 779722B8 5 Bytes JMP 001601F8
.text C:\Program Files\iPod\bin\iPodService.exe[3252] kernel32.dll!GetBinaryTypeW + 70 76BF69F4 1 Byte [62]
.text C:\Program Files\iPod\bin\iPodService.exe[3252] USER32.dll!UnhookWindowsHookEx 7758ADF9 5 Bytes JMP 00200A08
.text C:\Program Files\iPod\bin\iPodService.exe[3252] USER32.dll!UnhookWinEvent 7758B750 5 Bytes JMP 002003FC
.text C:\Program Files\iPod\bin\iPodService.exe[3252] USER32.dll!SetWindowsHookExW 7758E30C 5 Bytes JMP 00200804
.text C:\Program Files\iPod\bin\iPodService.exe[3252] USER32.dll!SetWinEventHook 775924DC 5 Bytes JMP 002001F8
.text C:\Program Files\iPod\bin\iPodService.exe[3252] USER32.dll!SetWindowsHookExA 775B6D0C 5 Bytes JMP 00200600
.text C:\Windows\system32\taskhost.exe[3280] ntdll.dll!LdrUnloadDll 7796C8DE 5 Bytes JMP 000903FC
.text C:\Windows\system32\taskhost.exe[3280] ntdll.dll!LdrLoadDll 779722B8 5 Bytes JMP 000901F8
.text C:\Windows\system32\taskhost.exe[3280] kernel32.dll!GetBinaryTypeW + 70 76BF69F4 1 Byte [62]
.text C:\Windows\system32\taskhost.exe[3280] USER32.dll!UnhookWindowsHookEx 7758ADF9 5 Bytes JMP 00120A08
.text C:\Windows\system32\taskhost.exe[3280] USER32.dll!UnhookWinEvent 7758B750 5 Bytes JMP 001203FC
.text C:\Windows\system32\taskhost.exe[3280] USER32.dll!SetWindowsHookExW 7758E30C 5 Bytes JMP 00120804
.text C:\Windows\system32\taskhost.exe[3280] USER32.dll!SetWinEventHook 775924DC 5 Bytes JMP 001201F8
.text C:\Windows\system32\taskhost.exe[3280] USER32.dll!SetWindowsHookExA 775B6D0C 5 Bytes JMP 00120600
.text C:\Windows\system32\Dwm.exe[3416] ntdll.dll!LdrUnloadDll 7796C8DE 5 Bytes JMP 000A03FC
.text C:\Windows\system32\Dwm.exe[3416] ntdll.dll!LdrLoadDll 779722B8 5 Bytes JMP 000A01F8
.text C:\Windows\system32\Dwm.exe[3416] kernel32.dll!GetBinaryTypeW + 70 76BF69F4 1 Byte [62]
.text C:\Windows\system32\Dwm.exe[3416] USER32.dll!UnhookWindowsHookEx 7758ADF9 5 Bytes JMP 00130A08
.text C:\Windows\system32\Dwm.exe[3416] USER32.dll!UnhookWinEvent 7758B750 5 Bytes JMP 001303FC
.text C:\Windows\system32\Dwm.exe[3416] USER32.dll!SetWindowsHookExW 7758E30C 5 Bytes JMP 00130804
.text C:\Windows\system32\Dwm.exe[3416] USER32.dll!SetWinEventHook 775924DC 5 Bytes JMP 001301F8
.text C:\Windows\system32\Dwm.exe[3416] USER32.dll!SetWindowsHookExA 775B6D0C 5 Bytes JMP 00130600
.text C:\Windows\Explorer.EXE[3440] ntdll.dll!LdrUnloadDll 7796C8DE 5 Bytes JMP 000A03FC
.text C:\Windows\Explorer.EXE[3440] ntdll.dll!LdrLoadDll 779722B8 5 Bytes JMP 000A01F8
.text C:\Windows\Explorer.EXE[3440] kernel32.dll!GetBinaryTypeW + 70 76BF69F4 1 Byte [62]
.text C:\Windows\Explorer.EXE[3440] USER32.dll!UnhookWindowsHookEx 7758ADF9 5 Bytes JMP 00250A08
.text C:\Windows\Explorer.EXE[3440] USER32.dll!UnhookWinEvent 7758B750 5 Bytes JMP 002503FC
.text C:\Windows\Explorer.EXE[3440] USER32.dll!SetWindowsHookExW 7758E30C 5 Bytes JMP 00250804
.text C:\Windows\Explorer.EXE[3440] USER32.dll!SetWinEventHook 775924DC 5 Bytes JMP 002501F8
.text C:\Windows\Explorer.EXE[3440] USER32.dll!SetWindowsHookExA 775B6D0C 5 Bytes JMP 00250600
.text C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe[3736] ntdll.dll!LdrUnloadDll 7796C8DE 5 Bytes JMP 001503FC
.text C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe[3736] ntdll.dll!LdrLoadDll 779722B8 5 Bytes JMP 001501F8
.text C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe[3736] kernel32.dll!GetBinaryTypeW + 70 76BF69F4 1 Byte [62]
.text C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe[3736] USER32.dll!UnhookWindowsHookEx 7758ADF9 5 Bytes JMP 001E0A08
.text C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe[3736] USER32.dll!UnhookWinEvent 7758B750 5 Bytes JMP 001E03FC
.text C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe[3736] USER32.dll!SetWindowsHookExW 7758E30C 5 Bytes JMP 001E0804
.text C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe[3736] USER32.dll!SetWinEventHook 775924DC 5 Bytes JMP 001E01F8
.text C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe[3736] USER32.dll!SetWindowsHookExA 775B6D0C 5 Bytes JMP 001E0600
.text C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe[3744] KERNEL32.dll!GetBinaryTypeW + 70 76BF69F4 1 Byte [62]
.text C:\Program Files\Zune\ZuneLauncher.exe[3752] ntdll.dll!LdrUnloadDll 7796C8DE 5 Bytes JMP 000703FC
.text C:\Program Files\Zune\ZuneLauncher.exe[3752] ntdll.dll!LdrLoadDll 779722B8 5 Bytes JMP 000701F8
.text C:\Program Files\Zune\ZuneLauncher.exe[3752] kernel32.dll!GetBinaryTypeW + 70 76BF69F4 1 Byte [62]
.text C:\Program Files\Zune\ZuneLauncher.exe[3752] USER32.dll!UnhookWindowsHookEx 7758ADF9 5 Bytes JMP 00120A08
.text C:\Program Files\Zune\ZuneLauncher.exe[3752] USER32.dll!UnhookWinEvent 7758B750 5 Bytes JMP 001203FC
.text C:\Program Files\Zune\ZuneLauncher.exe[3752] USER32.dll!SetWindowsHookExW 7758E30C 5 Bytes JMP 00120804
.text C:\Program Files\Zune\ZuneLauncher.exe[3752] USER32.dll!SetWinEventHook 775924DC 5 Bytes JMP 001201F8
.text C:\Program Files\Zune\ZuneLauncher.exe[3752] USER32.dll!SetWindowsHookExA 775B6D0C 5 Bytes JMP 00120600
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3768] ntdll.dll!LdrUnloadDll 7796C8DE 5 Bytes JMP 001603FC
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3768] ntdll.dll!LdrLoadDll 779722B8 5 Bytes JMP 001601F8
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3768] kernel32.dll!GetBinaryTypeW + 70 76BF69F4 1 Byte [62]
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3768] USER32.dll!UnhookWindowsHookEx 7758ADF9 5 Bytes JMP 00200A08
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3768] USER32.dll!UnhookWinEvent 7758B750 5 Bytes JMP 002003FC
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3768] USER32.dll!SetWindowsHookExW 7758E30C 5 Bytes JMP 00200804
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3768] USER32.dll!SetWinEventHook 775924DC 5 Bytes JMP 002001F8
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3768] USER32.dll!SetWindowsHookExA 775B6D0C 5 Bytes JMP 00200600
.text C:\Program Files\Puran Defrag\PuranADT.exe[3788] ntdll.dll!LdrUnloadDll 7796C8DE 5 Bytes JMP 001603FC
.text C:\Program Files\Puran Defrag\PuranADT.exe[3788] ntdll.dll!LdrLoadDll 779722B8 5 Bytes JMP 001601F8
.text C:\Program Files\Puran Defrag\PuranADT.exe[3788] kernel32.dll!GetBinaryTypeW + 70 76BF69F4 1 Byte [62]
.text C:\Program Files\Puran Defrag\PuranADT.exe[3788] USER32.dll!UnhookWindowsHookEx 7758ADF9 5 Bytes JMP 001F0A08
.text C:\Program Files\Puran Defrag\PuranADT.exe[3788] USER32.dll!UnhookWinEvent 7758B750 5 Bytes JMP 001F03FC
.text C:\Program Files\Puran Defrag\PuranADT.exe[3788] USER32.dll!SetWindowsHookExW 7758E30C 5 Bytes JMP 001F0804
.text C:\Program Files\Puran Defrag\PuranADT.exe[3788] USER32.dll!SetWinEventHook 775924DC 5 Bytes JMP 001F01F8
.text C:\Program Files\Puran Defrag\PuranADT.exe[3788] USER32.dll!SetWindowsHookExA 775B6D0C 5 Bytes JMP 001F0600
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[3808] kernel32.dll!GetBinaryTypeW + 70 76BF69F4 1 Byte [62]
.text C:\Program Files\iTunes\iTunesHelper.exe[3848] ntdll.dll!LdrUnloadDll 7796C8DE 5 Bytes JMP 000603FC
.text C:\Program Files\iTunes\iTunesHelper.exe[3848] ntdll.dll!LdrLoadDll 779722B8 5 Bytes JMP 000601F8
.text C:\Program Files\iTunes\iTunesHelper.exe[3848] kernel32.dll!GetBinaryTypeW + 70 76BF69F4 1 Byte [62]
.text C:\Program Files\iTunes\iTunesHelper.exe[3848] USER32.dll!UnhookWindowsHookEx 7758ADF9 5 Bytes JMP 00100A08
.text C:\Program Files\iTunes\iTunesHelper.exe[3848] USER32.dll!UnhookWinEvent 7758B750 5 Bytes JMP 001003FC
.text C:\Program Files\iTunes\iTunesHelper.exe[3848] USER32.dll!SetWindowsHookExW 7758E30C 5 Bytes JMP 00100804
.text C:\Program Files\iTunes\iTunesHelper.exe[3848] USER32.dll!SetWinEventHook 775924DC 5 Bytes JMP 001001F8
.text C:\Program Files\iTunes\iTunesHelper.exe[3848] USER32.dll!SetWindowsHookExA 775B6D0C 5 Bytes JMP 00100600
.text C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3884] ntdll.dll!LdrUnloadDll 7796C8DE 5 Bytes JMP 000603FC
.text C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3884] ntdll.dll!LdrLoadDll 779722B8 5 Bytes JMP 000601F8
.text C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3884] kernel32.dll!GetBinaryTypeW + 70 76BF69F4 1 Byte [62]
.text C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3884] USER32.dll!UnhookWindowsHookEx 7758ADF9 5 Bytes JMP 00090A08
.text C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3884] USER32.dll!UnhookWinEvent 7758B750 5 Bytes JMP 000903FC
.text C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3884] USER32.dll!SetWindowsHookExW 7758E30C 5 Bytes JMP 00090804
.text C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3884] USER32.dll!SetWinEventHook 775924DC 5 Bytes JMP 000901F8
.text C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3884] USER32.dll!SetWindowsHookExA 775B6D0C 5 Bytes JMP 00090600
.text C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe[3936] ntdll.dll!LdrUnloadDll 7796C8DE 5 Bytes JMP 001603FC
.text C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe[3936] ntdll.dll!LdrLoadDll 779722B8 5 Bytes JMP 001601F8
.text C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe[3936] kernel32.dll!GetBinaryTypeW + 70 76BF69F4 1 Byte [62]
.text C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe[3936] USER32.dll!UnhookWindowsHookEx 7758ADF9 5 Bytes JMP 006A0A08
.text C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe[3936] USER32.dll!UnhookWinEvent 7758B750 5 Bytes JMP 006A03FC
.text C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe[3936] USER32.dll!SetWindowsHookExW 7758E30C 5 Bytes JMP 006A0804
.text C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe[3936] USER32.dll!SetWinEventHook 775924DC 5 Bytes JMP 006A01F8
.text C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe[3936] USER32.dll!SetWindowsHookExA 775B6D0C 5 Bytes JMP 006A0600
.text C:\Program Files\Rainlendar2\Rainlendar2.exe[3960] ntdll.dll!LdrUnloadDll 7796C8DE 5 Bytes JMP 000603FC
.text C:\Program Files\Rainlendar2\Rainlendar2.exe[3960] ntdll.dll!LdrLoadDll 779722B8 5 Bytes JMP 000601F8
.text C:\Program Files\Rainlendar2\Rainlendar2.exe[3960] kernel32.dll!GetBinaryTypeW + 70 76BF69F4 1 Byte [62]
.text C:\Program Files\Rainlendar2\Rainlendar2.exe[3960] USER32.dll!UnhookWindowsHookEx 7758ADF9 5 Bytes JMP 001F0A08
.text C:\Program Files\Rainlendar2\Rainlendar2.exe[3960] USER32.dll!UnhookWinEvent 7758B750 5 Bytes JMP 001F03FC
.text C:\Program Files\Rainlendar2\Rainlendar2.exe[3960] USER32.dll!SetWindowsHookExW 7758E30C 5 Bytes JMP 001F0804
.text C:\Program Files\Rainlendar2\Rainlendar2.exe[3960] USER32.dll!SetWinEventHook 775924DC 5 Bytes JMP 001F01F8
.text C:\Program Files\Rainlendar2\Rainlendar2.exe[3960] USER32.dll!SetWindowsHookExA 775B6D0C 5 Bytes JMP 001F0600
.text C:\Windows\System32\spool\drivers\w32x86\3\E_FATIGIA.EXE[4000] ntdll.dll!LdrUnloadDll 7796C8DE 5 Bytes JMP 000603FC
.text C:\Windows\System32\spool\drivers\w32x86\3\E_FATIGIA.EXE[4000] ntdll.dll!LdrLoadDll 779722B8 5 Bytes JMP 000601F8
.text C:\Windows\System32\spool\drivers\w32x86\3\E_FATIGIA.EXE[4000] kernel32.dll!GetBinaryTypeW + 70 76BF69F4 1 Byte [62]
.text C:\Windows\System32\spool\drivers\w32x86\3\E_FATIGIA.EXE[4000] USER32.dll!UnhookWindowsHookEx 7758ADF9 5 Bytes JMP 000F0A08
.text C:\Windows\System32\spool\drivers\w32x86\3\E_FATIGIA.EXE[4000] USER32.dll!UnhookWinEvent 7758B750 5 Bytes JMP 000F03FC
.text C:\Windows\System32\spool\drivers\w32x86\3\E_FATIGIA.EXE[4000] USER32.dll!SetWindowsHookExW 7758E30C 5 Bytes JMP 000F0804
.text C:\Windows\System32\spool\drivers\w32x86\3\E_FATIGIA.EXE[4000] USER32.dll!SetWinEventHook 775924DC 5 Bytes JMP 000F01F8
.text C:\Windows\System32\spool\drivers\w32x86\3\E_FATIGIA.EXE[4000] USER32.dll!SetWindowsHookExA 775B6D0C 5 Bytes JMP 000F0600
.text C:\Program Files\Logitech\SetPoint\SetPoint.exe[4048] ntdll.dll!LdrUnloadDll 7796C8DE 5 Bytes JMP 001603FC
.text C:\Program Files\Logitech\SetPoint\SetPoint.exe[4048] ntdll.dll!LdrLoadDll 779722B8 5 Bytes JMP 001601F8
.text C:\Program Files\Logitech\SetPoint\SetPoint.exe[4048] kernel32.dll!GetBinaryTypeW + 70 76BF69F4 1 Byte [62]
.text C:\Program Files\Logitech\SetPoint\SetPoint.exe[4048] USER32.dll!UnhookWindowsHookEx 7758ADF9 5 Bytes JMP 00260A08
.text C:\Program Files\Logitech\SetPoint\SetPoint.exe[4048] USER32.dll!UnhookWinEvent 7758B750 5 Bytes JMP 002603FC
.text C:\Program Files\Logitech\SetPoint\SetPoint.exe[4048] USER32.dll!SetWindowsHookExW 7758E30C 5 Bytes JMP 00260804
.text C:\Program Files\Logitech\SetPoint\SetPoint.exe[4048] USER32.dll!SetWinEventHook 775924DC 5 Bytes JMP 002601F8
.text C:\Program Files\Logitech\SetPoint\SetPoint.exe[4048] USER32.dll!SetWindowsHookExA 775B6D0C 5 Bytes JMP 00260600
.text C:\Program Files\Rainmeter\Rainmeter.exe[4064] ntdll.dll!LdrUnloadDll 7796C8DE 5 Bytes JMP 000603FC
.text C:\Program Files\Rainmeter\Rainmeter.exe[4064] ntdll.dll!LdrLoadDll 779722B8 5 Bytes JMP 000601F8
.text C:\Program Files\Rainmeter\Rainmeter.exe[4064] kernel32.dll!GetBinaryTypeW + 70 76BF69F4 1 Byte [62]
.text C:\Program Files\Rainmeter\Rainmeter.exe[4064] USER32.dll!UnhookWindowsHookEx 7758ADF9 5 Bytes JMP 00210A08
.text C:\Program Files\Rainmeter\Rainmeter.exe[4064] USER32.dll!UnhookWinEvent 7758B750 5 Bytes JMP 002103FC
.text C:\Program Files\Rainmeter\Rainmeter.exe[4064] USER32.dll!SetWindowsHookExW 7758E30C 5 Bytes JMP 00210804
.text C:\Program Files\Rainmeter\Rainmeter.exe[4064] USER32.dll!SetWinEventHook 775924DC 5 Bytes JMP 002101F8
.text C:\Program Files\Rainmeter\Rainmeter.exe[4064] USER32.dll!SetWindowsHookExA 775B6D0C 5 Bytes JMP 00210600
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[4084] ntdll.dll!LdrUnloadDll 7796C8DE 5 Bytes JMP 000603FC
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[4084] ntdll.dll!LdrLoadDll 779722B8 5 Bytes JMP 000601F8
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[4084] kernel32.dll!GetBinaryTypeW + 70 76BF69F4 1 Byte [62]
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[4084] USER32.dll!UnhookWindowsHookEx 7758ADF9 5 Bytes JMP 00080A08
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[4084] USER32.dll!UnhookWinEvent 7758B750 5 Bytes JMP 000803FC
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[4084] USER32.dll!SetWindowsHookExW 7758E30C 5 Bytes JMP 00080804
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[4084] USER32.dll!SetWinEventHook 775924DC 5 Bytes JMP 000801F8
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[4084] USER32.dll!SetWindowsHookExA 775B6D0C 5 Bytes JMP 00080600
.text C:\Windows\system32\SearchIndexer.exe[4196] ntdll.dll!LdrUnloadDll 7796C8DE 5 Bytes JMP 000603FC
.text C:\Windows\system32\SearchIndexer.exe[4196] ntdll.dll!LdrLoadDll 779722B8 5 Bytes JMP 000601F8
.text C:\Windows\system32\SearchIndexer.exe[4196] kernel32.dll!GetBinaryTypeW + 70 76BF69F4 1 Byte [62]
.text C:\Windows\system32\SearchIndexer.exe[4196] USER32.dll!UnhookWindowsHookEx 7758ADF9 5 Bytes JMP 00100A08
.text C:\Windows\system32\SearchIndexer.exe[4196] USER32.dll!UnhookWinEvent 7758B750 5 Bytes JMP 001003FC
.text C:\Windows\system32\SearchIndexer.exe[4196] USER32.dll!SetWindowsHookExW 7758E30C 5 Bytes JMP 00100804
.text C:\Windows\system32\SearchIndexer.exe[4196] USER32.dll!SetWinEventHook 775924DC 5 Bytes JMP 001001F8
.text C:\Windows\system32\SearchIndexer.exe[4196] USER32.dll!SetWindowsHookExA 775B6D0C 5 Bytes JMP 00100600
.text C:\Users\Mini Cat\Downloads\cw78r8g9.exe[4312] kernel32.dll!GetBinaryTypeW + 70 76BF69F4 1 Byte [62]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4572] ntdll.dll!LdrUnloadDll 7796C8DE 5 Bytes JMP 000603FC
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4572] ntdll.dll!LdrLoadDll 779722B8 5 Bytes JMP 000601F8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4572] kernel32.dll!GetBinaryTypeW + 70 76BF69F4 1 Byte [62]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4572] USER32.dll!UnhookWindowsHookEx 7758ADF9 5 Bytes JMP 00140A08
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4572] USER32.dll!UnhookWinEvent 7758B750 5 Bytes JMP 001403FC
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4572] USER32.dll!SetWindowsHookExW 7758E30C 5 Bytes JMP 00140804
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4572] USER32.dll!SetWinEventHook 775924DC 5 Bytes JMP 001401F8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4572] USER32.dll!SetWindowsHookExA 775B6D0C 5 Bytes JMP 00140600
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5380] ntdll.dll!LdrUnloadDll 7796C8DE 5 Bytes JMP 000603FC
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5380] ntdll.dll!LdrLoadDll 779722B8 5 Bytes JMP 000601F8
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5380] kernel32.dll!GetBinaryTypeW + 70 76BF69F4 1 Byte [62]
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5380] USER32.dll!UnhookWindowsHookEx 7758ADF9 5 Bytes JMP 00090A08
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5380] USER32.dll!UnhookWinEvent 7758B750 5 Bytes JMP 000903FC
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5380] USER32.dll!SetWindowsHookExW 7758E30C 5 Bytes JMP 00090804
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5380] USER32.dll!SetWinEventHook 775924DC 5 Bytes JMP 000901F8
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5380] USER32.dll!TrackPopupMenu 775A2228 5 Bytes JMP 619E893B C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5380] USER32.dll!SetWindowsHookExA 775B6D0C 5 Bytes JMP 00090600
.text C:\Program Files\Mozilla Firefox\firefox.exe[5812] ntdll.dll!LdrUnloadDll 7796C8DE 5 Bytes JMP 000603FC
.text C:\Program Files\Mozilla Firefox\firefox.exe[5812] ntdll.dll!LdrLoadDll 779722B8 5 Bytes JMP 000601F8
.text C:\Program Files\Mozilla Firefox\firefox.exe[5812] kernel32.dll!GetBinaryTypeW + 70 76BF69F4 1 Byte [62]
.text C:\Program Files\Mozilla Firefox\firefox.exe[5812] USER32.dll!UnhookWindowsHookEx 7758ADF9 5 Bytes JMP 00100A08
.text C:\Program Files\Mozilla Firefox\firefox.exe[5812] USER32.dll!UnhookWinEvent 7758B750 5 Bytes JMP 001003FC
.text C:\Program Files\Mozilla Firefox\firefox.exe[5812] USER32.dll!SetWindowsHookExW 7758E30C 5 Bytes JMP 00100804
.text C:\Program Files\Mozilla Firefox\firefox.exe[5812] USER32.dll!SetWinEventHook 775924DC 5 Bytes JMP 001001F8
.text C:\Program Files\Mozilla Firefox\firefox.exe[5812] USER32.dll!SetWindowsHookExA 775B6D0C 5 Bytes JMP 00100600
.text C:\Windows\system32\svchost.exe[6056] ntdll.dll!LdrUnloadDll 7796C8DE 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[6056] ntdll.dll!LdrLoadDll 779722B8 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[6056] kernel32.dll!GetBinaryTypeW + 70 76BF69F4 1 Byte [62]

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8B094042] \SystemRoot\System32\Drivers\spsf.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8B0946D6] \SystemRoot\System32\Drivers\spsf.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [8B094800] \SystemRoot\System32\Drivers\spsf.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8B09413E] \SystemRoot\System32\Drivers\spsf.sys

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[3440] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [74732437] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3440] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74715600] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3440] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [747156BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3440] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [747324B2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3440] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [74728514] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3440] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74724CC8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3440] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7472506F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3440] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [74725144] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3440] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [74726671] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3440] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7472826B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3440] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [747287BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3440] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7472901B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3440] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7472E1BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3440] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74724BFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Program Files\Zune\ZuneLauncher.exe[3752] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [7598FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Zune\ZuneLauncher.exe[3752] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [7598FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Zune\ZuneLauncher.exe[3752] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [7598FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Zune\ZuneLauncher.exe[3752] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [7598FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 855841F8
Device \Driver\volmgr \Device\VolMgrControl 8557F1F8
Device \Driver\usbuhci \Device\USBPDO-0 8686B1F8
Device \Driver\usbuhci \Device\USBPDO-1 8686B1F8
Device \Driver\usbehci \Device\USBPDO-2 86815500
Device \Driver\usbuhci \Device\USBPDO-3 8686B1F8
Device \Driver\usbuhci \Device\USBPDO-4 8686B1F8

AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\usbuhci \Device\USBPDO-5 8686B1F8
Device \Driver\usbehci \Device\USBPDO-6 86815500
Device \Driver\NetBT \Device\NetBT_Tcpip_{234BE2AE-60F2-4AEC-8094-E121B8174ACD} 867CB1F8
Device \Driver\volmgr \Device\HarddiskVolume1 8557F1F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device \Driver\volmgr \Device\HarddiskVolume2 8557F1F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device \Driver\cdrom \Device\CdRom0 866E21F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 855811F8
Device \Driver\atapi \Device\Ide\IdePort0 855811F8
Device \Driver\atapi \Device\Ide\IdePort1 855811F8
Device \Driver\atapi \Device\Ide\IdePort2 855811F8
Device \Driver\atapi \Device\Ide\IdePort3 855811F8
Device \Driver\msahci \Device\Ide\PciIde1Channel0 855821F8
Device \Driver\msahci \Device\Ide\PciIde1Channel1 855821F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-2 855811F8
Device \Driver\msahci \Device\Ide\PciIde1Channel2 855821F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 867CB1F8
Device \Driver\ACPI_HAL \Device\0000004c halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device \Driver\NetBT \Device\NetBT_Tcpip_{47659F93-C5C8-497E-82DF-D01B57445AC8} 867CB1F8

AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\usbuhci \Device\USBFDO-0 8686B1F8
Device \Driver\usbuhci \Device\USBFDO-1 8686B1F8
Device \Driver\usbehci \Device\USBFDO-2 86815500
Device \Driver\usbuhci \Device\USBFDO-3 8686B1F8
Device \Driver\usbuhci \Device\USBFDO-4 8686B1F8
Device \Driver\usbuhci \Device\USBFDO-5 8686B1F8
Device \Driver\usbehci \Device\USBFDO-6 86815500

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001fc679a0d7
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001fc679a0d7 (not active ControlSet)

---- EOF - GMER 1.0.15 ----

#5 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:11:15 AM

Posted 22 September 2011 - 06:16 PM

Uninstall Ask Toolbar, typical foistware.

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#6 CptRetro

CptRetro
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Seattle, WA
  • Local time:12:15 PM

Posted 23 September 2011 - 03:19 AM

When I tried to uninstall Ask Toolbar via Add or Remove programs, I had to close firefox, and then it gave me this error message: "Error 1316.A network error occurred while attempting to read from the file c:\Windows\Installer\Ask Toolbar.msi"
This error stopped the uninstall process.

#7 CptRetro

CptRetro
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Seattle, WA
  • Local time:12:15 PM

Posted 23 September 2011 - 03:21 AM

Result from GooredFix, WITH AskToolbar still installed:

GooredFix by jpshortstuff (03.07.10.1)
Log created at 01:20 on 23/09/2011 (Mini Cat)
Firefox version 3.6.22 (en-US)

========== GooredScan ==========

Deleting "C:\Users\Mini Cat\Application Data\Mozilla\Firefox\Profiles\8at67k8l.default\extensions\{c1c695c9-2570-4608-aa2f-74eaefcef6ef}" -> Success!

========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [02:28 07/09/2011]
{972ce4c6-7e08-4474-a285-3208198ce6fd} [23:13 16/05/2010]
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [23:58 29/05/2010]
{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [17:11 18/08/2010]

C:\Users\Mini Cat\Application Data\Mozilla\Firefox\Profiles\8at67k8l.default\extensions\
activegs@freetoolsassociation.com [19:46 27/08/2011]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\Alwil Software\Avast5\WebRep\FF" [01:18 29/05/2011]

-=E.O.F=-

#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:11:15 AM

Posted 23 September 2011 - 03:38 PM

How is redirection now?

Regarding Ask Toolbar uninstallation, try free version of Revo: http://www.revouninstaller.com/revo_uninstaller_free_download.html

Edited by Broni, 23 September 2011 - 03:38 PM.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#9 CptRetro

CptRetro
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Seattle, WA
  • Local time:12:15 PM

Posted 04 October 2011 - 07:00 PM

Thank you very much. The redirection is no long an issue. I appreciate your help. Sorry for taking so long to respond. I moved into college that day you posted the tips.

#10 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:11:15 AM

Posted 04 October 2011 - 07:04 PM

Very good :)

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.

====================================================================

Update Adobe Reader

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions (if present).
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or any other garbage.

=================================================================

Your computer is clean Posted Image

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll remove all old restore points and create fresh, clean restore point.

Turn system restore off.
Restart computer.
Turn system restore back on.

If you don't know how to do it...
Windows XP: http://support.microsoft.com/kb/310405
Vista and Windows 7: http://www.howtogeek.com/howto/windows-vista/disable-system-restore-in-windows-vista/

2. Make sure, Windows Updates are current.

3. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

4. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

5. Run Temporary File Cleaner (TFC) weekly.

6. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

7. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

8. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

9. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

10. Except for MBAM and TFC, which are keepers you can simply delete all other tools we used as they don't install.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users