Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

my comp wants ne to reinstall window


  • Please log in to reply
11 replies to this topic

#1 oldaero

oldaero

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:08 PM

Posted 25 September 2011 - 04:53 AM

I've been gettin popups telling me that I need to reinstall windows.. I've ignored them, but now I have something different..

In the lower right-hand corner, I now have something new...
it says"
"Windows 7"
"build 7601"
"this copy of windows is not genuine"


I've searched here and found nothing....
I don't seem to have any problems with my comp.... but, this is not normal..

please help!!
Dan/oldaero

BC AdBot (Login to Remove)

 


#2 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:08:08 PM

Posted 26 September 2011 - 06:28 PM

Hi oldaero,

:welcome: to Bleeping Computer.

My name is Jason and I'll be helping you with your computer problems. You can call me by my screename jntkwx or Jason is fine.

Some things to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please do not attach logs or put logs in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can also help.
  • Do not run anything while running a fix.
  • If you don't understand a step, please ask for clarification before continuing with any future steps.

Click on the Watch Topic button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Note to others: The instructions here are intended for the person who began this topic. If you need help, please create your own topic in the appropriate forum.

 

:step1: Go here: http://www.microsoft.com/genuine/validate and follow the steps to verify your Windows installation is valid.

:step2: Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List last 10 Event Viewer Log Errors
  • List Installed Programs
  • List Users, Partitions and Memory size
Click Go . Please put code boxes around just this entire log, like this, but without the letter x: [xcode] MiniToolBox log [/xcode]

:step3: Please download Malwarebytes Anti-Malware and save it to your desktop.
Download Link 1
Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

Troubleshoot Malwarebytes' Anti-Malware

:step4: Superantisypware (SAS):

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from http://www.superantispyware.com/downloads/SASDEFINITIONS.EXE (copy and paste that website address) and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others checked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Home" button to leave the control center screen.
  • Back on the main screen, under "Select Scan Type" click Complete Scan.
  • On the left, make sure you check C:\.
  • Click Start Complete Scan > Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a USB drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.

:step5: Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.


In your next reply, please include:
  • Results of Wundows validation
  • MiniToolBox log
  • Malwarebytes log
  • SuperAntiSpyware log
  • GMER log
  • How's your computer running now?

Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#3 oldaero

oldaero
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:08 PM

Posted 28 September 2011 - 05:35 AM

thanks, Jason... I'm not new here,, just been lucky enough not to need help in a while... This has always been my best place to come if I have puter probs...

Anyways... I did my best to follow your instructions, and these are the results:
Ist: I have an emachines 1300.... I'm still told that my windows is not validated...

You also asked for these logs:

MiniToolBox by Farbar
Ran by Diana (administrator) on 28-09-2011 at 03:19:54
Windows 7 Home Premium Service Pack 1 (X86)

***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is enabled.
No Proxy Server is set.
========================= Hosts content: =================================

::1 localhost

127.0.0.1 localhost

========================= IP Configuration: ================================

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Dan
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : wowway.com

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : wowway.com
Description . . . . . . . . . . . : NVIDIA nForce Networking Controller
Physical Address. . . . . . . . . : 00-25-11-1E-44-B6
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::c9d5:44d6:9c67:1c65%10(Preferred)
IPv4 Address. . . . . . . . . . . : 24.192.120.57(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.248.0
Lease Obtained. . . . . . . . . . : Sunday, September 25, 2011 7:21:21 AM
Lease Expires . . . . . . . . . . : Wednesday, October 05, 2011 2:04:24 AM
Default Gateway . . . . . . . . . : 24.192.120.1
DHCP Server . . . . . . . . . . . : 172.31.15.246
DHCPv6 IAID . . . . . . . . . . . : 251666064
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-11-A8-36-33-00-25-11-1E-44-B6
DNS Servers . . . . . . . . . . . : 64.233.217.3
64.233.217.5
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 47:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::1cd5:3a9a:e73f:87c6%51(Preferred)
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 872415232
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-11-A8-36-33-00-25-11-1E-44-B6
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Local Area Connection* 55:

Connection-specific DNS Suffix . : wowway.com
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2002:18c0:7839::18c0:7839(Preferred)
Default Gateway . . . . . . . . . : 2002:c058:6301::c058:6301
DNS Servers . . . . . . . . . . . : 64.233.217.3
64.233.217.5
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.wowway.com:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : wowway.com
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: try11-dns2.try.wideopenwest.com
Address: 64.233.217.3

Name: google.com
Addresses: 74.125.226.148
74.125.226.144
74.125.226.145
74.125.226.146
74.125.226.147


Pinging google.com [74.125.226.147] with 32 bytes of data:
Reply from 74.125.226.147: bytes=32 time=24ms TTL=58
Reply from 74.125.226.147: bytes=32 time=26ms TTL=58

Ping statistics for 74.125.226.147:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 24ms, Maximum = 26ms, Average = 25ms
Server: try11-dns2.try.wideopenwest.com
Address: 64.233.217.3

Name: yahoo.com
Addresses: 72.30.2.43
98.137.149.56
209.191.122.70
67.195.160.76
69.147.125.65


Pinging yahoo.com [69.147.125.65] with 32 bytes of data:
Reply from 69.147.125.65: bytes=32 time=30ms TTL=52
Reply from 69.147.125.65: bytes=32 time=33ms TTL=52

Ping statistics for 69.147.125.65:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 30ms, Maximum = 33ms, Average = 31ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
10...00 25 11 1e 44 b6 ......NVIDIA nForce Networking Controller
1...........................Software Loopback Interface 1
51...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
60...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
61...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 24.192.120.1 24.192.120.57 20
24.192.120.0 255.255.248.0 On-link 24.192.120.57 276
24.192.120.57 255.255.255.255 On-link 24.192.120.57 276
24.192.127.255 255.255.255.255 On-link 24.192.120.57 276
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 24.192.120.57 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 24.192.120.57 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
60 1125 ::/0 2002:c058:6301::c058:6301
1 306 ::1/128 On-link
60 1025 2002::/16 On-link
60 281 2002:18c0:7839::18c0:7839/128
On-link
10 276 fe80::/64 On-link
51 306 fe80::/64 On-link
51 306 fe80::1cd5:3a9a:e73f:87c6/128
On-link
10 276 fe80::c9d5:44d6:9c67:1c65/128
On-link
1 306 ff00::/8 On-link
51 306 ff00::/8 On-link
10 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/28/2011 03:14:23 AM) (Source: Application Error) (User: )
Description: Faulting application name: sppsvc.exe, version: 6.1.7601.17514, time stamp: 0x4ce7b048
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x40000015
Fault offset: 0x00003c46
Faulting process id: 0x874
Faulting application start time: 0xsppsvc.exe0
Faulting application path: sppsvc.exe1
Faulting module path: sppsvc.exe2
Report Id: sppsvc.exe3

Error: (09/28/2011 03:04:28 AM) (Source: Application Error) (User: )
Description: Faulting application name: sppsvc.exe, version: 6.1.7601.17514, time stamp: 0x4ce7b048
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x40000015
Fault offset: 0x0000ed71
Faulting process id: 0x17a4
Faulting application start time: 0xsppsvc.exe0
Faulting application path: sppsvc.exe1
Faulting module path: sppsvc.exe2
Report Id: sppsvc.exe3

Error: (09/28/2011 03:03:49 AM) (Source: Application Error) (User: )
Description: Faulting application name: sppsvc.exe, version: 6.1.7601.17514, time stamp: 0x4ce7b048
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x40000015
Fault offset: 0x000007d5
Faulting process id: 0x1350
Faulting application start time: 0xsppsvc.exe0
Faulting application path: sppsvc.exe1
Faulting module path: sppsvc.exe2
Report Id: sppsvc.exe3

Error: (09/28/2011 02:59:23 AM) (Source: Application Error) (User: )
Description: Faulting application name: sppsvc.exe, version: 6.1.7601.17514, time stamp: 0x4ce7b048
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x40000015
Fault offset: 0x0000b07e
Faulting process id: 0x630
Faulting application start time: 0xsppsvc.exe0
Faulting application path: sppsvc.exe1
Faulting module path: sppsvc.exe2
Report Id: sppsvc.exe3

Error: (09/28/2011 02:44:23 AM) (Source: Application Error) (User: )
Description: Faulting application name: sppsvc.exe, version: 6.1.7601.17514, time stamp: 0x4ce7b048
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x40000015
Fault offset: 0x0000d837
Faulting process id: 0x8ac
Faulting application start time: 0xsppsvc.exe0
Faulting application path: sppsvc.exe1
Faulting module path: sppsvc.exe2
Report Id: sppsvc.exe3

Error: (09/28/2011 02:29:23 AM) (Source: Application Error) (User: )
Description: Faulting application name: sppsvc.exe, version: 6.1.7601.17514, time stamp: 0x4ce7b048
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x40000015
Fault offset: 0x0000b24c
Faulting process id: 0xc6c
Faulting application start time: 0xsppsvc.exe0
Faulting application path: sppsvc.exe1
Faulting module path: sppsvc.exe2
Report Id: sppsvc.exe3

Error: (09/28/2011 02:26:54 AM) (Source: MsiInstaller) (User: Diana)Diana
Description: Product: Adobe Reader 9.4.6 - Update 'Adobe Reader 9.4.6 - CPSID_83708' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error: (09/28/2011 02:26:52 AM) (Source: MsiInstaller) (User: Diana)Diana
Description: Product: Adobe Reader 9.4.6 -- Error 1335.The cabinet file 'PCW_CAB_RDR' required for this installation is corrupt and cannot be used. This could indicate a network error, an error reading from the CD-ROM, or a problem with this package.

Error: (09/28/2011 01:53:10 AM) (Source: Application Error) (User: )
Description: Faulting application name: sppsvc.exe, version: 6.1.7601.17514, time stamp: 0x4ce7b048
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x40000015
Fault offset: 0x00001a23
Faulting process id: 0x77c
Faulting application start time: 0xsppsvc.exe0
Faulting application path: sppsvc.exe1
Faulting module path: sppsvc.exe2
Report Id: sppsvc.exe3

Error: (09/28/2011 01:53:05 AM) (Source: Application Error) (User: )
Description: Faulting application name: sppsvc.exe, version: 6.1.7601.17514, time stamp: 0x4ce7b048
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x40000015
Fault offset: 0x00009890
Faulting process id: 0x12dc
Faulting application start time: 0xsppsvc.exe0
Faulting application path: sppsvc.exe1
Faulting module path: sppsvc.exe2
Report Id: sppsvc.exe3


System errors:
=============
Error: (09/28/2011 03:14:24 AM) (Source: Service Control Manager) (User: )
Description: The Software Protection service terminated unexpectedly. It has done this 57 time(s).

Error: (09/28/2011 03:04:29 AM) (Source: Service Control Manager) (User: )
Description: The Software Protection service terminated unexpectedly. It has done this 56 time(s).

Error: (09/28/2011 03:03:50 AM) (Source: Service Control Manager) (User: )
Description: The Software Protection service terminated unexpectedly. It has done this 55 time(s).

Error: (09/28/2011 02:59:24 AM) (Source: Service Control Manager) (User: )
Description: The Software Protection service terminated unexpectedly. It has done this 54 time(s).

Error: (09/28/2011 02:44:24 AM) (Source: Service Control Manager) (User: )
Description: The Software Protection service terminated unexpectedly. It has done this 53 time(s).

Error: (09/28/2011 02:29:24 AM) (Source: Service Control Manager) (User: )
Description: The Software Protection service terminated unexpectedly. It has done this 52 time(s).

Error: (09/28/2011 02:04:24 AM) (Source: volmgr) (User: )
Description: The system could not sucessfully load the crash dump driver.

Error: (09/28/2011 01:53:11 AM) (Source: Service Control Manager) (User: )
Description: The Software Protection service terminated unexpectedly. It has done this 51 time(s).

Error: (09/28/2011 01:53:06 AM) (Source: Service Control Manager) (User: )
Description: The Software Protection service terminated unexpectedly. It has done this 50 time(s).

Error: (09/28/2011 01:34:09 AM) (Source: volmgr) (User: )
Description: The system could not sucessfully load the crash dump driver.


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

32 Bit HP CIO Components Installer (Version: 2.1.5)
5400 (Version: 82.0.252.000)
5400_Help (Version: 82.0.252.000)
Acrobat.com (Version: 0.0.0)
Acrobat.com (Version: 1.1.377)
Adobe AIR (Version: 1.0.4990)
Adobe AIR (Version: 1.0.8.4990)
Adobe Flash Player 10 ActiveX (Version: 10.3.181.26)
Adobe Reader 9.4.5 (Version: 9.4.5)
Apple Application Support (Version: 1.4.1)
Apple Software Update (Version: 2.1.1.116)
Bing Rewards Client Installer (Version: 16.0.345.0)
BufferChm (Version: 82.0.173.000)
Choice Guard (Version: 1.2.87.0)
Compatibility Pack for the 2007 Office system (Version: 12.0.6425.1000)
CustomerResearchQFolder (Version: 1.00.0000)
CyberLink LabelPrint (Version: 2.0.3111)
CyberLink Power2Go (Version: 5.5.4316)
Destinations (Version: 82.0.173.000)
DeviceManagementQFolder (Version: 1.00.0000)
Download Updater (AOL LLC)
eMachines Games (Version: 1.0.0.52)
eSupportQFolder (Version: 1.00.0000)
F-Secure PSC Prerequisites (Version: 1.0.5)
Feedback Tool (Version: 1.2.0)
Google Toolbar for Internet Explorer (Version: 1.0.0)
HP Customer Participation Program 8.0 (Version: 8.0)
HP Deskjet Printer Driver Software 8.0.C (Version: 8.0)
HP Imaging Device Functions 8.0 (Version: 8.0)
HP Photosmart Essential (Version: 1.12.0.46)
HP Print Diagnostic Utility (Version: 1.51.0000)
HP Product Detection (Version: 9.7.3)
HP Solution Center 8.0 (Version: 8.0)
HP Update (Version: 5.002.006.003)
HPDiagnosticAlert (Version: 1.00.0000)
HPProductAssistant (Version: 82.0.173.000)
HPSSupply (Version: 2.1.3.0000)
Java Auto Updater (Version: 2.0.3.1)
Java™ 6 Update 24 (Version: 6.0.240)
Junk Mail filter update (Version: 14.0.8050.1202)
Learn2 Player (Uninstall Only)
MarketResearch (Version: 82.0.174.000)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Default Manager (Version: 2.2.114.0)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (Version: 12.0.6425.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6425.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Suite Activation Assistant (Version: 2.9)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Silverlight (Version: 4.0.60531.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Works (Version: 9.7.0621)
MSVCRT (Version: 14.0.1468.721)
Norton Security Suite (Version: 4.3.0.5)
NVIDIA Drivers
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
PokerStars.net
QuickTime (Version: 7.69.80.9)
RealPlayer Basic
Realtek High Definition Audio Driver (Version: 6.0.1.5780)
SF_CDC_ProductContext (Version: 82.0.252.000)
SF_CDC_Software (Version: 82.0.252.000)
SolutionCenter (Version: 82.0.188.000)
Status (Version: 82.0.173.000)
Toolbox (Version: 82.0.173.000)
TrayApp (Version: 82.0.188.000)
UnloadSupport (Version: 1.00.0000)
Upgrade Kit (Version: 1.00.3002)
Viewpoint Media Player
WebReg (Version: 82.0.173.000)
Windows 7 Upgrade Advisor (Version: 2.0.5000.0)
Windows Live Communications Platform (Version: 14.0.8050.1202)
Windows Live Essentials (Version: 14.0.8050.1202)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
Windows Live Mail (Version: 14.0.8050.1202)
Windows Live Photo Gallery (Version: 14.0.8051.1204)
Windows Live Sync (Version: 14.0.8050.1202)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8050.1202)
WOW! Security
Yahoo! Messenger

**** End of log ****


Malwarebytes found nothing, so I didn't include that log

SAS log:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/28/2011 at 04:50 AM

Application Version : 5.0.1128

Core Rules Database Version : 7733
Trace Rules Database Version: 5545

Scan type : Complete Scan
Total Scan Time : 00:44:22

Operating System Information
Windows 7 Home Premium 32-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned : 675
Memory threats detected : 0
Registry items scanned : 37782
Registry threats detected : 0
File items scanned : 48097
File threats detected : 232

Adware.Tracking Cookie
C:\Users\Diana\AppData\Roaming\Microsoft\Windows\Cookies\diana@ad.wsod[2].txt [ /ad.wsod ]
C:\Users\Diana\AppData\Roaming\Microsoft\Windows\Cookies\diana@atdmt.combing[2].txt [ /atdmt.combing ]
C:\Users\Diana\AppData\Roaming\Microsoft\Windows\Cookies\diana@collective-media[1].txt [ /collective-media ]
C:\Users\Diana\AppData\Roaming\Microsoft\Windows\Cookies\diana@invitemedia[1].txt [ /invitemedia ]
C:\Users\Diana\AppData\Roaming\Microsoft\Windows\Cookies\diana@pointroll[2].txt [ /pointroll ]
C:\Users\Diana\AppData\Roaming\Microsoft\Windows\Cookies\diana@sexier[1].txt [ /sexier ]
C:\Users\Diana\AppData\Roaming\Microsoft\Windows\Cookies\diana@shemalesgetbleeped[1].txt [ /shemalesgetbleeped ]
C:\Users\Diana\AppData\Roaming\Microsoft\Windows\Cookies\J7DTP31L.txt [ /msadcenter.112.2o7.net ]
C:\Users\Diana\AppData\Roaming\Microsoft\Windows\Cookies\QR771FN0.txt [ /atdmt.com ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\diana@eas.apm.emediate[2].txt [ Cookie:diana@eas.apm.emediate.eu/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\diana@stats.townnews[2].txt [ Cookie:diana@stats.townnews.com/pantagraph.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\BX8GNKC2.txt [ Cookie:diana@a1.interclick.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\diana@purpleporno[2].txt [ Cookie:diana@purpleporno.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\Z94GHB7X.txt [ Cookie:diana@questionmarket.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\diana@wt.xxxcupid[1].txt [ Cookie:diana@wt.xxxcupid.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\BQB8GROU.txt [ Cookie:diana@invitemedia.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\diana@www.google[2].txt [ Cookie:diana@www.google.com/support/noradtrackssanta/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\diana@dc.tremormedia[1].txt [ Cookie:diana@dc.tremormedia.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\diana@asianladyboyssex[1].txt [ Cookie:diana@asianladyboyssex.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\diana@ads.gamesbannernet[1].txt [ Cookie:diana@ads.gamesbannernet.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\67NIY37C.txt [ Cookie:diana@adsonar.com/adserving ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\JHJ1GDHB.txt [ Cookie:diana@pointroll.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\diana@user.lucidmedia[1].txt [ Cookie:diana@user.lucidmedia.com/clicksense/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\G7FHM7VO.txt [ Cookie:diana@adxpansion.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\diana@trafficmp[1].txt [ Cookie:diana@trafficmp.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\diana@girlsteachsex[2].txt [ Cookie:diana@girlsteachsex.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\diana@adultadworld[1].txt [ Cookie:diana@adultadworld.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\diana@www.google[5].txt [ Cookie:diana@www.google.com/support/accounts/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\diana@adserv.qconline[2].txt [ Cookie:diana@adserv.qconline.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\diana@specificmedia[1].txt [ Cookie:diana@specificmedia.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\diana@galleries.adult-empire[1].txt [ Cookie:diana@galleries.adult-empire.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\diana@www.ladyboy-sex[2].txt [ Cookie:diana@www.ladyboy-sex.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\diana@bleepbookdating[2].txt [ Cookie:diana@bleepbookdating.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\diana@tracking.realtor[1].txt [ Cookie:diana@tracking.realtor.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\diana@xxxcupid[1].txt [ Cookie:diana@xxxcupid.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\diana@www.google[6].txt [ Cookie:diana@www.google.com/accounts ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\diana@www.lbbleep[1].txt [ Cookie:diana@www.lbbleep.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\diana@smileycentral[1].txt [ Cookie:diana@smileycentral.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\diana@www.youneedfreeporn[1].txt [ Cookie:diana@www.youneedfreeporn.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\diana@ladyboyssex[1].txt [ Cookie:diana@ladyboyssex.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\diana@ladyboysexonline[1].txt [ Cookie:diana@ladyboysexonline.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\A83MVEBV.txt [ Cookie:diana@mediabrandsww.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\diana@indieclick[1].txt [ Cookie:diana@indieclick.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\diana@directporntube[1].txt [ Cookie:diana@directporntube.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\OVH24W89.txt [ Cookie:diana@media2.legacy.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\PM8SBNJG.txt [ Cookie:diana@interclick.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\diana@www.mofosex[1].txt [ Cookie:diana@www.mofosex.com/videos/8252/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\diana@optimize.indieclick[2].txt [ Cookie:diana@optimize.indieclick.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\diana@eyewonder[2].txt [ Cookie:diana@eyewonder.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\diana@supersexyporn[1].txt [ Cookie:diana@supersexyporn.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\diana@www.shemalemoviesex[1].txt [ Cookie:diana@www.shemalemoviesex.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\diana@mofosex[2].txt [ Cookie:diana@mofosex.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\UYXP60CQ.txt [ Cookie:diana@collective-media.net/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\QYJQNPN9.txt [ Cookie:diana@realmedia.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\JRQLBS25.txt [ Cookie:diana@media6degrees.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\diana@ads.zeusclicks[1].txt [ Cookie:diana@ads.zeusclicks.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\diana@macombcountymi[2].txt [ Cookie:diana@macombcountymi.gov/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\diana@lowincomeapartmentfinder[1].txt [ Cookie:diana@lowincomeapartmentfinder.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\diana@www.mofosex[4].txt [ Cookie:diana@www.mofosex.com/videos/9295/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\diana@steelhousemedia[2].txt [ Cookie:diana@steelhousemedia.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\FLF75IOI.txt [ Cookie:diana@pornhub.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\diana@snap9.advertserve[1].txt [ Cookie:diana@snap9.advertserve.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\EOM0BAWU.txt [ Cookie:diana@www.hardsextube.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\diana@tracker.directorym[2].txt [ Cookie:diana@tracker.directorym.com/piwik/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\diana@waldemartraffic[2].txt [ Cookie:diana@waldemartraffic.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\diana@counters.gigya[2].txt [ Cookie:diana@counters.gigya.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\C48CZ5VP.txt [ Cookie:diana@adserver.hardsextube.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\diana@tqstats[1].txt [ Cookie:diana@tqstats.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\diana@rotator.hadj7.adjuggler[1].txt [ Cookie:diana@rotator.hadj7.adjuggler.net/servlet/ajrotator/track/pt63551 ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\diana@google[5].txt [ Cookie:diana@google.com/support/noradtrackssanta/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\diana@www.myspace[1].txt [ Cookie:diana@www.myspace.com/Insightexpress/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\diana@clickthrough.kanoodle[1].txt [ Cookie:diana@clickthrough.kanoodle.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\diana@adxpose[1].txt [ Cookie:diana@adxpose.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\diana@transexpictures[2].txt [ Cookie:diana@transexpictures.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\BSKMSWC0.txt [ Cookie:diana@tacoda.at.atwola.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\SS56H5Y5.txt [ Cookie:diana@trafficholder.com/cgi-bin/traffic/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\diana@yellowpages.clickondetroit[1].txt [ Cookie:diana@yellowpages.clickondetroit.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\T03PVIPY.txt [ Cookie:diana@lfstmedia.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\diana@hpi.rotator.hadj7.adjuggler[2].txt [ Cookie:diana@hpi.rotator.hadj7.adjuggler.net/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\diana@gotacha.rotator.hadj7.adjuggler[2].txt [ Cookie:diana@gotacha.rotator.hadj7.adjuggler.net/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\diana@google[1].txt [ Cookie:diana@google.com/support/accounts/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\diana@xxxblackbook[2].txt [ Cookie:diana@xxxblackbook.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\diana@clickondetroit[2].txt [ Cookie:diana@clickondetroit.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\diana@ghzmedia[1].txt [ Cookie:diana@ghzmedia.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\diana@www.sextube[2].txt [ Cookie:diana@www.sextube.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\diana@transsextales[1].txt [ Cookie:diana@transsextales.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\diana@www.mofosex[2].txt [ Cookie:diana@www.mofosex.com/videos/14804/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\diana@www.hornyshemalemovies[1].txt [ Cookie:diana@www.hornyshemalemovies.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\diana@google[4].txt [ Cookie:diana@google.com/accounts/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\MMIRY9OU.txt [ Cookie:diana@atdmt.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\diana@sextube[1].txt [ Cookie:diana@sextube.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\SXOUS8GK.txt [ Cookie:diana@liveperson.net/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\I91Z0EFI.txt [ Cookie:diana@hardsextube.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\diana@bizrate[1].txt [ Cookie:diana@bizrate.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\diana@247realmedia[2].txt [ Cookie:diana@247realmedia.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\diana@countyjailinmatesearch[2].txt [ Cookie:diana@countyjailinmatesearch.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\733AO913.txt [ Cookie:diana@adinterax.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\diana@www.gooclips[3].txt [ Cookie:diana@www.gooclips.com/cumshot-porn-movies/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\diana@messagespace.advertserve[1].txt [ Cookie:diana@messagespace.advertserve.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\COIUHANG.txt [ Cookie:diana@casalemedia.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\GWZHNBBB.txt [ Cookie:diana@shemaleporntubevideos.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\diana@media303[1].txt [ Cookie:diana@media303.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\RN435GLP.txt [ Cookie:diana@doubleclick.net/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\EEH6IVXZ.txt [ Cookie:diana@www.porn.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\G6JOMRKL.txt [ Cookie:diana@sextracker.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\diana@networldmedia[2].txt [ Cookie:diana@networldmedia.net/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\diana@jacksoncountygov[2].txt [ Cookie:diana@jacksoncountygov.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\IA75QC3H.txt [ Cookie:diana@at.atwola.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\diana@www.nbc[2].txt [ Cookie:diana@www.nbc.com/assets/video/4-0/includes/ads/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\diana@specificclick[1].txt [ Cookie:diana@specificclick.net/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\G354IW4X.txt [ Cookie:diana@www.burstnet.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\S645O9Y8.txt [ Cookie:diana@counter7.sextracker.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\diana@teennick[2].txt [ Cookie:diana@teennick.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\diana@andomedia[2].txt [ Cookie:diana@andomedia.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\diana@quizilla.teennick[1].txt [ Cookie:diana@quizilla.teennick.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\diana@go.evolutionmedia.bbelements[2].txt [ Cookie:diana@go.evolutionmedia.bbelements.com/please/showit/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\diana@trannybleepbookdating[1].txt [ Cookie:diana@trannybleepbookdating.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\RZ3VIKQI.txt [ Cookie:diana@msnbc.112.2o7.net/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\RL413YVK.txt [ Cookie:diana@counter12.sextracker.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\41WJMPFN.txt [ Cookie:diana@www.googleadservices.com/pagead/conversion/1071811925/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\MWZHA0TP.txt [ Cookie:diana@mm.chitika.net/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\diana@pornografish[1].txt [ Cookie:diana@pornografish.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\0CIJCYIX.txt [ Cookie:diana@statse.webtrendslive.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\Y603LZQG.txt [ Cookie:diana@anrtx.tacoda.net/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\diana@in.getclicky[1].txt [ Cookie:diana@in.getclicky.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\diana@www.countyjailinmatesearch[1].txt [ Cookie:diana@www.countyjailinmatesearch.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\diana@www.xxxblackbook[2].txt [ Cookie:diana@www.xxxblackbook.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\D933T1VG.txt [ Cookie:diana@freecamsexposed.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\diana@www.downrangemedia[2].txt [ Cookie:diana@www.downrangemedia.us/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\diana@adserver.exgfnetwork[2].txt [ Cookie:diana@adserver.exgfnetwork.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\T09RLZCU.txt [ Cookie:diana@advertising.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\XI9OHOV5.txt [ Cookie:diana@mediaplex.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\8I1W5ZF1.txt [ Cookie:diana@revsci.net/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\5NZFT9JJ.txt [ Cookie:diana@traveladvertising.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\C7K002IT.txt [ Cookie:diana@adserver2.exgfnetwork.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\diana@mediafire[1].txt [ Cookie:diana@mediafire.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\635W6WLG.txt [ Cookie:diana@sexhoundlinks.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\LP1TU8FE.txt [ Cookie:diana@media.adfrontiers.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\diana@www.fbanners[1].txt [ Cookie:diana@www.fbanners.com/banners/169/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\LQ2F65A4.txt [ Cookie:diana@jmp.clickbooth.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\HPKF72M4.txt [ Cookie:diana@liveperson.net/hc/2735064 ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\diana@alphaporno[1].txt [ Cookie:diana@alphaporno.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\diana@statsadv.dadapro[1].txt [ Cookie:diana@statsadv.dadapro.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\diana@www.clickmanage[2].txt [ Cookie:diana@www.clickmanage.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\diana@click.qeg[1].txt [ Cookie:diana@click.qeg.net/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\diana@xxxbunker[1].txt [ Cookie:diana@xxxbunker.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\2YFJR5GB.txt [ Cookie:diana@solvemedia.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\YPPTJ3Q6.txt [ Cookie:diana@freeporn.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\P3GAOQUA.txt [ Cookie:diana@gay.porn.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZYZ58LHL.txt [ Cookie:diana@citi.bridgetrack.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\diana@www.alphaporno[1].txt [ Cookie:diana@www.alphaporno.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\8VW6NRGW.txt [ Cookie:diana@porn.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\diana@www.rudefinder[1].txt [ Cookie:diana@www.rudefinder.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\RE8YR0U7.txt [ Cookie:diana@tribalfusion.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\YJEQPJT2.txt [ Cookie:diana@www.gaymoviedome.com/gaysex/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\2QPA830O.txt [ Cookie:diana@gsimedia.net/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\21PG9367.txt [ Cookie:diana@serving-sys.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\diana@bigtrannyxxx[1].txt [ Cookie:diana@bigtrannyxxx.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\diana@a.intentmedia[1].txt [ Cookie:diana@a.intentmedia.net/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\diana@track.big-free-gifts[1].txt [ Cookie:diana@track.big-free-gifts.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\4732CT62.txt [ Cookie:diana@www.googleadservices.com/pagead/conversion/1044554709/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\1LTI3OMK.txt [ Cookie:diana@clickfuse.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\C4RY464E.txt [ Cookie:diana@counter4.sextracker.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\90G3GEXD.txt [ Cookie:diana@msnportal.112.2o7.net/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\diana@network.realmedia[1].txt [ Cookie:diana@network.realmedia.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\35VG4M47.txt [ Cookie:diana@www.longporntube.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\diana@media.123greetings[1].txt [ Cookie:diana@media.123greetings.com/LiveCreatives/RealMedia/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\A9E2ISOF.txt [ Cookie:diana@www.xxxmatch.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\diana@media.123greetings[3].txt [ Cookie:diana@media.123greetings.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\diana@countryhearth[2].txt [ Cookie:diana@countryhearth.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\YYO1V8D6.txt [ Cookie:diana@microsoftsto.112.2o7.net/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\61TD0WAF.txt [ Cookie:diana@www.longporntube.com/cgi-bin/atx/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\9G95AXRV.txt [ Cookie:diana@r1-ads.ace.advertising.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\XC3V648I.txt [ Cookie:diana@trafficmp.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\BLAWS7LF.txt [ Cookie:diana@banners.trannydates.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\9HTKJ5SP.txt [ Cookie:diana@www.googleadservices.com/pagead/conversion/995645448/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\I89FAVDX.txt [ Cookie:diana@fastclick.net/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\1YVKGQT8.txt [ Cookie:diana@bs.serving-sys.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\1IAX50P9.txt [ Cookie:diana@www.freecamsexposed.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\diana@viacom.adbureau[2].txt [ Cookie:diana@viacom.adbureau.net/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\Q2IUQ2ZM.txt [ Cookie:diana@realsexcash.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\diana@stats.townnews[3].txt [ Cookie:diana@stats.townnews.com/macombdaily.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\55L8WIDH.txt [ Cookie:diana@burstnet.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\LOH43UX3.txt [ Cookie:diana@exoclick.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\JOID0QUL.txt [ Cookie:diana@insightexpressai.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\07NXF6KU.txt [ Cookie:diana@content.yieldmanager.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\LD5XX5LT.txt [ Cookie:diana@longporntube.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\diana@pornhublive[1].txt [ Cookie:diana@pornhublive.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\1JSRJ1GJ.txt [ Cookie:diana@h.atdmt.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\BAXN38SS.txt [ Cookie:diana@ads.pointroll.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\MVWY8FNQ.txt [ Cookie:diana@pmamedia.sitescout.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\KEPZDWT4.txt [ Cookie:diana@counter2.sextracker.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\6RN1GIAO.txt [ Cookie:diana@adlegend.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\GE831ZXY.txt [ Cookie:diana@atwola.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\RCS08C3M.txt [ Cookie:diana@liveperson.net/hc/57386690 ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\5F3J9UNX.txt [ Cookie:diana@www.googleadservices.com/pagead/conversion/1072357869/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\GXP0FB06.txt [ Cookie:diana@wt.xxxmatch.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\QNPX3HHB.txt [ Cookie:diana@www.blackgayporn.net/st/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\O3O65OL4.txt [ Cookie:diana@infrastrategy.122.2o7.net/ ]
C:\USERS\DIANA\Cookies\diana@invitemedia[1].txt [ Cookie:diana@invitemedia.com/ ]
C:\USERS\DIANA\Cookies\diana@pointroll[2].txt [ Cookie:diana@pointroll.com/ ]
C:\USERS\DIANA\Cookies\J7DTP31L.txt [ Cookie:diana@msadcenter.112.2o7.net/ ]
C:\USERS\DIANA\Cookies\diana@atdmt.combing[2].txt [ Cookie:diana@atdmt.combing.com/ ]
C:\USERS\DIANA\Cookies\diana@collective-media[1].txt [ Cookie:diana@collective-media.net/ ]
C:\USERS\DIANA\Cookies\QR771FN0.txt [ Cookie:diana@atdmt.com/ ]
C:\USERS\DIANA\Cookies\diana@shemalesgetbleeped[1].txt [ Cookie:diana@shemalesgetbleeped.com/ ]
media.mtvnservices.com [ C:\USERS\DIANA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\TWKLKL9J ]
udn.specificclick.net [ C:\USERS\DIANA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\TWKLKL9J ]
C:\USERS\DIANA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\DIANA@ADS.NASCAR[1].TXT [ /ADS.NASCAR ]
C:\USERS\DIANA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\DIANA@A.SECURECLICKS[1].TXT [ /A.SECURECLICKS ]
C:\USERS\DIANA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\DIANA@ADS.MAIL[1].TXT [ /ADS.MAIL ]
C:\USERS\DIANA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\DIANA@ADS.TRAFFIKINGS[1].TXT [ /ADS.TRAFFIKINGS ]
C:\USERS\DIANA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\DIANA@ADV.DRTUBER[2].TXT [ /ADV.DRTUBER ]
C:\USERS\DIANA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\DIANA@ADVERTISING[4].TXT [ /ADVERTISING ]
C:\USERS\DIANA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\DIANA@BANNERS.ANDOMEDIA[2].TXT [ /BANNERS.ANDOMEDIA ]
C:\USERS\DIANA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\DIANA@CHOKERTRAFFIC[2].TXT [ /CHOKERTRAFFIC ]
C:\USERS\DIANA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\DIANA@CLICK.EYK[2].TXT [ /CLICK.EYK ]
C:\USERS\DIANA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\DIANA@CLICKBOOTH[1].TXT [ /CLICKBOOTH ]
C:\USERS\DIANA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\DIANA@DHDMEDIA[2].TXT [ /DHDMEDIA ]
C:\USERS\DIANA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\DIANA@DOUBLECLICK[1].TXT [ /DOUBLECLICK ]
C:\USERS\DIANA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\DIANA@DOUBLECLICK[3].TXT [ /DOUBLECLICK ]
C:\USERS\DIANA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\DIANA@IMRWORLDWIDE[2].TXT [ /IMRWORLDWIDE ]
C:\USERS\DIANA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\DIANA@LUCIDMEDIA[3].TXT [ /LUCIDMEDIA ]
C:\USERS\DIANA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\DIANA@LUCIDMEDIA[4].TXT [ /LUCIDMEDIA ]
C:\USERS\DIANA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\DIANA@PORNTRANNYTUBE[1].TXT [ /PORNTRANNYTUBE ]
C:\USERS\DIANA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\DIANA@SEXIER[1].TXT [ /SEXIER ]
C:\USERS\DIANA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\DIANA@W00TPUBLISHERS.WOOTMEDIA[1].TXT [ /W00TPUBLISHERS.WOOTMEDIA ]
C:\USERS\DIANA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\DIANA@WWW.BIGTRANNYXXX[1].TXT [ /WWW.BIGTRANNYXXX ]
C:\USERS\DIANA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\DIANA@WWW.FBANNERS[2].TXT [ /WWW.FBANNERS ]
C:\USERS\DIANA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\DIANA@WWW.MEDIAFIRE[1].TXT [ /WWW.MEDIAFIRE ]
C:\USERS\DIANA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\DIANA@WWW.PORNTRANNYTUBE[1].TXT [ /WWW.PORNTRANNYTUBE ]
C:\USERS\DIANA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\DIANA@WWW.XXXCUPID[2].TXT [ /WWW.XXXCUPID ]

GMER log:
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-09-28 06:05:51
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\0000008b ST316031 rev.CC44
Running: zpnx7s23.exe; Driver: C:\Users\Diana\AppData\Local\Temp\fxldapow.sys


---- System - GMER 1.0.15 ----

SSDT 86681CD8 ZwAlpcConnectPort
SSDT \??\C:\Program Files\WOW Security\HIPS\drivers\fshs.sys ZwCreateThread [0x933B5E8C]
SSDT \??\C:\Program Files\WOW Security\HIPS\drivers\fshs.sys ZwCreateThreadEx [0x933B5EA6]
SSDT \??\C:\Program Files\WOW Security\HIPS\drivers\fshs.sys ZwLoadDriver [0x933B61BC]
SSDT \??\C:\Program Files\WOW Security\HIPS\drivers\fshs.sys ZwMapViewOfSection [0x933B5BCC]
SSDT \??\C:\Program Files\WOW Security\HIPS\drivers\fshs.sys ZwOpenSection [0x933B65EE]
SSDT \??\C:\Program Files\WOW Security\HIPS\drivers\fshs.sys ZwRenameKey [0x933B788C]
SSDT \??\C:\Program Files\WOW Security\HIPS\drivers\fshs.sys ZwSetSystemInformation [0x933B643E]
SSDT \??\C:\Program Files\WOW Security\HIPS\drivers\fshs.sys ZwSuspendProcess [0x933B5A4C]
SSDT \??\C:\Program Files\WOW Security\HIPS\drivers\fshs.sys ZwSuspendThread [0x933B5EC0]
SSDT \??\C:\Program Files\WOW Security\HIPS\drivers\fshs.sys ZwSystemDebugControl [0x933B6042]
SSDT \??\C:\Program Files\WOW Security\HIPS\drivers\fshs.sys ZwTerminateProcess [0x933B59A6]
SSDT \??\C:\Program Files\WOW Security\HIPS\drivers\fshs.sys ZwTerminateThread [0x933B5B06]
SSDT \??\C:\Program Files\WOW Security\HIPS\drivers\fshs.sys ZwWriteVirtualMemory [0x933B5F86]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKey + 13D1 82E8A349 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82EC3D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10FF 82ECADB4 4 Bytes [D8, 1C, 68, 86]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1203 82ECAEB8 8 Bytes [8C, 5E, 3B, 93, A6, 5E, 3B, ...]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1313 82ECAFC8 4 Bytes [BC, 61, 3B, 93]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1347 82ECAFFC 4 Bytes [CC, 5B, 3B, 93]
.text ntkrnlpa.exe!KeRemoveQueueEx + 13AF 82ECB064 4 Bytes [EE, 65, 3B, 93]
.text ...
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x95030340, 0x411467, 0xE8000020]
.text autochk.exe 002711D2 1 Byte [46]
.text autochk.exe 002711D2 3 Bytes [46, 00, 44]
.text autochk.exe 002711D6 1 Byte [44]
.text autochk.exe 002711D6 3 Bytes [44, 00, 34]
.text autochk.exe 002711DA 1 Byte [43]
.text ...

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\wininit.exe[484] ntdll.dll!NtCreateProcess 77CF5698 5 Bytes JMP 0035000C
.text C:\Windows\system32\wininit.exe[484] ntdll.dll!NtCreateProcessEx 77CF56A8 5 Bytes JMP 0035100C
.text C:\Windows\system32\wininit.exe[484] ntdll.dll!NtCreateUserProcess 77CF5778 5 Bytes JMP 0035200C
.text C:\Windows\system32\wininit.exe[484] kernel32.dll!LoadLibraryExW 766C5079 5 Bytes JMP 0035300C
.text C:\Windows\system32\wininit.exe[484] kernel32.dll!TerminateThread 766DBC01 5 Bytes JMP 0035400C
.text C:\Windows\system32\wininit.exe[484] USER32.dll!SetWindowsHookExW 77BEE30C 5 Bytes JMP 0035500C
.text C:\Windows\system32\wininit.exe[484] USER32.dll!DdeConnect 77C2EB5B 5 Bytes JMP 0035A00C
.text C:\Windows\system32\wininit.exe[484] ADVAPI32.dll!OpenServiceW 762CCA4C 5 Bytes JMP 0035600C
.text C:\Windows\system32\wininit.exe[484] ADVAPI32.dll!CloseServiceHandle 762D369C 5 Bytes JMP 0035800C
.text C:\Windows\system32\wininit.exe[484] ADVAPI32.dll!CreateServiceW 762E712C 5 Bytes JMP 0035900C
.text C:\Windows\system32\wininit.exe[484] ADVAPI32.dll!ControlService 762E7144 5 Bytes JMP 0035700C
.text C:\Windows\system32\lsass.exe[548] ntdll.dll!NtCreateProcess 77CF5698 5 Bytes JMP 000A000C
.text C:\Windows\system32\lsass.exe[548] ntdll.dll!NtCreateProcessEx 77CF56A8 5 Bytes JMP 000A100C
.text C:\Windows\system32\lsass.exe[548] ntdll.dll!NtCreateUserProcess 77CF5778 5 Bytes JMP 000A200C
.text C:\Windows\system32\lsass.exe[548] kernel32.dll!LoadLibraryExW 766C5079 5 Bytes JMP 000A300C
.text C:\Windows\system32\lsass.exe[548] kernel32.dll!TerminateThread 766DBC01 5 Bytes JMP 000A400C
.text C:\Windows\system32\lsass.exe[548] ADVAPI32.dll!OpenServiceW 762CCA4C 5 Bytes JMP 000A600C
.text C:\Windows\system32\lsass.exe[548] ADVAPI32.dll!CloseServiceHandle 762D369C 5 Bytes JMP 000A800C
.text C:\Windows\system32\lsass.exe[548] ADVAPI32.dll!CreateServiceW 762E712C 5 Bytes JMP 000A900C
.text C:\Windows\system32\lsass.exe[548] ADVAPI32.dll!ControlService 762E7144 5 Bytes JMP 000A700C
.text C:\Windows\system32\lsass.exe[548] USER32.dll!SetWindowsHookExW 77BEE30C 5 Bytes JMP 000A500C
.text C:\Windows\system32\lsass.exe[548] USER32.dll!DdeConnect 77C2EB5B 5 Bytes JMP 000AA00C
.text C:\Windows\system32\lsm.exe[560] ntdll.dll!NtCreateProcess 77CF5698 5 Bytes JMP 0017000C
.text C:\Windows\system32\lsm.exe[560] ntdll.dll!NtCreateProcessEx 77CF56A8 5 Bytes JMP 0017100C
.text C:\Windows\system32\lsm.exe[560] ntdll.dll!NtCreateUserProcess 77CF5778 5 Bytes JMP 0017200C
.text C:\Windows\system32\lsm.exe[560] kernel32.dll!LoadLibraryExW 766C5079 5 Bytes JMP 0017300C
.text C:\Windows\system32\lsm.exe[560] kernel32.dll!TerminateThread 766DBC01 5 Bytes JMP 0017400C
.text C:\Windows\system32\lsm.exe[560] ADVAPI32.dll!OpenServiceW 762CCA4C 5 Bytes JMP 0017600C
.text C:\Windows\system32\lsm.exe[560] ADVAPI32.dll!CloseServiceHandle 762D369C 5 Bytes JMP 0017800C
.text C:\Windows\system32\lsm.exe[560] ADVAPI32.dll!CreateServiceW 762E712C 5 Bytes JMP 0017900C
.text C:\Windows\system32\lsm.exe[560] ADVAPI32.dll!ControlService 762E7144 5 Bytes JMP 0017700C
.text C:\Windows\system32\lsm.exe[560] USER32.dll!SetWindowsHookExW 77BEE30C 5 Bytes JMP 0017500C
.text C:\Windows\system32\lsm.exe[560] USER32.dll!DdeConnect 77C2EB5B 5 Bytes JMP 0017A00C
.text C:\Windows\system32\winlogon.exe[644] ntdll.dll!NtCreateProcess 77CF5698 5 Bytes JMP 0035000C
.text C:\Windows\system32\winlogon.exe[644] ntdll.dll!NtCreateProcessEx 77CF56A8 5 Bytes JMP 0035100C
.text C:\Windows\system32\winlogon.exe[644] ntdll.dll!NtCreateUserProcess 77CF5778 5 Bytes JMP 0035200C
.text C:\Windows\system32\winlogon.exe[644] kernel32.dll!LoadLibraryExW 766C5079 5 Bytes JMP 0035300C
.text C:\Windows\system32\winlogon.exe[644] kernel32.dll!TerminateThread 766DBC01 5 Bytes JMP 0035400C
.text C:\Windows\system32\winlogon.exe[644] USER32.dll!SetWindowsHookExW 77BEE30C 5 Bytes JMP 0035500C
.text C:\Windows\system32\winlogon.exe[644] USER32.dll!DdeConnect 77C2EB5B 5 Bytes JMP 0035B00C
.text C:\Windows\system32\winlogon.exe[644] ADVAPI32.dll!OpenServiceW 762CCA4C 5 Bytes JMP 0035600C
.text C:\Windows\system32\winlogon.exe[644] ADVAPI32.dll!CloseServiceHandle 762D369C 5 Bytes JMP 0035800C
.text C:\Windows\system32\winlogon.exe[644] ADVAPI32.dll!CreateServiceW 762E712C 5 Bytes JMP 0035900C
.text C:\Windows\system32\winlogon.exe[644] ADVAPI32.dll!ControlService 762E7144 5 Bytes JMP 0035700C
.text C:\Windows\system32\winlogon.exe[644] ole32.dll!CoCreateInstanceEx 76BA9D4E 5 Bytes JMP 0035A00C
.text C:\Windows\system32\svchost.exe[716] ntdll.dll!NtCreateProcess 77CF5698 5 Bytes JMP 005E000C
.text C:\Windows\system32\svchost.exe[716] ntdll.dll!NtCreateProcessEx 77CF56A8 5 Bytes JMP 005E100C
.text C:\Windows\system32\svchost.exe[716] ntdll.dll!NtCreateUserProcess 77CF5778 5 Bytes JMP 005E200C
.text C:\Windows\system32\nvvsvc.exe[780] ntdll.dll!NtCreateProcess 77CF5698 5 Bytes JMP 0037000C
.text C:\Windows\system32\nvvsvc.exe[780] ntdll.dll!NtCreateProcessEx 77CF56A8 5 Bytes JMP 0037100C
.text C:\Windows\system32\nvvsvc.exe[780] ntdll.dll!NtCreateUserProcess 77CF5778 5 Bytes JMP 0037200C
.text C:\Windows\system32\nvvsvc.exe[780] kernel32.dll!LoadLibraryExW 766C5079 5 Bytes JMP 0037300C
.text C:\Windows\system32\nvvsvc.exe[780] kernel32.dll!TerminateThread 766DBC01 5 Bytes JMP 0037400C
.text C:\Windows\system32\nvvsvc.exe[780] USER32.dll!SetWindowsHookExW 77BEE30C 5 Bytes JMP 0037500C
.text C:\Windows\system32\nvvsvc.exe[780] USER32.dll!DdeConnect 77C2EB5B 5 Bytes JMP 0037A00C
.text C:\Windows\system32\nvvsvc.exe[780] ADVAPI32.dll!OpenServiceW 762CCA4C 5 Bytes JMP 0037600C
.text C:\Windows\system32\nvvsvc.exe[780] ADVAPI32.dll!CloseServiceHandle 762D369C 5 Bytes JMP 0037800C
.text C:\Windows\system32\nvvsvc.exe[780] ADVAPI32.dll!CreateServiceW 762E712C 5 Bytes JMP 0037900C
.text C:\Windows\system32\nvvsvc.exe[780] ADVAPI32.dll!ControlService 762E7144 5 Bytes JMP 0037700C
.text C:\Windows\system32\svchost.exe[816] ntdll.dll!NtCreateProcess 77CF5698 5 Bytes JMP 0023000C
.text C:\Windows\system32\svchost.exe[816] ntdll.dll!NtCreateProcessEx 77CF56A8 5 Bytes JMP 0023100C
.text C:\Windows\system32\svchost.exe[816] ntdll.dll!NtCreateUserProcess 77CF5778 5 Bytes JMP 0023200C
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[896] ntdll.dll!NtCreateProcess 77CF5698 5 Bytes JMP 001E000C
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[896] ntdll.dll!NtCreateProcessEx 77CF56A8 5 Bytes JMP 001E100C
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[896] ntdll.dll!NtCreateUserProcess 77CF5778 5 Bytes JMP 001E200C
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[896] kernel32.dll!LoadLibraryExW 766C5079 5 Bytes JMP 001E300C
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[896] kernel32.dll!TerminateThread 766DBC01 5 Bytes JMP 001E400C
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[896] ADVAPI32.dll!OpenServiceW 762CCA4C 5 Bytes JMP 001E600C
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[896] ADVAPI32.dll!CloseServiceHandle 762D369C 5 Bytes JMP 001E800C
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[896] ADVAPI32.dll!CreateServiceW 762E712C 5 Bytes JMP 001E900C
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[896] ADVAPI32.dll!ControlService 762E7144 5 Bytes JMP 001E700C
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[896] USER32.dll!SetWindowsHookExW 77BEE30C 5 Bytes JMP 001E500C
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[896] USER32.dll!DdeConnect 77C2EB5B 5 Bytes JMP 001EA00C
.text C:\Windows\System32\svchost.exe[916] ntdll.dll!NtCreateProcess 77CF5698 5 Bytes JMP 0053000C
.text C:\Windows\System32\svchost.exe[916] ntdll.dll!NtCreateProcessEx 77CF56A8 5 Bytes JMP 0053100C
.text C:\Windows\System32\svchost.exe[916] ntdll.dll!NtCreateUserProcess 77CF5778 5 Bytes JMP 0053200C
.text C:\Windows\System32\svchost.exe[960] ntdll.dll!NtCreateProcess 77CF5698 5 Bytes JMP 0056000C
.text C:\Windows\System32\svchost.exe[960] ntdll.dll!NtCreateProcessEx 77CF56A8 5 Bytes JMP 0056100C
.text C:\Windows\System32\svchost.exe[960] ntdll.dll!NtCreateUserProcess 77CF5778 5 Bytes JMP 0056200C
.text C:\Windows\system32\svchost.exe[1008] ntdll.dll!NtCreateProcess 77CF5698 5 Bytes JMP 00AC000C
.text C:\Windows\system32\svchost.exe[1008] ntdll.dll!NtCreateProcessEx 77CF56A8 5 Bytes JMP 00AC100C
.text C:\Windows\system32\svchost.exe[1008] ntdll.dll!NtCreateUserProcess 77CF5778 5 Bytes JMP 00AC200C
.text C:\Windows\system32\svchost.exe[1124] ntdll.dll!NtCreateProcess 77CF5698 5 Bytes JMP 005A000C
.text C:\Windows\system32\svchost.exe[1124] ntdll.dll!NtCreateProcessEx 77CF56A8 5 Bytes JMP 005A100C
.text C:\Windows\system32\svchost.exe[1124] ntdll.dll!NtCreateUserProcess 77CF5778 5 Bytes JMP 005A200C
.text C:\Windows\system32\rundll32.exe[1184] ntdll.dll!NtCreateProcess 77CF5698 5 Bytes JMP 00A9000C
.text C:\Windows\system32\rundll32.exe[1184] ntdll.dll!NtCreateProcessEx 77CF56A8 5 Bytes JMP 00A9100C
.text C:\Windows\system32\rundll32.exe[1184] ntdll.dll!NtCreateUserProcess 77CF5778 5 Bytes JMP 00A9200C
.text C:\Windows\system32\rundll32.exe[1184] kernel32.dll!LoadLibraryExW 766C5079 5 Bytes JMP 00A9300C
.text C:\Windows\system32\rundll32.exe[1184] kernel32.dll!TerminateThread 766DBC01 5 Bytes JMP 00A9400C
.text C:\Windows\system32\rundll32.exe[1184] USER32.dll!SetWindowsHookExW 77BEE30C 5 Bytes JMP 00A9500C
.text C:\Windows\system32\rundll32.exe[1184] USER32.dll!DdeConnect 77C2EB5B 5 Bytes JMP 00A9B00C
.text C:\Windows\system32\rundll32.exe[1184] ole32.dll!CoCreateInstanceEx 76BA9D4E 5 Bytes JMP 00A9A00C
.text C:\Windows\system32\rundll32.exe[1184] ADVAPI32.dll!OpenServiceW 762CCA4C 5 Bytes JMP 00A9600C
.text C:\Windows\system32\rundll32.exe[1184] ADVAPI32.dll!CloseServiceHandle 762D369C 5 Bytes JMP 00A9800C
.text C:\Windows\system32\rundll32.exe[1184] ADVAPI32.dll!CreateServiceW 762E712C 5 Bytes JMP 00A9900C
.text C:\Windows\system32\rundll32.exe[1184] ADVAPI32.dll!ControlService 762E7144 5 Bytes JMP 00A9700C
.text C:\Windows\system32\Dwm.exe[1240] ntdll.dll!NtCreateProcess 77CF5698 5 Bytes JMP 0010000C
.text C:\Windows\system32\Dwm.exe[1240] ntdll.dll!NtCreateProcessEx 77CF56A8 5 Bytes JMP 0010100C
.text C:\Windows\system32\Dwm.exe[1240] ntdll.dll!NtCreateUserProcess 77CF5778 5 Bytes JMP 0010200C
.text C:\Windows\system32\Dwm.exe[1240] kernel32.dll!LoadLibraryExW 766C5079 5 Bytes JMP 0010300C
.text C:\Windows\system32\Dwm.exe[1240] kernel32.dll!TerminateThread 766DBC01 5 Bytes JMP 0010400C
.text C:\Windows\system32\Dwm.exe[1240] USER32.dll!SetWindowsHookExW 77BEE30C 5 Bytes JMP 0010500C
.text C:\Windows\system32\Dwm.exe[1240] USER32.dll!DdeConnect 77C2EB5B 5 Bytes JMP 0010B00C
.text C:\Windows\system32\Dwm.exe[1240] ADVAPI32.dll!OpenServiceW 762CCA4C 5 Bytes JMP 0010600C
.text C:\Windows\system32\Dwm.exe[1240] ADVAPI32.dll!CloseServiceHandle 762D369C 5 Bytes JMP 0010800C
.text C:\Windows\system32\Dwm.exe[1240] ADVAPI32.dll!CreateServiceW 762E712C 5 Bytes JMP 0010900C
.text C:\Windows\system32\Dwm.exe[1240] ADVAPI32.dll!ControlService 762E7144 5 Bytes JMP 0010700C
.text C:\Windows\system32\Dwm.exe[1240] ole32.dll!CoCreateInstanceEx 76BA9D4E 5 Bytes JMP 0010A00C
.text C:\Windows\system32\svchost.exe[1288] ntdll.dll!NtCreateProcess 77CF5698 5 Bytes JMP 012C000C
.text C:\Windows\system32\svchost.exe[1288] ntdll.dll!NtCreateProcessEx 77CF56A8 5 Bytes JMP 012C100C
.text C:\Windows\system32\svchost.exe[1288] ntdll.dll!NtCreateUserProcess 77CF5778 5 Bytes JMP 012C200C
.text C:\Windows\system32\svchost.exe[1448] ntdll.dll!NtCreateProcess 77CF5698 5 Bytes JMP 009E000C
.text C:\Windows\system32\svchost.exe[1448] ntdll.dll!NtCreateProcessEx 77CF56A8 5 Bytes JMP 009E100C
.text C:\Windows\system32\svchost.exe[1448] ntdll.dll!NtCreateUserProcess 77CF5778 5 Bytes JMP 009E200C
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1544] ntdll.dll!NtCreateProcess 77CF5698 5 Bytes JMP 000E000C
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1544] ntdll.dll!NtCreateProcessEx 77CF56A8 5 Bytes JMP 000E100C
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1544] ntdll.dll!NtCreateUserProcess 77CF5778 5 Bytes JMP 000E200C
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1544] kernel32.dll!LoadLibraryExW 766C5079 5 Bytes JMP 000E300C
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1544] kernel32.dll!TerminateThread 766DBC01 5 Bytes JMP 000E400C
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1544] USER32.dll!SetWindowsHookExW 77BEE30C 5 Bytes JMP 000E500C
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1544] USER32.dll!DdeConnect 77C2EB5B 5 Bytes JMP 000EB00C
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1544] ADVAPI32.dll!OpenServiceW 762CCA4C 5 Bytes JMP 000E600C
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1544] ADVAPI32.dll!CloseServiceHandle 762D369C 5 Bytes JMP 000E800C
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1544] ADVAPI32.dll!CreateServiceW 762E712C 5 Bytes JMP 000E900C
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1544] ADVAPI32.dll!ControlService 762E7144 5 Bytes JMP 000E700C
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1544] ole32.dll!CoCreateInstanceEx 76BA9D4E 5 Bytes JMP 000EA00C
.text C:\Windows\system32\svchost.exe[1620] ntdll.dll!NtCreateProcess 77CF5698 5 Bytes JMP 004D000C
.text C:\Windows\system32\svchost.exe[1620] ntdll.dll!NtCreateProcessEx 77CF56A8 5 Bytes JMP 004D100C
.text C:\Windows\system32\svchost.exe[1620] ntdll.dll!NtCreateUserProcess 77CF5778 5 Bytes JMP 004D200C
.text C:\Windows\system32\svchost.exe[1676] ntdll.dll!NtCreateProcess 77CF5698 5 Bytes JMP 0041000C
.text C:\Windows\system32\svchost.exe[1676] ntdll.dll!NtCreateProcessEx 77CF56A8 5 Bytes JMP 0041100C
.text C:\Windows\system32\svchost.exe[1676] ntdll.dll!NtCreateUserProcess 77CF5778 5 Bytes JMP 0041200C
.text C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe[1708] ntdll.dll!NtCreateProcess 77CF5698 5 Bytes JMP 00C9000C
.text C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe[1708] ntdll.dll!NtCreateProcessEx 77CF56A8 5 Bytes JMP 00C9100C
.text C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe[1708] ntdll.dll!NtCreateUserProcess 77CF5778 5 Bytes JMP 00C9200C
.text C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe[1708] kernel32.dll!LoadLibraryExW 766C5079 5 Bytes JMP 00C9300C
.text C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe[1708] kernel32.dll!TerminateThread 766DBC01 5 Bytes JMP 00C9400C
.text C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe[1708] USER32.dll!SetWindowsHookExW 77BEE30C 5 Bytes JMP 00C9500C
.text C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe[1708] USER32.dll!DdeConnect 77C2EB5B 5 Bytes JMP 00C9B00C
.text C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe[1708] ole32.dll!CoCreateInstanceEx 76BA9D4E 5 Bytes JMP 00C9A00C
.text C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe[1708] ADVAPI32.dll!OpenServiceW 762CCA4C 5 Bytes JMP 00C9600C
.text C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe[1708] ADVAPI32.dll!CloseServiceHandle 762D369C 5 Bytes JMP 00C9800C
.text C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe[1708] ADVAPI32.dll!CreateServiceW 762E712C 5 Bytes JMP 00C9900C
.text C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe[1708] ADVAPI32.dll!ControlService 762E7144 5 Bytes JMP 00C9700C
.text C:\Windows\system32\svchost.exe[1952] ntdll.dll!NtCreateProcess 77CF5698 5 Bytes JMP 001E000C
.text C:\Windows\system32\svchost.exe[1952] ntdll.dll!NtCreateProcessEx 77CF56A8 5 Bytes JMP 001E100C
.text C:\Windows\system32\svchost.exe[1952] ntdll.dll!NtCreateUserProcess 77CF5778 5 Bytes JMP 001E200C
.text C:\Windows\system32\Macromed\Flash\FlashUtil10t_ActiveX.exe[1980] ntdll.dll!NtCreateProcess 77CF5698 5 Bytes JMP 000F000C
.text C:\Windows\system32\Macromed\Flash\FlashUtil10t_ActiveX.exe[1980] ntdll.dll!NtCreateProcessEx 77CF56A8 5 Bytes JMP 000F100C
.text C:\Windows\system32\Macromed\Flash\FlashUtil10t_ActiveX.exe[1980] ntdll.dll!NtCreateUserProcess 77CF5778 5 Bytes JMP 000F200C
.text C:\Windows\system32\Macromed\Flash\FlashUtil10t_ActiveX.exe[1980] kernel32.dll!LoadLibraryExW 766C5079 5 Bytes JMP 000F300C
.text C:\Windows\system32\Macromed\Flash\FlashUtil10t_ActiveX.exe[1980] kernel32.dll!TerminateThread 766DBC01 5 Bytes JMP 000F400C
.text C:\Windows\system32\Macromed\Flash\FlashUtil10t_ActiveX.exe[1980] USER32.dll!SetWindowsHookExW 77BEE30C 5 Bytes JMP 000F500C
.text C:\Windows\system32\Macromed\Flash\FlashUtil10t_ActiveX.exe[1980] USER32.dll!DdeConnect 77C2EB5B 5 Bytes JMP 000F600C
.text C:\Windows\system32\taskhost.exe[2108] ntdll.dll!NtCreateProcess 77CF5698 5 Bytes JMP 0148000C
.text C:\Windows\system32\taskhost.exe[2108] ntdll.dll!NtCreateProcessEx 77CF56A8 5 Bytes JMP 0148100C
.text C:\Windows\system32\taskhost.exe[2108] ntdll.dll!NtCreateUserProcess 77CF5778 5 Bytes JMP 0148200C
.text C:\Windows\system32\taskhost.exe[2108] kernel32.dll!LoadLibraryExW 766C5079 5 Bytes JMP 0148300C
.text C:\Windows\system32\taskhost.exe[2108] kernel32.dll!TerminateThread 766DBC01 5 Bytes JMP 0148400C
.text C:\Windows\system32\taskhost.exe[2108] ole32.dll!CoCreateInstanceEx 76BA9D4E 5 Bytes JMP 0148A00C
.text C:\Windows\system32\taskhost.exe[2108] USER32.dll!SetWindowsHookExW 77BEE30C 5 Bytes JMP 0148500C
.text C:\Windows\system32\taskhost.exe[2108] USER32.dll!DdeConnect 77C2EB5B 5 Bytes JMP 0148B00C
.text C:\Windows\system32\taskhost.exe[2108] ADVAPI32.dll!OpenServiceW 762CCA4C 5 Bytes JMP 0148600C
.text C:\Windows\system32\taskhost.exe[2108] ADVAPI32.dll!CloseServiceHandle 762D369C 5 Bytes JMP 0148800C
.text C:\Windows\system32\taskhost.exe[2108] ADVAPI32.dll!CreateServiceW 762E712C 5 Bytes JMP 0148900C
.text C:\Windows\system32\taskhost.exe[2108] ADVAPI32.dll!ControlService 762E7144 5 Bytes JMP 0148700C
.text C:\Windows\ehome\ehmsas.exe[2328] ntdll.dll!NtCreateProcess 77CF5698 5 Bytes JMP 0010000C
.text C:\Windows\ehome\ehmsas.exe[2328] ntdll.dll!NtCreateProcessEx 77CF56A8 5 Bytes JMP 0010100C
.text C:\Windows\ehome\ehmsas.exe[2328] ntdll.dll!NtCreateUserProcess 77CF5778 5 Bytes JMP 0010200C
.text C:\Windows\ehome\ehmsas.exe[2328] kernel32.dll!LoadLibraryExW 766C5079 5 Bytes JMP 0010300C
.text C:\Windows\ehome\ehmsas.exe[2328] kernel32.dll!TerminateThread 766DBC01 5 Bytes JMP 0010400C
.text C:\Windows\ehome\ehmsas.exe[2328] ADVAPI32.dll!OpenServiceW 762CCA4C 5 Bytes JMP 0010600C
.text C:\Windows\ehome\ehmsas.exe[2328] ADVAPI32.dll!CloseServiceHandle 762D369C 5 Bytes JMP 0010800C
.text C:\Windows\ehome\ehmsas.exe[2328] ADVAPI32.dll!CreateServiceW 762E712C 5 Bytes JMP 0010900C
.text C:\Windows\ehome\ehmsas.exe[2328] ADVAPI32.dll!ControlService 762E7144 5 Bytes JMP 0010700C
.text C:\Windows\ehome\ehmsas.exe[2328] USER32.dll!SetWindowsHookExW 77BEE30C 5 Bytes JMP 0010500C
.text C:\Windows\ehome\ehmsas.exe[2328] USER32.dll!DdeConnect 77C2EB5B 5 Bytes JMP 0010B00C
.text C:\Windows\ehome\ehmsas.exe[2328] ole32.dll!CoCreateInstanceEx 76BA9D4E 5 Bytes JMP 0010A00C
.text C:\Windows\Explorer.EXE[2488] ntdll.dll!NtCreateProcess 77CF5698 5 Bytes JMP 0013000C
.text C:\Windows\Explorer.EXE[2488] ntdll.dll!NtCreateProcessEx 77CF56A8 5 Bytes JMP 0013100C
.text C:\Windows\Explorer.EXE[2488] ntdll.dll!NtCreateUserProcess 77CF5778 5 Bytes JMP 0013200C
.text C:\Windows\Explorer.EXE[2488] kernel32.dll!LoadLibraryExW 766C5079 5 Bytes JMP 0013300C
.text C:\Windows\Explorer.EXE[2488] kernel32.dll!TerminateThread 766DBC01 5 Bytes JMP 0013400C
.text C:\Windows\Explorer.EXE[2488] ADVAPI32.dll!OpenServiceW 762CCA4C 5 Bytes JMP 0013600C
.text C:\Windows\Explorer.EXE[2488] ADVAPI32.dll!CloseServiceHandle 762D369C 5 Bytes JMP 0013800C
.text C:\Windows\Explorer.EXE[2488] ADVAPI32.dll!CreateServiceW 762E712C 5 Bytes JMP 0013900C
.text C:\Windows\Explorer.EXE[2488] ADVAPI32.dll!ControlService 762E7144 5 Bytes JMP 0013700C
.text C:\Windows\Explorer.EXE[2488] USER32.dll!SetWindowsHookExW 77BEE30C 5 Bytes JMP 0013500C
.text C:\Windows\Explorer.EXE[2488] USER32.dll!DdeConnect 77C2EB5B 5 Bytes JMP 0013B00C
.text C:\Windows\Explorer.EXE[2488] ole32.dll!CoCreateInstanceEx 76BA9D4E 5 Bytes JMP 0013A00C
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2688] ntdll.dll!NtCreateProcess 77CF5698 5 Bytes JMP 001D000C
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2688] ntdll.dll!NtCreateProcessEx 77CF56A8 5 Bytes JMP 001D100C
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2688] ntdll.dll!NtCreateUserProcess 77CF5778 5 Bytes JMP 001D200C
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2688] kernel32.dll!LoadLibraryExW 766C5079 5 Bytes JMP 001D300C
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2688] kernel32.dll!TerminateThread 766DBC01 5 Bytes JMP 001D400C
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2688] USER32.dll!SetWindowsHookExW 77BEE30C 5 Bytes JMP 001D500C
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2688] USER32.dll!DdeConnect 77C2EB5B 5 Bytes JMP 001DA00C
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2688] ADVAPI32.dll!OpenServiceW 762CCA4C 5 Bytes JMP 001D600C
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2688] ADVAPI32.dll!CloseServiceHandle 762D369C 5 Bytes JMP 001D800C
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2688] ADVAPI32.dll!CreateServiceW 762E712C 5 Bytes JMP 001D900C
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2688] ADVAPI32.dll!ControlService 762E7144 5 Bytes JMP 001D700C
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2924] ntdll.dll!NtCreateProcess 77CF5698 5 Bytes JMP 0020000C
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2924] ntdll.dll!NtCreateProcessEx 77CF56A8 5 Bytes JMP 0020100C
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2924] ntdll.dll!NtCreateUserProcess 77CF5778 5 Bytes JMP 0020200C
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2924] kernel32.dll!LoadLibraryExW 766C5079 5 Bytes JMP 0020300C
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2924] kernel32.dll!TerminateThread 766DBC01 5 Bytes JMP 0020400C
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2924] ADVAPI32.dll!OpenServiceW 762CCA4C 5 Bytes JMP 0020600C
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2924] ADVAPI32.dll!CloseServiceHandle 762D369C 5 Bytes JMP 0020800C
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2924] ADVAPI32.dll!CreateServiceW 762E712C 5 Bytes JMP 0020900C
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2924] ADVAPI32.dll!ControlService 762E7144 5 Bytes JMP 0020700C
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2924] USER32.dll!SetWindowsHookExW 77BEE30C 5 Bytes JMP 0020500C
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2924] USER32.dll!DdeConnect 77C2EB5B 5 Bytes JMP 0020B00C
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2924] ole32.dll!CoCreateInstanceEx 76BA9D4E 5 Bytes JMP 0020A00C
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3344] ntdll.dll!NtCreateProcess 77CF5698 5 Bytes JMP 001E000C
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3344] ntdll.dll!NtCreateProcessEx 77CF56A8 5 Bytes JMP 001E100C
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3344] ntdll.dll!NtCreateUserProcess 77CF5778 5 Bytes JMP 001E200C
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3344] kernel32.dll!LoadLibraryExW 766C5079 5 Bytes JMP 001E300C
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3344] kernel32.dll!TerminateThread 766DBC01 5 Bytes JMP 001E400C
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3344] ADVAPI32.dll!OpenServiceW 762CCA4C 5 Bytes JMP 001E600C
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3344] ADVAPI32.dll!CloseServiceHandle 762D369C 5 Bytes JMP 001E800C
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3344] ADVAPI32.dll!CreateServiceW 762E712C 5 Bytes JMP 001E900C
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3344] ADVAPI32.dll!ControlService 762E7144 5 Bytes JMP 001E700C
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3344] USER32.dll!SetWindowsHookExW 77BEE30C 5 Bytes JMP 001E500C
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3344] USER32.dll!DdeConnect 77C2EB5B 5 Bytes JMP 001EB00C
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3344] ole32.dll!CoCreateInstanceEx 76BA9D4E 5 Bytes JMP 001EA00C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3352] ntdll.dll!NtCreateProcess 77CF5698 5 Bytes JMP 003C000C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3352] ntdll.dll!NtCreateProcessEx 77CF56A8 5 Bytes JMP 003C100C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3352] ntdll.dll!NtCreateUserProcess 77CF5778 5 Bytes JMP 003C200C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3352] kernel32.dll!LoadLibraryExW 766C5079 5 Bytes JMP 003C300C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3352] kernel32.dll!TerminateThread 766DBC01 5 Bytes JMP 003C400C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3352] ADVAPI32.dll!OpenServiceW 762CCA4C 5 Bytes JMP 003C600C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3352] ADVAPI32.dll!CloseServiceHandle 762D369C 5 Bytes JMP 003C800C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3352] ADVAPI32.dll!CreateServiceW 762E712C 5 Bytes JMP 003C900C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3352] ADVAPI32.dll!ControlService 762E7144 5 Bytes JMP 003C700C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3352] USER32.dll!SetWindowsHookExW 77BEE30C 5 Bytes JMP 003C500C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3352] USER32.dll!DdeConnect 77C2EB5B 5 Bytes JMP 003CB00C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3352] ole32.dll!CoCreateInstanceEx 76BA9D4E 5 Bytes JMP 003CA00C
.text C:\Program Files\Real\RealPlayer\realplay.exe[3588] ntdll.dll!NtCreateProcess 77CF5698 5 Bytes JMP 0022000C
.text C:\Program Files\Real\RealPlayer\realplay.exe[3588] ntdll.dll!NtCreateProcessEx 77CF56A8 5 Bytes JMP 0022100C
.text C:\Program Files\Real\RealPlayer\realplay.exe[3588] ntdll.dll!NtCreateUserProcess 77CF5778 5 Bytes JMP 0022200C
.text C:\Program Files\Real\RealPlayer\realplay.exe[3588] kernel32.dll!LoadLibraryExW 766C5079 5 Bytes JMP 0022300C
.text C:\Program Files\Real\RealPlayer\realplay.exe[3588] kernel32.dll!TerminateThread 766DBC01 5 Bytes JMP 0022400C
.text C:\Program Files\Real\RealPlayer\realplay.exe[3588] USER32.dll!SetWindowsHookExW 77BEE30C 5 Bytes JMP 0022500C
.text C:\Program Files\Real\RealPlayer\realplay.exe[3588] USER32.dll!DdeConnect 77C2EB5B 5 Bytes JMP 0022B00C
.text C:\Program Files\Real\RealPlayer\realplay.exe[3588] ADVAPI32.dll!OpenServiceW 762CCA4C 5 Bytes JMP 0022600C
.text C:\Program Files\Real\RealPlayer\realplay.exe[3588] ADVAPI32.dll!CloseServiceHandle 762D369C 5 Bytes JMP 0022800C
.text C:\Program Files\Real\RealPlayer\realplay.exe[3588] ADVAPI32.dll!CreateServiceW 762E712C 5 Bytes JMP 0022900C
.text C:\Program Files\Real\RealPlayer\realplay.exe[3588] ADVAPI32.dll!ControlService 762E7144 5 Bytes JMP 0022700C
.text C:\Program Files\Real\RealPlayer\realplay.exe[3588] ole32.dll!CoCreateInstanceEx 76BA9D4E 5 Bytes JMP 0022A00C
.text C:\Users\Diana\Desktop\zpnx7s23.exe[3676] ntdll.dll!NtCreateProcess 77CF5698 5 Bytes JMP 001E000C
.text C:\Users\Diana\Desktop\zpnx7s23.exe[3676] ntdll.dll!NtCreateProcessEx 77CF56A8 5 Bytes JMP 001E100C
.text C:\Users\Diana\Desktop\zpnx7s23.exe[3676] ntdll.dll!NtCreateUserProcess 77CF5778 5 Bytes JMP 001E200C
.text C:\Users\Diana\Desktop\zpnx7s23.exe[3676] kernel32.dll!LoadLibraryExW 766C5079 5 Bytes JMP 001E300C
.text C:\Users\Diana\Desktop\zpnx7s23.exe[3676] kernel32.dll!TerminateThread 766DBC01 5 Bytes JMP 001E400C
.text C:\Users\Diana\Desktop\zpnx7s23.exe[3676] USER32.dll!SetWindowsHookExW 77BEE30C 5 Bytes JMP 001E500C
.text C:\Users\Diana\Desktop\zpnx7s23.exe[3676] USER32.dll!DdeConnect 77C2EB5B 5 Bytes JMP 001E600C
.text C:\Program Files\QuickTime\QTTask.exe[3740] ntdll.dll!NtCreateProcess 77CF5698 5 Bytes JMP 000E000C
.text C:\Program Files\QuickTime\QTTask.exe[3740] ntdll.dll!NtCreateProcessEx 77CF56A8 5 Bytes JMP 000E100C
.text C:\Program Files\QuickTime\QTTask.exe[3740] ntdll.dll!NtCreateUserProcess 77CF5778 5 Bytes JMP 000E200C
.text C:\Program Files\QuickTime\QTTask.exe[3740] kernel32.dll!LoadLibraryExW 766C5079 5 Bytes JMP 000E300C
.text C:\Program Files\QuickTime\QTTask.exe[3740] kernel32.dll!TerminateThread 766DBC01 5 Bytes JMP 000E400C
.text C:\Program Files\QuickTime\QTTask.exe[3740] USER32.dll!SetWindowsHookExW 77BEE30C 5 Bytes JMP 000E500C
.text C:\Program Files\QuickTime\QTTask.exe[3740] USER32.dll!DdeConnect 77C2EB5B 5 Bytes JMP 000EA00C
.text C:\Program Files\QuickTime\QTTask.exe[3740] ADVAPI32.dll!OpenServiceW 762CCA4C 5 Bytes JMP 000E600C
.text C:\Program Files\QuickTime\QTTask.exe[3740] ADVAPI32.dll!CloseServiceHandle 762D369C 5 Bytes JMP 000E800C
.text C:\Program Files\QuickTime\QTTask.exe[3740] ADVAPI32.dll!CreateServiceW 762E712C 5 Bytes JMP 000E900C
.text C:\Program Files\QuickTime\QTTask.exe[3740] ADVAPI32.dll!ControlService 762E7144 5 Bytes JMP 000E700C
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3764] ntdll.dll!NtCreateProcess 77CF5698 5 Bytes JMP 000E000C
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3764] ntdll.dll!NtCreateProcessEx 77CF56A8 5 Bytes JMP 000E100C
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3764] ntdll.dll!NtCreateUserProcess 77CF5778 5 Bytes JMP 000E200C
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3764] kernel32.dll!LoadLibraryExW 766C5079 5 Bytes JMP 000E300C
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3764] kernel32.dll!TerminateThread 766DBC01 5 Bytes JMP 000E400C
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3764] ADVAPI32.dll!OpenServiceW 762CCA4C 5 Bytes JMP 000E600C
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3764] ADVAPI32.dll!CloseServiceHandle 762D369C 5 Bytes JMP 000E800C
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3764] ADVAPI32.dll!CreateServiceW 762E712C 5 Bytes JMP 000E900C
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3764] ADVAPI32.dll!ControlService 762E7144 5 Bytes JMP 000E700C
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3764] USER32.dll!SetWindowsHookExW 77BEE30C 5 Bytes JMP 000E500C
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3764] USER32.dll!DdeConnect 77C2EB5B 5 Bytes JMP 000EB00C
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3764] ole32.dll!CoCreateInstanceEx 76BA9D4E 5 Bytes JMP 000EA00C
.text C:\Program Files\WOW Security\Common\FSM32.EXE[3800] ntdll.dll!NtCreateProcess 77CF5698 5 Bytes JMP 003E000C
.text C:\Program Files\WOW Security\Common\FSM32.EXE[3800] ntdll.dll!NtCreateProcessEx 77CF56A8 5 Bytes JMP 003E100C
.text C:\Program Files\WOW Security\Common\FSM32.EXE[3800] ntdll.dll!NtCreateUserProcess 77CF5778 5 Bytes JMP 003E200C
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3840] ntdll.dll!NtCreateProcess 77CF5698 5 Bytes JMP 0024000C
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3840] ntdll.dll!NtCreateProcessEx 77CF56A8 5 Bytes JMP 0024100C
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3840] ntdll.dll!NtCreateUserProcess 77CF5778 5 Bytes JMP 0024200C
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3840] kernel32.dll!LoadLibraryExW 766C5079 5 Bytes JMP 0024300C
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3840] kernel32.dll!TerminateThread 766DBC01 5 Bytes JMP 0024400C
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3840] USER32.dll!SetWindowsHookExW 77BEE30C 5 Bytes JMP 0024500C
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3840] USER32.dll!DdeConnect 77C2EB5B 5 Bytes JMP 0024B00C
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3840] ADVAPI32.dll!OpenServiceW 762CCA4C 5 Bytes JMP 0024600C
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3840] ADVAPI32.dll!CloseServiceHandle 762D369C 5 Bytes JMP 0024800C
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3840] ADVAPI32.dll!CreateServiceW 762E712C 5 Bytes JMP 0024900C
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3840] ADVAPI32.dll!ControlService 762E7144 5 Bytes JMP 0024700C
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3840] ole32.dll!CoCreateInstanceEx 76BA9D4E 5 Bytes JMP 0024A00C
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[3932] ntdll.dll!NtCreateProcess 77CF5698 5 Bytes JMP 0017000C
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[3932] ntdll.dll!NtCreateProcessEx 77CF56A8 5 Bytes JMP 0017100C
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[3932] ntdll.dll!NtCreateUserProcess 77CF5778 5 Bytes JMP 0017200C
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[3932] kernel32.dll!LoadLibraryExW 766C5079 5 Bytes JMP 0017300C
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[3932] kernel32.dll!TerminateThread 766DBC01 5 Bytes JMP 0017400C
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[3932] USER32.dll!SetWindowsHookExW 77BEE30C 5 Bytes JMP 0017500C
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[3932] USER32.dll!DdeConnect 77C2EB5B 5 Bytes JMP 0017B00C
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[3932] ADVAPI32.dll!OpenServiceW 762CCA4C 5 Bytes JMP 0017600C
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[3932] ADVAPI32.dll!CloseServiceHandle 762D369C 5 Bytes JMP 0017800C
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[3932] ADVAPI32.dll!CreateServiceW 762E712C 5 Bytes JMP 0017900C
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[3932] ADVAPI32.dll!ControlService 762E7144 5 Bytes JMP 0017700C
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[3932] ole32.dll!CoCreateInstanceEx 76BA9D4E 5 Bytes JMP 0017A00C

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\system32\rundll32.exe[1184] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75D8FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[1184] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75D8FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[1184] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75D8FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[1184] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75D8FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2488] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [74A82437] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2488] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74A65600] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2488] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74A656BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2488] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74A824B2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2488] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [74A78514] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2488] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74A74CC8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2488] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [74A7506F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2488] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [74A75144] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2488] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [74A76671] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2488] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [74A7826B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2488] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74A787BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2488] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [74A7901B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2488] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [74A7E1BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2488] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74A74BFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Program Files\Real\RealPlayer\realplay.exe[3588] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75D8FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Real\RealPlayer\realplay.exe[3588] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75D8FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Real\RealPlayer\realplay.exe[3588] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75D8FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Real\RealPlayer\realplay.exe[3588] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75D8FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Real\RealPlayer\realplay.exe[3588] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [75D8FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Tcp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\00000077 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Udp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\RawIp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\Interface\{4D125449-BA27-3927-8589-3E1B34B622E5}@ ILogicalThreadAffinative
Reg HKLM\SOFTWARE\Classes\Interface\{4D125449-BA27-3927-8589-3E1B34B622E5}\ProxyStubClsid
Reg HKLM\SOFTWARE\Classes\Interface\{4D125449-BA27-3927-8589-3E1B34B622E5}\ProxyStubClsid@ {00020424-0000-0000-C000-000000000046}
Reg HKLM\SOFTWARE\Classes\Interface\{4D125449-BA27-3927-8589-3E1B34B622E5}\ProxyStubClsid32
Reg HKLM\SOFTWARE\Classes\Interface\{4D125449-BA27-3927-8589-3E1B34B622E5}\ProxyStubClsid32@ {00020424-0000-0000-C000-000000000046}
Reg HKLM\SOFTWARE\Classes\Interface\{4D125449-BA27-3927-8589-3E1B34B622E5}\TypeLib
Reg HKLM\SOFTWARE\Classes\Interface\{4D125449-BA27-3927-8589-3E1B34B622E5}\TypeLib@ {BED7F4EA-1A96-11D2-8F08-00A0C9A6186D}
Reg HKLM\SOFTWARE\Classes\Interface\{4D125449-BA27-3927-8589-3E1B34B622E5}\TypeLib@Version 2.0

---- EOF - GMER 1.0.15 ----
...............................................................................

I have no clue what your reading, but, the answer to your last question,,,, my comp is the same... it works, but it says I need to reinstall windows7.... too bad that nobody includes reinstall discs with computers..

Let me know!! and thanks much, Jason, for your help... Dan

#4 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:08:08 PM

Posted 28 September 2011 - 07:14 AM

Hi oldaero,

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :filefind
    sppsvc.exe
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#5 oldaero

oldaero
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:08 PM

Posted 28 September 2011 - 08:58 AM

the results from systemlook:

SystemLook 30.07.11 by jpshortstuff
Log created at 09:55 on 28/09/2011 by Diana
Administrator - Elevation successful

========== filefind ==========

Searching for "sppsvc.exe"
C:\Windows\System32\sppsvc.exe --a---- 3179520 bytes [08:30 17/04/2011] [12:17 20/11/2010] 43715BA933F461B89D819D57D8408BC1
C:\Windows\winsxs\x86_microsoft-windows-security-spp_31bf3856ad364e35_6.1.7600.16385_none_1a37ad9b82468857\sppsvc.exe --a---- 3179520 bytes [00:41 14/07/2009] [01:14 14/07/2009] 4C287F9069FEDBD791178876EE9DE536
C:\Windows\winsxs\x86_microsoft-windows-security-spp_31bf3856ad364e35_6.1.7601.17514_none_1c68c1637f350bf1\sppsvc.exe --a---- 3179520 bytes [08:30 17/04/2011] [12:17 20/11/2010] 43715BA933F461B89D819D57D8408BC1

-= EOF =-

#6 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:08:08 PM

Posted 28 September 2011 - 09:07 AM

Hi oldaero,

Let's upload a file for a second opinion on what it actually is.

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:
How to see hidden files in Windows

Virustotal: http://www.virustotal.com/

When the Virustotal page has finished loading, click the Choose File button and navigate to the following file and click Send File.

C:\Windows\System32\sppsvc.exe
If prompted to reanalyze a file, please do so.

Please post back the website addresses (URLs) of the Virustotal result in your next post.
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#7 oldaero

oldaero
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:08 PM

Posted 28 September 2011 - 09:56 AM

id=d1624c1f5b8c0d7fb7f418437e25cd07e95c473a782de42aefc53064ff4e0214-1317220586

not sure if this is what you were looking for. I saw no website url to post, so I went to properties and found this

#8 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:08:08 PM

Posted 28 September 2011 - 10:00 AM

Hi oldaero,

With the information you have provided I believe you will need help from the malware removal team. I would like you to start a new thread HERE and include a link to this thread. Please make sure that you read the information about getting started before you start your thread.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and please be patient. There is currently a large backlog of people being helped. It may take several days for someone to respond.
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#9 oldaero

oldaero
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:08 PM

Posted 28 September 2011 - 10:04 AM

Sorry, there was no "choose file" button when I clicked on your link. I typed into the space provided, the file you wanted. It did a search and came up with results, but no URL for me to give you.

#10 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:08:08 PM

Posted 28 September 2011 - 11:20 AM

That's okay. I was able to access that website address.

Hi oldaero,

With the information you have provided I believe you will need help from the malware removal team. I would like you to start a new thread HERE and include a link to this thread. Please make sure that you read the information about getting started before you start your thread.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and please be patient. There is currently a large backlog of people being helped. It may take several days for someone to respond.


Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#11 oldaero

oldaero
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:08 PM

Posted 23 October 2011 - 02:27 AM

oh, sorry,,, as much as I've trusted this site in the past,,,, your help and suggestions were the worst I've ever had...

I was told to re-post my problem to another post.... then I did somethin stupid... I went to microsoft... called them, was on the phone for 4 hours... got it fixed..

Look, next time I have a problem that Microsoft can fix... let me know.... doesn't happen much, but, stop passing me on to another "fixer" , when you have no clue what's goin on....

Microsoft fixed my problem,, Thanks!!
But. "bleeping computer.com" is still the place I come to figger out my puter probs...

Dan/oldaero...

Thanks!!

#12 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:12:08 AM

Posted 31 October 2011 - 12:10 PM

Hi oldaero,

Thank you for letting us know that your issue was resolved. I'm glad that you were able to fix it :)

I'd just like to point out that here at BleepingComputer we all offer our time for free and for our love of helping people resolve their computer issues, jntkwx is no exception to this, so please bear that in mind when leaving a post such as your last. In addition jntkwx was just trying to ensure that malware was not to blame here and all of his suggestions were perfectly legitimate.

Once again, I'm glad that you were able to resolve your issue and I hope that you will continue to use BleepingComputer in the future.

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users