Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Definitely Infected


  • This topic is locked This topic is locked
14 replies to this topic

#1 icemanrk22

icemanrk22

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:11:44 AM

Posted 07 November 2011 - 06:55 PM

Hey guys,

I've noticed things slowing down quite a bit and having a lot of internet issues i haven't in the past. Browsers are closing on their own also. Hoping you guys can provide me a fix. Thanks for reading and helping! AND yes i do know I have a lot of AV's and Malware programs but thats only because some were detecting and some weren't. I was trying to figure out what was going on. Here is my hijack this log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:46:38 PM, on 11/7/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Media Player\WMPSideShowGadget.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\TeamSpeak 3 Client\ts3client_win32.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [Launch LCore] "C:\Program Files\Logitech Gaming Software\LCore.exe" /minimized
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [EPSON WorkForce 610 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFJA.EXE /FU "C:\Windows\TEMP\E_S27FA.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [cdloader] "C:\Users\Rec Room\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} (Photo Upload Plugin Class) - http://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_124a1a436c563c4c\STacSV.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
O23 - Service: vToolbarUpdater - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

Edited by icemanrk22, 07 November 2011 - 07:29 PM.


BC AdBot (Login to Remove)

 


#2 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:44 PM

Posted 12 November 2011 - 10:53 AM

Hello and welcome. Please follow these guidelines while we work on your PC:
  • Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until Iíve given you the ďAll clear.Ē Absence of symptoms does not mean your machine is clean!
  • Please do not run any scans or install/uninstall any applications without being directed to do so.
  • Any underlined text in my posts indicates a clickable link.
  • If you have any questions at all, please stop and ask before proceeding.
Posted Image Please download DDS by sUBs from one of the following links and save it to your desktop.

DDS.scr
DDS.com
DDS.pif
  • Disable any script blocking protection (How to Disable your Security Programs)
  • Double click DDS icon to run the tool (may take up to 3 minutes to run)
  • When done, DDS.txt will open.
  • After a few moments, attach.txt will open in a second window.
  • Save both reports to your desktop.
---------------------------------------------------
  • Post the contents of the DDS.txt report in your next reply
  • Attach the Attach.txt report to your post by scroling down to the Attachments area and then clicking Browse. Browse to where you saved the file, and click Open and then click UPLOAD.
Posted Image Download GMER Rootkit Scanner from here to your desktop.
  • Double click the exe file. If asked to allow gmer.sys driver to load, please consent .
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.


    Posted Image
    Click the image to enlarge it


  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop, and post it in reply.
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


If you have trouble running GEMR:
  • Make sure that your security software is disabled
  • Uncheck the box next to "Files" this time also
  • If you still can't run it, try in the Safe Mode
Please include the following in your next post:
  • DDS.txt and Attach.txt logs
  • GMER log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#3 icemanrk22

icemanrk22
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:11:44 AM

Posted 12 November 2011 - 03:24 PM

DDS:


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Rec Room at 15:11:35 on 2011-11-12
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3070.1850 [GMT -5:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: AVG Firewall *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Logitech Gaming Software\LCore.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2012\avgfws.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_124a1a436c563c4c\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\taskhost.exe
C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\LogonUI.exe
C:\Program Files\Windows Media Player\WMPSideShowGadget.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Users\Rec Room\AppData\Roaming\mjusbsp\magicJack.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com
uSearch Bar = Preserve
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
mURLSearchHooks: H - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\8.0.0.40\AVG Secure Search_toolbar.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\8.0.0.40\AVG Secure Search_toolbar.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
uRun: [EPSON WorkForce 610 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatifja.exe /fu "c:\windows\temp\E_S27FA.tmp" /EF "HKCU"
uRun: [cdloader] "c:\users\rec room\appdata\roaming\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [Launch LCore] "c:\program files\logitech gaming software\LCore.exe" /minimized
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [LogMeIn Hamachi Ui] "c:\program files\logmein hamachi\hamachi-2-ui.exe" --auto-start
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\users\recroo~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office14\ONENOTEM.EXE
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{3E1715E0-ED64-450D-9191-D0436114954C} : DhcpNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\8.0.1\ViProtocol.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-10-15 442200]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-10-15 320856]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165648]
R1 MpKsle3048ca6;MpKsle3048ca6;c:\programdata\microsoft\microsoft antimalware\definition updates\{73cfaec2-049c-448c-89ca-8d3620874d63}\MpKsle3048ca6.sys [2011-11-12 28752]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-9-8 176128]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-10-15 20568]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-10-15 54616]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-10-15 44768]
R2 avgfws;AVG Firewall;c:\program files\avg\avg2012\avgfws.exe [2011-10-24 2398512]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2011-8-4 1361288]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe [2011-8-29 94880]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-3-3 1153368]
R2 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2011-3-1 2253688]
R2 vToolbarUpdater;vToolbarUpdater;c:\program files\common files\avg secure search\vtoolbarupdater\8.0.1\ToolbarUpdater.exe [2011-10-5 246600]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-9-8 8606208]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-9-8 248832]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2011-6-6 211984]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2011-3-25 19720]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2011-3-25 14856]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-24 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
R3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2009-7-13 266752]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-4-11 136176]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-4-11 136176]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-8 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-3-1 1343400]
.
=============== Created Last 30 ================
.
2011-11-12 14:44:19 28752 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{73cfaec2-049c-448c-89ca-8d3620874d63}\MpKsle3048ca6.sys
2011-11-12 14:44:07 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{73cfaec2-049c-448c-89ca-8d3620874d63}\offreg.dll
2011-11-12 14:44:04 6668624 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{73cfaec2-049c-448c-89ca-8d3620874d63}\mpengine.dll
2011-11-11 21:57:53 -------- d-----w- c:\users\rec room\appdata\roaming\FlixsterCollections
2011-11-11 21:57:47 -------- d-----w- c:\program files\Flixster Collections
2011-11-09 14:36:19 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 14:36:18 708608 ----a-w- c:\program files\common files\system\wab32.dll
2011-11-09 14:36:16 2341888 ----a-w- c:\windows\system32\win32k.sys
2011-11-08 21:11:04 -------- d-----w- c:\users\rec room\appdata\roaming\Mumble
2011-11-08 21:10:44 -------- d-----w- c:\program files\Mumble
2011-11-08 00:23:15 -------- d-----w- c:\program files\AVG Secure Search
2011-11-07 23:32:19 388096 ----a-r- c:\users\rec room\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-11-07 23:32:17 -------- d-----w- c:\program files\Trend Micro
2011-11-06 14:10:01 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2011-11-06 14:10:01 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2011-11-06 14:10:01 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2011-11-06 14:10:00 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2011-11-06 14:10:00 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2011-11-06 14:09:59 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2011-11-06 14:09:59 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2011-11-06 14:09:58 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2011-11-06 14:09:58 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2011-11-06 14:09:58 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2011-11-06 14:09:57 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2011-11-06 14:09:57 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2011-10-26 05:07:26 -------- d-----w- c:\program files\AMD APP
2011-10-26 05:02:38 -------- d-----w- C:\ATI
2011-10-20 23:59:53 -------- d-----w- c:\users\rec room\appdata\local\PhotoChannel
2011-10-16 23:55:32 18139008 ----a-w- c:\program files\common files\microsoft shared\office14\MSO.DLL
2011-10-15 15:08:26 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-10-15 15:08:22 54616 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-10-15 15:07:23 41184 ----a-w- c:\windows\avastSS.scr
2011-10-15 15:07:07 -------- d-----w- c:\programdata\AVAST Software
2011-10-15 15:07:07 -------- d-----w- c:\program files\AVAST Software
2011-10-15 14:51:26 -------- d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE
2011-10-13 20:29:40 42392 ----a-w- c:\windows\system32\xfcodec.dll
.
==================== Find3M ====================
.
2011-11-11 04:41:20 140072 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-11-11 04:41:03 280904 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-11-11 04:41:03 280904 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-11-11 03:24:34 280904 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-10-30 16:59:00 280904 ----a-w- c:\windows\system32\PnkBstrB.ex1
2011-10-25 07:14:39 138056 ----a-w- c:\users\rec room\appdata\roaming\PnkBstrK.sys
2011-10-25 07:14:14 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-10-03 10:06:03 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-09-14 15:47:40 53760 ----a-w- c:\windows\system32\OVDecode.dll
2011-09-14 15:47:18 43520 ----a-w- c:\windows\system32\OpenCL.dll
2011-09-14 15:46:58 13625856 ----a-w- c:\windows\system32\amdocl.dll
2011-09-14 15:38:28 37376 ----a-w- c:\windows\system32\amdoclcl.dll
2011-09-08 18:26:10 8606208 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-09-08 17:39:44 18534912 ----a-w- c:\windows\system32\atioglxx.dll
2011-09-08 17:34:20 151552 ----a-w- c:\windows\system32\atiapfxx.exe
2011-09-08 17:34:10 732672 ----a-w- c:\windows\system32\aticfx32.dll
2011-09-08 17:30:38 466944 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-09-08 17:30:10 401408 ----a-w- c:\windows\system32\atieclxx.exe
2011-09-08 17:29:46 176128 ----a-w- c:\windows\system32\atiesrxx.exe
2011-09-08 17:28:46 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2011-09-08 17:28:32 356352 ----a-w- c:\windows\system32\atipdlxx.dll
2011-09-08 17:28:22 278528 ----a-w- c:\windows\system32\Oemdspif.dll
2011-09-08 17:28:16 20992 ----a-w- c:\windows\system32\atimuixx.dll
2011-09-08 17:28:10 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2011-09-08 17:24:38 4204032 ----a-w- c:\windows\system32\atidxx32.dll
2011-09-08 17:18:22 1828864 ----a-w- c:\windows\system32\atiumdmv.dll
2011-09-08 17:09:40 46080 ----a-w- c:\windows\system32\aticalrt.dll
2011-09-08 17:09:28 44032 ----a-w- c:\windows\system32\aticalcl.dll
2011-09-08 17:08:24 4064768 ----a-w- c:\windows\system32\atiumdva.dll
2011-09-08 17:05:52 7331840 ----a-w- c:\windows\system32\aticaldd.dll
2011-09-08 17:05:44 4289024 ----a-w- c:\windows\system32\atiumdag.dll
2011-09-08 16:59:48 52736 ----a-w- c:\windows\system32\coinst.dll
2011-09-08 16:53:10 270336 ----a-w- c:\windows\system32\atiadlxx.dll
2011-09-08 16:52:56 13312 ----a-w- c:\windows\system32\atiglpxx.dll
2011-09-08 16:52:46 32768 ----a-w- c:\windows\system32\atigktxx.dll
2011-09-08 16:52:20 248832 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-09-08 16:51:54 31744 ----a-w- c:\windows\system32\atiuxpag.dll
2011-09-08 16:51:44 29184 ----a-w- c:\windows\system32\atiu9pag.dll
2011-09-08 16:51:12 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-09-08 16:50:54 53760 ----a-w- c:\windows\system32\atimpc32.dll
2011-09-08 16:50:54 53760 ----a-w- c:\windows\system32\amdpcom32.dll
2011-09-01 02:35:59 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-09-01 02:28:15 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-09-01 02:22:54 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-08-31 21:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-27 04:26:27 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-08-27 04:26:27 233472 ----a-w- c:\windows\system32\oleacc.dll
2011-08-17 04:24:12 465408 ----a-w- c:\windows\system32\psisdecd.dll
2011-08-17 04:19:27 75776 ----a-w- c:\windows\system32\psisrndr.ax
.
============= FINISH: 15:12:21.42 ===============

Gmer


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-11-12 15:19:52
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD5000AAKS-75YGA0 rev.12.01C02
Running: 9oieh620.exe; Driver: C:\Users\RECROO~1\AppData\Local\Temp\uxriqfob.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x8CE52374]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x9098B2B8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x8CE54996]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x8CE549EE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x8CE54B04]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x8CE548EC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x8CE54A3E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x8CE54940]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x8CE54AB2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x8CE52398]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x9098B368]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x8CE52162]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x8CE523BC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x8CE54EFC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x8CE52E54]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x8CE549C6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x8CE54A16]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x8CE54B2E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x8CE54918]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x8CE54A7E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x8CE5496E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x8CE54ADC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x9098B400]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x8CE52D1A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x8CE523E0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x8CE52404]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x8CE521BC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x8CE522F8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x8CE522D4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x8CE5231C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x8CE52428]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x909A09A6]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKey + 13D1 82C80349 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82CB9D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10CB 82CC0D80 4 Bytes [74, 23, E5, 8C] {JZ 0x25; IN EAX, 0x8c}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10F3 82CC0DA8 4 Bytes [B8, B2, 98, 90]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11A7 82CC0E5C 8 Bytes [96, 49, E5, 8C, EE, 49, E5, ...] {XCHG ESI, EAX; DEC ECX; IN EAX, 0x8c; OUT DX, AL ; DEC ECX; IN EAX, 0x8c}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11B3 82CC0E68 4 Bytes [04, 4B, E5, 8C] {ADD AL, 0x4b; IN EAX, 0x8c}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11CF 82CC0E84 2 Bytes [EC, 48] {IN AL, DX ; DEC EAX}
.text ...
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 82E4DBE8 5 Bytes JMP 9099C3DE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject + 27 82E661B8 5 Bytes JMP 9099DE9C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108 82E7B2FF 4 Bytes CALL 8CE534C5 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122 82E950D1 4 Bytes CALL 8CE534DB \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 82F1EF10 7 Bytes JMP 909A09AA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x9162F000, 0x3A3E05, 0xE8000020]
? C:\Users\RECROO~1\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\csrss.exe[424] kernel32.dll!GetBinaryTypeW + 70 761F69F4 1 Byte [62]
.text C:\Windows\system32\wininit.exe[504] ntdll.dll!LdrUnloadDll 76DEC8DE 5 Bytes JMP 000703FC
.text C:\Windows\system32\wininit.exe[504] ntdll.dll!LdrLoadDll 76DF22B8 5 Bytes JMP 000701F8
.text C:\Windows\system32\wininit.exe[504] kernel32.dll!GetBinaryTypeW + 70 761F69F4 1 Byte [62]
.text C:\Windows\system32\wininit.exe[504] USER32.dll!UnhookWindowsHookEx 76A4ADF9 5 Bytes JMP 00100A08
.text C:\Windows\system32\wininit.exe[504] USER32.dll!UnhookWinEvent 76A4B750 5 Bytes JMP 001003FC
.text C:\Windows\system32\wininit.exe[504] USER32.dll!SetWindowsHookExW 76A4E30C 5 Bytes JMP 00100804
.text C:\Windows\system32\wininit.exe[504] USER32.dll!SetWinEventHook 76A524DC 5 Bytes JMP 001001F8
.text C:\Windows\system32\wininit.exe[504] USER32.dll!SetWindowsHookExA 76A76D0C 5 Bytes JMP 00100600
.text C:\Windows\system32\csrss.exe[516] kernel32.dll!GetBinaryTypeW + 70 761F69F4 1 Byte [62]
.text C:\Windows\system32\services.exe[572] ntdll.dll!LdrUnloadDll 76DEC8DE 5 Bytes JMP 000603FC
.text C:\Windows\system32\services.exe[572] ntdll.dll!LdrLoadDll 76DF22B8 5 Bytes JMP 000601F8
.text C:\Windows\system32\services.exe[572] kernel32.dll!GetBinaryTypeW + 70 761F69F4 1 Byte [62]
.text C:\Windows\system32\lsass.exe[596] ntdll.dll!LdrUnloadDll 76DEC8DE 5 Bytes JMP 000603FC
.text C:\Windows\system32\lsass.exe[596] ntdll.dll!LdrLoadDll 76DF22B8 5 Bytes JMP 000601F8
.text C:\Windows\system32\lsass.exe[596] kernel32.dll!GetBinaryTypeW + 70 761F69F4 1 Byte [62]
.text C:\Windows\system32\lsass.exe[596] USER32.dll!UnhookWindowsHookEx 76A4ADF9 5 Bytes JMP 00110A08
.text C:\Windows\system32\lsass.exe[596] USER32.dll!UnhookWinEvent 76A4B750 5 Bytes JMP 001103FC
.text C:\Windows\system32\lsass.exe[596] USER32.dll!SetWindowsHookExW 76A4E30C 5 Bytes JMP 00110804
.text C:\Windows\system32\lsass.exe[596] USER32.dll!SetWinEventHook 76A524DC 5 Bytes JMP 001101F8
.text C:\Windows\system32\lsass.exe[596] USER32.dll!SetWindowsHookExA 76A76D0C 5 Bytes JMP 00110600
.text C:\Windows\system32\lsm.exe[612] ntdll.dll!LdrUnloadDll 76DEC8DE 5 Bytes JMP 000603FC
.text C:\Windows\system32\lsm.exe[612] ntdll.dll!LdrLoadDll 76DF22B8 5 Bytes JMP 000601F8
.text C:\Windows\system32\lsm.exe[612] kernel32.dll!GetBinaryTypeW + 70 761F69F4 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[652] kernel32.dll!GetBinaryTypeW + 70 761F69F4 1 Byte [62]
.text C:\Windows\system32\winlogon.exe[660] ntdll.dll!LdrUnloadDll 76DEC8DE 5 Bytes JMP 000303FC
.text C:\Windows\system32\winlogon.exe[660] ntdll.dll!LdrLoadDll 76DF22B8 5 Bytes JMP 000301F8
.text C:\Windows\system32\winlogon.exe[660] kernel32.dll!GetBinaryTypeW + 70 761F69F4 1 Byte [62]
.text C:\Windows\system32\winlogon.exe[660] USER32.dll!UnhookWindowsHookEx 76A4ADF9 5 Bytes JMP 00050A08
.text C:\Windows\system32\winlogon.exe[660] USER32.dll!UnhookWinEvent 76A4B750 5 Bytes JMP 000503FC
.text C:\Windows\system32\winlogon.exe[660] USER32.dll!SetWindowsHookExW 76A4E30C 5 Bytes JMP 00050804
.text C:\Windows\system32\winlogon.exe[660] USER32.dll!SetWinEventHook 76A524DC 5 Bytes JMP 000501F8
.text C:\Windows\system32\winlogon.exe[660] USER32.dll!SetWindowsHookExA 76A76D0C 5 Bytes JMP 00050600
.text C:\Windows\system32\svchost.exe[744] ntdll.dll!LdrUnloadDll 76DEC8DE 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[744] ntdll.dll!LdrLoadDll 76DF22B8 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[744] kernel32.dll!GetBinaryTypeW + 70 761F69F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[840] ntdll.dll!LdrUnloadDll 76DEC8DE 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[840] ntdll.dll!LdrLoadDll 76DF22B8 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[840] kernel32.dll!GetBinaryTypeW + 70 761F69F4 1 Byte [62]
.text C:\Windows\system32\NOTEPAD.EXE[860] kernel32.dll!GetBinaryTypeW + 70 761F69F4 1 Byte [62]
.text c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[912] ntdll.dll!LdrUnloadDll 76DEC8DE 5 Bytes JMP 000603FC
.text c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[912] ntdll.dll!LdrLoadDll 76DF22B8 5 Bytes JMP 000601F8
.text c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[912] kernel32.dll!GetBinaryTypeW + 70 761F69F4 1 Byte [62]
.text c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[912] USER32.dll!UnhookWindowsHookEx 76A4ADF9 5 Bytes JMP 00080A08
.text c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[912] USER32.dll!UnhookWinEvent 76A4B750 5 Bytes JMP 000803FC
.text c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[912] USER32.dll!SetWindowsHookExW 76A4E30C 5 Bytes JMP 00080804
.text c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[912] USER32.dll!SetWinEventHook 76A524DC 5 Bytes JMP 000801F8
.text c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[912] USER32.dll!SetWindowsHookExA 76A76D0C 5 Bytes JMP 00080600
.text C:\Program Files\Google\Chrome\Application\chrome.exe[964] ntdll.dll!NtCreateFile + 6 76DD55CE 4 Bytes [28, 00, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[964] ntdll.dll!NtCreateFile + B 76DD55D3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[964] ntdll.dll!NtMapViewOfSection + 6 76DD5C2E 1 Byte [28]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[964] ntdll.dll!NtMapViewOfSection + 6 76DD5C2E 4 Bytes [28, 03, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[964] ntdll.dll!NtMapViewOfSection + B 76DD5C33 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[964] ntdll.dll!NtOpenFile + 6 76DD5CDE 4 Bytes [68, 00, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[964] ntdll.dll!NtOpenFile + B 76DD5CE3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[964] ntdll.dll!NtOpenProcess + 6 76DD5D8E 4 Bytes [A8, 01, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[964] ntdll.dll!NtOpenProcess + B 76DD5D93 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[964] ntdll.dll!NtOpenProcessToken + 6 76DD5D9E 4 Bytes CALL 75DD64A4 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[964] ntdll.dll!NtOpenProcessToken + B 76DD5DA3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[964] ntdll.dll!NtOpenProcessTokenEx + 6 76DD5DAE 4 Bytes [A8, 02, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[964] ntdll.dll!NtOpenProcessTokenEx + B 76DD5DB3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[964] ntdll.dll!NtOpenThread + 6 76DD5E0E 4 Bytes [68, 01, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[964] ntdll.dll!NtOpenThread + B 76DD5E13 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[964] ntdll.dll!NtOpenThreadToken + 6 76DD5E1E 4 Bytes [68, 02, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[964] ntdll.dll!NtOpenThreadToken + B 76DD5E23 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[964] ntdll.dll!NtOpenThreadTokenEx + 6 76DD5E2E 4 Bytes CALL 75DD6535 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[964] ntdll.dll!NtOpenThreadTokenEx + B 76DD5E33 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[964] ntdll.dll!NtQueryAttributesFile + 6 76DD5F3E 4 Bytes [A8, 00, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[964] ntdll.dll!NtQueryAttributesFile + B 76DD5F43 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[964] ntdll.dll!NtQueryFullAttributesFile + 6 76DD5FEE 4 Bytes CALL 75DD66F3 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[964] ntdll.dll!NtQueryFullAttributesFile + B 76DD5FF3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[964] ntdll.dll!NtSetInformationFile + 6 76DD663E 4 Bytes [28, 01, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[964] ntdll.dll!NtSetInformationFile + B 76DD6643 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[964] ntdll.dll!NtSetInformationThread + 6 76DD669E 4 Bytes [28, 02, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[964] ntdll.dll!NtSetInformationThread + B 76DD66A3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[964] ntdll.dll!NtUnmapViewOfSection + 6 76DD69BE 1 Byte [68]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[964] ntdll.dll!NtUnmapViewOfSection + 6 76DD69BE 4 Bytes [68, 03, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[964] ntdll.dll!NtUnmapViewOfSection + B 76DD69C3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[964] ntdll.dll!LdrUnloadDll 76DEC8DE 5 Bytes JMP 000803FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[964] ntdll.dll!LdrLoadDll 76DF22B8 5 Bytes JMP 000801F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[964] kernel32.dll!GetBinaryTypeW + 70 761F69F4 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[964] USER32.dll!UnhookWindowsHookEx 76A4ADF9 5 Bytes JMP 001B0A08
.text C:\Program Files\Google\Chrome\Application\chrome.exe[964] USER32.dll!UnhookWinEvent 76A4B750 5 Bytes JMP 001B03FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[964] USER32.dll!SetWindowsHookExW 76A4E30C 5 Bytes JMP 001B0804
.text C:\Program Files\Google\Chrome\Application\chrome.exe[964] USER32.dll!SetWinEventHook 76A524DC 5 Bytes JMP 001B01F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[964] USER32.dll!SetWindowsHookExA 76A76D0C 5 Bytes JMP 001B0600
.text C:\Windows\system32\atiesrxx.exe[988] ntdll.dll!LdrUnloadDll 76DEC8DE 5 Bytes JMP 001603FC
.text C:\Windows\system32\atiesrxx.exe[988] ntdll.dll!LdrLoadDll 76DF22B8 5 Bytes JMP 001601F8
.text C:\Windows\system32\atiesrxx.exe[988] kernel32.dll!GetBinaryTypeW + 70 761F69F4 1 Byte [62]
.text C:\Windows\system32\atiesrxx.exe[988] USER32.dll!UnhookWindowsHookEx 76A4ADF9 5 Bytes JMP 001F0A08
.text C:\Windows\system32\atiesrxx.exe[988] USER32.dll!UnhookWinEvent 76A4B750 5 Bytes JMP 001F03FC
.text C:\Windows\system32\atiesrxx.exe[988] USER32.dll!SetWindowsHookExW 76A4E30C 5 Bytes JMP 001F0804
.text C:\Windows\system32\atiesrxx.exe[988] USER32.dll!SetWinEventHook 76A524DC 5 Bytes JMP 001F01F8
.text C:\Windows\system32\atiesrxx.exe[988] USER32.dll!SetWindowsHookExA 76A76D0C 5 Bytes JMP 001F0600
.text C:\Windows\System32\svchost.exe[1040] ntdll.dll!LdrUnloadDll 76DEC8DE 5 Bytes JMP 000603FC
.text C:\Windows\System32\svchost.exe[1040] ntdll.dll!LdrLoadDll 76DF22B8 5 Bytes JMP 000601F8
.text C:\Windows\System32\svchost.exe[1040] kernel32.dll!GetBinaryTypeW + 70 761F69F4 1 Byte [62]
.text C:\Windows\System32\svchost.exe[1040] USER32.dll!UnhookWindowsHookEx 76A4ADF9 5 Bytes JMP 00110A08
.text C:\Windows\System32\svchost.exe[1040] USER32.dll!UnhookWinEvent 76A4B750 5 Bytes JMP 001103FC
.text C:\Windows\System32\svchost.exe[1040] USER32.dll!SetWindowsHookExW 76A4E30C 5 Bytes JMP 00110804
.text C:\Windows\System32\svchost.exe[1040] USER32.dll!SetWinEventHook 76A524DC 5 Bytes JMP 001101F8
.text C:\Windows\System32\svchost.exe[1040] USER32.dll!SetWindowsHookExA 76A76D0C 5 Bytes JMP 00110600
.text C:\Windows\System32\svchost.exe[1076] ntdll.dll!LdrUnloadDll 76DEC8DE 5 Bytes JMP 000603FC
.text C:\Windows\System32\svchost.exe[1076] ntdll.dll!LdrLoadDll 76DF22B8 5 Bytes JMP 000601F8
.text C:\Windows\System32\svchost.exe[1076] kernel32.dll!GetBinaryTypeW + 70 761F69F4 1 Byte [62]
.text C:\Windows\System32\svchost.exe[1076] USER32.dll!UnhookWindowsHookEx 76A4ADF9 5 Bytes JMP 00600A08
.text C:\Windows\System32\svchost.exe[1076] USER32.dll!UnhookWinEvent 76A4B750 5 Bytes JMP 006003FC
.text C:\Windows\System32\svchost.exe[1076] USER32.dll!SetWindowsHookExW 76A4E30C 5 Bytes JMP 00600804
.text C:\Windows\System32\svchost.exe[1076] USER32.dll!SetWinEventHook 76A524DC 5 Bytes JMP 006001F8
.text C:\Windows\System32\svchost.exe[1076] USER32.dll!SetWindowsHookExA 76A76D0C 5 Bytes JMP 00600600
.text C:\Windows\system32\LogonUI.exe[1092] ntdll.dll!LdrUnloadDll 76DEC8DE 5 Bytes JMP 000603FC
.text C:\Windows\system32\LogonUI.exe[1092] ntdll.dll!LdrLoadDll 76DF22B8 5 Bytes JMP 000601F8
.text C:\Windows\system32\LogonUI.exe[1092] kernel32.dll!GetBinaryTypeW + 70 761F69F4 1 Byte [62]
.text C:\Windows\system32\LogonUI.exe[1092] USER32.dll!UnhookWindowsHookEx 76A4ADF9 5 Bytes JMP 000F0A08
.text C:\Windows\system32\LogonUI.exe[1092] USER32.dll!UnhookWinEvent 76A4B750 5 Bytes JMP 000F03FC
.text C:\Windows\system32\LogonUI.exe[1092] USER32.dll!SetWindowsHookExW 76A4E30C 5 Bytes JMP 000F0804
.text C:\Windows\system32\LogonUI.exe[1092] USER32.dll!SetWinEventHook 76A524DC 5 Bytes JMP 000F01F8
.text C:\Windows\system32\LogonUI.exe[1092] USER32.dll!SetWindowsHookExA 76A76D0C 5 Bytes JMP 000F0600
.text C:\Windows\system32\svchost.exe[1104] ntdll.dll!LdrUnloadDll 76DEC8DE 5 Bytes JMP 000A03FC
.text C:\Windows\system32\svchost.exe[1104] ntdll.dll!LdrLoadDll 76DF22B8 5 Bytes JMP 000A01F8
.text C:\Windows\system32\svchost.exe[1104] kernel32.dll!GetBinaryTypeW + 70 761F69F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1104] USER32.dll!UnhookWindowsHookEx 76A4ADF9 5 Bytes JMP 00F50A08
.text C:\Windows\system32\svchost.exe[1104] USER32.dll!UnhookWinEvent 76A4B750 5 Bytes JMP 00F503FC
.text C:\Windows\system32\svchost.exe[1104] USER32.dll!SetWindowsHookExW 76A4E30C 5 Bytes JMP 00F50804
.text C:\Windows\system32\svchost.exe[1104] USER32.dll!SetWinEventHook 76A524DC 5 Bytes JMP 00F501F8
.text C:\Windows\system32\svchost.exe[1104] USER32.dll!SetWindowsHookExA 76A76D0C 5 Bytes JMP 00F50600
.text C:\Windows\system32\svchost.exe[1252] ntdll.dll!LdrUnloadDll 76DEC8DE 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[1252] ntdll.dll!LdrLoadDll 76DF22B8 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[1252] kernel32.dll!GetBinaryTypeW + 70 761F69F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1252] USER32.dll!UnhookWindowsHookEx 76A4ADF9 5 Bytes JMP 004F0A08
.text C:\Windows\system32\svchost.exe[1252] USER32.dll!UnhookWinEvent 76A4B750 5 Bytes JMP 004F03FC
.text C:\Windows\system32\svchost.exe[1252] USER32.dll!SetWindowsHookExW 76A4E30C 5 Bytes JMP 004F0804
.text C:\Windows\system32\svchost.exe[1252] USER32.dll!SetWinEventHook 76A524DC 5 Bytes JMP 004F01F8
.text C:\Windows\system32\svchost.exe[1252] USER32.dll!SetWindowsHookExA 76A76D0C 5 Bytes JMP 004F0600
.text C:\Program Files\Logitech Gaming Software\LCore.exe[1312] ntdll.dll!LdrUnloadDll 76DEC8DE 5 Bytes JMP 000603FC
.text C:\Program Files\Logitech Gaming Software\LCore.exe[1312] ntdll.dll!LdrLoadDll 76DF22B8 5 Bytes JMP 000601F8
.text C:\Program Files\Logitech Gaming Software\LCore.exe[1312] kernel32.dll!GetBinaryTypeW + 70 761F69F4 1 Byte [62]
.text C:\Program Files\Logitech Gaming Software\LCore.exe[1312] USER32.dll!UnhookWindowsHookEx 76A4ADF9 5 Bytes JMP 00160A08
.text C:\Program Files\Logitech Gaming Software\LCore.exe[1312] USER32.dll!UnhookWinEvent 76A4B750 5 Bytes JMP 001603FC
.text C:\Program Files\Logitech Gaming Software\LCore.exe[1312] USER32.dll!SetWindowsHookExW 76A4E30C 5 Bytes JMP 00160804
.text C:\Program Files\Logitech Gaming Software\LCore.exe[1312] USER32.dll!SetWinEventHook 76A524DC 5 Bytes JMP 001601F8
.text C:\Program Files\Logitech Gaming Software\LCore.exe[1312] USER32.dll!SetWindowsHookExA 76A76D0C 5 Bytes JMP 00160600
.text C:\Windows\system32\WUDFHost.exe[1328] ntdll.dll!LdrUnloadDll 76DEC8DE 5 Bytes JMP 000A03FC
.text C:\Windows\system32\WUDFHost.exe[1328] ntdll.dll!LdrLoadDll 76DF22B8 5 Bytes JMP 000A01F8
.text C:\Windows\system32\WUDFHost.exe[1328] kernel32.dll!GetBinaryTypeW + 70 761F69F4 1 Byte [62]
.text C:\Windows\system32\WUDFHost.exe[1328] USER32.dll!UnhookWindowsHookEx 76A4ADF9 5 Bytes JMP 00180A08
.text C:\Windows\system32\WUDFHost.exe[1328] USER32.dll!UnhookWinEvent 76A4B750 5 Bytes JMP 001803FC
.text C:\Windows\system32\WUDFHost.exe[1328] USER32.dll!SetWindowsHookExW 76A4E30C 5 Bytes JMP 00180804
.text C:\Windows\system32\WUDFHost.exe[1328] USER32.dll!SetWinEventHook 76A524DC 5 Bytes JMP 001801F8
.text C:\Windows\system32\WUDFHost.exe[1328] USER32.dll!SetWindowsHookExA 76A76D0C 5 Bytes JMP 00180600
.text C:\Windows\system32\WUDFHost.exe[1388] ntdll.dll!LdrUnloadDll 76DEC8DE 5 Bytes JMP 000A03FC
.text C:\Windows\system32\WUDFHost.exe[1388] ntdll.dll!LdrLoadDll 76DF22B8 5 Bytes JMP 000A01F8
.text C:\Windows\system32\WUDFHost.exe[1388] kernel32.dll!GetBinaryTypeW + 70 761F69F4 1 Byte [62]
.text C:\Windows\system32\WUDFHost.exe[1388] USER32.dll!UnhookWindowsHookEx 76A4ADF9 5 Bytes JMP 00140A08
.text C:\Windows\system32\WUDFHost.exe[1388] USER32.dll!UnhookWinEvent 76A4B750 5 Bytes JMP 001403FC
.text C:\Windows\system32\WUDFHost.exe[1388] USER32.dll!SetWindowsHookExW 76A4E30C 5 Bytes JMP 00140804
.text C:\Windows\system32\WUDFHost.exe[1388] USER32.dll!SetWinEventHook 76A524DC 5 Bytes JMP 001401F8
.text C:\Windows\system32\WUDFHost.exe[1388] USER32.dll!SetWindowsHookExA 76A76D0C 5 Bytes JMP 00140600
.text C:\Windows\system32\atieclxx.exe[1428] ntdll.dll!LdrUnloadDll 76DEC8DE 5 Bytes JMP 001603FC
.text C:\Windows\system32\atieclxx.exe[1428] ntdll.dll!LdrLoadDll 76DF22B8 5 Bytes JMP 001601F8
.text C:\Windows\system32\atieclxx.exe[1428] kernel32.dll!GetBinaryTypeW + 70 761F69F4 1 Byte [62]
.text C:\Windows\system32\atieclxx.exe[1428] USER32.dll!UnhookWindowsHookEx 76A4ADF9 5 Bytes JMP 001F0A08
.text C:\Windows\system32\atieclxx.exe[1428] USER32.dll!UnhookWinEvent 76A4B750 5 Bytes JMP 001F03FC
.text C:\Windows\system32\atieclxx.exe[1428] USER32.dll!SetWindowsHookExW 76A4E30C 5 Bytes JMP 001F0804
.text C:\Windows\system32\atieclxx.exe[1428] USER32.dll!SetWinEventHook 76A524DC 5 Bytes JMP 001F01F8
.text C:\Windows\system32\atieclxx.exe[1428] USER32.dll!SetWindowsHookExA 76A76D0C 5 Bytes JMP 001F0600
.text C:\Windows\system32\svchost.exe[1480] ntdll.dll!LdrUnloadDll 76DEC8DE 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[1480] ntdll.dll!LdrLoadDll 76DF22B8 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[1480] kernel32.dll!GetBinaryTypeW + 70 761F69F4 1 Byte [62]
.text C:\Program Files\AVG\AVG2012\avgtray.exe[1500] ntdll.dll!LdrUnloadDll 76DEC8DE 5 Bytes JMP 000603FC
.text C:\Program Files\AVG\AVG2012\avgtray.exe[1500] ntdll.dll!LdrLoadDll 76DF22B8 5 Bytes JMP 000601F8
.text C:\Program Files\AVG\AVG2012\avgtray.exe[1500] kernel32.dll!GetBinaryTypeW + 70 761F69F4 1 Byte [62]
.text C:\Program Files\AVG\AVG2012\avgtray.exe[1500] USER32.dll!UnhookWindowsHookEx 76A4ADF9 5 Bytes JMP 00100A08
.text C:\Program Files\AVG\AVG2012\avgtray.exe[1500] USER32.dll!UnhookWinEvent 76A4B750 5 Bytes JMP 001003FC
.text C:\Program Files\AVG\AVG2012\avgtray.exe[1500] USER32.dll!SetWindowsHookExW 76A4E30C 5 Bytes JMP 00100804
.text C:\Program Files\AVG\AVG2012\avgtray.exe[1500] USER32.dll!SetWinEventHook 76A524DC 5 Bytes JMP 001001F8
.text C:\Program Files\AVG\AVG2012\avgtray.exe[1500] USER32.dll!SetWindowsHookExA 76A76D0C 5 Bytes JMP 00100600
.text C:\Program Files\iTunes\iTunesHelper.exe[1540] ntdll.dll!LdrUnloadDll 76DEC8DE 5 Bytes JMP 000603FC
.text C:\Program Files\iTunes\iTunesHelper.exe[1540] ntdll.dll!LdrLoadDll 76DF22B8 5 Bytes JMP 000601F8
.text C:\Program Files\iTunes\iTunesHelper.exe[1540] kernel32.dll!GetBinaryTypeW + 70 761F69F4 1 Byte [62]
.text C:\Program Files\iTunes\iTunesHelper.exe[1540] USER32.dll!UnhookWindowsHookEx 76A4ADF9 5 Bytes JMP 00200A08
.text C:\Program Files\iTunes\iTunesHelper.exe[1540] USER32.dll!UnhookWinEvent 76A4B750 5 Bytes JMP 002003FC
.text C:\Program Files\iTunes\iTunesHelper.exe[1540] USER32.dll!SetWindowsHookExW 76A4E30C 5 Bytes JMP 00200804
.text C:\Program Files\iTunes\iTunesHelper.exe[1540] USER32.dll!SetWinEventHook 76A524DC 5 Bytes JMP 002001F8
.text C:\Program Files\iTunes\iTunesHelper.exe[1540] USER32.dll!SetWindowsHookExA 76A76D0C 5 Bytes JMP 00200600
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1620] kernel32.dll!SetUnhandledExceptionFilter 761DF4FB 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1620] kernel32.dll!GetBinaryTypeW + 70 761F69F4 1 Byte [62]
.text C:\Program Files\Microsoft Security Client\msseces.exe[1688] ntdll.dll!LdrUnloadDll 76DEC8DE 5 Bytes JMP 000603FC
.text C:\Program Files\Microsoft Security Client\msseces.exe[1688] ntdll.dll!LdrLoadDll 76DF22B8 5 Bytes JMP 000601F8
.text C:\Program Files\Microsoft Security Client\msseces.exe[1688] kernel32.dll!GetBinaryTypeW + 70 761F69F4 1 Byte [62]
.text C:\Program Files\Microsoft Security Client\msseces.exe[1688] USER32.dll!UnhookWindowsHookEx 76A4ADF9 5 Bytes JMP 00130A08
.text C:\Program Files\Microsoft Security Client\msseces.exe[1688] USER32.dll!UnhookWinEvent 76A4B750 5 Bytes JMP 001303FC
.text C:\Program Files\Microsoft Security Client\msseces.exe[1688] USER32.dll!SetWindowsHookExW 76A4E30C 5 Bytes JMP 00130804
.text C:\Program Files\Microsoft Security Client\msseces.exe[1688] USER32.dll!SetWinEventHook 76A524DC 5 Bytes JMP 001301F8
.text C:\Program Files\Microsoft Security Client\msseces.exe[1688] USER32.dll!SetWindowsHookExA 76A76D0C 5 Bytes JMP 00130600
.text C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe[1780] ntdll.dll!LdrUnloadDll 76DEC8DE 5 Bytes JMP 001603FC
.text C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe[1780] ntdll.dll!LdrLoadDll 76DF22B8 5 Bytes JMP 001601F8
.text C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe[1780] kernel32.dll!GetBinaryTypeW + 70 761F69F4 1 Byte [62]
.text C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe[1780] USER32.dll!UnhookWindowsHookEx 76A4ADF9 5 Bytes JMP 001F0A08
.text C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe[1780] USER32.dll!UnhookWinEvent 76A4B750 5 Bytes JMP 001F03FC
.text C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe[1780] USER32.dll!SetWindowsHookExW 76A4E30C 5 Bytes JMP 001F0804
.text C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe[1780] USER32.dll!SetWinEventHook 76A524DC 5 Bytes JMP 001F01F8
.text C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe[1780] USER32.dll!SetWindowsHookExA 76A76D0C 5 Bytes JMP 001F0600
.text C:\Windows\system32\Dwm.exe[1856] ntdll.dll!LdrUnloadDll 76DEC8DE 5 Bytes JMP 000603FC
.text C:\Windows\system32\Dwm.exe[1856] ntdll.dll!LdrLoadDll 76DF22B8 5 Bytes JMP 000601F8
.text C:\Windows\system32\Dwm.exe[1856] kernel32.dll!GetBinaryTypeW + 70 761F69F4 1 Byte [62]
.text C:\Windows\system32\Dwm.exe[1856] USER32.dll!UnhookWindowsHookEx 76A4ADF9 5 Bytes JMP 000F0A08
.text C:\Windows\system32\Dwm.exe[1856] USER32.dll!UnhookWinEvent 76A4B750 5 Bytes JMP 000F03FC
.text C:\Windows\system32\Dwm.exe[1856] USER32.dll!SetWindowsHookExW 76A4E30C 5 Bytes JMP 000F0804
.text C:\Windows\system32\Dwm.exe[1856] USER32.dll!SetWinEventHook 76A524DC 5 Bytes JMP 000F01F8
.text C:\Windows\system32\Dwm.exe[1856] USER32.dll!SetWindowsHookExA 76A76D0C 5 Bytes JMP 000F0600
.text C:\Windows\Explorer.EXE[1880] ntdll.dll!LdrUnloadDll 76DEC8DE 5 Bytes JMP 000603FC
.text C:\Windows\Explorer.EXE[1880] ntdll.dll!LdrLoadDll 76DF22B8 5 Bytes JMP 000601F8
.text C:\Windows\Explorer.EXE[1880] kernel32.dll!GetBinaryTypeW + 70 761F69F4 1 Byte [62]
.text C:\Windows\Explorer.EXE[1880] USER32.dll!UnhookWindowsHookEx 76A4ADF9 5 Bytes JMP 00150A08
.text C:\Windows\Explorer.EXE[1880] USER32.dll!UnhookWinEvent 76A4B750 5 Bytes JMP 001503FC
.text C:\Windows\Explorer.EXE[1880] USER32.dll!SetWindowsHookExW 76A4E30C 5 Bytes JMP 00150804
.text C:\Windows\Explorer.EXE[1880] USER32.dll!SetWinEventHook 76A524DC 5 Bytes JMP 001501F8
.text C:\Windows\Explorer.EXE[1880] USER32.dll!SetWindowsHookExA 76A76D0C 5 Bytes JMP 00150600
.text C:\Program Files\AVG Secure Search\vprot.exe[1900] ntdll.dll!LdrUnloadDll 76DEC8DE 5 Bytes JMP 000603FC
.text C:\Program Files\AVG Secure Search\vprot.exe[1900] ntdll.dll!LdrLoadDll 76DF22B8 5 Bytes JMP 000601F8
.text C:\Program Files\AVG Secure Search\vprot.exe[1900] kernel32.dll!GetBinaryTypeW + 70 761F69F4 1 Byte [62]
.text C:\Program Files\AVG Secure Search\vprot.exe[1900] USER32.dll!UnhookWindowsHookEx 76A4ADF9 5 Bytes JMP 00180A08
.text C:\Program Files\AVG Secure Search\vprot.exe[1900] USER32.dll!UnhookWinEvent 76A4B750 5 Bytes JMP 001803FC
.text C:\Program Files\AVG Secure Search\vprot.exe[1900] USER32.dll!SetWindowsHookExW 76A4E30C 5 Bytes JMP 00180804
.text C:\Program Files\AVG Secure Search\vprot.exe[1900] USER32.dll!SetWinEventHook 76A524DC 5 Bytes JMP 001801F8
.text C:\Program Files\AVG Secure Search\vprot.exe[1900] USER32.dll!SetWindowsHookExA 76A76D0C 5 Bytes JMP 00180600
.text C:\Program Files\AVG\AVG2012\avgnsx.exe[1940] ntdll.dll!LdrUnloadDll 76DEC8DE 5 Bytes JMP 000603FC
.text C:\Program Files\AVG\AVG2012\avgnsx.exe[1940] ntdll.dll!LdrLoadDll 76DF22B8 5 Bytes JMP 000601F8
.text C:\Program Files\AVG\AVG2012\avgnsx.exe[1940] kernel32.dll!GetBinaryTypeW + 70 761F69F4 1 Byte [62]
.text C:\Windows\system32\taskhost.exe[2032] ntdll.dll!LdrUnloadDll 76DEC8DE 5 Bytes JMP 000503FC
.text C:\Windows\system32\taskhost.exe[2032] ntdll.dll!LdrLoadDll 76DF22B8 5 Bytes JMP 000501F8
.text C:\Windows\system32\taskhost.exe[2032] kernel32.dll!GetBinaryTypeW + 70 761F69F4 1 Byte [62]
.text C:\Windows\system32\taskhost.exe[2032] USER32.dll!UnhookWindowsHookEx 76A4ADF9 5 Bytes JMP 000E0A08
.text C:\Windows\system32\taskhost.exe[2032] USER32.dll!UnhookWinEvent 76A4B750 5 Bytes JMP 000E03FC
.text C:\Windows\system32\taskhost.exe[2032] USER32.dll!SetWindowsHookExW 76A4E30C 5 Bytes JMP 000E0804
.text C:\Windows\system32\taskhost.exe[2032] USER32.dll!SetWinEventHook 76A524DC 5 Bytes JMP 000E01F8
.text C:\Windows\system32\taskhost.exe[2032] USER32.dll!SetWindowsHookExA 76A76D0C 5 Bytes JMP 000E0600
.text C:\Windows\System32\spoolsv.exe[2132] ntdll.dll!LdrUnloadDll 76DEC8DE 5 Bytes JMP 000603FC
.text C:\Windows\System32\spoolsv.exe[2132] ntdll.dll!LdrLoadDll 76DF22B8 5 Bytes JMP 000601F8
.text C:\Windows\System32\spoolsv.exe[2132] kernel32.dll!GetBinaryTypeW + 70 761F69F4 1 Byte [62]
.text C:\Windows\System32\spoolsv.exe[2132] USER32.dll!UnhookWindowsHookEx 76A4ADF9 5 Bytes JMP 00200A08
.text C:\Windows\System32\spoolsv.exe[2132] USER32.dll!UnhookWinEvent 76A4B750 5 Bytes JMP 002003FC
.text C:\Windows\System32\spoolsv.exe[2132] USER32.dll!SetWindowsHookExW 76A4E30C 5 Bytes JMP 00200804
.text C:\Windows\System32\spoolsv.exe[2132] USER32.dll!SetWinEventHook 76A524DC 5 Bytes JMP 002001F8
.text C:\Windows\System32\spoolsv.exe[2132] USER32.dll!SetWindowsHookExA 76A76D0C 5 Bytes JMP 00200600
.text C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe[2176] ntdll.dll!LdrUnloadDll 76DEC8DE 5 Bytes JMP 001603FC
.text C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe[2176] ntdll.dll!LdrLoadDll 76DF22B8 5 Bytes JMP 001601F8
.text C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe[2176] kernel32.dll!GetBinaryTypeW + 70 761F69F4 1 Byte [62]
.text C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe[2176] USER32.dll!UnhookWindowsHookEx 76A4ADF9 5 Bytes JMP 001F0A08
.text C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe[2176] USER32.dll!UnhookWinEvent 76A4B750 5 Bytes JMP 001F03FC
.text C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe[2176] USER32.dll!SetWindowsHookExW 76A4E30C 5 Bytes JMP 001F0804
.text C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe[2176] USER32.dll!SetWinEventHook 76A524DC 5 Bytes JMP 001F01F8
.text C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe[2176] USER32.dll!SetWindowsHookExA 76A76D0C 5 Bytes JMP 001F0600
.text C:\Windows\system32\svchost.exe[2200] ntdll.dll!LdrUnloadDll 76DEC8DE 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[2200] ntdll.dll!LdrLoadDll 76DF22B8 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[2200] kernel32.dll!GetBinaryTypeW + 70 761F69F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[2200] USER32.dll!UnhookWindowsHookEx 76A4ADF9 5 Bytes JMP 00210A08
.text C:\Windows\system32\svchost.exe[2200] USER32.dll!UnhookWinEvent 76A4B750 5 Bytes JMP 002103FC
.text C:\Windows\system32\svchost.exe[2200] USER32.dll!SetWindowsHookExW 76A4E30C 5 Bytes JMP 00210804
.text C:\Windows\system32\svchost.exe[2200] USER32.dll!SetWinEventHook 76A524DC 5 Bytes JMP 002101F8
.text C:\Windows\system32\svchost.exe[2200] USER32.dll!SetWindowsHookExA 76A76D0C 5 Bytes JMP 00210600
.text C:\Windows\system32\taskhost.exe[2212] ntdll.dll!LdrUnloadDll 76DEC8DE 5 Bytes JMP 000503FC
.text C:\Windows\system32\taskhost.exe[2212] ntdll.dll!LdrLoadDll 76DF22B8 5 Bytes JMP 000501F8
.text C:\Windows\system32\taskhost.exe[2212] kernel32.dll!GetBinaryTypeW + 70 761F69F4 1 Byte [62]
.text C:\Windows\system32\taskhost.exe[2212] USER32.dll!UnhookWindowsHookEx 76A4ADF9 5 Bytes JMP 000E0A08
.text C:\Windows\system32\taskhost.exe[2212] USER32.dll!UnhookWinEvent 76A4B750 5 Bytes JMP 000E03FC
.text C:\Windows\system32\taskhost.exe[2212] USER32.dll!SetWindowsHookExW 76A4E30C 5 Bytes JMP 000E0804
.text C:\Windows\system32\taskhost.exe[2212] USER32.dll!SetWinEventHook 76A524DC 5 Bytes JMP 000E01F8
.text C:\Windows\system32\taskhost.exe[2212] USER32.dll!SetWindowsHookExA 76A76D0C 5 Bytes JMP 000E0600
.text C:\Windows\System32\svchost.exe[2280] kernel32.dll!GetBinaryTypeW + 70 761F69F4 1 Byte [62]
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[2344] ntdll.dll!LdrUnloadDll 76DEC8DE 5 Bytes JMP 000603FC
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[2344] ntdll.dll!LdrLoadDll 76DF22B8 5 Bytes JMP 000601F8
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[2344] kernel32.dll!GetBinaryTypeW + 70 761F69F4 1 Byte [62]
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[2344] USER32.dll!UnhookWindowsHookEx 76A4ADF9 5 Bytes JMP 000F0A08
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[2344] USER32.dll!UnhookWinEvent 76A4B750 5 Bytes JMP 000F03FC
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[2344] USER32.dll!SetWindowsHookExW 76A4E30C 5 Bytes JMP 000F0804
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[2344] USER32.dll!SetWinEventHook 76A524DC 5 Bytes JMP 000F01F8
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[2344] USER32.dll!SetWindowsHookExA 76A76D0C 5 Bytes JMP 000F0600
.text C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe[2368] ntdll.dll!LdrUnloadDll 76DEC8DE 5 Bytes JMP 001603FC
.text C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe[2368] ntdll.dll!LdrLoadDll 76DF22B8 5 Bytes JMP 001601F8
.text C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe[2368] kernel32.dll!GetBinaryTypeW + 70 761F69F4 1 Byte [62]
.text C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe[2368] user32.dll!UnhookWindowsHookEx 76A4ADF9 5 Bytes JMP 00210A08
.text C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe[2368] user32.dll!UnhookWinEvent 76A4B750 5 Bytes JMP 002103FC
.text C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe[2368] user32.dll!SetWindowsHookExW 76A4E30C 5 Bytes JMP 00210804
.text C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe[2368] user32.dll!SetWinEventHook 76A524DC 5 Bytes JMP 002101F8
.text C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe[2368] user32.dll!SetWindowsHookExA 76A76D0C 5 Bytes JMP 00210600
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2388] ntdll.dll!LdrUnloadDll 76DEC8DE 5 Bytes JMP 001703FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2388] ntdll.dll!LdrLoadDll 76DF22B8 5 Bytes JMP 001701F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2388] kernel32.dll!GetBinaryTypeW + 70 761F69F4 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2388] USER32.dll!UnhookWindowsHookEx 76A4ADF9 5 Bytes JMP 00310A08
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2388] USER32.dll!UnhookWinEvent 76A4B750 5 Bytes JMP 003103FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2388] USER32.dll!SetWindowsHookExW 76A4E30C 5 Bytes JMP 00310804
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2388] USER32.dll!SetWinEventHook 76A524DC 3 Bytes JMP 003101F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2388] USER32.dll!SetWinEventHook + 4 76A524E0 1 Byte [89]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2388] USER32.dll!SetWindowsHookExA 76A76D0C 5 Bytes JMP 00310600
.text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe[2420] ntdll.dll!LdrUnloadDll 76DEC8DE 5 Bytes JMP 001703FC
.text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe[2420] ntdll.dll!LdrLoadDll 76DF22B8 5 Bytes JMP 001701F8
.text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe[2420] kernel32.dll!GetBinaryTypeW + 70 761F69F4 1 Byte [62]
.text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe[2420] USER32.dll!UnhookWindowsHookEx 76A4ADF9 5 Bytes JMP 00190A08
.text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe[2420] USER32.dll!UnhookWinEvent 76A4B750 5 Bytes JMP 001903FC
.text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe[2420] USER32.dll!SetWindowsHookExW 76A4E30C 5 Bytes JMP 00190804
.text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe[2420] USER32.dll!SetWinEventHook 76A524DC 5 Bytes JMP 001901F8
.text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe[2420] USER32.dll!SetWindowsHookExA 76A76D0C 5 Bytes JMP 00190600
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2524] ntdll.dll!LdrUnloadDll 76DEC8DE 5 Bytes JMP 000503FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2524] ntdll.dll!LdrLoadDll 76DF22B8 5 Bytes JMP 000501F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2524] kernel32.dll!GetBinaryTypeW + 70 761F69F4 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2524] USER32.dll!UnhookWindowsHookEx 76A4ADF9 5 Bytes JMP 000F0A08
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2524] USER32.dll!UnhookWinEvent 76A4B750 5 Bytes JMP 000F03FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2524] USER32.dll!SetWindowsHookExW 76A4E30C 5 Bytes JMP 000F0804
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2524] USER32.dll!SetWinEventHook 76A524DC 5 Bytes JMP 000F01F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2524] USER32.dll!SetWindowsHookExA 76A76D0C 5 Bytes JMP 000F0600
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2664] ntdll.dll!LdrUnloadDll 76DEC8DE 5 Bytes JMP 000603FC
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2664] ntdll.dll!LdrLoadDll 76DF22B8 5 Bytes JMP 000601F8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2664] kernel32.dll!GetBinaryTypeW + 70 761F69F4 1 Byte [62]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2664] USER32.dll!UnhookWindowsHookEx 76A4ADF9 5 Bytes JMP 00100A08
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2664] USER32.dll!UnhookWinEvent 76A4B750 5 Bytes JMP 001003FC
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2664] USER32.dll!SetWindowsHookExW 76A4E30C 5 Bytes JMP 00100804
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2664] USER32.dll!SetWinEventHook 76A524DC 5 Bytes JMP 001001F8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2664] USER32.dll!SetWindowsHookExA 76A76D0C 5 Bytes JMP 00100600
.text C:\Program Files\AVG\AVG2012\avgfws.exe[2708] ntdll.dll!LdrUnloadDll 76DEC8DE 5 Bytes JMP 000603FC
.text C:\Program Files\AVG\AVG2012\avgfws.exe[2708] ntdll.dll!LdrLoadDll 76DF22B8 5 Bytes JMP 000601F8
.text C:\Program Files\AVG\AVG2012\avgfws.exe[2708] kernel32.dll!GetBinaryTypeW + 70 761F69F4 1 Byte [62]
.text C:\Program Files\AVG\AVG2012\avgfws.exe[2708] USER32.dll!UnhookWindowsHookEx 76A4ADF9 5 Bytes JMP 00110A08
.text C:\Program Files\AVG\AVG2012\avgfws.exe[2708] USER32.dll!UnhookWinEvent 76A4B750 5 Bytes JMP 001103FC
.text C:\Program Files\AVG\AVG2012\avgfws.exe[2708] USER32.dll!SetWindowsHookExW 76A4E30C 5 Bytes JMP 00110804
.text C:\Program Files\AVG\AVG2012\avgfws.exe[2708] USER32.dll!SetWinEventHook 76A524DC 5 Bytes JMP 001101F8
.text C:\Program Files\AVG\AVG2012\avgfws.exe[2708] USER32.dll!SetWindowsHookExA 76A76D0C 5 Bytes JMP 00110600
.text C:\Program Files\AVG\AVG2012\avgwdsvc.exe[2812] ntdll.dll!LdrUnloadDll 76DEC8DE 5 Bytes JMP 000603FC
.text C:\Program Files\AVG\AVG2012\avgwdsvc.exe[2812] ntdll.dll!LdrLoadDll 76DF22B8 5 Bytes JMP 000601F8
.text C:\Program Files\AVG\AVG2012\avgwdsvc.exe[2812] kernel32.dll!GetBinaryTypeW + 70 761F69F4 1 Byte [62]
.text C:\Program Files\AVG\AVG2012\avgwdsvc.exe[2812] USER32.dll!UnhookWindowsHookEx 76A4ADF9 5 Bytes JMP 00210A08
.text C:\Program Files\AVG\AVG2012\avgwdsvc.exe[2812] USER32.dll!UnhookWinEvent 76A4B750 5 Bytes JMP 002103FC
.text C:\Program Files\AVG\AVG2012\avgwdsvc.exe[2812] USER32.dll!SetWindowsHookExW 76A4E30C 5 Bytes JMP 00210804
.text C:\Program Files\AVG\AVG2012\avgwdsvc.exe[2812] USER32.dll!SetWinEventHook 76A524DC 5 Bytes JMP 002101F8
.text C:\Program Files\AVG\AVG2012\avgwdsvc.exe[2812] USER32.dll!SetWindowsHookExA 76A76D0C 5 Bytes JMP 00210600
.text C:\Program Files\Bonjour\mDNSResponder.exe[2844] ntdll.dll!LdrUnloadDll 76DEC8DE 5 Bytes JMP 000603FC
.text C:\Program Files\Bonjour\mDNSResponder.exe[2844] ntdll.dll!LdrLoadDll 76DF22B8 5 Bytes JMP 000601F8
.text C:\Program Files\Bonjour\mDNSResponder.exe[2844] kernel32.dll!GetBinaryTypeW + 70 761F69F4 1 Byte [62]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2844] USER32.dll!UnhookWindowsHookEx 76A4ADF9 5 Bytes JMP 00110A08
.text C:\Program Files\Bonjour\mDNSResponder.exe[2844] USER32.dll!UnhookWinEvent 76A4B750 5 Bytes JMP 001103FC
.text C:\Program Files\Bonjour\mDNSResponder.exe[2844] USER32.dll!SetWindowsHookExW 76A4E30C 5 Bytes JMP 00110804
.text C:\Program Files\Bonjour\mDNSResponder.exe[2844] USER32.dll!SetWinEventHook 76A524DC 5 Bytes JMP 001101F8
.text C:\Program Files\Bonjour\mDNSResponder.exe[2844] USER32.dll!SetWindowsHookExA 76A76D0C 5 Bytes JMP 00110600
.text c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe[2872] ntdll.dll!LdrUnloadDll 76DEC8DE 5 Bytes JMP 000503FC
.text c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe[2872] ntdll.dll!LdrLoadDll 76DF22B8 5 Bytes JMP 000501F8
.text c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe[2872] kernel32.dll!GetBinaryTypeW + 70 761F69F4 1 Byte [62]
.text c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe[2872] USER32.dll!UnhookWindowsHookEx 76A4ADF9 5 Bytes JMP 000F0A08
.text c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe[2872] USER32.dll!UnhookWinEvent 76A4B750 5 Bytes JMP 000F03FC
.text c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe[2872] USER32.dll!SetWindowsHookExW 76A4E30C 5 Bytes JMP 000F0804
.text c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe[2872] USER32.dll!SetWinEventHook 76A524DC 5 Bytes JMP 000F01F8
.text c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe[2872] USER32.dll!SetWindowsHookExA 76A76D0C 5 Bytes JMP 000F0600
.text C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE[2900] ntdll.dll!LdrUnloadDll 76DEC8DE 5 Bytes JMP 000903FC
.text C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE[2900] ntdll.dll!LdrLoadDll 76DF22B8 5 Bytes JMP 000901F8
.text C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE[2900] kernel32.dll!GetBinaryTypeW + 70 761F69F4 1 Byte [62]
.text C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE[2900] USER32.dll!UnhookWindowsHookEx 76A4ADF9 5 Bytes JMP 00140A08
.text C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE[2900] USER32.dll!UnhookWinEvent 76A4B750 5 Bytes JMP 001403FC
.text C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE[2900] USER32.dll!SetWindowsHookExW 76A4E30C 5 Bytes JMP 00140804
.text C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE[2900] USER32.dll!SetWinEventHook 76A524DC 5 Bytes JMP 001401F8
.text C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE[2900] USER32.dll!SetWindowsHookExA 76A76D0C 5 Bytes JMP 00140600
.text C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE[2932] ntdll.dll!LdrUnloadDll 76DEC8DE 5 Bytes JMP 000903FC
.text C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE[2932] ntdll.dll!LdrLoadDll 76DF22B8 5 Bytes JMP 000901F8
.text C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE[2932] kernel32.dll!GetBinaryTypeW + 70 761F69F4 1 Byte [62]
.text C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE[2932] USER32.dll!UnhookWindowsHookEx 76A4ADF9 5 Bytes JMP 00230A08
.text C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE[2932] USER32.dll!UnhookWinEvent 76A4B750 5 Bytes JMP 002303FC
.text C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE[2932] USER32.dll!SetWindowsHookExW 76A4E30C 5 Bytes JMP 00230804
.text C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE[2932] USER32.dll!SetWinEventHook 76A524DC 5 Bytes JMP 002301F8
.text C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE[2932] USER32.dll!SetWindowsHookExA 76A76D0C 5 Bytes JMP 00230600
.text C:\Windows\system32\svchost.exe[2964] ntdll.dll!LdrUnloadDll 76DEC8DE 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[2964] ntdll.dll!LdrLoadDll 76DF22B8 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[2964] kernel32.dll!GetBinaryTypeW + 70 761F69F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[2964] USER32.dll!UnhookWindowsHookEx 76A4ADF9 5 Bytes JMP 00630A08
.text C:\Windows\system32\svchost.exe[2964] USER32.dll!UnhookWinEvent 76A4B750 5 Bytes JMP 006303FC
.text C:\Windows\system32\svchost.exe[2964] USER32.dll!SetWindowsHookExW 76A4E30C 5 Bytes JMP 00630804
.text C:\Windows\system32\svchost.exe[2964] USER32.dll!SetWinEventHook 76A524DC 5 Bytes JMP 006301F8
.text C:\Windows\system32\svchost.exe[2964] USER32.dll!SetWindowsHookExA 76A76D0C 5 Bytes JMP 00630600
.text C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[3036] ntdll.dll!LdrUnloadDll 76DEC8DE 5 Bytes JMP 001603FC
.text C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[3036] ntdll.dll!LdrLoadDll 76DF22B8 5 Bytes JMP 001601F8
.text C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[3036] kernel32.dll!GetBinaryTypeW + 70 761F69F4 1 Byte [62]
.text C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[3036] USER32.dll!UnhookWindowsHookEx 76A4ADF9 5 Bytes JMP 001F0A08
.text C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[3036] USER32.dll!UnhookWinEvent 76A4B750 5 Bytes JMP 001F03FC
.text C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[3036] USER32.dll!SetWindowsHookExW 76A4E30C 5 Bytes JMP 001F0804
.text C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[3036] USER32.dll!SetWinEventHook 76A524DC 5 Bytes JMP 001F01F8
.text C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[3036] USER32.dll!SetWindowsHookExA 76A76D0C 5 Bytes JMP 001F0600
.text c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe[3080] ntdll.dll!LdrUnloadDll 76DEC8DE 5 Bytes JMP 000603FC
.text c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe[3080] ntdll.dll!LdrLoadDll 76DF22B8 5 Bytes JMP 000601F8
.text c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe[3080] kernel32.dll!GetBinaryTypeW + 70 761F69F4 1 Byte [62]
.text c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe[3080] USER32.dll!UnhookWindowsHookEx 76A4ADF9 5 Bytes JMP 000F0A08
.text c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe[3080] USER32.dll!UnhookWinEvent 76A4B750 5 Bytes JMP 000F03FC
.text c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe[3080] USER32.dll!SetWindowsHookExW 76A4E30C 5 Bytes JMP 000F0804
.text c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe[3080] USER32.dll!SetWinEventHook 76A524DC 5 Bytes JMP 000F01F8
.text c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe[3080] USER32.dll!SetWindowsHookExA 76A76D0C 5 Bytes JMP 000F0600
.text C:\Program Files\Windows Media Player\wmplayer.exe[3156] ntdll.dll!LdrUnloadDll 76DEC8DE 5 Bytes JMP 000A03FC
.text C:\Program Files\Windows Media Player\wmplayer.exe[3156] ntdll.dll!LdrLoadDll 76DF22B8 5 Bytes JMP 000A01F8
.text C:\Program Files\Windows Media Player\wmplayer.exe[3156] kernel32.dll!GetBinaryTypeW + 70 761F69F4 1 Byte [62]
.text C:\Program Files\Windows Media Player\wmplayer.exe[3156] USER32.dll!UnhookWindowsHookEx 76A4ADF9 5 Bytes JMP 000D0A08
.text C:\Program Files\Windows Media Player\wmplayer.exe[3156] USER32.dll!UnhookWinEvent 76A4B750 5 Bytes JMP 000D03FC
.text C:\Program Files\Windows Media Player\wmplayer.exe[3156] USER32.dll!SetWindowsHookExW 76A4E30C 5 Bytes JMP 000D0804
.text C:\Program Files\Windows Media Player\wmplayer.exe[3156] USER32.dll!SetWinEventHook 76A524DC 5 Bytes JMP 000D01F8
.text C:\Program Files\Windows Media Player\wmplayer.exe[3156] USER32.dll!SetWindowsHookExA 76A76D0C 5 Bytes JMP 000D0600
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3244] ntdll.dll!NtCreateFile + 6 76DD55CE 4 Bytes [28, 00, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3244] ntdll.dll!NtCreateFile + B 76DD55D3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3244] ntdll.dll!NtMapViewOfSection + 6 76DD5C2E 1 Byte [28]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3244] ntdll.dll!NtMapViewOfSection + 6 76DD5C2E 4 Bytes [28, 03, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3244] ntdll.dll!NtMapViewOfSection + B 76DD5C33 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3244] ntdll.dll!NtOpenFile + 6 76DD5CDE 4 Bytes [68, 00, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3244] ntdll.dll!NtOpenFile + B 76DD5CE3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3244] ntdll.dll!NtOpenProcess + 6 76DD5D8E 4 Bytes [A8, 01, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3244] ntdll.dll!NtOpenProcess + B 76DD5D93 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3244] ntdll.dll!NtOpenProcessToken + 6 76DD5D9E 4 Bytes CALL 75DD64A4 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3244] ntdll.dll!NtOpenProcessToken + B 76DD5DA3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3244] ntdll.dll!NtOpenProcessTokenEx + 6 76DD5DAE 4 Bytes [A8, 02, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3244] ntdll.dll!NtOpenProcessTokenEx + B 76DD5DB3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3244] ntdll.dll!NtOpenThread + 6 76DD5E0E 4 Bytes [68, 01, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3244] ntdll.dll!NtOpenThread + B 76DD5E13 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3244] ntdll.dll!NtOpenThreadToken + 6 76DD5E1E 4 Bytes [68, 02, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3244] ntdll.dll!NtOpenThreadToken + B 76DD5E23 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3244] ntdll.dll!NtOpenThreadTokenEx + 6 76DD5E2E 4 Bytes CALL 75DD6535 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3244] ntdll.dll!NtOpenThreadTokenEx + B 76DD5E33 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3244] ntdll.dll!NtQueryAttributesFile + 6 76DD5F3E 4 Bytes [A8, 00, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3244] ntdll.dll!NtQueryAttributesFile + B 76DD5F43 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3244] ntdll.dll!NtQueryFullAttributesFile + 6 76DD5FEE 4 Bytes CALL 75DD66F3 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3244] ntdll.dll!NtQueryFullAttributesFile + B 76DD5FF3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3244] ntdll.dll!NtSetInformationFile + 6 76DD663E 4 Bytes [28, 01, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3244] ntdll.dll!NtSetInformationFile + B 76DD6643 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3244] ntdll.dll!NtSetInformationThread + 6 76DD669E 4 Bytes [28, 02, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3244] ntdll.dll!NtSetInformationThread + B 76DD66A3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3244] ntdll.dll!NtUnmapViewOfSection + 6 76DD69BE 1 Byte [68]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3244] ntdll.dll!NtUnmapViewOfSection + 6 76DD69BE 4 Bytes [68, 03, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3244] ntdll.dll!NtUnmapViewOfSection + B 76DD69C3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3244] ntdll.dll!LdrUnloadDll 76DEC8DE 5 Bytes JMP 000903FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3244] ntdll.dll!LdrLoadDll 76DF22B8 5 Bytes JMP 000901F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3244] kernel32.dll!GetBinaryTypeW + 70 761F69F4 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3244] USER32.dll!UnhookWindowsHookEx 76A4ADF9 5 Bytes JMP 000C0A08
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3244] USER32.dll!UnhookWinEvent 76A4B750 5 Bytes JMP 000C03FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3244] USER32.dll!SetWindowsHookExW 76A4E30C 5 Bytes JMP 000C0804
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3244] USER32.dll!SetWinEventHook 76A524DC 5 Bytes JMP 000C01F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3244] USER32.dll!SetWindowsHookExA 76A76D0C 5 Bytes JMP 000C0600
.text C:\Windows\system32\PnkBstrA.exe[3256] ntdll.dll!LdrUnloadDll 76DEC8DE 5 Bytes JMP 001503FC
.text C:\Windows\system32\PnkBstrA.exe[3256] ntdll.dll!LdrLoadDll 76DF22B8 5 Bytes JMP 001501F8
.text C:\Windows\system32\PnkBstrA.exe[3256] kernel32.dll!GetBinaryTypeW + 70 761F69F4 1 Byte [62]
.text C:\Windows\system32\PnkBstrA.exe[3256] USER32.dll!UnhookWindowsHookEx 76A4ADF9 5 Bytes JMP 001E0A08
.text C:\Windows\system32\PnkBstrA.exe[3256] USER32.dll!UnhookWinEvent 76A4B750 5 Bytes JMP 001E03FC
.text C:\Windows\system32\PnkBstrA.exe[3256] USER32.dll!SetWindowsHookExW 76A4E30C 5 Bytes JMP 001E0804
.text C:\Windows\system32\PnkBstrA.exe[3256] USER32.dll!SetWinEventHook 76A524DC 5 Bytes JMP 001E01F8
.text C:\Windows\system32\PnkBstrA.exe[3256] USER32.dll!SetWindowsHookExA 76A76D0C 5 Bytes JMP 001E0600
.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_124a1a436c563c4c\STacSV.exe[3280] ntdll.dll!LdrUnloadDll 76DEC8DE 5 Bytes JMP 001503FC
.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_124a1a436c563c4c\STacSV.exe[3280] ntdll.dll!LdrLoadDll 76DF22B8 5 Bytes JMP 001501F8
.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_124a1a436c563c4c\STacSV.exe[3280] kernel32.dll!GetBinaryTypeW + 70 761F69F4 1 Byte [62]
.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_124a1a436c563c4c\STacSV.exe[3280] USER32.dll!UnhookWindowsHookEx 76A4ADF9 5 Bytes JMP 002F0A08
.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_124a1a436c563c4c\STacSV.exe[3280] USER32.dll!UnhookWinEvent 76A4B750 5 Bytes JMP 002F03FC
.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_124a1a436c563c4c\STacSV.exe[3280] USER32.dll!SetWindowsHookExW 76A4E30C 5 Bytes JMP 002F0804
.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_124a1a436c563c4c\STacSV.exe[3280] USER32.dll!SetWinEventHook 76A524DC 5 Bytes JMP 002F01F8
.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_124a1a436c563c4c\STacSV.exe[3280] USER32.dll!SetWindowsHookExA 76A76D0C 5 Bytes JMP 002F0600
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3592] ntdll.dll!LdrUnloadDll 76DEC8DE 5 Bytes JMP 001703FC
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3592] ntdll.dll!LdrLoadDll 76DF22B8 5 Bytes JMP 001701F8
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3592] kernel32.dll!GetBinaryTypeW + 70 761F69F4 1 Byte [62]
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3592] USER32.dll!UnhookWindowsHookEx 76A4ADF9 5 Bytes JMP 00200A08
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3592] USER32.dll!UnhookWinEvent 76A4B750 5 Bytes JMP 002003FC
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3592] USER32.dll!SetWindowsHookExW 76A4E30C 5 Bytes JMP 00200804
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3592] USER32.dll!SetWinEventHook 76A524DC 5 Bytes JMP 002001F8
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3592] USER32.dll!SetWindowsHookExA 76A76D0C 5 Bytes JMP 00200600
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3788] ntdll.dll!LdrUnloadDll 76DEC8DE 5 Bytes JMP 001603FC
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3788] ntdll.dll!LdrLoadDll 76DF22B8 5 Bytes JMP 001601F8
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3788] kernel32.dll!GetBinaryTypeW + 70 761F69F4 1 Byte [62]
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3788] USER32.dll!UnhookWindowsHookEx 76A4ADF9 5 Bytes JMP 001F0A08
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3788] USER32.dll!UnhookWinEvent 76A4B750 5 Bytes JMP 001F03FC
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3788] USER32.dll!SetWindowsHookExW 76A4E30C 5 Bytes JMP 001F0804
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3788] USER32.dll!SetWinEventHook 76A524DC 5 Bytes JMP 001F01F8
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3788] USER32.dll!SetWindowsHookExA 76A76D0C 5 Bytes JMP 001F0600
.text C:\Windows\system32\svchost.exe[3900] ntdll.dll!LdrUnloadDll 76DEC8DE 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[3900] ntdll.dll!LdrLoadDll 76DF22B8 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[3900] kernel32.dll!GetBinaryTypeW + 70 761F69F4 1 Byte [62]
.text C:\Windows\system32\taskhost.exe[3944] ntdll.dll!LdrUnloadDll 76DEC8DE 5 Bytes JMP 000503FC
.text C:\Windows\system32\taskhost.exe[3944] ntdll.dll!LdrLoadDll 76DF22B8 5 Bytes JMP 000501F8
.text C:\Windows\system32\taskhost.exe[3944] kernel32.dll!GetBinaryTypeW + 70 761F69F4 1 Byte [62]
.text C:\Windows\system32\taskhost.exe[3944] USER32.dll!UnhookWindowsHookEx 76A4ADF9 5 Bytes JMP 00120A08
.text C:\Windows\system32\taskhost.exe[3944] USER32.dll!UnhookWinEvent 76A4B750 5 Bytes JMP 001203FC
.text C:\Windows\system32\taskhost.exe[3944] USER32.dll!SetWindowsHookExW 76A4E30C 5 Bytes JMP 00120804
.text C:\Windows\system32\taskhost.exe[3944] USER32.dll!SetWinEventHook 76A524DC 5 Bytes JMP 001201F8
.text C:\Windows\system32\taskhost.exe[3944] USER32.dll!SetWindowsHookExA 76A76D0C 5 Bytes JMP 00120600
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4564] ntdll.dll!LdrUnloadDll 76DEC8DE 5 Bytes JMP 000503FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4564] ntdll.dll!LdrLoadDll 76DF22B8 5 Bytes JMP 000501F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4564] kernel32.dll!GetBinaryTypeW + 70 761F69F4 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4564] USER32.dll!UnhookWindowsHookEx 76A4ADF9 5 Bytes JMP 00130A08
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4564] USER32.dll!UnhookWinEvent 76A4B750 5 Bytes JMP 001303FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4564] USER32.dll!SetWindowsHookExW 76A4E30C 5 Bytes JMP 00130804
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4564] USER32.dll!SetWinEventHook 76A524DC 5 Bytes JMP 001301F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4564] USER32.dll!SetWindowsHookExA 76A76D0C 5 Bytes JMP 00130600
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4788] ntdll.dll!NtCreateFile + 6 76DD55CE 4 Bytes [28, 00, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4788] ntdll.dll!NtCreateFile + B 76DD55D3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4788] ntdll.dll!NtMapViewOfSection + 6 76DD5C2E 1 Byte [28]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4788] ntdll.dll!NtMapViewOfSection + 6 76DD5C2E 4 Bytes [28, 03, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4788] ntdll.dll!NtMapViewOfSection + B 76DD5C33 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4788] ntdll.dll!NtOpenFile + 6 76DD5CDE 4 Bytes [68, 00, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4788] ntdll.dll!NtOpenFile + B 76DD5CE3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4788] ntdll.dll!NtOpenProcess + 6 76DD5D8E 4 Bytes [A8, 01, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4788] ntdll.dll!NtOpenProcess + B 76DD5D93 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4788] ntdll.dll!NtOpenProcessToken + 6 76DD5D9E 4 Bytes CALL 75DD64A4 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4788] ntdll.dll!NtOpenProcessToken + B 76DD5DA3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4788] ntdll.dll!NtOpenProcessTokenEx + 6 76DD5DAE 4 Bytes [A8, 02, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4788] ntdll.dll!NtOpenProcessTokenEx + B 76DD5DB3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4788] ntdll.dll!NtOpenThread + 6 76DD5E0E 4 Bytes [68, 01, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4788] ntdll.dll!NtOpenThread + B 76DD5E13 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4788] ntdll.dll!NtOpenThreadToken + 6 76DD5E1E 4 Bytes [68, 02, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4788] ntdll.dll!NtOpenThreadToken + B 76DD5E23 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4788] ntdll.dll!NtOpenThreadTokenEx + 6 76DD5E2E 4 Bytes CALL 75DD6535 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4788] ntdll.dll!NtOpenThreadTokenEx + B 76DD5E33 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4788] ntdll.dll!NtQueryAttributesFile + 6 76DD5F3E 4 Bytes [A8, 00, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4788] ntdll.dll!NtQueryAttributesFile + B 76DD5F43 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4788] ntdll.dll!NtQueryFullAttributesFile + 6 76DD5FEE 4 Bytes CALL 75DD66F3 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4788] ntdll.dll!NtQueryFullAttributesFile + B 76DD5FF3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4788] ntdll.dll!NtSetInformationFile + 6 76DD663E 4 Bytes [28, 01, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4788] ntdll.dll!NtSetInformationFile + B 76DD6643 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4788] ntdll.dll!NtSetInformationThread + 6 76DD669E 4 Bytes [28, 02, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4788] ntdll.dll!NtSetInformationThread + B 76DD66A3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4788] ntdll.dll!NtUnmapViewOfSection + 6 76DD69BE 1 Byte [68]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4788] ntdll.dll!NtUnmapViewOfSection + 6 76DD69BE 4 Bytes [68, 03, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4788] ntdll.dll!NtUnmapViewOfSection + B 76DD69C3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4788] ntdll.dll!LdrUnloadDll 76DEC8DE 5 Bytes JMP 000903FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4788] ntdll.dll!LdrLoadDll 76DF22B8 5 Bytes JMP 000901F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4788] kernel32.dll!GetBinaryTypeW + 70 761F69F4 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4788] USER32.dll!UnhookWindowsHookEx 76A4ADF9 5 Bytes JMP 000C0A08
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4788] USER32.dll!UnhookWinEvent 76A4B750 5 Bytes JMP 000C03FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4788] USER32.dll!SetWindowsHookExW 76A4E30C 5 Bytes JMP 000C0804
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4788] USER32.dll!SetWinEventHook 76A524DC 5 Bytes JMP 000C01F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4788] USER32.dll!SetWindowsHookExA 76A76D0C 5 Bytes JMP 000C0600
.text C:\Program Files\iPod\bin\iPodService.exe[4824] ntdll.dll!LdrUnloadDll 76DEC8DE 5 Bytes JMP 001303FC
.text C:\Program Files\iPod\bin\iPodService.exe[4824] ntdll.dll!LdrLoadDll 76DF22B8 5 Bytes JMP 001301F8
.text C:\Program Files\iPod\bin\iPodService.exe[4824] kernel32.dll!GetBinaryTypeW + 70 761F69F4 1 Byte [62]
.text C:\Program Files\iPod\bin\iPodService.exe[4824] USER32.dll!UnhookWindowsHookEx 76A4ADF9 5 Bytes JMP 001D0A08
.text C:\Program Files\iPod\bin\iPodService.exe[4824] USER32.dll!UnhookWinEvent 76A4B750 5 Bytes JMP 001D03FC
.text C:\Program Files\iPod\bin\iPodService.exe[4824] USER32.dll!SetWindowsHookExW 76A4E30C 5 Bytes JMP 001D0804
.text C:\Program Files\iPod\bin\iPodService.exe[4824] USER32.dll!SetWinEventHook 76A524DC 5 Bytes JMP 001D01F8
.text C:\Program Files\iPod\bin\iPodService.exe[4824] USER32.dll!SetWindowsHookExA 76A76D0C 5 Bytes JMP 001D0600
.text C:\Windows\system32\SearchIndexer.exe[4908] ntdll.dll!LdrUnloadDll 76DEC8DE 5 Bytes JMP 000603FC
.text C:\Windows\system32\SearchIndexer.exe[4908] ntdll.dll!LdrLoadDll 76DF22B8 5 Bytes JMP 000601F8
.text C:\Windows\system32\SearchIndexer.exe[4908] kernel32.dll!GetBinaryTypeW + 70 761F69F4 1 Byte [62]
.text C:\Windows\system32\SearchIndexer.exe[4908] USER32.dll!UnhookWindowsHookEx 76A4ADF9 5 Bytes JMP 00100A08
.text C:\Windows\system32\SearchIndexer.exe[4908] USER32.dll!UnhookWinEvent 76A4B750 5 Bytes JMP 001003FC
.text C:\Windows\system32\SearchIndexer.exe[4908] USER32.dll!SetWindowsHookExW 76A4E30C 5 Bytes JMP 00100804
.text C:\Windows\system32\SearchIndexer.exe[4908] USER32.dll!SetWinEventHook 76A524DC 5 Bytes JMP 001001F8
.text C:\Windows\system32\SearchIndexer.exe[4908] USER32.dll!SetWindowsHookExA 76A76D0C 5 Bytes JMP 00100600
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5116] ntdll.dll!NtCreateFile + 6 76DD55CE 4 Bytes [28, 00, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5116] ntdll.dll!NtCreateFile + B 76DD55D3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5116] ntdll.dll!NtMapViewOfSection + 6 76DD5C2E 1 Byte [28]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5116] ntdll.dll!NtMapViewOfSection + 6 76DD5C2E 4 Bytes [28, 03, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5116] ntdll.dll!NtMapViewOfSection + B 76DD5C33 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5116] ntdll.dll!NtOpenFile + 6 76DD5CDE 4 Bytes [68, 00, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5116] ntdll.dll!NtOpenFile + B 76DD5CE3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5116] ntdll.dll!NtOpenProcess + 6 76DD5D8E 4 Bytes [A8, 01, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5116] ntdll.dll!NtOpenProcess + B 76DD5D93 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5116] ntdll.dll!NtOpenProcessToken + 6 76DD5D9E 4 Bytes CALL 75DD74A4 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5116] ntdll.dll!NtOpenProcessToken + B 76DD5DA3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5116] ntdll.dll!NtOpenProcessTokenEx + 6 76DD5DAE 4 Bytes [A8, 02, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5116] ntdll.dll!NtOpenProcessTokenEx + B 76DD5DB3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5116] ntdll.dll!NtOpenThread + 6 76DD5E0E 4 Bytes [68, 01, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5116] ntdll.dll!NtOpenThread + B 76DD5E13 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5116] ntdll.dll!NtOpenThreadToken + 6 76DD5E1E 4 Bytes [68, 02, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5116] ntdll.dll!NtOpenThreadToken + B 76DD5E23 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5116] ntdll.dll!NtOpenThreadTokenEx + 6 76DD5E2E 4 Bytes CALL 75DD7535 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5116] ntdll.dll!NtOpenThreadTokenEx + B 76DD5E33 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5116] ntdll.dll!NtQueryAttributesFile + 6 76DD5F3E 4 Bytes [A8, 00, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5116] ntdll.dll!NtQueryAttributesFile + B 76DD5F43 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5116] ntdll.dll!NtQueryFullAttributesFile + 6 76DD5FEE 4 Bytes CALL 75DD76F3 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5116] ntdll.dll!NtQueryFullAttributesFile + B 76DD5FF3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5116] ntdll.dll!NtSetInformationFile + 6 76DD663E 4 Bytes [28, 01, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5116] ntdll.dll!NtSetInformationFile + B 76DD6643 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5116] ntdll.dll!NtSetInformationThread + 6 76DD669E 4 Bytes [28, 02, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5116] ntdll.dll!NtSetInformationThread + B 76DD66A3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5116] ntdll.dll!NtUnmapViewOfSection + 6 76DD69BE 1 Byte [68]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5116] ntdll.dll!NtUnmapViewOfSection + 6 76DD69BE 4 Bytes [68, 03, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5116] ntdll.dll!NtUnmapViewOfSection + B 76DD69C3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5116] ntdll.dll!LdrUnloadDll 76DEC8DE 5 Bytes JMP 001903FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5116] ntdll.dll!LdrLoadDll 76DF22B8 5 Bytes JMP 001901F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5116] kernel32.dll!GetBinaryTypeW + 70 761F69F4 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5116] USER32.dll!UnhookWindowsHookEx 76A4ADF9 5 Bytes JMP 00230A08
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5116] USER32.dll!UnhookWinEvent 76A4B750 5 Bytes JMP 002303FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5116] USER32.dll!SetWindowsHookExW 76A4E30C 5 Bytes JMP 00230804
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5116] USER32.dll!SetWinEventHook 76A524DC 5 Bytes JMP 002301F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5116] USER32.dll!SetWindowsHookExA 76A76D0C 5 Bytes JMP 00230600
.text C:\Users\Rec Room\Downloads\9oieh620.exe[5124] kernel32.dll!GetBinaryTypeW + 70 761F69F4 1 Byte [62]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5660] ntdll.dll!LdrUnloadDll 76DEC8DE 5 Bytes JMP 000603FC
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5660] ntdll.dll!LdrLoadDll 76DF22B8 5 Bytes JMP 000601F8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5660] kernel32.dll!GetBinaryTypeW + 70 761F69F4 1 Byte [62]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5660] USER32.dll!UnhookWindowsHookEx 76A4ADF9 5 Bytes JMP 00140A08
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5660] USER32.dll!UnhookWinEvent 76A4B750 5 Bytes JMP 001403FC
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5660] USER32.dll!SetWindowsHookExW 76A4E30C 5 Bytes JMP 00140804
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5660] USER32.dll!SetWinEventHook 76A524DC 5 Bytes JMP 001401F8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5660] USER32.dll!SetWindowsHookExA 76A76D0C 5 Bytes JMP 00140600
.text C:\Windows\System32\svchost.exe[5720] ntdll.dll!LdrUnloadDll 76DEC8DE 5 Bytes JMP 000603FC
.text C:\Windows\System32\svchost.exe[5720] ntdll.dll!LdrLoadDll 76DF22B8 5 Bytes JMP 000601F8
.text C:\Windows\System32\svchost.exe[5720] kernel32.dll!GetBinaryTypeW + 70 761F69F4 1 Byte [62]
.text C:\Windows\System32\svchost.exe[5720] user32.dll!UnhookWindowsHookEx 76A4ADF9 5 Bytes JMP 00340A08
.text C:\Windows\System32\svchost.exe[5720] user32.dll!UnhookWinEvent 76A4B750 5 Bytes JMP 003403FC
.text C:\Windows\System32\svchost.exe[5720] user32.dll!SetWindowsHookExW 76A4E30C 5 Bytes JMP 00340804
.text C:\Windows\System32\svchost.exe[5720] user32.dll!SetWinEventHook 76A524DC 5 Bytes JMP 003401F8
.text C:\Windows\System32\svchost.exe[5720] user32.dll!SetWindowsHookExA 76A76D0C 5 Bytes JMP 00340600
.text C:\Program Files\Windows Media Player\WMPSideShowGadget.exe[5728] ntdll.dll!LdrUnloadDll 76DEC8DE 5 Bytes JMP 000A03FC
.text C:\Program Files\Windows Media Player\WMPSideShowGadget.exe[5728] ntdll.dll!LdrLoadDll 76DF22B8 5 Bytes JMP 000A01F8
.text C:\Program Files\Windows Media Player\WMPSideShowGadget.exe[5728] kernel32.dll!GetBinaryTypeW + 70 761F69F4 1 Byte [62]
.text C:\Program Files\Windows Media Player\WMPSideShowGadget.exe[5728] USER32.dll!UnhookWindowsHookEx 76A4ADF9 5 Bytes JMP 00140A08
.text C:\Program Files\Windows Media Player\WMPSideShowGadget.exe[5728] USER32.dll!UnhookWinEvent 76A4B750 5 Bytes JMP 001403FC
.text C:\Program Files\Windows Media Player\WMPSideShowGadget.exe[5728] USER32.dll!SetWindowsHookExW 76A4E30C 5 Bytes JMP 00140804
.text C:\Program Files\Windows Media Player\WMPSideShowGadget.exe[5728] USER32.dll!SetWinEventHook 76A524DC 5 Bytes JMP 001401F8
.text C:\Program Files\Windows Media Player\WMPSideShowGadget.exe[5728] USER32.dll!SetWindowsHookExA 76A76D0C 5 Bytes JMP 00140600
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5936] ntdll.dll!LdrUnloadDll 76DEC8DE 5 Bytes JMP 000603FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5936] ntdll.dll!LdrLoadDll 76DF22B8 5 Bytes JMP 000601F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5936] kernel32.dll!GetBinaryTypeW + 70 761F69F4 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5936] USER32.dll!UnhookWindowsHookEx 76A4ADF9 5 Bytes JMP 000F0A08
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5936] USER32.dll!UnhookWinEvent 76A4B750 5 Bytes JMP 000F03FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5936] USER32.dll!SetWindowsHookExW 76A4E30C 5 Bytes JMP 000F0804
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5936] USER32.dll!SetWinEventHook 76A524DC 5 Bytes JMP 000F01F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5936] USER32.dll!SetWindowsHookExA 76A76D0C 5 Bytes JMP 000F0600
.text C:\Windows\system32\DllHost.exe[6032] ntdll.dll!LdrUnloadDll 76DEC8DE 5 Bytes JMP 000503FC
.text C:\Windows\system32\DllHost.exe[6032] ntdll.dll!LdrLoadDll 76DF22B8 5 Bytes JMP 000501F8
.text C:\Windows\system32\DllHost.exe[6032] kernel32.dll!GetBinaryTypeW + 70 761F69F4 1 Byte [62]
.text C:\Windows\system32\DllHost.exe[6032] USER32.dll!UnhookWindowsHookEx 76A4ADF9 5 Bytes JMP 000E0A08
.text C:\Windows\system32\DllHost.exe[6032] USER32.dll!UnhookWinEvent 76A4B750 5 Bytes JMP 000E03FC
.text C:\Windows\system32\DllHost.exe[6032] USER32.dll!SetWindowsHookExW 76A4E30C 5 Bytes JMP 000E0804
.text C:\Windows\system32\DllHost.exe[6032] USER32.dll!SetWinEventHook 76A524DC 5 Bytes JMP 000E01F8
.text C:\Windows\system32\DllHost.exe[6032] USER32.dll!SetWindowsHookExA 76A76D0C 5 Bytes JMP 000E0600
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6080] ntdll.dll!NtCreateFile + 6 76DD55CE 4 Bytes [28, 00, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6080] ntdll.dll!NtCreateFile + B 76DD55D3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6080] ntdll.dll!NtMapViewOfSection + 6 76DD5C2E 1 Byte [28]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6080] ntdll.dll!NtMapViewOfSection + 6 76DD5C2E 4 Bytes [28, 03, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6080] ntdll.dll!NtMapViewOfSection + B 76DD5C33 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6080] ntdll.dll!NtOpenFile + 6 76DD5CDE 4 Bytes [68, 00, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6080] ntdll.dll!NtOpenFile + B 76DD5CE3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6080] ntdll.dll!NtOpenProcess + 6 76DD5D8E 4 Bytes [A8, 01, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6080] ntdll.dll!NtOpenProcess + B 76DD5D93 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6080] ntdll.dll!NtOpenProcessToken + 6 76DD5D9E 4 Bytes CALL 75DD64A4 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6080] ntdll.dll!NtOpenProcessToken + B 76DD5DA3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6080] ntdll.dll!NtOpenProcessTokenEx + 6 76DD5DAE 4 Bytes [A8, 02, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6080] ntdll.dll!NtOpenProcessTokenEx + B 76DD5DB3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6080] ntdll.dll!NtOpenThread + 6 76DD5E0E 4 Bytes [68, 01, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6080] ntdll.dll!NtOpenThread + B 76DD5E13 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6080] ntdll.dll!NtOpenThreadToken + 6 76DD5E1E 4 Bytes [68, 02, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6080] ntdll.dll!NtOpenThreadToken + B 76DD5E23 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6080] ntdll.dll!NtOpenThreadTokenEx + 6 76DD5E2E 4 Bytes CALL 75DD6535 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6080] ntdll.dll!NtOpenThreadTokenEx + B 76DD5E33 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6080] ntdll.dll!NtQueryAttributesFile + 6 76DD5F3E 4 Bytes [A8, 00, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6080] ntdll.dll!NtQueryAttributesFile + B 76DD5F43 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6080] ntdll.dll!NtQueryFullAttributesFile + 6 76DD5FEE 4 Bytes CALL 75DD66F3 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6080] ntdll.dll!NtQueryFullAttributesFile + B 76DD5FF3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6080] ntdll.dll!NtSetInformationFile + 6 76DD663E 4 Bytes [28, 01, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6080] ntdll.dll!NtSetInformationFile + B 76DD6643 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6080] ntdll.dll!NtSetInformationThread + 6 76DD669E 4 Bytes [28, 02, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6080] ntdll.dll!NtSetInformationThread + B 76DD66A3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6080] ntdll.dll!NtUnmapViewOfSection + 6 76DD69BE 1 Byte [68]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6080] ntdll.dll!NtUnmapViewOfSection + 6 76DD69BE 4 Bytes [68, 03, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6080] ntdll.dll!NtUnmapViewOfSection + B 76DD69C3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6080] ntdll.dll!LdrUnloadDll 76DEC8DE 5 Bytes JMP 000903FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6080] ntdll.dll!LdrLoadDll 76DF22B8 5 Bytes JMP 000901F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6080] kernel32.dll!GetBinaryTypeW + 70 761F69F4 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6080] USER32.dll!UnhookWindowsHookEx 76A4ADF9 5 Bytes JMP 00170A08
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6080] USER32.dll!UnhookWinEvent 76A4B750 5 Bytes JMP 001703FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6080] USER32.dll!SetWindowsHookExW 76A4E30C 5 Bytes JMP 00170804
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6080] USER32.dll!SetWinEventHook 76A524DC 5 Bytes JMP 001701F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6080] USER32.dll!SetWindowsHookExA 76A76D0C 5 Bytes JMP 00170600
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[6120] KERNEL32.dll!GetBinaryTypeW + 70 761F69F4 1 Byte [62]
.text C:\Windows\System32\svchost.exe[6228] kernel32.dll!GetBinaryTypeW + 70 761F69F4 1 Byte [62]
.text C:\Windows\system32\AUDIODG.EXE[6508] kernel32.dll!GetBinaryTypeW + 70 761F69F4 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6544] ntdll.dll!LdrUnloadDll 76DEC8DE 5 Bytes JMP 001603FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6544] ntdll.dll!LdrLoadDll 76DF22B8 5 Bytes JMP 001601F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6544] kernel32.dll!GetBinaryTypeW + 70 761F69F4 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6544] USER32.dll!UnhookWindowsHookEx 76A4ADF9 5 Bytes JMP 001F0A08
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6544] USER32.dll!UnhookWinEvent 76A4B750 5 Bytes JMP 001F03FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6544] USER32.dll!SetWindowsHookExW 76A4E30C 5 Bytes JMP 001F0804
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6544] USER32.dll!SetWinEventHook 76A524DC 5 Bytes JMP 001F01F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6544] USER32.dll!SetWindowsHookExA 76A76D0C 5 Bytes JMP 001F0600
.text C:\Windows\system32\rundll32.exe[6720] ntdll.dll!LdrUnloadDll 76DEC8DE 5 Bytes JMP 000703FC
.text C:\Windows\system32\rundll32.exe[6720] ntdll.dll!LdrLoadDll 76DF22B8 5 Bytes JMP 000701F8
.text C:\Windows\system32\rundll32.exe[6720] kernel32.dll!GetBinaryTypeW + 70 761F69F4 1 Byte [62]
.text C:\Windows\system32\rundll32.exe[6720] USER32.dll!UnhookWindowsHookEx 76A4ADF9 5 Bytes JMP 00100A08
.text C:\Windows\system32\rundll32.exe[6720] USER32.dll!UnhookWinEvent 76A4B750 5 Bytes JMP 001003FC
.text C:\Windows\system32\rundll32.exe[6720] USER32.dll!SetWindowsHookExW 76A4E30C 5 Bytes JMP 00100804
.text C:\Windows\system32\rundll32.exe[6720] USER32.dll!SetWinEventHook 76A524DC 5 Bytes JMP 001001F8
.text C:\Windows\system32\rundll32.exe[6720] USER32.dll!SetWindowsHookExA 76A76D0C 5 Bytes JMP 00100600
.text C:\Windows\system32\NOTEPAD.EXE[6976] kernel32.dll!GetBinaryTypeW + 70 761F69F4 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7580] ntdll.dll!LdrUnloadDll 76DEC8DE 5 Bytes JMP 000603FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7580] ntdll.dll!LdrLoadDll 76DF22B8 5 Bytes JMP 000601F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7580] kernel32.dll!GetBinaryTypeW + 70 761F69F4 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7580] USER32.dll!UnhookWindowsHookEx 76A4ADF9 5 Bytes JMP 000F0A08
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7580] USER32.dll!UnhookWinEvent 76A4B750 5 Bytes JMP 000F03FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7580] USER32.dll!SetWindowsHookExW 76A4E30C 5 Bytes JMP 000F0804
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7580] USER32.dll!SetWinEventHook 76A524DC 5 Bytes JMP 000F01F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7580] USER32.dll!SetWindowsHookExA 76A76D0C 5 Bytes JMP 000F0600

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\00000066 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

Attached Files


Edited by icemanrk22, 12 November 2011 - 03:26 PM.


#4 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:44 PM

Posted 12 November 2011 - 04:08 PM

icemanrk22:

Please do this next:

Posted Image Uninstall all but one of those antivirus applications you have installed; having all those onboard is just going to complicate this.

Posted Image Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • If you have trouble, stop and post back. Do not try to repeatedly run comboFix!
  • When finished, it will produce a report for you.
.
Please include the following in your next post:
  • ComboFix log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#5 icemanrk22

icemanrk22
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:11:44 AM

Posted 12 November 2011 - 04:41 PM

I uninstalled AVG 2012 the other day and it is saying it is still installed on my pc. It also still shows up in my add/remove programs. Disabled Microsoft Security Essentials.


ComboFix 11-11-12.04 - Rec Room 11/12/2011 16:28:39.1.4 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3070.1818 [GMT -5:00]
Running from: c:\users\Rec Room\Downloads\ComboFix.exe
AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
FW: AVG Firewall *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-10-12 to 2011-11-12 )))))))))))))))))))))))))))))))
.
.
2011-11-12 14:44 . 2011-11-12 14:44 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{73CFAEC2-049C-448C-89CA-8D3620874D63}\MpKsle3048ca6.sys
2011-11-12 14:44 . 2011-11-12 14:44 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{73CFAEC2-049C-448C-89CA-8D3620874D63}\offreg.dll
2011-11-12 14:44 . 2011-10-07 03:48 6668624 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{73CFAEC2-049C-448C-89CA-8D3620874D63}\mpengine.dll
2011-11-11 21:57 . 2011-11-11 21:57 -------- d-----w- c:\users\Rec Room\AppData\Roaming\FlixsterCollections
2011-11-11 21:57 . 2011-11-11 21:57 -------- d-----w- c:\program files\Flixster Collections
2011-11-10 15:36 . 2011-11-10 15:36 -------- d-----w- c:\program files\Common Files\Java
2011-11-09 14:36 . 2011-09-29 16:03 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 14:36 . 2011-10-01 04:37 708608 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-09 14:36 . 2011-09-29 03:37 2341888 ----a-w- c:\windows\system32\win32k.sys
2011-11-08 21:11 . 2011-11-10 04:34 -------- d-----w- c:\users\Rec Room\AppData\Roaming\Mumble
2011-11-08 21:10 . 2011-11-08 21:10 -------- d-----w- c:\program files\Mumble
2011-11-07 23:32 . 2011-11-07 23:32 388096 ----a-r- c:\users\Rec Room\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-11-07 23:32 . 2011-11-07 23:32 -------- d-----w- c:\program files\Trend Micro
2011-11-06 14:10 . 2010-06-02 09:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2011-11-06 14:10 . 2010-06-02 09:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2011-11-06 14:10 . 2010-06-02 09:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2011-11-06 14:10 . 2010-05-26 16:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2011-11-06 14:10 . 2010-05-26 16:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2011-11-06 14:09 . 2010-05-26 16:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2011-11-06 14:09 . 2010-05-26 16:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2011-11-06 14:09 . 2010-05-26 16:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2011-11-06 14:09 . 2010-02-04 15:01 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2011-11-06 14:09 . 2010-02-04 15:01 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2011-11-06 14:09 . 2010-02-04 15:01 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2011-11-06 14:09 . 2010-02-04 15:01 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2011-10-26 05:07 . 2011-10-26 05:07 -------- d-----w- c:\programdata\ATI
2011-10-26 05:07 . 2011-10-26 05:07 -------- d-----w- c:\program files\AMD APP
2011-10-26 05:02 . 2011-10-26 05:02 -------- d-----w- C:\ATI
2011-10-20 23:59 . 2011-10-20 23:59 -------- d-----w- c:\users\Rec Room\AppData\Local\PhotoChannel
2011-10-16 23:55 . 2011-10-16 23:55 18139008 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE14\MSO.DLL
2011-10-15 15:07 . 2011-11-12 21:17 -------- d-----w- c:\programdata\AVAST Software
2011-10-15 15:07 . 2011-10-15 15:07 -------- d-----w- c:\program files\AVAST Software
2011-10-15 14:51 . 2011-10-31 05:16 -------- d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-11 04:41 . 2011-02-28 04:53 140072 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-11-11 04:41 . 2011-02-28 04:55 280904 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-11-11 04:41 . 2011-02-28 04:52 280904 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-11-11 03:24 . 2011-02-28 04:52 280904 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-10-30 16:59 . 2011-02-28 04:52 280904 ----a-w- c:\windows\system32\PnkBstrB.ex1
2011-10-25 07:14 . 2011-02-28 04:53 138056 ----a-w- c:\users\Rec Room\AppData\Roaming\PnkBstrK.sys
2011-10-25 07:14 . 2011-02-28 04:52 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-10-13 20:29 . 2011-10-13 20:29 42392 ----a-w- c:\windows\system32\xfcodec.dll
2011-10-12 01:29 . 2011-10-12 01:29 703824 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5035F63A-6C7B-4B37-AAA5-14EB716853FC}\gapaengine.dll
2011-10-07 03:48 . 2011-05-06 07:18 6668624 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-10-03 10:06 . 2011-03-30 21:45 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-09-28 13:28 . 2011-09-28 13:28 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-09-28 13:28 . 2011-09-28 13:28 161792 ----a-w- c:\windows\system32\msls31.dll
2011-09-28 13:28 . 2011-09-28 13:28 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-09-28 13:28 . 2011-09-28 13:28 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-09-28 13:28 . 2011-09-28 13:28 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-09-28 13:28 . 2011-09-28 13:28 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-09-28 13:28 . 2011-09-28 13:28 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-09-28 13:28 . 2011-09-28 13:28 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-09-28 13:28 . 2011-09-28 13:28 367104 ----a-w- c:\windows\system32\html.iec
2011-09-28 13:28 . 2011-09-28 13:28 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-09-28 13:28 . 2011-09-28 13:28 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-09-28 13:28 . 2011-09-28 13:28 152064 ----a-w- c:\windows\system32\wextract.exe
2011-09-28 13:28 . 2011-09-28 13:28 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-09-28 13:28 . 2011-09-28 13:28 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-09-28 13:28 . 2011-09-28 13:28 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-09-28 13:28 . 2011-09-28 13:28 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-09-28 13:28 . 2011-09-28 13:28 11776 ----a-w- c:\windows\system32\mshta.exe
2011-09-28 13:28 . 2011-09-28 13:28 101888 ----a-w- c:\windows\system32\admparse.dll
2011-09-14 15:47 . 2011-09-14 15:47 53760 ----a-w- c:\windows\system32\OVDecode.dll
2011-09-14 15:47 . 2011-09-14 15:47 43520 ----a-w- c:\windows\system32\OpenCL.dll
2011-09-14 15:46 . 2011-09-14 15:46 13625856 ----a-w- c:\windows\system32\amdocl.dll
2011-09-14 15:38 . 2011-09-14 15:38 37376 ----a-w- c:\windows\system32\amdoclcl.dll
2011-09-08 18:26 . 2011-09-08 18:26 8606208 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-09-08 17:39 . 2011-09-08 17:39 18534912 ----a-w- c:\windows\system32\atioglxx.dll
2011-09-08 17:34 . 2011-09-08 17:34 151552 ----a-w- c:\windows\system32\atiapfxx.exe
2011-09-08 17:34 . 2010-10-27 07:55 732672 ----a-w- c:\windows\system32\aticfx32.dll
2011-09-08 17:30 . 2011-09-08 17:30 466944 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-09-08 17:30 . 2011-09-08 17:30 401408 ----a-w- c:\windows\system32\atieclxx.exe
2011-09-08 17:29 . 2011-09-08 17:29 176128 ----a-w- c:\windows\system32\atiesrxx.exe
2011-09-08 17:28 . 2011-09-08 17:28 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2011-09-08 17:28 . 2011-09-08 17:28 356352 ----a-w- c:\windows\system32\atipdlxx.dll
2011-09-08 17:28 . 2011-09-08 17:28 278528 ----a-w- c:\windows\system32\Oemdspif.dll
2011-09-08 17:28 . 2011-09-08 17:28 20992 ----a-w- c:\windows\system32\atimuixx.dll
2011-09-08 17:28 . 2011-09-08 17:28 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2011-09-08 17:24 . 2010-10-27 07:46 4204032 ----a-w- c:\windows\system32\atidxx32.dll
2011-09-08 17:18 . 2011-09-08 17:18 1828864 ----a-w- c:\windows\system32\atiumdmv.dll
2011-09-08 17:09 . 2011-09-08 17:09 46080 ----a-w- c:\windows\system32\aticalrt.dll
2011-09-08 17:09 . 2011-09-08 17:09 44032 ----a-w- c:\windows\system32\aticalcl.dll
2011-09-08 17:08 . 2011-04-02 02:41 4064768 ----a-w- c:\windows\system32\atiumdva.dll
2011-09-08 17:05 . 2011-09-08 17:05 7331840 ----a-w- c:\windows\system32\aticaldd.dll
2011-09-08 17:05 . 2011-04-02 02:42 4289024 ----a-w- c:\windows\system32\atiumdag.dll
2011-09-08 16:59 . 2010-10-27 07:14 52736 ----a-w- c:\windows\system32\coinst.dll
2011-09-08 16:53 . 2011-09-08 16:53 270336 ----a-w- c:\windows\system32\atiadlxx.dll
2011-09-08 16:52 . 2011-09-08 16:52 13312 ----a-w- c:\windows\system32\atiglpxx.dll
2011-09-08 16:52 . 2011-09-08 16:52 32768 ----a-w- c:\windows\system32\atigktxx.dll
2011-09-08 16:52 . 2011-09-08 16:52 248832 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-09-08 16:51 . 2010-10-27 07:13 31744 ----a-w- c:\windows\system32\atiuxpag.dll
2011-09-08 16:51 . 2010-10-27 07:13 29184 ----a-w- c:\windows\system32\atiu9pag.dll
2011-09-08 16:51 . 2011-09-08 16:51 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-09-08 16:50 . 2011-09-08 16:50 53760 ----a-w- c:\windows\system32\atimpc32.dll
2011-09-08 16:50 . 2011-09-08 16:50 53760 ----a-w- c:\windows\system32\amdpcom32.dll
2011-09-01 02:35 . 2011-10-13 03:15 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-09-01 02:28 . 2011-10-13 03:15 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-09-01 02:22 . 2011-10-13 03:15 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-08-31 21:00 . 2011-03-09 06:09 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-27 04:26 . 2011-10-12 07:57 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-08-27 04:26 . 2011-10-12 07:57 233472 ----a-w- c:\windows\system32\oleacc.dll
2011-08-17 04:24 . 2011-10-12 07:57 465408 ----a-w- c:\windows\system32\psisdecd.dll
2011-08-17 04:19 . 2011-10-12 07:57 75776 ----a-w- c:\windows\system32\psisrndr.ax
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Steam\steam.exe" [2011-08-02 1242448]
"cdloader"="c:\users\Rec Room\AppData\Roaming\mjusbsp\cdloader2.exe" [2011-08-23 50592]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-10-18 4615552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2010-11-16 94280]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-10-25 2415456]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-07-19 421736]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-08-04 1955208]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-09-08 343168]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-lsf?lic=TlVIRDQtWUg5UEUtTzNQNEUtUVJERUstR0RKWjctVk9YVUw&inst=NzYtOTM5MjU4MDA3LUNJQTEwKzItRkwxMCsxLUREVCswLVRVRyszLUREMTBGKzEtU1QxMEZBUFArMS1GMTBNMTJBVCsxLUYxME0xMkErMS1GMTBNMTJBQisxL" [?]
.
c:\users\Rec Room\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-09-08 176128]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-09-08 8606208]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-09-08 248832]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSLE3048CA6
*NewlyCreated* - UXRIQFOB
*Deregistered* - uxriqfob
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-11 19:32]
.
2011-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-11 19:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
AddRemove-Battlelog Web Plugins - c:\program files\Battlelog Web Plugins\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1727927773-4284749986-1194052921-1001\Software\SecuROM\License information*]
"datasecu"=hex:bc,77,0a,2c,5f,98,cf,e6,cd,91,f2,ba,6e,ac,6d,08,b6,20,b3,40,4b,
a5,ac,5c,67,dd,8f,6a,0b,bb,4b,9f,8e,d7,a8,47,94,e9,e6,a0,0d,c8,53,ca,90,f4,\
"rkeysecu"=hex:8c,d3,b9,ca,7a,31,69,9c,9f,33,50,5b,49,bd,58,96
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-11-12 16:40:09
ComboFix-quarantined-files.txt 2011-11-12 21:40
.
Pre-Run: 223,275,155,456 bytes free
Post-Run: 223,036,473,344 bytes free
.
- - End Of File - - E3DE0E671171B84D903A05A8D9BA5F1B

#6 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:44 PM

Posted 13 November 2011 - 12:22 AM

icemanrk22:

Please do this next:

Posted Image Download AppRemover from here saving it to your desktop.
  • Double click to run AppRemover
  • Follow the prompts to remove AVG
  • Reboot
Posted Image You have this program installed, Malwarebytes' Anti-Malware (MBAM). Please update it and run a scan.

Open MBAM
  • Click the Update tab
  • Click Check for Updates
  • If an update is found, it will download and install the latest version.
  • The program will close to update and reopen.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Uncheck any entries from C:\System Volume Information or C:\Qoobox
  • Make sure that everything else is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Please include the following in your next post:
  • MBAM log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#7 icemanrk22

icemanrk22
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:11:44 AM

Posted 13 November 2011 - 08:22 AM

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8151

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

11/13/2011 3:32:54 AM
mbam-log-2011-11-13 (03-32-54).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 432914
Time elapsed: 1 hour(s), 53 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#8 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:44 PM

Posted 13 November 2011 - 10:50 AM

icemanrk22:

How is your computer running now? Please do this next:

Posted Image Please go to here to run an online scan with ESET.
    • Turn off the real time scanner of any existing antivirus program while performing the online scan
    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the activex control to install
    • Click Start
    • Make sure that the option Remove found threats is unticked, and the option Scan unwanted applications is checked
    • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.
Please include the following in your next post:
  • How is the computer running now?
  • ESET log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#9 icemanrk22

icemanrk22
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:11:44 AM

Posted 13 November 2011 - 03:44 PM

C:\Users\Rec Room\Downloads\AIX_2.0_CORE_MOD.exe a variant of Win32/Packed.ExeScript.B trojan

- This file is a mod that was working for a game I had...I guess it had a trojan in it?

- Still having internet issues, but I've always had them. IE has been my biggest problem but it seems to be getting better.

#10 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:44 PM

Posted 13 November 2011 - 05:48 PM

icemanrk22:

Let's make sure that file is bad:

Posted Image Please go to one of the below sites to scan the following files:

virscan.org
Virus Total

Click on Browse, and upload the following file for analysis:
C:\Users\Rec Room\Downloads\AIX_2.0_CORE_MOD.exe

Then click Submit. Allow the file to be scanned, and then please copy and paste the results here for me to see.
If it says already scanned -- click "reanalyze now"
Please post the results in your next reply.

Please include the following in your next post:
  • File analysis results

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#11 icemanrk22

icemanrk22
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:11:44 AM

Posted 13 November 2011 - 06:28 PM

The file is over 20 MB. I cannot upload it. It is also not vital to my game. I never play it anyway.

Edited by icemanrk22, 13 November 2011 - 06:32 PM.


#12 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:44 PM

Posted 13 November 2011 - 07:39 PM

icemanrk22:

In that case, we should just nuke it:

Click Start > Run or Press Windows Key + R and copy/paste the following single-line command into the Run box and click OK:
cmd /c del /f/a/q "C:\Users\Rec Room\Downloads\AIX_2.0_CORE_MOD.exe"

Otherwise your logs look good. All I have left for you is some very important cleanup:

Posted Image Your Adobe reader needs to be updated. Please visit Adobe's site and grab the newest version. Be sure to watch for and uncheck any boxes offering to install other software.

Posted Image Uninstall ComboFix
  • Press the Windows key + R on your keyboard or click Start -> Run. Copy and past the following text into the run box that opens and press OK:
    Combofix /Uninstall
Posted Image

Posted Image Delete the following tools along with any other logs you saved from our work:
  • DDS
  • GMER
Posted Image Download TFC to your desktop
  • Close any open windows.
  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted.
  • The program should not take long to finish it's job
  • Once its finished it should automatically reboot your machine,
  • if it doesn't, manually reboot to ensure a complete clean
Posted Image Finally, I'd like to make a couple of suggestions to help you stay clean in the future:
  • Restart any anti-malware programs that we disabled while we were cleaning your machine.
  • Keep your antivirus application and MBAM current and updated. Scan with them at least weekly.
  • Please read this post for some helpful information.
Please post once more so I know you are all set and I can mark this thread resolved. Good luck and stay safe!

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#13 icemanrk22

icemanrk22
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:11:44 AM

Posted 13 November 2011 - 08:12 PM

All done.

DEFINITELY am noticing a change in performance. My PC is booting up quicker and IE seems to be running flawlessly. Thank you so much for all your help. You guys are TRULY a blessing to everyone whom comes to you for help. Once I am in a little more of a stable situation, I will definitely be donating to you guys.

My family thanks you.

#14 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:44 PM

Posted 14 November 2011 - 09:33 PM

You're welcome! Take care.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#15 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:44 PM

Posted 15 November 2011 - 03:52 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users