Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

my browser quits working


  • Please log in to reply
13 replies to this topic

#1 oldaero

oldaero

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:13 PM

Posted 27 May 2012 - 07:03 AM

I'm hoping I can post this...
My comp is an E-machine with Windows 7.... I've had no problems til about 2 mths ago..
When surfing the browser, I can go no further than 2-3 clicks. In other words, I had to close and reopen my browser twice just to post this question...
I use IE9, but I also tried Firefox, but I get the same results... Once I get to a website, I can only go so far until I have to shut it down and start over...

I have run Malware-bytes, and SuperAnti spyware,,, You have helped me in past years, now I'm lost again...
Please help??

Thanks, oldaero

(I had to shut my browser down and restart just to post this question)

BC AdBot (Login to Remove)

 


#2 oldaero

oldaero
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:13 PM

Posted 27 May 2012 - 01:25 PM

sorry about the double post,, that's one of the problems I'm having.... I didn't know that my first thread posted...

#3 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:07:13 PM

Posted 30 May 2012 - 01:27 PM

Can you post the logs from Malwarebytes and Super anti-spyware?


Please download and run Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.


GMER does not work in 64bit Mode!!!!!!

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.[/quote]

#4 oldaero

oldaero
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:13 PM

Posted 03 June 2012 - 01:55 AM

thanks for your reply...
here is Malware log:
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.02.06

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Diana :: DAN [administrator]

6/2/2012 8:38:02 PM
mbam-log-2012-06-02 (20-38-02).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 343067
Time elapsed: 2 hour(s), 26 minute(s), 18 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
(same results I've gotten every time I use Malwarebytes)

SuperAntispyware... last 2 logs:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/30/2012 at 07:45 AM

Application Version : 5.0.1146

Core Rules Database Version : 8656
Trace Rules Database Version: 6468

Scan type : Quick Scan
Total Scan Time : 00:03:50

Operating System Information
Windows 7 Home Premium 32-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned : 565
Memory threats detected : 0
Registry items scanned : 27227
Registry threats detected : 0
File items scanned : 3973
File threats detected : 23

Adware.Tracking Cookie
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\TIYAKJ8B.txt [ Cookie:diana@invitemedia.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\DUQCCSG2.txt [ Cookie:diana@pointroll.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\7ZJS6679.txt [ Cookie:diana@collective-media.net/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\RDP13LZG.txt [ Cookie:diana@realmedia.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\U2JYJKII.txt [ Cookie:diana@casalemedia.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\SLLZGVRU.txt [ Cookie:diana@atdmt.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\PH5L1XRQ.txt [ Cookie:diana@advertising.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\VIH5F7HQ.txt [ Cookie:diana@doubleclick.net/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\0212MDE0.txt [ Cookie:diana@at.atwola.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\03LZLQO6.txt [ Cookie:diana@www.burstnet.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\C23SQRZ6.txt [ Cookie:diana@microsoftinternetexplorer.112.2o7.net/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\82OXCA4G.txt [ Cookie:diana@statse.webtrendslive.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\07AU5ON9.txt [ Cookie:diana@revsci.net/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\PKBH6O0M.txt [ Cookie:diana@traveladvertising.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\I2Y5PT14.txt [ Cookie:diana@media.adfrontiers.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\77XDAXJS.txt [ Cookie:diana@c.atdmt.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\XO393O6I.txt [ Cookie:diana@microsoftsto.112.2o7.net/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\P51WCPH7.txt [ Cookie:diana@burstnet.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\06DVLVTP.txt [ Cookie:diana@h.atdmt.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\IJZ4NYF6.txt [ Cookie:diana@247realmedia.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\RE25BL8Q.txt [ Cookie:diana@c1.atdmt.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\0CS3YNT0.txt [ Cookie:diana@www.mynortonaccount.com/amsweb/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\646GWLDR.txt [ Cookie:diana@microsoftwindows.112.2o7.net/ ]

-------------------------------------------

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/03/2012 at 00:17 AM

Application Version : 5.0.1150

Core Rules Database Version : 8675
Trace Rules Database Version: 6487

Scan type : Quick Scan
Total Scan Time : 00:11:40

Operating System Information
Windows 7 Home Premium 32-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned : 606
Memory threats detected : 0
Registry items scanned : 27227
Registry threats detected : 0
File items scanned : 7114
File threats detected : 4

Adware.Tracking Cookie
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\IXUZZJ0L.txt [ Cookie:diana@atdmt.com/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\7JG9348R.txt [ Cookie:diana@doubleclick.net/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\097VGO5P.txt [ Cookie:diana@revsci.net/ ]
C:\USERS\DIANA\AppData\Roaming\Microsoft\Windows\Cookies\Low\CFH1ICYO.txt [ Cookie:diana@c.atdmt.com/ ]


Next post will be results from "security check" and "gmer"

#5 oldaero

oldaero
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:13 PM

Posted 03 June 2012 - 02:00 AM

results from "security checK" and then "gmer" :

Results of screen317's Security Check version 0.99.41
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
WOW! Security 9.01
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
SUPERAntiSpyware
Malwarebytes Anti-Malware version 1.60.1.1000
Java™ 6 Update 31
Java version out of date!
Adobe Reader 9 Adobe Reader out of date!
````````Process Check: objlist.exe by Laurent````````
WOW Security Anti-Virus fsgk32st.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````


_____________________________________________________

GMER is really long, so I'm gonna post it in my next reply..

#6 oldaero

oldaero
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:13 PM

Posted 03 June 2012 - 02:16 AM

GMER log:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-06-03 02:33:10
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\00000086 ST316031 rev.CC44
Running: 4fb245tt.exe; Driver: C:\Users\Diana\AppData\Local\Temp\fxldapow.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\WOW Security\HIPS\drivers\fshs.sys ZwCreateThread [0x93082E8C]
SSDT \??\C:\Program Files\WOW Security\HIPS\drivers\fshs.sys ZwCreateThreadEx [0x93082EA6]
SSDT \??\C:\Program Files\WOW Security\HIPS\drivers\fshs.sys ZwLoadDriver [0x930831BC]
SSDT \??\C:\Program Files\WOW Security\HIPS\drivers\fshs.sys ZwMapViewOfSection [0x93082BCC]
SSDT \??\C:\Program Files\WOW Security\HIPS\drivers\fshs.sys ZwOpenSection [0x930835EE]
SSDT \??\C:\Program Files\WOW Security\HIPS\drivers\fshs.sys ZwRenameKey [0x9308488C]
SSDT \??\C:\Program Files\WOW Security\HIPS\drivers\fshs.sys ZwSetSystemInformation [0x9308343E]
SSDT \??\C:\Program Files\WOW Security\HIPS\drivers\fshs.sys ZwSuspendProcess [0x93082A4C]
SSDT \??\C:\Program Files\WOW Security\HIPS\drivers\fshs.sys ZwSuspendThread [0x93082EC0]
SSDT \??\C:\Program Files\WOW Security\HIPS\drivers\fshs.sys ZwSystemDebugControl [0x93083042]
SSDT \??\C:\Program Files\WOW Security\HIPS\drivers\fshs.sys ZwTerminateProcess [0x930829A6]
SSDT \??\C:\Program Files\WOW Security\HIPS\drivers\fshs.sys ZwTerminateThread [0x93082B06]
SSDT \??\C:\Program Files\WOW Security\HIPS\drivers\fshs.sys ZwWriteVirtualMemory [0x93082F86]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKey + 13C1 82E3E3D9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82E77D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1203 82E7EEF8 8 Bytes [8C, 2E, 08, 93, A6, 2E, 08, ...] {MOV WORD [ESI], GS; OR [EBX-0x6cf7d15a], DL}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1313 82E7F008 4 Bytes [BC, 31, 08, 93]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1347 82E7F03C 4 Bytes [CC, 2B, 08, 93] {INT 3 ; SUB ECX, [EAX]; XCHG EBX, EAX}
.text ntkrnlpa.exe!KeRemoveQueueEx + 13AF 82E7F0A4 4 Bytes [EE, 35, 08, 93]
.text ntkrnlpa.exe!KeRemoveQueueEx + 152F 82E7F224 4 Bytes [8C, 48, 08, 93] {MOV WORD [EAX+0x8], CS; XCHG EBX, EAX}
.text ...
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x94425340, 0x411467, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\wininit.exe[464] ntdll.dll!NtCreateProcess 77CE5698 5 Bytes JMP 0024000C
.text C:\Windows\system32\wininit.exe[464] ntdll.dll!NtCreateProcessEx 77CE56A8 5 Bytes JMP 0024100C
.text C:\Windows\system32\wininit.exe[464] ntdll.dll!NtCreateUserProcess 77CE5778 5 Bytes JMP 0024200C
.text C:\Windows\system32\wininit.exe[464] kernel32.dll!LoadLibraryExW 76775079 5 Bytes JMP 0024300C
.text C:\Windows\system32\wininit.exe[464] kernel32.dll!TerminateThread 7678BC01 5 Bytes JMP 0024400C
.text C:\Windows\system32\wininit.exe[464] USER32.dll!SetWindowsHookExW 77DFE30C 5 Bytes JMP 0024500C
.text C:\Windows\system32\wininit.exe[464] USER32.dll!DdeConnect 77E3EB5B 5 Bytes JMP 0024A00C
.text C:\Windows\system32\wininit.exe[464] ADVAPI32.dll!OpenServiceW 763DCA4C 5 Bytes JMP 0024600C
.text C:\Windows\system32\wininit.exe[464] ADVAPI32.dll!CloseServiceHandle 763E369C 5 Bytes JMP 0024800C
.text C:\Windows\system32\wininit.exe[464] ADVAPI32.dll!CreateServiceW 763F712C 5 Bytes JMP 0024900C
.text C:\Windows\system32\wininit.exe[464] ADVAPI32.dll!ControlService 763F7144 5 Bytes JMP 0024700C
.text C:\Windows\system32\lsass.exe[532] ntdll.dll!NtCreateProcess 77CE5698 5 Bytes JMP 001A000C
.text C:\Windows\system32\lsass.exe[532] ntdll.dll!NtCreateProcessEx 77CE56A8 5 Bytes JMP 001A100C
.text C:\Windows\system32\lsass.exe[532] ntdll.dll!NtCreateUserProcess 77CE5778 5 Bytes JMP 001A200C
.text C:\Windows\system32\lsass.exe[532] kernel32.dll!LoadLibraryExW 76775079 5 Bytes JMP 001A300C
.text C:\Windows\system32\lsass.exe[532] kernel32.dll!TerminateThread 7678BC01 5 Bytes JMP 001A400C
.text C:\Windows\system32\lsass.exe[532] ADVAPI32.dll!OpenServiceW 763DCA4C 5 Bytes JMP 001A600C
.text C:\Windows\system32\lsass.exe[532] ADVAPI32.dll!CloseServiceHandle 763E369C 5 Bytes JMP 001A800C
.text C:\Windows\system32\lsass.exe[532] ADVAPI32.dll!CreateServiceW 763F712C 5 Bytes JMP 001A900C
.text C:\Windows\system32\lsass.exe[532] ADVAPI32.dll!ControlService 763F7144 5 Bytes JMP 001A700C
.text C:\Windows\system32\lsass.exe[532] USER32.dll!SetWindowsHookExW 77DFE30C 5 Bytes JMP 001A500C
.text C:\Windows\system32\lsass.exe[532] USER32.dll!DdeConnect 77E3EB5B 5 Bytes JMP 001AA00C
.text C:\Windows\system32\lsm.exe[540] ntdll.dll!NtCreateProcess 77CE5698 5 Bytes JMP 002B000C
.text C:\Windows\system32\lsm.exe[540] ntdll.dll!NtCreateProcessEx 77CE56A8 5 Bytes JMP 002B100C
.text C:\Windows\system32\lsm.exe[540] ntdll.dll!NtCreateUserProcess 77CE5778 5 Bytes JMP 002B200C
.text C:\Windows\system32\lsm.exe[540] kernel32.dll!LoadLibraryExW 76775079 5 Bytes JMP 002B300C
.text C:\Windows\system32\lsm.exe[540] kernel32.dll!TerminateThread 7678BC01 5 Bytes JMP 002B400C
.text C:\Windows\system32\lsm.exe[540] ADVAPI32.dll!OpenServiceW 763DCA4C 5 Bytes JMP 002B600C
.text C:\Windows\system32\lsm.exe[540] ADVAPI32.dll!CloseServiceHandle 763E369C 5 Bytes JMP 002B800C
.text C:\Windows\system32\lsm.exe[540] ADVAPI32.dll!CreateServiceW 763F712C 5 Bytes JMP 002B900C
.text C:\Windows\system32\lsm.exe[540] ADVAPI32.dll!ControlService 763F7144 5 Bytes JMP 002B700C
.text C:\Windows\system32\lsm.exe[540] USER32.dll!SetWindowsHookExW 77DFE30C 5 Bytes JMP 002B500C
.text C:\Windows\system32\lsm.exe[540] USER32.dll!DdeConnect 77E3EB5B 5 Bytes JMP 002BA00C
.text C:\Windows\system32\winlogon.exe[604] ntdll.dll!NtCreateProcess 77CE5698 5 Bytes JMP 0040000C
.text C:\Windows\system32\winlogon.exe[604] ntdll.dll!NtCreateProcessEx 77CE56A8 5 Bytes JMP 0040100C
.text C:\Windows\system32\winlogon.exe[604] ntdll.dll!NtCreateUserProcess 77CE5778 5 Bytes JMP 0040200C
.text C:\Windows\system32\winlogon.exe[604] kernel32.dll!LoadLibraryExW 76775079 5 Bytes JMP 0040300C
.text C:\Windows\system32\winlogon.exe[604] kernel32.dll!TerminateThread 7678BC01 5 Bytes JMP 0040400C
.text C:\Windows\system32\winlogon.exe[604] USER32.dll!SetWindowsHookExW 77DFE30C 5 Bytes JMP 0040500C
.text C:\Windows\system32\winlogon.exe[604] USER32.dll!DdeConnect 77E3EB5B 5 Bytes JMP 0040B00C
.text C:\Windows\system32\winlogon.exe[604] ADVAPI32.dll!OpenServiceW 763DCA4C 5 Bytes JMP 0040600C
.text C:\Windows\system32\winlogon.exe[604] ADVAPI32.dll!CloseServiceHandle 763E369C 5 Bytes JMP 0040800C
.text C:\Windows\system32\winlogon.exe[604] ADVAPI32.dll!CreateServiceW 763F712C 5 Bytes JMP 0040900C
.text C:\Windows\system32\winlogon.exe[604] ADVAPI32.dll!ControlService 763F7144 5 Bytes JMP 0040700C
.text C:\Windows\system32\winlogon.exe[604] ole32.dll!CoCreateInstanceEx 76A39D4E 5 Bytes JMP 0040A00C
.text C:\Windows\system32\svchost.exe[692] ntdll.dll!NtCreateProcess 77CE5698 5 Bytes JMP 00C8000C
.text C:\Windows\system32\svchost.exe[692] ntdll.dll!NtCreateProcessEx 77CE56A8 5 Bytes JMP 00C8100C
.text C:\Windows\system32\svchost.exe[692] ntdll.dll!NtCreateUserProcess 77CE5778 5 Bytes JMP 00C8200C
.text C:\Windows\system32\nvvsvc.exe[752] ntdll.dll!NtCreateProcess 77CE5698 5 Bytes JMP 0017000C
.text C:\Windows\system32\nvvsvc.exe[752] ntdll.dll!NtCreateProcessEx 77CE56A8 5 Bytes JMP 0017100C
.text C:\Windows\system32\nvvsvc.exe[752] ntdll.dll!NtCreateUserProcess 77CE5778 5 Bytes JMP 0017200C
.text C:\Windows\system32\nvvsvc.exe[752] kernel32.dll!LoadLibraryExW 76775079 5 Bytes JMP 0017300C
.text C:\Windows\system32\nvvsvc.exe[752] kernel32.dll!TerminateThread 7678BC01 5 Bytes JMP 0017400C
.text C:\Windows\system32\nvvsvc.exe[752] USER32.dll!SetWindowsHookExW 77DFE30C 5 Bytes JMP 0017500C
.text C:\Windows\system32\nvvsvc.exe[752] USER32.dll!DdeConnect 77E3EB5B 5 Bytes JMP 0017A00C
.text C:\Windows\system32\nvvsvc.exe[752] ADVAPI32.dll!OpenServiceW 763DCA4C 5 Bytes JMP 0017600C
.text C:\Windows\system32\nvvsvc.exe[752] ADVAPI32.dll!CloseServiceHandle 763E369C 5 Bytes JMP 0017800C
.text C:\Windows\system32\nvvsvc.exe[752] ADVAPI32.dll!CreateServiceW 763F712C 5 Bytes JMP 0017900C
.text C:\Windows\system32\nvvsvc.exe[752] ADVAPI32.dll!ControlService 763F7144 5 Bytes JMP 0017700C
.text C:\Windows\system32\svchost.exe[788] ntdll.dll!NtCreateProcess 77CE5698 5 Bytes JMP 0039000C
.text C:\Windows\system32\svchost.exe[788] ntdll.dll!NtCreateProcessEx 77CE56A8 5 Bytes JMP 0039100C
.text C:\Windows\system32\svchost.exe[788] ntdll.dll!NtCreateUserProcess 77CE5778 5 Bytes JMP 0039200C
.text C:\Windows\System32\svchost.exe[884] ntdll.dll!NtCreateProcess 77CE5698 5 Bytes JMP 0066000C
.text C:\Windows\System32\svchost.exe[884] ntdll.dll!NtCreateProcessEx 77CE56A8 5 Bytes JMP 0066100C
.text C:\Windows\System32\svchost.exe[884] ntdll.dll!NtCreateUserProcess 77CE5778 5 Bytes JMP 0066200C
.text C:\Windows\System32\svchost.exe[916] ntdll.dll!NtCreateProcess 77CE5698 5 Bytes JMP 003A000C
.text C:\Windows\System32\svchost.exe[916] ntdll.dll!NtCreateProcessEx 77CE56A8 5 Bytes JMP 003A100C
.text C:\Windows\System32\svchost.exe[916] ntdll.dll!NtCreateUserProcess 77CE5778 5 Bytes JMP 003A200C
.text C:\Windows\system32\svchost.exe[944] ntdll.dll!NtCreateProcess 77CE5698 5 Bytes JMP 00AB000C
.text C:\Windows\system32\svchost.exe[944] ntdll.dll!NtCreateProcessEx 77CE56A8 5 Bytes JMP 00AB100C
.text C:\Windows\system32\svchost.exe[944] ntdll.dll!NtCreateUserProcess 77CE5778 5 Bytes JMP 00AB200C
.text C:\Windows\system32\svchost.exe[1108] ntdll.dll!NtCreateProcess 77CE5698 5 Bytes JMP 0044000C
.text C:\Windows\system32\svchost.exe[1108] ntdll.dll!NtCreateProcessEx 77CE56A8 5 Bytes JMP 0044100C
.text C:\Windows\system32\svchost.exe[1108] ntdll.dll!NtCreateUserProcess 77CE5778 5 Bytes JMP 0044200C
.text C:\Windows\system32\svchost.exe[1192] ntdll.dll!NtCreateProcess 77CE5698 5 Bytes JMP 003A000C
.text C:\Windows\system32\svchost.exe[1192] ntdll.dll!NtCreateProcessEx 77CE56A8 5 Bytes JMP 003A100C
.text C:\Windows\system32\svchost.exe[1192] ntdll.dll!NtCreateUserProcess 77CE5778 5 Bytes JMP 003A200C
.text C:\Windows\system32\rundll32.exe[1256] ntdll.dll!NtCreateProcess 77CE5698 5 Bytes JMP 004B000C
.text C:\Windows\system32\rundll32.exe[1256] ntdll.dll!NtCreateProcessEx 77CE56A8 5 Bytes JMP 004B100C
.text C:\Windows\system32\rundll32.exe[1256] ntdll.dll!NtCreateUserProcess 77CE5778 5 Bytes JMP 004B200C
.text C:\Windows\system32\rundll32.exe[1256] kernel32.dll!LoadLibraryExW 76775079 5 Bytes JMP 004B300C
.text C:\Windows\system32\rundll32.exe[1256] kernel32.dll!TerminateThread 7678BC01 5 Bytes JMP 004B400C
.text C:\Windows\system32\rundll32.exe[1256] USER32.dll!SetWindowsHookExW 77DFE30C 5 Bytes JMP 004B500C
.text C:\Windows\system32\rundll32.exe[1256] USER32.dll!DdeConnect 77E3EB5B 5 Bytes JMP 004BB00C
.text C:\Windows\system32\rundll32.exe[1256] ole32.dll!CoCreateInstanceEx 76A39D4E 5 Bytes JMP 004BA00C
.text C:\Windows\system32\rundll32.exe[1256] ADVAPI32.dll!OpenServiceW 763DCA4C 5 Bytes JMP 004B600C
.text C:\Windows\system32\rundll32.exe[1256] ADVAPI32.dll!CloseServiceHandle 763E369C 5 Bytes JMP 004B800C
.text C:\Windows\system32\rundll32.exe[1256] ADVAPI32.dll!CreateServiceW 763F712C 5 Bytes JMP 004B900C
.text C:\Windows\system32\rundll32.exe[1256] ADVAPI32.dll!ControlService 763F7144 5 Bytes JMP 004B700C
.text C:\Windows\system32\svchost.exe[1424] ntdll.dll!NtCreateProcess 77CE5698 5 Bytes JMP 004E000C
.text C:\Windows\system32\svchost.exe[1424] ntdll.dll!NtCreateProcessEx 77CE56A8 5 Bytes JMP 004E100C
.text C:\Windows\system32\svchost.exe[1424] ntdll.dll!NtCreateUserProcess 77CE5778 5 Bytes JMP 004E200C
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1520] ntdll.dll!NtCreateProcess 77CE5698 5 Bytes JMP 000F000C
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1520] ntdll.dll!NtCreateProcessEx 77CE56A8 5 Bytes JMP 000F100C
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1520] ntdll.dll!NtCreateUserProcess 77CE5778 5 Bytes JMP 000F200C
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1520] kernel32.dll!LoadLibraryExW 76775079 5 Bytes JMP 000F300C
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1520] kernel32.dll!TerminateThread 7678BC01 5 Bytes JMP 000F400C
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1520] USER32.dll!SetWindowsHookExW 77DFE30C 5 Bytes JMP 000F500C
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1520] USER32.dll!DdeConnect 77E3EB5B 5 Bytes JMP 000FB00C
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1520] ADVAPI32.dll!OpenServiceW 763DCA4C 5 Bytes JMP 000F600C
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1520] ADVAPI32.dll!CloseServiceHandle 763E369C 5 Bytes JMP 000F800C
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1520] ADVAPI32.dll!CreateServiceW 763F712C 5 Bytes JMP 000F900C
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1520] ADVAPI32.dll!ControlService 763F7144 5 Bytes JMP 000F700C
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1520] ole32.dll!CoCreateInstanceEx 76A39D4E 5 Bytes JMP 000FA00C
.text C:\Windows\system32\svchost.exe[1592] ntdll.dll!NtCreateProcess 77CE5698 5 Bytes JMP 0033000C
.text C:\Windows\system32\svchost.exe[1592] ntdll.dll!NtCreateProcessEx 77CE56A8 5 Bytes JMP 0033100C
.text C:\Windows\system32\svchost.exe[1592] ntdll.dll!NtCreateUserProcess 77CE5778 5 Bytes JMP 0033200C
.text C:\Windows\system32\svchost.exe[1644] ntdll.dll!NtCreateProcess 77CE5698 5 Bytes JMP 003E000C
.text C:\Windows\system32\svchost.exe[1644] ntdll.dll!NtCreateProcessEx 77CE56A8 5 Bytes JMP 003E100C
.text C:\Windows\system32\svchost.exe[1644] ntdll.dll!NtCreateUserProcess 77CE5778 5 Bytes JMP 003E200C
.text C:\Windows\system32\svchost.exe[1720] ntdll.dll!NtCreateProcess 77CE5698 5 Bytes JMP 003C000C
.text C:\Windows\system32\svchost.exe[1720] ntdll.dll!NtCreateProcessEx 77CE56A8 5 Bytes JMP 003C100C
.text C:\Windows\system32\svchost.exe[1720] ntdll.dll!NtCreateUserProcess 77CE5778 5 Bytes JMP 003C200C
.text C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE[1816] ntdll.dll!NtCreateProcess 77CE5698 5 Bytes JMP 000E000C
.text C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE[1816] ntdll.dll!NtCreateProcessEx 77CE56A8 5 Bytes JMP 000E100C
.text C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE[1816] ntdll.dll!NtCreateUserProcess 77CE5778 5 Bytes JMP 000E200C
.text C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE[1816] kernel32.dll!LoadLibraryExW 76775079 5 Bytes JMP 000E300C
.text C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE[1816] kernel32.dll!TerminateThread 7678BC01 5 Bytes JMP 000E400C
.text C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE[1816] USER32.dll!SetWindowsHookExW 77DFE30C 5 Bytes JMP 000E500C
.text C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE[1816] USER32.dll!DdeConnect 77E3EB5B 5 Bytes JMP 000EB00C
.text C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE[1816] ole32.dll!CoCreateInstanceEx 76A39D4E 5 Bytes JMP 000EA00C
.text C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE[1816] ADVAPI32.dll!OpenServiceW 763DCA4C 5 Bytes JMP 000E600C
.text C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE[1816] ADVAPI32.dll!CloseServiceHandle 763E369C 5 Bytes JMP 000E800C
.text C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE[1816] ADVAPI32.dll!CreateServiceW 763F712C 5 Bytes JMP 000E900C
.text C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE[1816] ADVAPI32.dll!ControlService 763F7144 5 Bytes JMP 000E700C
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2332] ntdll.dll!NtCreateProcess 77CE5698 5 Bytes JMP 0017000C
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2332] ntdll.dll!NtCreateProcessEx 77CE56A8 5 Bytes JMP 0017100C
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2332] ntdll.dll!NtCreateUserProcess 77CE5778 5 Bytes JMP 0017200C
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2332] kernel32.dll!LoadLibraryExW 76775079 5 Bytes JMP 0017300C
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2332] kernel32.dll!TerminateThread 7678BC01 5 Bytes JMP 0017400C
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2332] ADVAPI32.dll!OpenServiceW 763DCA4C 5 Bytes JMP 0017600C
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2332] ADVAPI32.dll!CloseServiceHandle 763E369C 5 Bytes JMP 0017800C
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2332] ADVAPI32.dll!CreateServiceW 763F712C 5 Bytes JMP 0017900C
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2332] ADVAPI32.dll!ControlService 763F7144 5 Bytes JMP 0017700C
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2332] USER32.dll!SetWindowsHookExW 77DFE30C 5 Bytes JMP 0017500C
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2332] USER32.dll!DdeConnect 77E3EB5B 5 Bytes JMP 0017B00C
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2332] ole32.dll!CoCreateInstanceEx 76A39D4E 5 Bytes JMP 0017A00C
.text C:\Windows\system32\taskhost.exe[2356] ntdll.dll!NtCreateProcess 77CE5698 5 Bytes JMP 0143000C
.text C:\Windows\system32\taskhost.exe[2356] ntdll.dll!NtCreateProcessEx 77CE56A8 5 Bytes JMP 0143100C
.text C:\Windows\system32\taskhost.exe[2356] ntdll.dll!NtCreateUserProcess 77CE5778 5 Bytes JMP 0143200C
.text C:\Windows\system32\taskhost.exe[2356] kernel32.dll!LoadLibraryExW 76775079 5 Bytes JMP 0143300C
.text C:\Windows\system32\taskhost.exe[2356] kernel32.dll!TerminateThread 7678BC01 5 Bytes JMP 0143400C
.text C:\Windows\system32\taskhost.exe[2356] ole32.dll!CoCreateInstanceEx 76A39D4E 5 Bytes JMP 0143A00C
.text C:\Windows\system32\taskhost.exe[2356] USER32.dll!SetWindowsHookExW 77DFE30C 5 Bytes JMP 0143500C
.text C:\Windows\system32\taskhost.exe[2356] USER32.dll!DdeConnect 77E3EB5B 5 Bytes JMP 0143B00C
.text C:\Windows\system32\taskhost.exe[2356] ADVAPI32.dll!OpenServiceW 763DCA4C 5 Bytes JMP 0143600C
.text C:\Windows\system32\taskhost.exe[2356] ADVAPI32.dll!CloseServiceHandle 763E369C 5 Bytes JMP 0143800C
.text C:\Windows\system32\taskhost.exe[2356] ADVAPI32.dll!CreateServiceW 763F712C 5 Bytes JMP 0143900C
.text C:\Windows\system32\taskhost.exe[2356] ADVAPI32.dll!ControlService 763F7144 5 Bytes JMP 0143700C
.text C:\Windows\system32\SearchIndexer.exe[2464] ntdll.dll!NtCreateProcess 77CE5698 5 Bytes JMP 02DD000C
.text C:\Windows\system32\SearchIndexer.exe[2464] ntdll.dll!NtCreateProcessEx 77CE56A8 5 Bytes JMP 02DD100C
.text C:\Windows\system32\SearchIndexer.exe[2464] ntdll.dll!NtCreateUserProcess 77CE5778 5 Bytes JMP 02DD200C
.text C:\Windows\system32\SearchIndexer.exe[2464] kernel32.dll!LoadLibraryExW 76775079 5 Bytes JMP 02DD300C
.text C:\Windows\system32\SearchIndexer.exe[2464] kernel32.dll!TerminateThread 7678BC01 5 Bytes JMP 02DD400C
.text C:\Windows\system32\SearchIndexer.exe[2464] ADVAPI32.dll!OpenServiceW 763DCA4C 5 Bytes JMP 02DD600C
.text C:\Windows\system32\SearchIndexer.exe[2464] ADVAPI32.dll!CloseServiceHandle 763E369C 5 Bytes JMP 02DD800C
.text C:\Windows\system32\SearchIndexer.exe[2464] ADVAPI32.dll!CreateServiceW 763F712C 5 Bytes JMP 02DD900C
.text C:\Windows\system32\SearchIndexer.exe[2464] ADVAPI32.dll!ControlService 763F7144 5 Bytes JMP 02DD700C
.text C:\Windows\system32\SearchIndexer.exe[2464] USER32.dll!SetWindowsHookExW 77DFE30C 5 Bytes JMP 02DD500C
.text C:\Windows\system32\SearchIndexer.exe[2464] USER32.dll!DdeConnect 77E3EB5B 5 Bytes JMP 02DDB00C
.text C:\Windows\system32\SearchIndexer.exe[2464] ole32.dll!CoCreateInstanceEx 76A39D4E 5 Bytes JMP 02DDA00C
.text C:\Windows\Explorer.EXE[2664] ntdll.dll!NtCreateProcess 77CE5698 5 Bytes JMP 020D000C
.text C:\Windows\Explorer.EXE[2664] ntdll.dll!NtCreateProcessEx 77CE56A8 5 Bytes JMP 020D100C
.text C:\Windows\Explorer.EXE[2664] ntdll.dll!NtCreateUserProcess 77CE5778 5 Bytes JMP 020D200C
.text C:\Windows\Explorer.EXE[2664] kernel32.dll!LoadLibraryExW 76775079 5 Bytes JMP 020D300C
.text C:\Windows\Explorer.EXE[2664] kernel32.dll!TerminateThread 7678BC01 5 Bytes JMP 020D400C
.text C:\Windows\Explorer.EXE[2664] ADVAPI32.dll!OpenServiceW 763DCA4C 5 Bytes JMP 020D600C
.text C:\Windows\Explorer.EXE[2664] ADVAPI32.dll!CloseServiceHandle 763E369C 5 Bytes JMP 020D800C
.text C:\Windows\Explorer.EXE[2664] ADVAPI32.dll!CreateServiceW 763F712C 5 Bytes JMP 020D900C
.text C:\Windows\Explorer.EXE[2664] ADVAPI32.dll!ControlService 763F7144 5 Bytes JMP 020D700C
.text C:\Windows\Explorer.EXE[2664] USER32.dll!SetWindowsHookExW 77DFE30C 5 Bytes JMP 020D500C
.text C:\Windows\Explorer.EXE[2664] USER32.dll!DdeConnect 77E3EB5B 5 Bytes JMP 020DB00C
.text C:\Windows\Explorer.EXE[2664] ole32.dll!CoCreateInstanceEx 76A39D4E 5 Bytes JMP 020DA00C
.text C:\Windows\system32\Dwm.exe[2876] ntdll.dll!NtCreateProcess 77CE5698 5 Bytes JMP 0077000C
.text C:\Windows\system32\Dwm.exe[2876] ntdll.dll!NtCreateProcessEx 77CE56A8 5 Bytes JMP 0077100C
.text C:\Windows\system32\Dwm.exe[2876] ntdll.dll!NtCreateUserProcess 77CE5778 5 Bytes JMP 0077200C
.text C:\Windows\system32\Dwm.exe[2876] kernel32.dll!LoadLibraryExW 76775079 5 Bytes JMP 0077300C
.text C:\Windows\system32\Dwm.exe[2876] kernel32.dll!TerminateThread 7678BC01 5 Bytes JMP 0077400C
.text C:\Windows\system32\Dwm.exe[2876] USER32.dll!SetWindowsHookExW 77DFE30C 5 Bytes JMP 0077500C
.text C:\Windows\system32\Dwm.exe[2876] USER32.dll!DdeConnect 77E3EB5B 5 Bytes JMP 0077B00C
.text C:\Windows\system32\Dwm.exe[2876] ADVAPI32.dll!OpenServiceW 763DCA4C 5 Bytes JMP 0077600C
.text C:\Windows\system32\Dwm.exe[2876] ADVAPI32.dll!CloseServiceHandle 763E369C 5 Bytes JMP 0077800C
.text C:\Windows\system32\Dwm.exe[2876] ADVAPI32.dll!CreateServiceW 763F712C 5 Bytes JMP 0077900C
.text C:\Windows\system32\Dwm.exe[2876] ADVAPI32.dll!ControlService 763F7144 5 Bytes JMP 0077700C
.text C:\Windows\system32\Dwm.exe[2876] ole32.dll!CoCreateInstanceEx 76A39D4E 5 Bytes JMP 0077A00C
.text C:\Windows\system32\svchost.exe[3028] ntdll.dll!NtCreateProcess 77CE5698 5 Bytes JMP 001D000C
.text C:\Windows\system32\svchost.exe[3028] ntdll.dll!NtCreateProcessEx 77CE56A8 5 Bytes JMP 001D100C
.text C:\Windows\system32\svchost.exe[3028] ntdll.dll!NtCreateUserProcess 77CE5778 5 Bytes JMP 001D200C
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3320] ntdll.dll!NtCreateProcess 77CE5698 5 Bytes JMP 00C3000C
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3320] ntdll.dll!NtCreateProcessEx 77CE56A8 5 Bytes JMP 00C3100C
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3320] ntdll.dll!NtCreateUserProcess 77CE5778 5 Bytes JMP 00C3200C
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3320] kernel32.dll!LoadLibraryExW 76775079 5 Bytes JMP 00C3300C
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3320] kernel32.dll!TerminateThread 7678BC01 5 Bytes JMP 00C3400C
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3320] ADVAPI32.dll!OpenServiceW 763DCA4C 5 Bytes JMP 00C3600C
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3320] ADVAPI32.dll!CloseServiceHandle 763E369C 5 Bytes JMP 00C3800C
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3320] ADVAPI32.dll!CreateServiceW 763F712C 5 Bytes JMP 00C3900C
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3320] ADVAPI32.dll!ControlService 763F7144 5 Bytes JMP 00C3700C
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3320] USER32.dll!SetWindowsHookExW 77DFE30C 5 Bytes JMP 00C3500C
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3320] USER32.dll!DdeConnect 77E3EB5B 5 Bytes JMP 00C3B00C
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3320] ole32.dll!CoCreateInstanceEx 76A39D4E 5 Bytes JMP 00C3A00C
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3372] ntdll.dll!NtCreateProcess 77CE5698 5 Bytes JMP 014B000C
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3372] ntdll.dll!NtCreateProcessEx 77CE56A8 5 Bytes JMP 014B100C
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3372] ntdll.dll!NtCreateUserProcess 77CE5778 5 Bytes JMP 014B200C
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3372] kernel32.dll!LoadLibraryExW 76775079 5 Bytes JMP 014B300C
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3372] kernel32.dll!TerminateThread 7678BC01 5 Bytes JMP 014B400C
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3372] ADVAPI32.dll!OpenServiceW 763DCA4C 5 Bytes JMP 014B600C
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3372] ADVAPI32.dll!CloseServiceHandle 763E369C 5 Bytes JMP 014B800C
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3372] ADVAPI32.dll!CreateServiceW 763F712C 5 Bytes JMP 014B900C
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3372] ADVAPI32.dll!ControlService 763F7144 5 Bytes JMP 014B700C
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3372] USER32.dll!SetWindowsHookExW 77DFE30C 5 Bytes JMP 014B500C
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3372] USER32.dll!DdeConnect 77E3EB5B 5 Bytes JMP 014BB00C
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3372] ole32.dll!CoCreateInstanceEx 76A39D4E 5 Bytes JMP 014BA00C
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3480] ntdll.dll!NtCreateProcess 77CE5698 5 Bytes JMP 001D000C
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3480] ntdll.dll!NtCreateProcessEx 77CE56A8 5 Bytes JMP 001D100C
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3480] ntdll.dll!NtCreateUserProcess 77CE5778 5 Bytes JMP 001D200C
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3480] kernel32.dll!LoadLibraryExW 76775079 5 Bytes JMP 001D300C
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3480] kernel32.dll!TerminateThread 7678BC01 5 Bytes JMP 001D400C
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3480] USER32.dll!SetWindowsHookExW 77DFE30C 5 Bytes JMP 001D500C
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3480] USER32.dll!DdeConnect 77E3EB5B 5 Bytes JMP 001DA00C
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3480] ADVAPI32.dll!OpenServiceW 763DCA4C 5 Bytes JMP 001D600C
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3480] ADVAPI32.dll!CloseServiceHandle 763E369C 5 Bytes JMP 001D800C
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3480] ADVAPI32.dll!CreateServiceW 763F712C 5 Bytes JMP 001D900C
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3480] ADVAPI32.dll!ControlService 763F7144 5 Bytes JMP 001D700C
.text C:\Program Files\Real\RealPlayer\realplay.exe[3488] ntdll.dll!NtCreateProcess 77CE5698 5 Bytes JMP 0064000C
.text C:\Program Files\Real\RealPlayer\realplay.exe[3488] ntdll.dll!NtCreateProcessEx 77CE56A8 5 Bytes JMP 0064100C
.text C:\Program Files\Real\RealPlayer\realplay.exe[3488] ntdll.dll!NtCreateUserProcess 77CE5778 5 Bytes JMP 0064200C
.text C:\Program Files\Real\RealPlayer\realplay.exe[3488] kernel32.dll!LoadLibraryExW 76775079 5 Bytes JMP 0064300C
.text C:\Program Files\Real\RealPlayer\realplay.exe[3488] kernel32.dll!TerminateThread 7678BC01 5 Bytes JMP 0064400C
.text C:\Program Files\Real\RealPlayer\realplay.exe[3488] USER32.dll!SetWindowsHookExW 77DFE30C 5 Bytes JMP 0064500C
.text C:\Program Files\Real\RealPlayer\realplay.exe[3488] USER32.dll!DdeConnect 77E3EB5B 5 Bytes JMP 0064B00C
.text C:\Program Files\Real\RealPlayer\realplay.exe[3488] ADVAPI32.dll!OpenServiceW 763DCA4C 5 Bytes JMP 0064600C
.text C:\Program Files\Real\RealPlayer\realplay.exe[3488] ADVAPI32.dll!CloseServiceHandle 763E369C 5 Bytes JMP 0064800C
.text C:\Program Files\Real\RealPlayer\realplay.exe[3488] ADVAPI32.dll!CreateServiceW 763F712C 5 Bytes JMP 0064900C
.text C:\Program Files\Real\RealPlayer\realplay.exe[3488] ADVAPI32.dll!ControlService 763F7144 5 Bytes JMP 0064700C
.text C:\Program Files\Real\RealPlayer\realplay.exe[3488] ole32.dll!CoCreateInstanceEx 76A39D4E 5 Bytes JMP 0064A00C
.text C:\Program Files\QuickTime\QTTask.exe[3504] ntdll.dll!NtCreateProcess 77CE5698 5 Bytes JMP 000F000C
.text C:\Program Files\QuickTime\QTTask.exe[3504] ntdll.dll!NtCreateProcessEx 77CE56A8 5 Bytes JMP 000F100C
.text C:\Program Files\QuickTime\QTTask.exe[3504] ntdll.dll!NtCreateUserProcess 77CE5778 5 Bytes JMP 000F200C
.text C:\Program Files\QuickTime\QTTask.exe[3504] kernel32.dll!LoadLibraryExW 76775079 5 Bytes JMP 000F300C
.text C:\Program Files\QuickTime\QTTask.exe[3504] kernel32.dll!TerminateThread 7678BC01 5 Bytes JMP 000F400C
.text C:\Program Files\QuickTime\QTTask.exe[3504] USER32.dll!SetWindowsHookExW 77DFE30C 5 Bytes JMP 000F500C
.text C:\Program Files\QuickTime\QTTask.exe[3504] USER32.dll!DdeConnect 77E3EB5B 5 Bytes JMP 000FB00C
.text C:\Program Files\QuickTime\QTTask.exe[3504] ADVAPI32.dll!OpenServiceW 763DCA4C 5 Bytes JMP 000F600C
.text C:\Program Files\QuickTime\QTTask.exe[3504] ADVAPI32.dll!CloseServiceHandle 763E369C 5 Bytes JMP 000F800C
.text C:\Program Files\QuickTime\QTTask.exe[3504] ADVAPI32.dll!CreateServiceW 763F712C 5 Bytes JMP 000F900C
.text C:\Program Files\QuickTime\QTTask.exe[3504] ADVAPI32.dll!ControlService 763F7144 5 Bytes JMP 000F700C
.text C:\Program Files\QuickTime\QTTask.exe[3504] ole32.dll!CoCreateInstanceEx 76A39D4E 5 Bytes JMP 000FA00C
.text C:\Program Files\WOW Security\Common\FSM32.EXE[3532] ntdll.dll!NtCreateProcess 77CE5698 5 Bytes JMP 045D000C
.text C:\Program Files\WOW Security\Common\FSM32.EXE[3532] ntdll.dll!NtCreateProcessEx 77CE56A8 5 Bytes JMP 045D100C
.text C:\Program Files\WOW Security\Common\FSM32.EXE[3532] ntdll.dll!NtCreateUserProcess 77CE5778 5 Bytes JMP 045D200C
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3548] ntdll.dll!NtCreateProcess 77CE5698 5 Bytes JMP 0036000C
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3548] ntdll.dll!NtCreateProcessEx 77CE56A8 5 Bytes JMP 0036100C
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3548] ntdll.dll!NtCreateUserProcess 77CE5778 5 Bytes JMP 0036200C
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3548] kernel32.dll!LoadLibraryExW 76775079 5 Bytes JMP 0036300C
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3548] kernel32.dll!TerminateThread 7678BC01 5 Bytes JMP 0036400C
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3548] USER32.dll!SetWindowsHookExW 77DFE30C 5 Bytes JMP 0036500C
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3548] USER32.dll!DdeConnect 77E3EB5B 5 Bytes JMP 0036B00C
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3548] ADVAPI32.dll!OpenServiceW 763DCA4C 5 Bytes JMP 0036600C
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3548] ADVAPI32.dll!CloseServiceHandle 763E369C 5 Bytes JMP 0036800C
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3548] ADVAPI32.dll!CreateServiceW 763F712C 5 Bytes JMP 0036900C
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3548] ADVAPI32.dll!ControlService 763F7144 5 Bytes JMP 0036700C
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3548] ole32.dll!CoCreateInstanceEx 76A39D4E 5 Bytes JMP 0036A00C
.text C:\Users\Diana\Downloads\4fb245tt.exe[3576] ntdll.dll!NtCreateProcess 77CE5698 5 Bytes JMP 001F000C
.text C:\Users\Diana\Downloads\4fb245tt.exe[3576] ntdll.dll!NtCreateProcessEx 77CE56A8 5 Bytes JMP 001F100C
.text C:\Users\Diana\Downloads\4fb245tt.exe[3576] ntdll.dll!NtCreateUserProcess 77CE5778 5 Bytes JMP 001F200C
.text C:\Users\Diana\Downloads\4fb245tt.exe[3576] kernel32.dll!LoadLibraryExW 76775079 5 Bytes JMP 001F300C
.text C:\Users\Diana\Downloads\4fb245tt.exe[3576] kernel32.dll!TerminateThread 7678BC01 5 Bytes JMP 001F400C
.text C:\Users\Diana\Downloads\4fb245tt.exe[3576] USER32.dll!SetWindowsHookExW 77DFE30C 5 Bytes JMP 001F500C
.text C:\Users\Diana\Downloads\4fb245tt.exe[3576] USER32.dll!DdeConnect 77E3EB5B 5 Bytes JMP 001F600C
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3948] ntdll.dll!NtCreateProcess 77CE5698 5 Bytes JMP 003B000C
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3948] ntdll.dll!NtCreateProcessEx 77CE56A8 5 Bytes JMP 003B100C
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3948] ntdll.dll!NtCreateUserProcess 77CE5778 5 Bytes JMP 003B200C
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3948] kernel32.dll!LoadLibraryExW 76775079 5 Bytes JMP 003B300C
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3948] kernel32.dll!TerminateThread 7678BC01 5 Bytes JMP 003B400C
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3948] ADVAPI32.dll!OpenServiceW 763DCA4C 5 Bytes JMP 003B600C
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3948] ADVAPI32.dll!CloseServiceHandle 763E369C 5 Bytes JMP 003B800C
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3948] ADVAPI32.dll!CreateServiceW 763F712C 5 Bytes JMP 003B900C
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3948] ADVAPI32.dll!ControlService 763F7144 5 Bytes JMP 003B700C
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3948] USER32.dll!SetWindowsHookExW 77DFE30C 5 Bytes JMP 003B500C
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3948] USER32.dll!DdeConnect 77E3EB5B 5 Bytes JMP 003BA00C
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[3968] ntdll.dll!NtCreateProcess 77CE5698 5 Bytes JMP 0017000C
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[3968] ntdll.dll!NtCreateProcessEx 77CE56A8 5 Bytes JMP 0017100C
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[3968] ntdll.dll!NtCreateUserProcess 77CE5778 5 Bytes JMP 0017200C
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[3968] kernel32.dll!LoadLibraryExW 76775079 5 Bytes JMP 0017300C
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[3968] kernel32.dll!TerminateThread 7678BC01 5 Bytes JMP 0017400C
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[3968] USER32.dll!SetWindowsHookExW 77DFE30C 5 Bytes JMP 0017500C
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[3968] USER32.dll!DdeConnect 77E3EB5B 5 Bytes JMP 0017B00C
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[3968] ADVAPI32.dll!OpenServiceW 763DCA4C 5 Bytes JMP 0017600C
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[3968] ADVAPI32.dll!CloseServiceHandle 763E369C 5 Bytes JMP 0017800C
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[3968] ADVAPI32.dll!CreateServiceW 763F712C 5 Bytes JMP 0017900C
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[3968] ADVAPI32.dll!ControlService 763F7144 5 Bytes JMP 0017700C
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[3968] ole32.dll!CoCreateInstanceEx 76A39D4E 5 Bytes JMP 0017A00C
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3992] ntdll.dll!NtCreateProcess 77CE5698 5 Bytes JMP 015C000C
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3992] ntdll.dll!NtCreateProcessEx 77CE56A8 5 Bytes JMP 015C100C
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3992] ntdll.dll!NtCreateUserProcess 77CE5778 5 Bytes JMP 015C200C
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3992] kernel32.dll!LoadLibraryExW 76775079 5 Bytes JMP 015C300C
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3992] kernel32.dll!TerminateThread 7678BC01 5 Bytes JMP 015C400C
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3992] USER32.dll!SetWindowsHookExW 77DFE30C 5 Bytes JMP 015C500C
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3992] USER32.dll!DdeConnect 77E3EB5B 5 Bytes JMP 015CB00C
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3992] ADVAPI32.dll!OpenServiceW 763DCA4C 5 Bytes JMP 015C600C
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3992] ADVAPI32.dll!CloseServiceHandle 763E369C 5 Bytes JMP 015C800C
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3992] ADVAPI32.dll!CreateServiceW 763F712C 5 Bytes JMP 015C900C
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3992] ADVAPI32.dll!ControlService 763F7144 5 Bytes JMP 015C700C
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3992] ole32.dll!CoCreateInstanceEx 76A39D4E 5 Bytes JMP 015CA00C
.text C:\Windows\system32\DllHost.exe[4712] ntdll.dll!NtCreateProcess 77CE5698 5 Bytes JMP 0019000C
.text C:\Windows\system32\DllHost.exe[4712] ntdll.dll!NtCreateProcessEx 77CE56A8 5 Bytes JMP 0019100C
.text C:\Windows\system32\DllHost.exe[4712] ntdll.dll!NtCreateUserProcess 77CE5778 5 Bytes JMP 0019200C
.text C:\Windows\system32\DllHost.exe[4712] kernel32.dll!LoadLibraryExW 76775079 5 Bytes JMP 0019300C
.text C:\Windows\system32\DllHost.exe[4712] kernel32.dll!TerminateThread 7678BC01 5 Bytes JMP 0019400C
.text C:\Windows\system32\DllHost.exe[4712] ole32.dll!CoCreateInstanceEx 76A39D4E 5 Bytes JMP 0019600C
.text C:\Windows\system32\DllHost.exe[4712] USER32.dll!SetWindowsHookExW 77DFE30C 5 Bytes JMP 0019500C
.text C:\Windows\system32\DllHost.exe[4712] USER32.dll!DdeConnect 77E3EB5B 5 Bytes JMP 0019700C

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\system32\rundll32.exe[1256] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75D6FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[1256] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75D6FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[1256] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75D6FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[1256] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75D6FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2664] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [74942437] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2664] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74925600] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2664] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [749256BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2664] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [749424B2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2664] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [74938514] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2664] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74934CC8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2664] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7493506F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2664] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [74935144] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2664] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [74936671] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2664] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7493826B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2664] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [749387BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2664] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7493901B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2664] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7493E1BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2664] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74934BFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Program Files\Real\RealPlayer\realplay.exe[3488] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75D6FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Real\RealPlayer\realplay.exe[3488] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75D6FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Real\RealPlayer\realplay.exe[3488] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75D6FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Real\RealPlayer\realplay.exe[3488] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75D6FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Real\RealPlayer\realplay.exe[3488] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [75D6FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3992] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6134732D] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3992] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6134736D] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3992] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [613473FB] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3992] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [61346BCD] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3992] @ C:\Windows\system32\USER32.dll [GDI32.dll!GetStockObject] [61345FBC] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3992] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [613473FB] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3992] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExA] [613473AD] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3992] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [61346BCD] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3992] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6134736D] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3992] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6134736D] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3992] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6134732D] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3992] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [613473FB] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3992] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [61346BCD] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3992] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [613473AD] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3992] @ C:\Windows\system32\SHLWAPI.dll [GDI32.dll!GetStockObject] [61345FBC] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3992] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [61345EF7] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3992] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [613467E4] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3992] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [613467E4] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3992] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetSysColorBrush] [61345FC2] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3992] @ C:\Windows\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [61345E26] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3992] @ C:\Windows\system32\SHELL32.dll [USER32.dll!TrackPopupMenuEx] [61345E64] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3992] @ C:\Windows\system32\SHELL32.dll [USER32.dll!AnimateWindow] [61346057] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3992] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetSysColor] [61345EF7] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3992] @ C:\Windows\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [613467E4] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3992] @ C:\Windows\system32\SHELL32.dll [GDI32.dll!GetStockObject] [61345FBC] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3992] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6134732D] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3992] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6134736D] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3992] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!CreateFileA] [61346142] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3992] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!CreateFileW] [6134609C] C:\Program Files\Yahoo!\Messenger\yui.dll

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\00000072 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\Interface\{4D125449-BA27-3927-8589-3E1B34B622E5}@ ILogicalThreadAffinative
Reg HKLM\SOFTWARE\Classes\Interface\{4D125449-BA27-3927-8589-3E1B34B622E5}\ProxyStubClsid
Reg HKLM\SOFTWARE\Classes\Interface\{4D125449-BA27-3927-8589-3E1B34B622E5}\ProxyStubClsid@ {00020424-0000-0000-C000-000000000046}
Reg HKLM\SOFTWARE\Classes\Interface\{4D125449-BA27-3927-8589-3E1B34B622E5}\ProxyStubClsid32
Reg HKLM\SOFTWARE\Classes\Interface\{4D125449-BA27-3927-8589-3E1B34B622E5}\ProxyStubClsid32@ {00020424-0000-0000-C000-000000000046}
Reg HKLM\SOFTWARE\Classes\Interface\{4D125449-BA27-3927-8589-3E1B34B622E5}\TypeLib
Reg HKLM\SOFTWARE\Classes\Interface\{4D125449-BA27-3927-8589-3E1B34B622E5}\TypeLib@ {BED7F4EA-1A96-11D2-8F08-00A0C9A6186D}
Reg HKLM\SOFTWARE\Classes\Interface\{4D125449-BA27-3927-8589-3E1B34B622E5}\TypeLib@Version 2.0

---- EOF - GMER 1.0.15 ----

#7 oldaero

oldaero
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:13 PM

Posted 03 June 2012 - 02:18 AM

Hope you can help... and thanks for your reply..

oldaero/Dan

#8 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:07:13 PM

Posted 03 June 2012 - 02:20 AM

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

#9 oldaero

oldaero
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:13 PM

Posted 03 June 2012 - 04:28 AM

mini toolbox result:

MiniToolBox by Farbar Version: 14-01-2012
Ran by Diana (administrator) on 03-06-2012 at 05:19:42
Microsoft Windows 7 Home Premium Service Pack 1 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

::1 localhost

127.0.0.1 localhost

========================= IP Configuration: ================================

NVIDIA nForce Networking Controller = Local Area Connection (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Dan
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : NVIDIA nForce Networking Controller
Physical Address. . . . . . . . . : 00-25-11-1E-44-B6
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::c9d5:44d6:9c67:1c65%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Sunday, June 03, 2012 3:32:12 AM
Lease Expires . . . . . . . . . . : Monday, June 04, 2012 3:32:12 AM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 251666064
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-11-A8-36-33-00-25-11-1E-44-B6
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 47:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::431:86c:b489:de7%51(Preferred)
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 872415232
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-11-A8-36-33-00-25-11-1E-44-B6
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.{C7C8BEDE-299B-4042-8C60-4C45B48B14ED}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 192.168.1.1

Name: google.com
Addresses: 173.194.43.14
173.194.43.0
173.194.43.1
173.194.43.2
173.194.43.3
173.194.43.4
173.194.43.5
173.194.43.6
173.194.43.7
173.194.43.8
173.194.43.9


Pinging google.com [173.194.43.8] with 32 bytes of data:
Reply from 173.194.43.8: bytes=32 time=25ms TTL=57
Reply from 173.194.43.8: bytes=32 time=41ms TTL=57

Ping statistics for 173.194.43.8:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 25ms, Maximum = 41ms, Average = 33ms
Server: UnKnown
Address: 192.168.1.1

Name: yahoo.com
Addresses: 72.30.38.140
98.139.183.24
209.191.122.70


Pinging yahoo.com [209.191.122.70] with 32 bytes of data:
Reply from 209.191.122.70: bytes=32 time=84ms TTL=53
Reply from 209.191.122.70: bytes=32 time=90ms TTL=53

Ping statistics for 209.191.122.70:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 84ms, Maximum = 90ms, Average = 87ms
Server: UnKnown
Address: 192.168.1.1

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
10...00 25 11 1e 44 b6 ......NVIDIA nForce Networking Controller
1...........................Software Loopback Interface 1
51...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
66...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.2 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.2 276
192.168.1.2 255.255.255.255 On-link 192.168.1.2 276
192.168.1.255 255.255.255.255 On-link 192.168.1.2 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.2 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.2 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
10 276 fe80::/64 On-link
51 306 fe80::/64 On-link
51 306 fe80::431:86c:b489:de7/128
On-link
10 276 fe80::c9d5:44d6:9c67:1c65/128
On-link
1 306 ff00::/8 On-link
51 306 ff00::/8 On-link
10 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

========================= Event log errors: ===============================

Application errors:
==================
Error: (06/03/2012 05:20:52 AM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (User: )
Description: 730 2012-06-03 05:20:52-04:00 dan DAN\Diana F-Secure Anti-Virus
Crash detected.
\Device\HarddiskVolume2\Windows\System32\wship6.dll \Device\HarddiskVolume2\Windows\System32\conhost.exe

Error: (06/03/2012 05:20:44 AM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (User: )
Description: 729 2012-06-03 05:20:44-04:00 dan DAN\Diana F-Secure Anti-Virus
Crash detected.
\Device\HarddiskVolume2\Windows\System32\WSHTCPIP.DLL \Device\HarddiskVolume2\Program Files\HP\Digital Imaging\bin\hpqcxm08.dll \Device\HarddiskVolume2\Windows\System32\imm32.dll

Error: (06/03/2012 05:20:37 AM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (User: )
Description: 728 2012-06-03 05:20:37-04:00 dan DAN\Diana F-Secure Anti-Virus
Crash detected.
\Device\HarddiskVolume2\Windows\System32\wship6.dll \Device\HarddiskVolume2\Windows\System32\conhost.exe

Error: (06/03/2012 05:20:29 AM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (User: )
Description: 727 2012-06-03 05:20:29-04:00 dan DAN\Diana F-Secure Anti-Virus
Crash detected.
\Device\HarddiskVolume2\Windows\System32\kernel32.dll \Device\HarddiskVolume2\Windows\System32\dllhost.exe \Device\HarddiskVolume2\Windows\System32\wscisvif.dll \Device\HarddiskVolume2\Program Files\HP\Digital Imaging\bin\hpqcxm08.dll

Error: (06/03/2012 05:20:22 AM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (User: )
Description: 726 2012-06-03 05:20:22-04:00 dan DAN\Diana F-Secure Anti-Virus
Crash detected.
\Device\HarddiskVolume2\Windows\System32\hnetcfg.dll \Device\HarddiskVolume2\Windows\System32\conhost.exe \Device\HarddiskVolume2\Windows\System32\cmd.exe

Error: (06/03/2012 05:20:12 AM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (User: )
Description: 725 2012-06-03 05:20:12-04:00 dan DAN\Diana F-Secure Anti-Virus
Crash detected.
\Device\HarddiskVolume2\Windows\System32\imm32.dll \Device\HarddiskVolume2\Program Files\HP\Digital Imaging\bin\hpqcxm08.dll \Device\HarddiskVolume2\Windows\System32\imm32.dll

Error: (06/03/2012 05:20:01 AM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (User: )
Description: 724 2012-06-03 05:20:01-04:00 dan DAN\Diana F-Secure Anti-Virus
Crash detected.
\Device\HarddiskVolume2\Windows\System32\conhost.exe \Device\HarddiskVolume2\Windows\System32\conhost.exe

Error: (06/03/2012 05:19:51 AM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (User: )
Description: 723 2012-06-03 05:19:51-04:00 dan DAN\Diana F-Secure Anti-Virus
Crash detected.
\Device\HarddiskVolume2\Windows\System32\imm32.dll \Device\HarddiskVolume2\Windows\System32\imm32.dll

Error: (06/03/2012 05:19:40 AM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (User: )
Description: 722 2012-06-03 05:19:40-04:00 dan DAN\Diana F-Secure Anti-Virus
Crash detected.
\Device\HarddiskVolume2\Windows\System32\wbem\wbemdisp.dll \Device\HarddiskVolume2\Windows\System32\conhost.exe

Error: (06/03/2012 05:19:33 AM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (User: )
Description: 721 2012-06-03 05:19:33-04:00 dan DAN\Diana F-Secure Anti-Virus
Crash detected.
\Device\HarddiskVolume2\Windows\System32\imm32.dll \Device\HarddiskVolume2\Windows\System32\hnetcfg.dll \Device\HarddiskVolume2\Program Files\HP\Digital Imaging\bin\hpqcxm08.dll


System errors:
=============
Error: (06/03/2012 05:12:57 AM) (Source: DCOM) (User: )
Description: {657C7A59-4FEC-4C06-A354-607B1EB184FB}

Error: (06/03/2012 03:01:14 AM) (Source: Disk) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (06/03/2012 03:01:11 AM) (Source: Disk) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (06/03/2012 00:42:33 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 12:41:08 AM on ?6/?3/?2012 was unexpected.

Error: (06/03/2012 00:40:54 AM) (Source: F-Secure Gatekeeper) (User: )
Description: \Device\HarddiskVolume2\Wind...sfc_os.dll

Error: (06/03/2012 00:40:45 AM) (Source: F-Secure Gatekeeper) (User: )
Description: \Device\HarddiskVolume2\...1265822174.ini

Error: (06/03/2012 00:40:24 AM) (Source: F-Secure Gatekeeper) (User: )
Description: \Device\HarddiskVolume2\Wi...AcLayers.dll

Error: (06/03/2012 00:39:32 AM) (Source: F-Secure Gatekeeper) (User: )
Description: \Device\HarddiskVolume2\Wind...rsaenh.dll

Error: (06/03/2012 00:39:17 AM) (Source: F-Secure Gatekeeper) (User: )
Description: \Device\HarddiskVolume2\Win...hnetcfg.dll

Error: (06/03/2012 00:39:07 AM) (Source: F-Secure Gatekeeper) (User: )
Description: \Device\HarddiskVolume2\Pr...iexplore.exe


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

Update for Microsoft Office 2007 (KB2508958)
32 Bit HP CIO Components Installer (Version: 2.1.5)
5400 (Version: 82.0.252.000)
5400_Help (Version: 82.0.252.000)
Acrobat.com (Version: 0.0.0)
Acrobat.com (Version: 1.1.377)
Adobe AIR (Version: 1.0.4990)
Adobe AIR (Version: 1.0.8.4990)
Adobe Flash Player 11 ActiveX (Version: 11.1.102.63)
Adobe Reader 9.5.1 (Version: 9.5.1)
Apple Application Support (Version: 1.4.1)
Apple Software Update (Version: 2.1.3.127)
Bing Rewards Client Installer (Version: 16.0.345.0)
BufferChm (Version: 82.0.173.000)
Choice Guard (Version: 1.2.87.0)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Coupon Printer for Windows (Version: 5.0.0.1)
CustomerResearchQFolder (Version: 1.00.0000)
CyberLink LabelPrint (Version: 2.0.3111)
CyberLink Power2Go (Version: 5.5.4316)
Destinations (Version: 82.0.173.000)
DeviceManagementQFolder (Version: 1.00.0000)
Download Updater (AOL LLC)
eMachines Games (Version: 1.0.0.52)
eSupportQFolder (Version: 1.00.0000)
F-Secure PSC Prerequisites (Version: 1.0.5)
Feedback Tool (Version: 1.2.0)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Hewlett-Packard ACLM.NET v1.1.0.0 (Version: 1.00.0000)
HP Customer Participation Program 8.0 (Version: 8.0)
HP Deskjet Printer Driver Software 8.0.C (Version: 8.0)
HP Imaging Device Functions 8.0 (Version: 8.0)
HP Photosmart Essential (Version: 1.12.0.46)
HP Print Diagnostic Utility (Version: 1.51.0000)
HP Product Detection (Version: 11.14.0001)
HP Solution Center 8.0 (Version: 8.0)
HP Update (Version: 5.003.001.001)
HPDiagnosticAlert (Version: 1.00.0000)
HPProductAssistant (Version: 82.0.173.000)
HPSSupply (Version: 2.1.3.0000)
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 31 (Version: 6.0.310)
Junk Mail filter update (Version: 14.0.8050.1202)
Learn2 Player (Uninstall Only)
Malwarebytes Anti-Malware version 1.60.1.1000 (Version: 1.60.1.1000)
MarketResearch (Version: 82.0.174.000)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Default Manager (Version: 2.2.114.0)
Microsoft Easy Assist v2 (Version: 8.1.6416.0)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Suite Activation Assistant (Version: 2.9)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Works (Version: 9.7.0621)
MSVCRT (Version: 14.0.1468.721)
NVIDIA Drivers
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
PokerStars.net
QuickTime (Version: 7.69.80.9)
RealPlayer Basic
Realtek High Definition Audio Driver (Version: 6.0.1.5780)
SF_CDC_ProductContext (Version: 82.0.252.000)
SF_CDC_Software (Version: 82.0.252.000)
SolutionCenter (Version: 82.0.188.000)
Status (Version: 82.0.173.000)
SUPERAntiSpyware (Version: 5.0.1128)
Toolbox (Version: 82.0.173.000)
TrayApp (Version: 82.0.188.000)
UnloadSupport (Version: 1.00.0000)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Upgrade Kit (Version: 1.00.3002)
Viewpoint Media Player
WebReg (Version: 82.0.173.000)
Windows 7 Upgrade Advisor (Version: 2.0.5000.0)
Windows Live Communications Platform (Version: 14.0.8050.1202)
Windows Live Essentials (Version: 14.0.8050.1202)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
Windows Live Mail (Version: 14.0.8050.1202)
Windows Live Photo Gallery (Version: 14.0.8051.1204)
Windows Live Sync (Version: 14.0.8050.1202)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8050.1202)
WOW! Security
Yahoo! Messenger

========================= Memory info: ===================================

Percentage of memory in use: 32%
Total physical RAM: 3070.49 MB
Available physical RAM: 2085.91 MB
Total Pagefile: 6140.98 MB
Available Pagefile: 4852.77 MB
Total Virtual: 2047.88 MB
Available Virtual: 1950.61 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:136.05 GB) (Free:86.56 GB) NTFS

========================= Users: ========================================

User accounts for \\DAN

Administrator Diana Guest

========================= Minidump Files ==================================

No minidump file found


**** End of log ****

#10 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:07:13 PM

Posted 03 June 2012 - 05:58 AM

Please upload the following file to http://www.virustotal.com

C:\Users\Diana\Downloads\4fb245tt.exe

#11 oldaero

oldaero
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:13 PM

Posted 03 June 2012 - 06:36 AM

Sorry,, I tried everything, but, that doesn't work...

It's not a url,,,, it's not anything that's recognized

#12 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:07:13 PM

Posted 03 June 2012 - 06:46 AM

Sorry for the constant edits. I didnt get enough sleep last nite.

Please download and run TDSS Killer and post the resulting log. If it asks you to fix anything, then PLEASE DO NOT FIX ANYTHING.

Also make sure all options are checked.

Edited by cryptodan, 03 June 2012 - 07:02 AM.


#13 oldaero

oldaero
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:13 PM

Posted 03 June 2012 - 08:27 AM

link didn't go to a download... I found the tdss download and ran it... there was nothing found, so there is no log to post

#14 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:07:13 PM

Posted 03 June 2012 - 08:33 AM

Do you have any plug-ins for your browsers? Also have you tried resetting your modem or router?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users