Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

google redirect Malware byte and Avast do not detect problem


  • This topic is locked This topic is locked
9 replies to this topic

#1 depcdivr

depcdivr

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:28 AM

Posted 03 June 2012 - 09:31 AM

I started posting here
http://www.bleepingcomputer.com/forums/topic455506.html/page__gopid__2718896#entry2718896
but have been asked to start a new thread here.

Per my instructions I have run the DSS text as seen below.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Keith Roehner at 23:49:31 on 2012-06-02
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3046.1844 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\AEADISRV.EXE
C:\Program Files\DDNI\SBITS\DDNIOEMService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSvcm.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\VERIZONDM\bin\sprtsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\VERIZONDM\bin\tgsrvc.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Lenovo\TrackPoint\tp4serv.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\VERIZONDM\bin\sprtcmd.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files\Common Files\Research in Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://lenovo.live.com
uStart Page = hxxp://www.simcona.com/i/
mDefault_Page_URL = hxxp://lenovo.live.com
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [Adobe] rundll32.exe "c:\users\keith roehner\appdata\local\apps\adobe\hkkihc.dll",DllRegisterServer
mRun: [DDNIUser] c:\program files\ddni\sbits\DDNIUSER.EXE
mRun: [LenovoOobeOffers] c:\swtools\lenovowelcome\lenovooobeoffers.exe /filepath="c:\swshare\firstrun.txt"
mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe
mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [TrackPointSrv] c:\program files\lenovo\trackpoint\tp4serv.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SignIn] "c:\program files\microsoft online services\sign in\SignIn.exe" /autorun
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [PWMTRV] rundll32 c:\progra~1\thinkpad\utilit~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [VERIZONDM] "c:\program files\verizondm\bin\sprtcmd.exe" /P VERIZONDM
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [<NO NAME>]
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"
mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\users\keithr~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\thinkpad\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\lenovo~1.lnk - c:\swtools\lenovowelcome\LenovoRegistration.cmd
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: key.com\accounts
Trusted Zone: key.com\www
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://sprecherschuh.webex.com/client/T27LB/training/ieatgpc1.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1 68.237.161.12
TCP: Interfaces\{B099AF2D-DD58-4007-A754-CF98F3F9C189} : DhcpNameServer = 172.16.0.10 172.16.0.12
TCP: Interfaces\{C389AF22-EBCC-4F3F-811E-9FDF97B95FAA} : DhcpNameServer = 192.168.1.1 68.237.161.12
TCP: Interfaces\{C389AF22-EBCC-4F3F-811E-9FDF97B95FAA}\2456374702755637475627E6 : DhcpNameServer = 24.92.226.11 24.92.226.12
TCP: Interfaces\{C389AF22-EBCC-4F3F-811E-9FDF97B95FAA}\2475C41677E6669656C646 : DhcpNameServer = 68.94.156.1 68.94.157.1 192.168.1.1
TCP: Interfaces\{C389AF22-EBCC-4F3F-811E-9FDF97B95FAA}\3796D636166656 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{C389AF22-EBCC-4F3F-811E-9FDF97B95FAA}\3796D63616665623 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{C389AF22-EBCC-4F3F-811E-9FDF97B95FAA}\6496E676562702C416B65637 : DhcpNameServer = 192.168.254.254 192.168.254.254
TCP: Interfaces\{C389AF22-EBCC-4F3F-811E-9FDF97B95FAA}\6627F6E64796562713734324 : DhcpNameServer = 192.168.254.254 192.168.254.254
Notify: igfxcui - igfxdev.dll
LSA: Notification Packages = scecli ACGina
.
============= SERVICES / DRIVERS ===============
.
R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [2010-9-28 24304]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-5-24 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-9-28 337880]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2007-2-19 13744]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-9-28 20696]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-9-28 57688]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2012-3-20 44768]
R2 DDNIOEMService;DDNIOEMService;c:\program files\ddni\sbits\DDNIOEMService.exe [2007-9-28 162280]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-9-23 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2010-5-31 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2010-9-29 47640]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-6-2 654408]
R2 msoidsvc;Microsoft Online Services Sign-in Assistant;c:\program files\common files\microsoft shared\microsoft online services\MSOIDSVC.EXE [2011-9-28 1589152]
R2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files\verizondm\bin\sprtsvc.exe [2010-9-29 206120]
R2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files\verizondm\bin\tgsrvc.exe [2010-9-29 185640]
R2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2007-3-30 55936]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-4-14 45736]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-6-2 22344]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
R3 Tp4Track;PS/2 TrackPoint Driver;c:\windows\system32\drivers\tp4track.sys [2009-11-24 23152]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-10-12 136176]
S2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\lenovo\rescue and recovery\rrpservice.exe [2007-1-8 569344]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-1 257696]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 DozeSvc;Lenovo Doze Mode Service;c:\program files\thinkpad\utilities\DOZESVC.EXE [2010-9-28 132456]
S3 DrmRAudio;DrmRAudio;c:\windows\system32\drivers\DrmRAudio.sys [2011-10-18 23608]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2011-11-12 19456]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-10-12 136176]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2010-9-28 75112]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-4-27 52224]
S3 usb2ser64;usb2ser64;c:\windows\system32\drivers\usb2ser64.sys [2011-4-15 52216]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-9-28 1343400]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2011-10-18 25704]
S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2011-10-18 25704]
S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2011-10-18 25704]
S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2011-10-18 25704]
S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2011-10-18 25704]
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2012-05-21 22:12:21 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-05-21 22:12:21 52096 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2012-05-21 22:12:20 87424 ----a-w- c:\windows\system32\LMIinit.dll
2012-05-21 22:12:20 30592 ----a-w- c:\windows\system32\LMIport.dll
2012-05-05 14:39:12 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-05 14:39:12 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-04 19:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-31 04:39:37 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-31 04:39:37 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-31 02:36:11 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-03-30 10:23:11 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-17 07:27:18 56176 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-03-06 23:15:19 41184 ----a-w- c:\windows\avastSS.scr
2012-03-06 23:03:51 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-06 23:02:14 44376 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-03-06 23:01:48 57688 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
.
============= FINISH: 23:52:53.06 ===============

BC AdBot (Login to Remove)

 


#2 depcdivr

depcdivr
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:28 AM

Posted 03 June 2012 - 09:33 AM

Here is the attach.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 9/28/2010 8:03:27 AM
System Uptime: 6/2/2012 11:30:22 PM (0 hours ago)
.
Motherboard: LENOVO | | 76693HU
Processor: Intel® Core™2 Duo CPU L7500 @ 1.60GHz | None | 1601/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 88 GiB total, 39.553 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP271: 5/29/2012 3:17:19 AM - Windows Update
RP272: 6/1/2012 4:48:08 PM - Windows Update
.
==== Installed Programs ======================
.
32 Bit HP BiDi Channel Components Installer
Access Help
Adobe AIR
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader 9.5.1
Adobe Stock Photos 1.0
Ask Toolbar
avast! Free Antivirus
BERNINA ARTlink
BERNINA ARTlink 6.0D
BlackBerry Device Manager 6.1
BlackBerry USB Drivers
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities Digital Photo Professional 3.0
Canon Utilities EOS Utility
Canon Utilities Original Data Security Tools
Canon Utilities PhotoStitch
Canon Utilities WFT-E1/E2 Utility
Canon Utilities ZoomBrowser EX
CCleaner
Compatibility Pack for the 2007 Office system
Convert
Coupon Printer for Windows
CPS 4.1
CutePDF Writer 2.8
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
EOS IEEE1394 WIA Driver
EOS USB WIA Driver
FullShot 9 (Remove Only)
Garmin USB Drivers
Garmin WebUpdater
GIMP 2.6.11
Google Chrome
Google Earth Plug-in
Google Toolbar for Firefox
Google Toolbar for Internet Explorer
Google Update Helper
GoToMeeting 4.5.0.457
HMR3300 Compass Demo
Intel® Graphics Media Accelerator Driver
Intel® PRO Network Connections Drivers
Intel® TV Wizard
Japanese Fonts Support For Adobe Reader 9
Java Auto Updater
Java™ 6 Update 2
Java™ 6 Update 29
LeapFrog Connect
LeapFrog Tag Plugin
Lenovo System Interface Driver
LogMeIn
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft IntelliPoint 8.1
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office File Validation Add-In
Microsoft Office Live Meeting 2007
Microsoft Office Outlook 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office Professional Edition 2003
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Visio Viewer 2007
Microsoft Online Services Sign-in Assistant
Microsoft Online Services Sign In
Microsoft Outlook 2010
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Millenium 3 v2.5.0.1
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
OGA Notifier 2.0.0048.0
On Screen Display
OverDrive Media Console
PL-2303 USB-to-Serial
ReaConverter 6.0 Pro
Registry patch for Windows Vista USB S3 PM Enablement
Registry patch of Changing Timing of IDLE IRP by Finger Print Driver for Windows Vista
Registry Patch of Enabling Device Initiated Power Management(DIPM) on SATA for Windows Vista
Registry patch to improve USB device detection on resume from sleep for Windows Vista
Rescue and Recovery
SBITS
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
SoundMAX
Switch Sound File Converter
System Migration Assistant
ThinkPad Bluetooth with Enhanced Data Rate Software 6.0.1.4900
ThinkPad EasyEject Utility
ThinkPad FullScreen Magnifier
ThinkPad Hotkey Features Setup
ThinkPad Mobility Center Customization
ThinkPad Modem
ThinkPad Power Management Driver
ThinkPad Power Manager
ThinkPad TrackPoint Driver
ThinkVantage Technologies Welcome Message
TruStability
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin)
Verizon Download Manager
vGrabber (With RealPlayer)
VZAccess Manager
Wallpapers
WebEx
Windows 7 Upgrade Advisor
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
Windows Driver Package - Intel (e1express) Net (04/26/2007 9.7.240.0)
Windows Driver Package - Intel (iaStor) hdc (02/12/2007 7.0.0.1020)
Windows Driver Package - Intel hdc (11/15/2006 8.2.0.1011)
Windows Driver Package - Intel hdc (12/06/2006 6.8.0.3002)
Windows Driver Package - Intel System (09/15/2006 7.0.0.1011)
Windows Driver Package - Intel System (09/15/2006 8.0.0.1008)
Windows Driver Package - Intel System (09/15/2006 8.0.0.1010)
Windows Driver Package - Intel System (09/15/2006 8.2.0.1000)
Windows Driver Package - Intel USB (09/15/2006 8.0.0.1008)
Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
Windows Driver Package - Lenovo (IBMPMDRV) System (05/31/2007 1.43)
.
==== Event Viewer Messages From Past Week ========
.
6/2/2012 9:54:27 PM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.
6/2/2012 11:31:21 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom
6/2/2012 11:31:21 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the TVT Scheduler service to connect.
6/2/2012 11:31:20 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the TVT Backup Service service to connect.
6/2/2012 11:31:20 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the TVT Backup Protection Service service to connect.
6/2/2012 11:31:19 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the ThinkVantage Registry Monitor Service service to connect.
6/2/2012 10:05:16 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D3DCB472-7261-43CE-924B-0704BD730D5F} and APPID {D3DCB472-7261-43CE-924B-0704BD730D5F} to the user ibmkroehner\Keith Roehner SID (S-1-5-21-2830950596-55948969-1931547583-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
6/2/2012 10:05:16 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {145B4335-FE2A-4927-A040-7C35AD3180EF} and APPID {145B4335-FE2A-4927-A040-7C35AD3180EF} to the user ibmkroehner\Keith Roehner SID (S-1-5-21-2830950596-55948969-1931547583-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
5/31/2012 9:53:53 PM, Error: Service Control Manager [7034] - The Google Update Service (gupdate) service terminated unexpectedly. It has done this 1 time(s).
5/30/2012 4:48:53 PM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The pipe has been ended.
5/30/2012 4:48:53 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "109" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}
5/29/2012 3:02:22 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
.
==== End Of File ===========================

#3 depcdivr

depcdivr
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:28 AM

Posted 03 June 2012 - 09:34 AM

Finally here is the Rootkit/malware report

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-06-03 09:18:28
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 ST910082 rev.3.CM
Running: sem25498.exe; Driver: C:\Users\KEITHR~1\AppData\Local\Temp\pwlcyaog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x90335DF8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x91998A5A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0x9033685E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x9033B2E4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x9033B330]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x9033B422]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x9033B252]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x9033B374]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x9033B29A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x9033B3DC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x90335E44]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x91998B34]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x90335AD6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x90335E90]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x90338D1C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x90336B02]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x9033B30E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x9033B352]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x9033B446]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x9033B278]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x9033B3AE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x9033B2C2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x9033B400]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x91998CA0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x903369CE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x90335EDC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x90335F28]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x90335B46]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x90335CEA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x90335C92]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x90335D5A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwTerminateProcess [0x91998D60]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x90335F74]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwWriteVirtualMemory [0x91998BE0]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x919AED92]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82E583C9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82E91D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10CB 82E98D80 4 Bytes [F8, 5D, 33, 90]
.text ntkrnlpa.exe!KeRemoveQueueEx + 10F3 82E98DA8 4 Bytes [5A, 8A, 99, 91]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1153 82E98E08 4 Bytes [5E, 68, 33, 90]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11A7 82E98E5C 8 Bytes [E4, B2, 33, 90, 30, B3, 33, ...] {IN AL, 0xb2; XOR EDX, [EAX-0x6fcc4cd0]}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11B3 82E98E68 4 Bytes [22, B4, 33, 90]
.text ...
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 83025C64 5 Bytes JMP 919ABC8C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject + 27 8303E290 5 Bytes JMP 919AD764 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108 830533D7 4 Bytes CALL 903371B5 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122 8306D1E0 4 Bytes CALL 903371CB \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 830F711A 7 Bytes JMP 919AED96 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
? System32\drivers\nrddwpnl.sys The system cannot find the path specified. !
? C:\Users\KEITHR~1\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !
.text kernel32.dll!GetBinaryTypeW + 70 76DD69F4 1 Byte [62]
.text user32.dll!UnhookWindowsHookEx 75CAADF9 5 Bytes [E9, 0A, 5C, 67, 8A] {JMP 0xffffffff8a675c0f}
.text user32.dll!UnhookWinEvent 75CAB750 5 Bytes [E9, A7, 4C, 67, 8A] {JMP 0xffffffff8a674cac}
.text user32.dll!SetWindowsHookExW 75CAE30C 5 Bytes [E9, F3, 24, 67, 8A] {JMP 0xffffffff8a6724f8}
.text user32.dll!SetWinEventHook 75CB24DC 5 Bytes [E9, 17, DD, 66, 8A] {JMP 0xffffffff8a66dd1c}
.text user32.dll!SetWindowsHookExA 75CD6D0C 5 Bytes [E9, EF, 98, 64, 8A] {JMP 0xffffffff8a6498f4}

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\csrss.exe[456] kernel32.dll!GetBinaryTypeW + 70 76DD69F4 1 Byte [62]
.text C:\Windows\system32\wininit.exe[520] ntdll.dll!LdrUnloadDll 7704C86E 5 Bytes JMP 000303FC
.text C:\Windows\system32\wininit.exe[520] ntdll.dll!LdrLoadDll 7705223E 5 Bytes JMP 000301F8
.text C:\Windows\system32\wininit.exe[520] kernel32.dll!GetBinaryTypeW + 70 76DD69F4 1 Byte [62]
.text C:\Windows\system32\wininit.exe[520] USER32.dll!UnhookWindowsHookEx 75CAADF9 5 Bytes JMP 00050A08
.text C:\Windows\system32\wininit.exe[520] USER32.dll!UnhookWinEvent 75CAB750 5 Bytes JMP 000503FC
.text C:\Windows\system32\wininit.exe[520] USER32.dll!SetWindowsHookExW 75CAE30C 5 Bytes JMP 00050804
.text C:\Windows\system32\wininit.exe[520] USER32.dll!SetWinEventHook 75CB24DC 5 Bytes JMP 000501F8
.text C:\Windows\system32\wininit.exe[520] USER32.dll!SetWindowsHookExA 75CD6D0C 5 Bytes JMP 00050600
.text C:\Windows\system32\csrss.exe[532] kernel32.dll!GetBinaryTypeW + 70 76DD69F4 1 Byte [62]
.text C:\Windows\system32\services.exe[576] ntdll.dll!LdrUnloadDll 7704C86E 5 Bytes JMP 000603FC
.text C:\Windows\system32\services.exe[576] ntdll.dll!LdrLoadDll 7705223E 5 Bytes JMP 000601F8
.text C:\Windows\system32\services.exe[576] kernel32.dll!GetBinaryTypeW + 70 76DD69F4 1 Byte [62]
.text C:\Windows\system32\lsass.exe[592] ntdll.dll!LdrUnloadDll 7704C86E 5 Bytes JMP 000603FC
.text C:\Windows\system32\lsass.exe[592] ntdll.dll!LdrLoadDll 7705223E 5 Bytes JMP 000601F8
.text C:\Windows\system32\lsass.exe[592] kernel32.dll!GetBinaryTypeW + 70 76DD69F4 1 Byte [62]
.text C:\Windows\system32\lsass.exe[592] USER32.dll!UnhookWindowsHookEx 75CAADF9 5 Bytes JMP 00160A08
.text C:\Windows\system32\lsass.exe[592] USER32.dll!UnhookWinEvent 75CAB750 5 Bytes JMP 001603FC
.text C:\Windows\system32\lsass.exe[592] USER32.dll!SetWindowsHookExW 75CAE30C 5 Bytes JMP 00160804
.text C:\Windows\system32\lsass.exe[592] USER32.dll!SetWinEventHook 75CB24DC 5 Bytes JMP 001601F8
.text C:\Windows\system32\lsass.exe[592] USER32.dll!SetWindowsHookExA 75CD6D0C 5 Bytes JMP 00160600
.text C:\Windows\system32\taskhost.exe[596] ntdll.dll!LdrUnloadDll 7704C86E 5 Bytes JMP 000503FC
.text C:\Windows\system32\taskhost.exe[596] ntdll.dll!LdrLoadDll 7705223E 5 Bytes JMP 000501F8
.text C:\Windows\system32\taskhost.exe[596] kernel32.dll!GetBinaryTypeW + 70 76DD69F4 1 Byte [62]
.text C:\Windows\system32\taskhost.exe[596] USER32.dll!UnhookWindowsHookEx 75CAADF9 5 Bytes JMP 000E0A08
.text C:\Windows\system32\taskhost.exe[596] USER32.dll!UnhookWinEvent 75CAB750 5 Bytes JMP 000E03FC
.text C:\Windows\system32\taskhost.exe[596] USER32.dll!SetWindowsHookExW 75CAE30C 5 Bytes JMP 000E0804
.text C:\Windows\system32\taskhost.exe[596] USER32.dll!SetWinEventHook 75CB24DC 5 Bytes JMP 000E01F8
.text C:\Windows\system32\taskhost.exe[596] USER32.dll!SetWindowsHookExA 75CD6D0C 5 Bytes JMP 000E0600
.text C:\Windows\system32\lsm.exe[600] ntdll.dll!LdrUnloadDll 7704C86E 5 Bytes JMP 000A03FC
.text C:\Windows\system32\lsm.exe[600] ntdll.dll!LdrLoadDll 7705223E 5 Bytes JMP 000A01F8
.text C:\Windows\system32\lsm.exe[600] kernel32.dll!GetBinaryTypeW + 70 76DD69F4 1 Byte [62]
.text C:\Windows\system32\Dwm.exe[660] ntdll.dll!LdrUnloadDll 7704C86E 5 Bytes JMP 000603FC
.text C:\Windows\system32\Dwm.exe[660] ntdll.dll!LdrLoadDll 7705223E 5 Bytes JMP 000601F8
.text C:\Windows\system32\Dwm.exe[660] kernel32.dll!GetBinaryTypeW + 70 76DD69F4 1 Byte [62]
.text C:\Windows\system32\Dwm.exe[660] USER32.dll!UnhookWindowsHookEx 75CAADF9 5 Bytes JMP 00130A08
.text C:\Windows\system32\Dwm.exe[660] USER32.dll!UnhookWinEvent 75CAB750 5 Bytes JMP 001303FC
.text C:\Windows\system32\Dwm.exe[660] USER32.dll!SetWindowsHookExW 75CAE30C 5 Bytes JMP 00130804
.text C:\Windows\system32\Dwm.exe[660] USER32.dll!SetWinEventHook 75CB24DC 5 Bytes JMP 001301F8
.text C:\Windows\system32\Dwm.exe[660] USER32.dll!SetWindowsHookExA 75CD6D0C 5 Bytes JMP 00130600
.text C:\Windows\system32\winlogon.exe[688] ntdll.dll!LdrUnloadDll 7704C86E 5 Bytes JMP 000303FC
.text C:\Windows\system32\winlogon.exe[688] ntdll.dll!LdrLoadDll 7705223E 5 Bytes JMP 000301F8
.text C:\Windows\system32\winlogon.exe[688] kernel32.dll!GetBinaryTypeW + 70 76DD69F4 1 Byte [62]
.text C:\Windows\system32\winlogon.exe[688] USER32.dll!UnhookWindowsHookEx 75CAADF9 5 Bytes JMP 00110A08
.text C:\Windows\system32\winlogon.exe[688] USER32.dll!UnhookWinEvent 75CAB750 5 Bytes JMP 001103FC
.text C:\Windows\system32\winlogon.exe[688] USER32.dll!SetWindowsHookExW 75CAE30C 5 Bytes JMP 00110804
.text C:\Windows\system32\winlogon.exe[688] USER32.dll!SetWinEventHook 75CB24DC 5 Bytes JMP 001101F8
.text C:\Windows\system32\winlogon.exe[688] USER32.dll!SetWindowsHookExA 75CD6D0C 5 Bytes JMP 00110600
.text C:\Windows\system32\svchost.exe[752] ntdll.dll!LdrUnloadDll 7704C86E 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[752] ntdll.dll!LdrLoadDll 7705223E 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[752] kernel32.dll!GetBinaryTypeW + 70 76DD69F4 1 Byte [62]
.text C:\Windows\system32\ibmpmsvc.exe[824] ntdll.dll!LdrUnloadDll 7704C86E 5 Bytes JMP 000903FC .text C:\Windows\system32\ibmpmsvc.exe[824] ntdll.dll!LdrLoadDll 7705223E 5 Bytes JMP 000901F8
.text C:\Windows\system32\ibmpmsvc.exe[824] kernel32.dll!GetBinaryTypeW + 70 76DD69F4 1 Byte [62]
.text C:\Windows\system32\ibmpmsvc.exe[824] USER32.dll!UnhookWindowsHookEx 75CAADF9 5 Bytes JMP 00140A08
.text C:\Windows\system32\ibmpmsvc.exe[824] USER32.dll!UnhookWinEvent 75CAB750 5 Bytes JMP 001403FC
.text C:\Windows\system32\ibmpmsvc.exe[824] USER32.dll!SetWindowsHookExW 75CAE30C 5 Bytes JMP 00140804
.text C:\Windows\system32\ibmpmsvc.exe[824] USER32.dll!SetWinEventHook 75CB24DC 5 Bytes JMP 001401F8
.text C:\Windows\system32\ibmpmsvc.exe[824] USER32.dll!SetWindowsHookExA 75CD6D0C 5 Bytes JMP 00140600
.text C:\Windows\system32\svchost.exe[876] ntdll.dll!LdrUnloadDll 7704C86E 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[876] ntdll.dll!LdrLoadDll 7705223E 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[876] kernel32.dll!GetBinaryTypeW + 70 76DD69F4 1 Byte [62]
.text C:\Windows\System32\svchost.exe[944] ntdll.dll!LdrUnloadDll 7704C86E 5 Bytes JMP 000603FC
.text C:\Windows\System32\svchost.exe[944] ntdll.dll!LdrLoadDll 7705223E 5 Bytes JMP 000601F8
.text C:\Windows\System32\svchost.exe[944] kernel32.dll!GetBinaryTypeW + 70 76DD69F4 1 Byte [62]
.text C:\Windows\System32\svchost.exe[944] USER32.dll!UnhookWindowsHookEx 75CAADF9 5 Bytes JMP 001A0A08
.text C:\Windows\System32\svchost.exe[944] USER32.dll!UnhookWinEvent 75CAB750 5 Bytes JMP 001A03FC
.text C:\Windows\System32\svchost.exe[944] USER32.dll!SetWindowsHookExW 75CAE30C 5 Bytes JMP 001A0804
.text C:\Windows\System32\svchost.exe[944] USER32.dll!SetWinEventHook 75CB24DC 5 Bytes JMP 001A01F8
.text C:\Windows\System32\svchost.exe[944] USER32.dll!SetWindowsHookExA 75CD6D0C 5 Bytes JMP 001A0600
.text C:\Windows\System32\igfxtray.exe[960] ntdll.dll!LdrUnloadDll 7704C86E 5 Bytes JMP 001603FC
.text C:\Windows\System32\igfxtray.exe[960] ntdll.dll!LdrLoadDll 7705223E 5 Bytes JMP 001601F8
.text C:\Windows\System32\igfxtray.exe[960] kernel32.dll!GetBinaryTypeW + 70 76DD69F4 1 Byte [62]
.text C:\Windows\System32\igfxtray.exe[960] USER32.dll!UnhookWindowsHookEx 75CAADF9 5 Bytes JMP 00190A08
.text C:\Windows\System32\igfxtray.exe[960] USER32.dll!UnhookWinEvent 75CAB750 5 Bytes JMP 001903FC
.text C:\Windows\System32\igfxtray.exe[960] USER32.dll!SetWindowsHookExW 75CAE30C 5 Bytes JMP 00190804
.text C:\Windows\System32\igfxtray.exe[960] USER32.dll!SetWinEventHook 75CB24DC 5 Bytes JMP 001901F8
.text C:\Windows\System32\igfxtray.exe[960] USER32.dll!SetWindowsHookExA 75CD6D0C 5 Bytes JMP 00190600
.text C:\Windows\System32\svchost.exe[1016] ntdll.dll!LdrUnloadDll 7704C86E 5 Bytes JMP 000603FC
.text C:\Windows\System32\svchost.exe[1016] ntdll.dll!LdrLoadDll 7705223E 5 Bytes JMP 000601F8
.text C:\Windows\System32\svchost.exe[1016] kernel32.dll!GetBinaryTypeW + 70 76DD69F4 1 Byte [62]
.text C:\Windows\System32\svchost.exe[1016] USER32.dll!UnhookWindowsHookEx 75CAADF9 5 Bytes JMP 009D0A08
.text C:\Windows\System32\svchost.exe[1016] USER32.dll!UnhookWinEvent 75CAB750 5 Bytes JMP 009D03FC
.text C:\Windows\System32\svchost.exe[1016] USER32.dll!SetWindowsHookExW 75CAE30C 5 Bytes JMP 009D0804
.text C:\Windows\System32\svchost.exe[1016] USER32.dll!SetWinEventHook 75CB24DC 5 Bytes JMP 009D01F8
.text C:\Windows\System32\svchost.exe[1016] USER32.dll!SetWindowsHookExA 75CD6D0C 5 Bytes JMP 009D0600
.text C:\Windows\system32\svchost.exe[1052] ntdll.dll!LdrUnloadDll 7704C86E 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[1052] ntdll.dll!LdrLoadDll 7705223E 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[1052] kernel32.dll!GetBinaryTypeW + 70 76DD69F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1052] USER32.dll!UnhookWindowsHookEx 75CAADF9 5 Bytes JMP 01850A08
.text C:\Windows\system32\svchost.exe[1052] USER32.dll!UnhookWinEvent 75CAB750 5 Bytes JMP 018503FC
.text C:\Windows\system32\svchost.exe[1052] USER32.dll!SetWindowsHookExW 75CAE30C 5 Bytes JMP 01850804
.text C:\Windows\system32\svchost.exe[1052] USER32.dll!SetWinEventHook 75CB24DC 5 Bytes JMP 018501F8
.text C:\Windows\system32\svchost.exe[1052] USER32.dll!SetWindowsHookExA 75CD6D0C 5 Bytes JMP 01850600
.text C:\Windows\system32\svchost.exe[1176] ntdll.dll!LdrUnloadDll 7704C86E 5 Bytes JMP 000A03FC
.text C:\Windows\system32\svchost.exe[1176] ntdll.dll!LdrLoadDll 7705223E 5 Bytes JMP 000A01F8
.text C:\Windows\system32\svchost.exe[1176] kernel32.dll!GetBinaryTypeW + 70 76DD69F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1176] USER32.dll!UnhookWindowsHookEx 75CAADF9 5 Bytes JMP 00590A08
.text C:\Windows\system32\svchost.exe[1176] USER32.dll!UnhookWinEvent 75CAB750 5 Bytes JMP 005903FC
.text C:\Windows\system32\svchost.exe[1176] USER32.dll!SetWindowsHookExW 75CAE30C 5 Bytes JMP 00590804
.text C:\Windows\system32\svchost.exe[1176] USER32.dll!SetWinEventHook 75CB24DC 5 Bytes JMP 005901F8
.text C:\Windows\system32\svchost.exe[1176] USER32.dll!SetWindowsHookExA 75CD6D0C 3 Bytes JMP 00590600
.text C:\Windows\system32\svchost.exe[1176] USER32.dll!SetWindowsHookExA + 4 75CD6D10 1 Byte [8A]
.text C:\Windows\Explorer.EXE[1256] ntdll.dll!LdrUnloadDll 7704C86E 5 Bytes JMP 000A03FC
.text C:\Windows\Explorer.EXE[1256] ntdll.dll!LdrLoadDll 7705223E 5 Bytes JMP 000A01F8
.text C:\Windows\Explorer.EXE[1256] kernel32.dll!GetBinaryTypeW + 70 76DD69F4 1 Byte [62]
.text C:\Windows\Explorer.EXE[1256] USER32.dll!UnhookWindowsHookEx 75CAADF9 5 Bytes JMP 00150A08
.text C:\Windows\Explorer.EXE[1256] USER32.dll!UnhookWinEvent 75CAB750 5 Bytes JMP 001503FC
.text C:\Windows\Explorer.EXE[1256] USER32.dll!SetWindowsHookExW 75CAE30C 5 Bytes JMP 00150804
.text C:\Windows\Explorer.EXE[1256] USER32.dll!SetWinEventHook 75CB24DC 5 Bytes JMP 001501F8
.text C:\Windows\Explorer.EXE[1256] USER32.dll!SetWindowsHookExA 75CD6D0C 5 Bytes JMP 00150600
.text C:\Windows\system32\svchost.exe[1296] ntdll.dll!LdrUnloadDll 7704C86E 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[1296] ntdll.dll!LdrLoadDll 7705223E 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[1296] kernel32.dll!GetBinaryTypeW + 70 76DD69F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1296] USER32.dll!UnhookWindowsHookEx 75CAADF9 5 Bytes JMP 00290A08
.text C:\Windows\system32\svchost.exe[1296] USER32.dll!UnhookWinEvent 75CAB750 5 Bytes JMP 002903FC
.text C:\Windows\system32\svchost.exe[1296] USER32.dll!SetWindowsHookExW 75CAE30C 5 Bytes JMP 00290804
.text C:\Windows\system32\svchost.exe[1296] USER32.dll!SetWinEventHook 75CB24DC 5 Bytes JMP 002901F8
.text C:\Windows\system32\svchost.exe[1296] USER32.dll!SetWindowsHookExA 75CD6D0C 5 Bytes JMP 00290600
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1376] kernel32.dll!SetUnhandledExceptionFilter 76DBF4FB 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1376] kernel32.dll!GetBinaryTypeW + 70 76DD69F4 1 Byte [62]
.text C:\Users\Keith Roehner\Desktop\sem25498.exe[1468] ntdll.dll!LdrUnloadDll 7704C86E 5 Bytes JMP 001603FC
.text C:\Users\Keith Roehner\Desktop\sem25498.exe[1468] ntdll.dll!LdrLoadDll 7705223E 5 Bytes JMP 001601F8
.text C:\Users\Keith Roehner\Desktop\sem25498.exe[1468] kernel32.dll!GetBinaryTypeW + 70 76DD69F4 1 Byte [62]
.text C:\Users\Keith Roehner\Desktop\sem25498.exe[1468] USER32.dll!UnhookWindowsHookEx 75CAADF9 5 Bytes JMP 00320A08
.text C:\Users\Keith Roehner\Desktop\sem25498.exe[1468] USER32.dll!UnhookWinEvent 75CAB750 5 Bytes JMP 003203FC
.text C:\Users\Keith Roehner\Desktop\sem25498.exe[1468] USER32.dll!SetWindowsHookExW 75CAE30C 5 Bytes JMP 00320804
.text C:\Users\Keith Roehner\Desktop\sem25498.exe[1468] USER32.dll!SetWinEventHook 75CB24DC 5 Bytes JMP 003201F8
.text C:\Users\Keith Roehner\Desktop\sem25498.exe[1468] USER32.dll!SetWindowsHookExA 75CD6D0C 5 Bytes JMP 00320600
.text C:\Windows\System32\spoolsv.exe[1564] ntdll.dll!LdrUnloadDll 7704C86E 5 Bytes JMP 000603FC
.text C:\Windows\System32\spoolsv.exe[1564] ntdll.dll!LdrLoadDll 7705223E 5 Bytes JMP 000601F8
.text C:\Windows\System32\spoolsv.exe[1564] kernel32.dll!GetBinaryTypeW + 70 76DD69F4 1 Byte [62]
.text C:\Windows\System32\spoolsv.exe[1564] USER32.dll!UnhookWindowsHookEx 75CAADF9 5 Bytes JMP 00090A08
.text C:\Windows\System32\spoolsv.exe[1564] USER32.dll!UnhookWinEvent 75CAB750 5 Bytes JMP 000903FC
.text C:\Windows\System32\spoolsv.exe[1564] USER32.dll!SetWindowsHookExW 75CAE30C 5 Bytes JMP 00090804
.text C:\Windows\System32\spoolsv.exe[1564] USER32.dll!SetWinEventHook 75CB24DC 5 Bytes JMP 000901F8
.text C:\Windows\System32\spoolsv.exe[1564] USER32.dll!SetWindowsHookExA 75CD6D0C 5 Bytes JMP 00090600
.text C:\Windows\system32\AEADISRV.EXE[1920] ntdll.dll!LdrUnloadDll 7704C86E 5 Bytes JMP 001603FC
.text C:\Windows\system32\AEADISRV.EXE[1920] ntdll.dll!LdrLoadDll 7705223E 5 Bytes JMP 001601F8
.text C:\Windows\system32\AEADISRV.EXE[1920] kernel32.dll!GetBinaryTypeW + 70 76DD69F4 1 Byte [62]
.text C:\Windows\system32\AEADISRV.EXE[1920] USER32.dll!UnhookWindowsHookEx 75CAADF9 5 Bytes JMP 00200A08
.text C:\Windows\system32\AEADISRV.EXE[1920] USER32.dll!UnhookWinEvent 75CAB750 5 Bytes JMP 002003FC
.text C:\Windows\system32\AEADISRV.EXE[1920] USER32.dll!SetWindowsHookExW 75CAE30C 5 Bytes JMP 00200804
.text C:\Windows\system32\AEADISRV.EXE[1920] USER32.dll!SetWinEventHook 75CB24DC 5 Bytes JMP 002001F8
.text C:\Windows\system32\AEADISRV.EXE[1920] USER32.dll!SetWindowsHookExA 75CD6D0C 5 Bytes JMP 00200600
.text C:\Windows\system32\svchost.exe[1964] ntdll.dll!LdrUnloadDll 7704C86E 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[1964] ntdll.dll!LdrLoadDll 7705223E 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[1964] kernel32.dll!GetBinaryTypeW + 70 76DD69F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1964] USER32.dll!UnhookWindowsHookEx 75CAADF9 5 Bytes JMP 00180A08
.text C:\Windows\system32\svchost.exe[1964] USER32.dll!UnhookWinEvent 75CAB750 5 Bytes JMP 001803FC
.text C:\Windows\system32\svchost.exe[1964] USER32.dll!SetWindowsHookExW 75CAE30C 5 Bytes JMP 00180804
.text C:\Windows\system32\svchost.exe[1964] USER32.dll!SetWinEventHook 75CB24DC 5 Bytes JMP 001801F8
.text C:\Windows\system32\svchost.exe[1964] USER32.dll!SetWindowsHookExA 75CD6D0C 5 Bytes JMP 00180600
.text C:\Windows\system32\SearchIndexer.exe[2004] ntdll.dll!LdrUnloadDll 7704C86E 5 Bytes JMP 000603FC
.text C:\Windows\system32\SearchIndexer.exe[2004] ntdll.dll!LdrLoadDll 7705223E 5 Bytes JMP 000601F8
.text C:\Windows\system32\SearchIndexer.exe[2004] kernel32.dll!GetBinaryTypeW + 70 76DD69F4 1 Byte [62]
.text C:\Windows\system32\SearchIndexer.exe[2004] USER32.dll!UnhookWindowsHookEx 75CAADF9 5 Bytes JMP 00100A08
.text C:\Windows\system32\SearchIndexer.exe[2004] USER32.dll!UnhookWinEvent 75CAB750 5 Bytes JMP 001003FC
.text C:\Windows\system32\SearchIndexer.exe[2004] USER32.dll!SetWindowsHookExW 75CAE30C 5 Bytes JMP 00100804
.text C:\Windows\system32\SearchIndexer.exe[2004] USER32.dll!SetWinEventHook 75CB24DC 5 Bytes JMP 001001F8
.text C:\Windows\system32\SearchIndexer.exe[2004] USER32.dll!SetWindowsHookExA 75CD6D0C 5 Bytes JMP 00100600
.text C:\Program Files\DDNI\SBITS\DDNIOEMService.exe[2068] ntdll.dll!LdrUnloadDll 7704C86E 5 Bytes JMP 001603FC
.text C:\Program Files\DDNI\SBITS\DDNIOEMService.exe[2068] ntdll.dll!LdrLoadDll 7705223E 5 Bytes JMP 001601F8
.text C:\Program Files\DDNI\SBITS\DDNIOEMService.exe[2068] kernel32.dll!GetBinaryTypeW + 70 76DD69F4 1 Byte [62]
.text C:\Program Files\DDNI\SBITS\DDNIOEMService.exe[2068] USER32.dll!UnhookWindowsHookEx 75CAADF9 5 Bytes JMP 00200A08
.text C:\Program Files\DDNI\SBITS\DDNIOEMService.exe[2068] USER32.dll!UnhookWinEvent 75CAB750 5 Bytes JMP 002003FC
.text C:\Program Files\DDNI\SBITS\DDNIOEMService.exe[2068] USER32.dll!SetWindowsHookExW 75CAE30C 5 Bytes JMP 00200804
.text C:\Program Files\DDNI\SBITS\DDNIOEMService.exe[2068] USER32.dll!SetWinEventHook 75CB24DC 5 Bytes JMP 002001F8
.text C:\Program Files\DDNI\SBITS\DDNIOEMService.exe[2068] USER32.dll!SetWindowsHookExA 75CD6D0C 5 Bytes JMP 00200600
.text C:\Windows\system32\svchost.exe[2116] ntdll.dll!LdrUnloadDll 7704C86E 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[2116] ntdll.dll!LdrLoadDll 7705223E 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[2116] kernel32.dll!GetBinaryTypeW + 70 76DD69F4 1 Byte [62]
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[2152] KERNEL32.dll!GetBinaryTypeW + 70 76DD69F4 1 Byte [62]
.text C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe[2372] ntdll.dll!LdrUnloadDll 7704C86E 5 Bytes JMP 001603FC
.text C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe[2372] ntdll.dll!LdrLoadDll 7705223E 5 Bytes JMP 001601F8
.text C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe[2372] kernel32.dll!GetBinaryTypeW + 70 76DD69F4 1 Byte [62]
.text C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe[2372] USER32.dll!UnhookWindowsHookEx 75CAADF9 5 Bytes JMP 00200A08
.text C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe[2372] USER32.dll!UnhookWinEvent 75CAB750 5 Bytes JMP 002003FC
.text C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe[2372] USER32.dll!SetWindowsHookExW 75CAE30C 5 Bytes JMP 00200804
.text C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe[2372] USER32.dll!SetWinEventHook 75CB24DC 5 Bytes JMP 002001F8
.text C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe[2372] USER32.dll!SetWindowsHookExA 75CD6D0C 5 Bytes JMP 00200600
.text C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe[2408] ntdll.dll!LdrUnloadDll 7704C86E 5 Bytes JMP 000C03FC
.text C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe[2408] ntdll.dll!LdrLoadDll 7705223E 5 Bytes JMP 000C01F8
.text C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe[2408] kernel32.dll!GetBinaryTypeW + 70 76DD69F4 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2424] ntdll.dll!LdrUnloadDll 7704C86E 5 Bytes JMP 001703FC
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2424] ntdll.dll!LdrLoadDll 7705223E 5 Bytes JMP 001701F8
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2424] kernel32.dll!GetBinaryTypeW + 70 76DD69F4 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2424] USER32.dll!UnhookWindowsHookEx 75CAADF9 5 Bytes JMP 00210A08
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2424] USER32.dll!UnhookWinEvent 75CAB750 5 Bytes JMP 002103FC
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2424] USER32.dll!SetWindowsHookExW 75CAE30C 5 Bytes JMP 00210804
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2424] USER32.dll!SetWinEventHook 75CB24DC 5 Bytes JMP 002101F8
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2424] USER32.dll!SetWindowsHookExA 75CD6D0C 5 Bytes JMP 00210600
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[2448] ntdll.dll!LdrUnloadDll 7704C86E 5 Bytes JMP 000603FC
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[2448] ntdll.dll!LdrLoadDll 7705223E 5 Bytes JMP 000601F8
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[2448] kernel32.dll!GetBinaryTypeW + 70 76DD69F4 1 Byte [62]
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[2448] USER32.dll!UnhookWindowsHookEx 75CAADF9 5 Bytes JMP 00300A08
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[2448] USER32.dll!UnhookWinEvent 75CAB750 5 Bytes JMP 003003FC
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[2448] USER32.dll!SetWindowsHookExW 75CAE30C 5 Bytes JMP 00300804
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[2448] USER32.dll!SetWinEventHook 75CB24DC 5 Bytes JMP 003001F8
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[2448] USER32.dll!SetWindowsHookExA 75CD6D0C 5 Bytes JMP 00300600
.text C:\Program Files\Lenovo\TrackPoint\tp4serv.exe[2472] ntdll.dll!LdrUnloadDll 7704C86E 5 Bytes JMP 000A03FC .text C:\Program Files\Lenovo\TrackPoint\tp4serv.exe[2472] ntdll.dll!LdrLoadDll 7705223E 5 Bytes JMP 000A01F8
.text C:\Program Files\Lenovo\TrackPoint\tp4serv.exe[2472] kernel32.dll!GetBinaryTypeW + 70 76DD69F4 1 Byte [62]
.text C:\Program Files\Lenovo\TrackPoint\tp4serv.exe[2472] USER32.dll!UnhookWindowsHookEx 75CAADF9 5 Bytes JMP 00140A08
.text C:\Program Files\Lenovo\TrackPoint\tp4serv.exe[2472] USER32.dll!UnhookWinEvent 75CAB750 5 Bytes JMP 001403FC
.text C:\Program Files\Lenovo\TrackPoint\tp4serv.exe[2472] USER32.dll!SetWindowsHookExW 75CAE30C 5 Bytes JMP 00140804
.text C:\Program Files\Lenovo\TrackPoint\tp4serv.exe[2472] USER32.dll!SetWinEventHook 75CB24DC 5 Bytes JMP 001401F8
.text C:\Program Files\Lenovo\TrackPoint\tp4serv.exe[2472] USER32.dll!SetWindowsHookExA 75CD6D0C 5 Bytes JMP 00140600
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2476] ntdll.dll!LdrUnloadDll 7704C86E 5 Bytes JMP 000603FC
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2476] ntdll.dll!LdrLoadDll 7705223E 5 Bytes JMP 000601F8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2476] kernel32.dll!GetBinaryTypeW + 70 76DD69F4 1 Byte [62]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2476] USER32.dll!UnhookWindowsHookEx 75CAADF9 5 Bytes JMP 00120A08
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2476] USER32.dll!UnhookWinEvent 75CAB750 5 Bytes JMP 001203FC
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2476] USER32.dll!SetWindowsHookExW 75CAE30C 5 Bytes JMP 00120804
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2476] USER32.dll!SetWinEventHook 75CB24DC 5 Bytes JMP 001201F8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2476] USER32.dll!SetWindowsHookExA 75CD6D0C 5 Bytes JMP 00120600
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[2488] ntdll.dll!LdrUnloadDll 7704C86E 5 Bytes JMP 000603FC
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[2488] ntdll.dll!LdrLoadDll 7705223E 5 Bytes JMP 000601F8
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[2488] kernel32.dll!GetBinaryTypeW + 70 76DD69F4 1 Byte [62]
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[2488] USER32.dll!UnhookWindowsHookEx 75CAADF9 5 Bytes JMP 001F0A08
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[2488] USER32.dll!UnhookWinEvent 75CAB750 5 Bytes JMP 001F03FC
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[2488] USER32.dll!SetWindowsHookExW 75CAE30C 5 Bytes JMP 001F0804
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[2488] USER32.dll!SetWinEventHook 75CB24DC 5 Bytes JMP 001F01F8
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[2488] USER32.dll!SetWindowsHookExA 75CD6D0C 5 Bytes JMP 001F0600
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2560] ntdll.dll!LdrUnloadDll 7704C86E 5 Bytes JMP 001503FC
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2560] ntdll.dll!LdrLoadDll 7705223E 5 Bytes JMP 001501F8
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2560] kernel32.dll!GetBinaryTypeW + 70 76DD69F4 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2560] USER32.dll!UnhookWindowsHookEx 75CAADF9 5 Bytes JMP 00190A08
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2560] USER32.dll!UnhookWinEvent 75CAB750 5 Bytes JMP 001903FC
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2560] USER32.dll!SetWindowsHookExW 75CAE30C 5 Bytes JMP 00190804
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2560] USER32.dll!SetWinEventHook 75CB24DC 5 Bytes JMP 001901F8
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2560] USER32.dll!SetWindowsHookExA 75CD6D0C 5 Bytes JMP 00190600
.text C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE[2592] ntdll.dll!LdrUnloadDll 7704C86E 5 Bytes JMP 000A03FC
.text C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE[2592] ntdll.dll!LdrLoadDll 7705223E 5 Bytes JMP 000A01F8
.text C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE[2592] kernel32.dll!GetBinaryTypeW + 70 76DD69F4 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE[2592] USER32.dll!UnhookWindowsHookEx 75CAADF9 5 Bytes JMP 00250A08
.text C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE[2592] USER32.dll!UnhookWinEvent 75CAB750 5 Bytes JMP 002503FC
.text C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE[2592] USER32.dll!SetWindowsHookExW 75CAE30C 5 Bytes JMP 00250804
.text C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE[2592] USER32.dll!SetWinEventHook 75CB24DC 5 Bytes JMP 002501F8
.text C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE[2592] USER32.dll!SetWindowsHookExA 75CD6D0C 5 Bytes JMP 00250600
.text C:\Windows\System32\svchost.exe[2632] ntdll.dll!LdrUnloadDll 7704C86E 5 Bytes JMP 000603FC
.text C:\Windows\System32\svchost.exe[2632] ntdll.dll!LdrLoadDll 7705223E 5 Bytes JMP 000601F8
.text C:\Windows\System32\svchost.exe[2632] kernel32.dll!GetBinaryTypeW + 70 76DD69F4 1 Byte [62]
.text C:\Windows\System32\svchost.exe[2676] ntdll.dll!LdrUnloadDll 7704C86E 5 Bytes JMP 000603FC
.text C:\Windows\System32\svchost.exe[2676] ntdll.dll!LdrLoadDll 7705223E 5 Bytes JMP 000601F8
.text C:\Windows\System32\svchost.exe[2676] kernel32.dll!GetBinaryTypeW + 70 76DD69F4 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSvcm.exe[2828] ntdll.dll!LdrUnloadDll 7704C86E 5 Bytes JMP 000603FC
.text C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSvcm.exe[2828] ntdll.dll!LdrLoadDll 7705223E 5 Bytes JMP 000601F8
.text C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSvcm.exe[2828] kernel32.dll!GetBinaryTypeW + 70 76DD69F4 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSvcm.exe[2828] USER32.dll!UnhookWindowsHookEx 75CAADF9 5 Bytes JMP 00100A08
.text C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSvcm.exe[2828] USER32.dll!UnhookWinEvent 75CAB750 5 Bytes JMP 001003FC
.text C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSvcm.exe[2828] USER32.dll!SetWindowsHookExW 75CAE30C 5 Bytes JMP 00100804
.text C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSvcm.exe[2828] USER32.dll!SetWinEventHook 75CB24DC 5 Bytes JMP 001001F8
.text C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSvcm.exe[2828] USER32.dll!SetWindowsHookExA 75CD6D0C 5 Bytes JMP 00100600
.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[2836] ntdll.dll!LdrUnloadDll 7704C86E 5 Bytes JMP 000703FC
.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[2836] ntdll.dll!LdrLoadDll 7705223E 5 Bytes JMP 000701F8
.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[2836] kernel32.dll!GetBinaryTypeW + 70 76DD69F4 1 Byte [62]
.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[2836] USER32.dll!UnhookWindowsHookEx 75CAADF9 5 Bytes JMP 00130A08
.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[2836] USER32.dll!UnhookWinEvent 75CAB750 5 Bytes JMP 001303FC
.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[2836] USER32.dll!SetWindowsHookExW 75CAE30C 5 Bytes JMP 00130804
.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[2836] USER32.dll!SetWinEventHook 75CB24DC 5 Bytes JMP 001301F8
.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[2836] USER32.dll!SetWindowsHookExA 75CD6D0C 5 Bytes JMP 00130600
.text C:\Windows\System32\svchost.exe[2848] ntdll.dll!LdrUnloadDll 7704C86E 5 Bytes JMP 000603FC
.text C:\Windows\System32\svchost.exe[2848] ntdll.dll!LdrLoadDll 7705223E 5 Bytes JMP 000601F8
.text C:\Windows\System32\svchost.exe[2848] kernel32.dll!GetBinaryTypeW + 70 76DD69F4 1 Byte [62]
.text C:\Windows\System32\svchost.exe[2848] USER32.dll!UnhookWindowsHookEx 75CAADF9 5 Bytes JMP 00180A08
.text C:\Windows\System32\svchost.exe[2848] USER32.dll!UnhookWinEvent 75CAB750 5 Bytes JMP 001803FC
.text C:\Windows\System32\svchost.exe[2848] USER32.dll!SetWindowsHookExW 75CAE30C 5 Bytes JMP 00180804
.text C:\Windows\System32\svchost.exe[2848] USER32.dll!SetWinEventHook 75CB24DC 5 Bytes JMP 001801F8
.text C:\Windows\System32\svchost.exe[2848] USER32.dll!SetWindowsHookExA 75CD6D0C 5 Bytes JMP 00180600
.text C:\Windows\System32\igfxpers.exe[2884] ntdll.dll!LdrUnloadDll 7704C86E 5 Bytes JMP 001603FC
.text C:\Windows\System32\igfxpers.exe[2884] ntdll.dll!LdrLoadDll 7705223E 5 Bytes JMP 001601F8
.text C:\Windows\System32\igfxpers.exe[2884] kernel32.dll!GetBinaryTypeW + 70 76DD69F4 1 Byte [62]
.text C:\Windows\System32\igfxpers.exe[2884] USER32.dll!UnhookWindowsHookEx 75CAADF9 5 Bytes JMP 00190A08
.text C:\Windows\System32\igfxpers.exe[2884] USER32.dll!UnhookWinEvent 75CAB750 5 Bytes JMP 001903FC .text C:\Windows\System32\igfxpers.exe[2884] USER32.dll!SetWindowsHookExW 75CAE30C 5 Bytes JMP 00190804
.text C:\Windows\System32\igfxpers.exe[2884] USER32.dll!SetWinEventHook 75CB24DC 5 Bytes JMP 001901F8
.text C:\Windows\System32\igfxpers.exe[2884] USER32.dll!SetWindowsHookExA 75CD6D0C 5 Bytes JMP 00190600
.text C:\Program Files\Internet Explorer\iexplore.exe[2936] ntdll.dll!LdrUnloadDll 7704C86E 5 Bytes JMP 000503FC
.text C:\Program Files\Internet Explorer\iexplore.exe[2936] ntdll.dll!LdrLoadDll 7705223E 5 Bytes JMP 000501F8
.text C:\Program Files\Internet Explorer\iexplore.exe[2936] kernel32.dll!CreateThread 76DBDCC2 5 Bytes JMP 6AD772FB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2936] kernel32.dll!GetBinaryTypeW + 70 76DD69F4 1 Byte [62]
.text C:\Program Files\Internet Explorer\iexplore.exe[2936] USER32.dll!EnableWindow 75CA8D02 5 Bytes JMP 6ADB9A14 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2936] USER32.dll!GetAsyncKeyState 75CAA256 5 Bytes JMP 6AD5DD9D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2936] USER32.dll!CallNextHookEx 75CAABE1 5 Bytes JMP 6ADD7BB7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2936] USER32.dll!UnhookWindowsHookEx 75CAADF9 5 Bytes JMP 6ADFEB10 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2936] USER32.dll!UnhookWinEvent 75CAB750 5 Bytes JMP 000803FC
.text C:\Program Files\Internet Explorer\iexplore.exe[2936] USER32.dll!DefWindowProcA 75CABB1C 7 Bytes JMP 6AD79525 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2936] USER32.dll!CreateWindowExA 75CABF40 5 Bytes JMP 6AD8335B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2936] USER32.dll!SetWindowsHookExW 75CAE30C 5 Bytes JMP 6ADB2194 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2936] USER32.dll!CreateWindowExW 75CAEC7C 5 Bytes JMP 6ADDFF8F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2936] USER32.dll!SetWinEventHook 75CB24DC 5 Bytes JMP 000801F8
.text C:\Program Files\Internet Explorer\iexplore.exe[2936] USER32.dll!GetKeyState 75CB2B4D 5 Bytes JMP 6AD5DC73 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2936] USER32.dll!IsDialogMessageW 75CB4104 5 Bytes JMP 6AF06EDD C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2936] USER32.dll!DefWindowProcW 75CB507D 7 Bytes JMP 6ADD7C1A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2936] USER32.dll!CreateDialogParamA 75CC1F42 5 Bytes JMP 6AF06740 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2936] USER32.dll!IsDialogMessage 75CC2019 5 Bytes JMP 6AF06EB5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2936] USER32.dll!DialogBoxParamW 75CC3B9B 5 Bytes JMP 6AD1170B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2936] USER32.dll!CreateDialogIndirectParamA 75CC721D 5 Bytes JMP 6AF067B0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2936] USER32.dll!CreateDialogIndirectParamW 75CCEA10 5 Bytes JMP 6AF067E8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2936] USER32.dll!DialogBoxIndirectParamW 75CD3B7F 5 Bytes JMP 6AF0640E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2936] USER32.dll!EndDialog 75CD3BA3 5 Bytes JMP 6AF07189 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2936] USER32.dll!CreateDialogParamW 75CD5630 5 Bytes JMP 6AF06778 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2936] USER32.dll!SetKeyboardState 75CD695A 5 Bytes JMP 6AF077A5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2936] USER32.dll!SetWindowsHookExA 75CD6D0C 5 Bytes JMP 00080600
.text C:\Program Files\Internet Explorer\iexplore.exe[2936] USER32.dll!SendInput 75CD7019 5 Bytes JMP 6AF0774D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2936] USER32.dll!SetCursorPos 75CEC1B0 5 Bytes JMP 6AF07826 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2936] USER32.dll!DialogBoxParamA 75CECF42 5 Bytes JMP 6AF063A9 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2936] USER32.dll!DialogBoxIndirectParamA 75CED274 5 Bytes JMP 6AF06473 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2936] USER32.dll!MessageBoxIndirectA 75CFE869 5 Bytes JMP 6AF06330 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2936] USER32.dll!MessageBoxIndirectW 75CFE963 5 Bytes JMP 6AF062B7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2936] USER32.dll!MessageBoxExA 75CFE9C9 5 Bytes JMP 6AF06253 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2936] USER32.dll!MessageBoxExW 75CFE9ED 5 Bytes JMP 6AF061EF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2936] USER32.dll!keybd_event 75CFEC3B 5 Bytes JMP 6AF0770A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2936] SHELL32.dll!RealDriveType + 173D 75E6FDD0 4 Bytes [CF, 01, C2, 66]
.text C:\Program Files\Internet Explorer\iexplore.exe[2936] SHELL32.dll!RealDriveType + 1745 75E6FDD8 8 Bytes [E0, 61, C1, 66, 79, F7, C1, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[2936] ole32.dll!OleLoadFromStream 76AB6143 5 Bytes JMP 6AF06BE7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Windows\System32\rundll32.exe[2960] ntdll.dll!LdrUnloadDll 7704C86E 5 Bytes JMP 000703FC
.text C:\Windows\System32\rundll32.exe[2960] ntdll.dll!LdrLoadDll 7705223E 5 Bytes JMP 000701F8
.text C:\Windows\System32\rundll32.exe[2960] kernel32.dll!GetBinaryTypeW + 70 76DD69F4 1 Byte [62]
.text C:\Windows\System32\rundll32.exe[2960] USER32.dll!UnhookWindowsHookEx 75CAADF9 5 Bytes JMP 00090A08
.text C:\Windows\System32\rundll32.exe[2960] USER32.dll!UnhookWinEvent 75CAB750 5 Bytes JMP 000903FC
.text C:\Windows\System32\rundll32.exe[2960] USER32.dll!SetWindowsHookExW 75CAE30C 5 Bytes JMP 00090804
.text C:\Windows\System32\rundll32.exe[2960] USER32.dll!SetWinEventHook 75CB24DC 5 Bytes JMP 000901F8
.text C:\Windows\System32\rundll32.exe[2960] USER32.dll!SetWindowsHookExA 75CD6D0C 5 Bytes JMP 00090600
.text C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe[3004] ntdll.dll!LdrUnloadDll 7704C86E 5 Bytes JMP 001503FC
.text C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe[3004] ntdll.dll!LdrLoadDll 7705223E 5 Bytes JMP 001501F8
.text C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe[3004] kernel32.dll!GetBinaryTypeW + 70 76DD69F4 1 Byte [62]
.text C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe[3004] USER32.dll!UnhookWindowsHookEx 75CAADF9 5 Bytes JMP 00170A08
.text C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe[3004] USER32.dll!UnhookWinEvent 75CAB750 5 Bytes JMP 001703FC
.text C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe[3004] USER32.dll!SetWindowsHookExW 75CAE30C 5 Bytes JMP 00170804
.text C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe[3004] USER32.dll!SetWinEventHook 75CB24DC 5 Bytes JMP 001701F8
.text C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe[3004] USER32.dll!SetWindowsHookExA 75CD6D0C 5 Bytes JMP 00170600
.text C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe[3032] ntdll.dll!LdrUnloadDll 7704C86E 5 Bytes JMP 001503FC
.text C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe[3032] ntdll.dll!LdrLoadDll 7705223E 5 Bytes JMP 001501F8
.text C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe[3032] kernel32.dll!GetBinaryTypeW + 70 76DD69F4 1 Byte [62]
.text C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe[3032] USER32.dll!UnhookWindowsHookEx 75CAADF9 5 Bytes JMP 001F0A08
.text C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe[3032] USER32.dll!UnhookWinEvent 75CAB750 5 Bytes JMP 001F03FC
.text C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe[3032] USER32.dll!SetWindowsHookExW 75CAE30C 5 Bytes JMP 001F0804
.text C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe[3032] USER32.dll!SetWinEventHook 75CB24DC 5 Bytes JMP 001F01F8
.text C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe[3032] USER32.dll!SetWindowsHookExA 75CD6D0C 5 Bytes JMP 001F0600
.text C:\Windows\system32\AUDIODG.EXE[3036] kernel32.dll!GetBinaryTypeW + 70 76DD69F4 1 Byte [62]
.text C:\Program Files\VERIZONDM\bin\sprtsvc.exe[3072] ntdll.dll!LdrUnloadDll 7704C86E 5 Bytes JMP 001603FC
.text C:\Program Files\VERIZONDM\bin\sprtsvc.exe[3072] ntdll.dll!LdrLoadDll 7705223E 5 Bytes JMP 001601F8
.text C:\Program Files\VERIZONDM\bin\sprtsvc.exe[3072] kernel32.dll!GetBinaryTypeW + 70 76DD69F4 1 Byte [62]
.text C:\Program Files\VERIZONDM\bin\sprtsvc.exe[3072] USER32.dll!UnhookWindowsHookEx 75CAADF9 5 Bytes JMP 001F0A08
.text C:\Program Files\VERIZONDM\bin\sprtsvc.exe[3072] USER32.dll!UnhookWinEvent 75CAB750 5 Bytes JMP 001F03FC
.text C:\Program Files\VERIZONDM\bin\sprtsvc.exe[3072] USER32.dll!SetWindowsHookExW 75CAE30C 5 Bytes JMP 001F0804
.text C:\Program Files\VERIZONDM\bin\sprtsvc.exe[3072] USER32.dll!SetWinEventHook 75CB24DC 5 Bytes JMP 001F01F8
.text C:\Program Files\VERIZONDM\bin\sprtsvc.exe[3072] USER32.dll!SetWindowsHookExA 75CD6D0C 5 Bytes JMP 001F0600
.text C:\Windows\system32\svchost.exe[3104] ntdll.dll!LdrUnloadDll 7704C86E 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[3104] ntdll.dll!LdrLoadDll 7705223E 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[3104] kernel32.dll!GetBinaryTypeW + 70 76DD69F4 1 Byte [62]
.text C:\Program Files\VERIZONDM\bin\tgsrvc.exe[3212] ntdll.dll!LdrUnloadDll 7704C86E 5 Bytes JMP 001603FC
.text C:\Program Files\VERIZONDM\bin\tgsrvc.exe[3212] ntdll.dll!LdrLoadDll 7705223E 5 Bytes JMP 001601F8
.text C:\Program Files\VERIZONDM\bin\tgsrvc.exe[3212] kernel32.dll!GetBinaryTypeW + 70 76DD69F4 1 Byte [62]
.text C:\Program Files\VERIZONDM\bin\tgsrvc.exe[3212] USER32.dll!UnhookWindowsHookEx 75CAADF9 5 Bytes JMP 00210A08
.text C:\Program Files\VERIZONDM\bin\tgsrvc.exe[3212] USER32.dll!UnhookWinEvent 75CAB750 5 Bytes JMP 002103FC
.text C:\Program Files\VERIZONDM\bin\tgsrvc.exe[3212] USER32.dll!SetWindowsHookExW 75CAE30C 5 Bytes JMP 00210804
.text C:\Program Files\VERIZONDM\bin\tgsrvc.exe[3212] USER32.dll!SetWinEventHook 75CB24DC 5 Bytes JMP 002101F8
.text C:\Program Files\VERIZONDM\bin\tgsrvc.exe[3212] USER32.dll!SetWindowsHookExA 75CD6D0C 5 Bytes JMP 00210600
.text C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE[3232] ntdll.dll!LdrUnloadDll 7704C86E 5 Bytes JMP 001603FC
.text C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE[3232] ntdll.dll!LdrLoadDll 7705223E 5 Bytes JMP 001601F8
.text C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE[3232] kernel32.dll!GetBinaryTypeW + 70 76DD69F4 1 Byte [62]
.text C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE[3232] USER32.dll!UnhookWindowsHookEx 75CAADF9 5 Bytes JMP 001F0A08
.text C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE[3232] USER32.dll!UnhookWinEvent 75CAB750 5 Bytes JMP 001F03FC
.text C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE[3232] USER32.dll!SetWindowsHookExW 75CAE30C 5 Bytes JMP 001F0804
.text C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE[3232] USER32.dll!SetWinEventHook 75CB24DC 5 Bytes JMP 001F01F8
.text C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE[3232] USER32.dll!SetWindowsHookExA 75CD6D0C 5 Bytes JMP 001F0600
.text C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe[3252] ntdll.dll!LdrUnloadDll 7704C86E 5 Bytes JMP 001503FC
.text C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe[3252] ntdll.dll!LdrLoadDll 7705223E 5 Bytes JMP 001501F8
.text C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe[3252] kernel32.dll!GetBinaryTypeW + 70 76DD69F4 1 Byte [62]
.text C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe[3252] USER32.dll!UnhookWindowsHookEx 75CAADF9 5 Bytes JMP 002F0A08
.text C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe[3252] USER32.dll!UnhookWinEvent 75CAB750 5 Bytes JMP 002F03FC .text C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe[3252] USER32.dll!SetWindowsHookExW 75CAE30C 5 Bytes JMP 002F0804
.text C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe[3252] USER32.dll!SetWinEventHook 75CB24DC 5 Bytes JMP 002F01F8
.text C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe[3252] USER32.dll!SetWindowsHookExA 75CD6D0C 5 Bytes JMP 002F0600
.text C:\Program Files\Lenovo\Zoom\TpScrex.exe[3304] ntdll.dll!LdrUnloadDll 7704C86E 5 Bytes JMP 001503FC
.text C:\Program Files\Lenovo\Zoom\TpScrex.exe[3304] ntdll.dll!LdrLoadDll 7705223E 5 Bytes JMP 001501F8
.text C:\Program Files\Lenovo\Zoom\TpScrex.exe[3304] kernel32.dll!GetBinaryTypeW + 70 76DD69F4 1 Byte [62]
.text C:\Program Files\Lenovo\Zoom\TpScrex.exe[3304] USER32.dll!UnhookWindowsHookEx 75CAADF9 5 Bytes JMP 001F0A08
.text C:\Program Files\Lenovo\Zoom\TpScrex.exe[3304] USER32.dll!UnhookWinEvent 75CAB750 5 Bytes JMP 001F03FC
.text C:\Program Files\Lenovo\Zoom\TpScrex.exe[3304] USER32.dll!SetWindowsHookExW 75CAE30C 5 Bytes JMP 001F0804
.text C:\Program Files\Lenovo\Zoom\TpScrex.exe[3304] USER32.dll!SetWinEventHook 75CB24DC 5 Bytes JMP 001F01F8
.text C:\Program Files\Lenovo\Zoom\TpScrex.exe[3304] USER32.dll!SetWindowsHookExA 75CD6D0C 5 Bytes JMP 001F0600
.text C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe[3324] ntdll.dll!LdrUnloadDll 7704C86E 5 Bytes JMP 001503FC
.text C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe[3324] ntdll.dll!LdrLoadDll 7705223E 5 Bytes JMP 001501F8
.text C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe[3324] kernel32.dll!GetBinaryTypeW + 70 76DD69F4 1 Byte [62]
.text C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe[3324] USER32.dll!UnhookWindowsHookEx 75CAADF9 5 Bytes JMP 001F0A08
.text C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe[3324] USER32.dll!UnhookWinEvent 75CAB750 5 Bytes JMP 001F03FC
.text C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe[3324] USER32.dll!SetWindowsHookExW 75CAE30C 5 Bytes JMP 001F0804
.text C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe[3324] USER32.dll!SetWinEventHook 75CB24DC 5 Bytes JMP 001F01F8
.text C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe[3324] USER32.dll!SetWindowsHookExA 75CD6D0C 5 Bytes JMP 001F0600
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[3356] kernel32.dll!GetBinaryTypeW + 70 76DD69F4 1 Byte [62]
.text C:\Program Files\Ask.com\Updater\Updater.exe[3408] ntdll.dll!LdrUnloadDll 7704C86E 5 Bytes JMP 000703FC
.text C:\Program Files\Ask.com\Updater\Updater.exe[3408] ntdll.dll!LdrLoadDll 7705223E 5 Bytes JMP 000701F8
.text C:\Program Files\Ask.com\Updater\Updater.exe[3408] kernel32.dll!GetBinaryTypeW + 70 76DD69F4 1 Byte [62]
.text C:\Program Files\Ask.com\Updater\Updater.exe[3408] USER32.dll!UnhookWindowsHookEx 75CAADF9 5 Bytes JMP 00100A08
.text C:\Program Files\Ask.com\Updater\Updater.exe[3408] USER32.dll!UnhookWinEvent 75CAB750 5 Bytes JMP 001003FC
.text C:\Program Files\Ask.com\Updater\Updater.exe[3408] USER32.dll!SetWindowsHookExW 75CAE30C 5 Bytes JMP 00100804
.text C:\Program Files\Ask.com\Updater\Updater.exe[3408] USER32.dll!SetWinEventHook 75CB24DC 5 Bytes JMP 001001F8
.text C:\Program Files\Ask.com\Updater\Updater.exe[3408] USER32.dll!SetWindowsHookExA 75CD6D0C 5 Bytes JMP 00100600
.text C:\Windows\system32\DRIVERS\xaudio.exe[3524] ntdll.dll!LdrUnloadDll 7704C86E 5 Bytes JMP 001503FC
.text C:\Windows\system32\DRIVERS\xaudio.exe[3524] ntdll.dll!LdrLoadDll 7705223E 5 Bytes JMP 001501F8
.text C:\Windows\system32\DRIVERS\xaudio.exe[3524] kernel32.dll!GetBinaryTypeW + 70 76DD69F4 1 Byte [62]
.text C:\Windows\system32\DRIVERS\xaudio.exe[3524] USER32.dll!UnhookWindowsHookEx 75CAADF9 5 Bytes JMP 001F0A08
.text C:\Windows\system32\DRIVERS\xaudio.exe[3524] USER32.dll!UnhookWinEvent 75CAB750 5 Bytes JMP 001F03FC
.text C:\Windows\system32\DRIVERS\xaudio.exe[3524] USER32.dll!SetWindowsHookExW 75CAE30C 5 Bytes JMP 001F0804
.text C:\Windows\system32\DRIVERS\xaudio.exe[3524] USER32.dll!SetWinEventHook 75CB24DC 5 Bytes JMP 001F01F8
.text C:\Windows\system32\DRIVERS\xaudio.exe[3524] USER32.dll!SetWindowsHookExA 75CD6D0C 5 Bytes JMP 001F0600
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[3580] ntdll.dll!LdrUnloadDll 7704C86E 5 Bytes JMP 001603FC
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[3580] ntdll.dll!LdrLoadDll 7705223E 5 Bytes JMP 001601F8
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[3580] kernel32.dll!GetBinaryTypeW + 70 76DD69F4 1 Byte [62]
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[3580] USER32.dll!UnhookWindowsHookEx 75CAADF9 5 Bytes JMP 00300A08
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[3580] USER32.dll!UnhookWinEvent 75CAB750 5 Bytes JMP 003003FC
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[3580] USER32.dll!SetWindowsHookExW 75CAE30C 5 Bytes JMP 00300804
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[3580] USER32.dll!SetWinEventHook 75CB24DC 5 Bytes JMP 003001F8
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[3580] USER32.dll!SetWindowsHookExA 75CD6D0C 5 Bytes JMP 00300600
.text C:\Windows\system32\svchost.exe[3712] ntdll.dll!LdrUnloadDll 7704C86E 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[3712] ntdll.dll!LdrLoadDll 7705223E 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[3712] kernel32.dll!GetBinaryTypeW + 70 76DD69F4 1 Byte [62]
.text C:\Program Files\VERIZONDM\bin\sprtcmd.exe[4016] kernel32.dll!GetBinaryTypeW + 70 76DD69F4 1 Byte [62]
.text C:\Windows\system32\igfxsrvc.exe[4048] ntdll.dll!LdrUnloadDll 7704C86E 5 Bytes JMP 001603FC
.text C:\Windows\system32\igfxsrvc.exe[4048] ntdll.dll!LdrLoadDll 7705223E 5 Bytes JMP 001601F8
.text C:\Windows\system32\igfxsrvc.exe[4048] kernel32.dll!GetBinaryTypeW + 70 76DD69F4 1 Byte [62]
.text C:\Windows\system32\igfxsrvc.exe[4048] USER32.dll!UnhookWindowsHookEx 75CAADF9 5 Bytes JMP 00200A08
.text C:\Windows\system32\igfxsrvc.exe[4048] USER32.dll!UnhookWinEvent 75CAB750 5 Bytes JMP 002003FC
.text C:\Windows\system32\igfxsrvc.exe[4048] USER32.dll!SetWindowsHookExW 75CAE30C 5 Bytes JMP 00200804
.text C:\Windows\system32\igfxsrvc.exe[4048] USER32.dll!SetWinEventHook 75CB24DC 5 Bytes JMP 002001F8
.text C:\Windows\system32\igfxsrvc.exe[4048] USER32.dll!SetWindowsHookExA 75CD6D0C 5 Bytes JMP 00200600
.text C:\Windows\System32\hkcmd.exe[4064] ntdll.dll!LdrUnloadDll 7704C86E 5 Bytes JMP 001603FC
.text C:\Windows\System32\hkcmd.exe[4064] ntdll.dll!LdrLoadDll 7705223E 5 Bytes JMP 001601F8
.text C:\Windows\System32\hkcmd.exe[4064] kernel32.dll!GetBinaryTypeW + 70 76DD69F4 1 Byte [62]
.text C:\Windows\System32\hkcmd.exe[4064] USER32.dll!UnhookWindowsHookEx 75CAADF9 5 Bytes JMP 00190A08
.text C:\Windows\System32\hkcmd.exe[4064] USER32.dll!UnhookWinEvent 75CAB750 5 Bytes JMP 001903FC
.text C:\Windows\System32\hkcmd.exe[4064] USER32.dll!SetWindowsHookExW 75CAE30C 5 Bytes JMP 00190804
.text C:\Windows\System32\hkcmd.exe[4064] USER32.dll!SetWinEventHook 75CB24DC 5 Bytes JMP 001901F8
.text C:\Windows\System32\hkcmd.exe[4064] USER32.dll!SetWindowsHookExA 75CD6D0C 5 Bytes JMP 00190600
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[4076] ntdll.dll!LdrUnloadDll 7704C86E 5 Bytes JMP 000603FC
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[4076] ntdll.dll!LdrLoadDll 7705223E 5 Bytes JMP 000601F8
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[4076] kernel32.dll!GetBinaryTypeW + 70 76DD69F4 1 Byte [62]
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[4076] USER32.dll!UnhookWindowsHookEx 75CAADF9 5 Bytes JMP 00190A08
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[4076] USER32.dll!UnhookWinEvent 75CAB750 5 Bytes JMP 001903FC
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[4076] USER32.dll!SetWindowsHookExW 75CAE30C 5 Bytes JMP 00190804
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[4076] USER32.dll!SetWinEventHook 75CB24DC 5 Bytes JMP 001901F8
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[4076] USER32.dll!SetWindowsHookExA 75CD6D0C 5 Bytes JMP 00190600
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4124] ntdll.dll!LdrUnloadDll 7704C86E 5 Bytes JMP 001703FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4124] ntdll.dll!LdrLoadDll 7705223E 5 Bytes JMP 001701F8 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4124] kernel32.dll!GetBinaryTypeW + 70 76DD69F4 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4124] USER32.dll!UnhookWindowsHookEx 75CAADF9 5 Bytes JMP 001A0A08
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4124] USER32.dll!UnhookWinEvent 75CAB750 5 Bytes JMP 001A03FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4124] USER32.dll!SetWindowsHookExW 75CAE30C 5 Bytes JMP 001A0804
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4124] USER32.dll!SetWinEventHook 75CB24DC 5 Bytes JMP 001A01F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4124] USER32.dll!SetWindowsHookExA 75CD6D0C 5 Bytes JMP 001A0600
.text C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe[4272] ntdll.dll!LdrUnloadDll 7704C86E 5 Bytes JMP 000603FC
.text C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe[4272] ntdll.dll!LdrLoadDll 7705223E 5 Bytes JMP 000601F8
.text C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe[4272] kernel32.dll!GetBinaryTypeW + 70 76DD69F4 1 Byte [62]
.text C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe[4272] USER32.dll!UnhookWindowsHookEx 75CAADF9 5 Bytes JMP 00110A08
.text C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe[4272] USER32.dll!UnhookWinEvent 75CAB750 5 Bytes JMP 001103FC
.text C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe[4272] USER32.dll!SetWindowsHookExW 75CAE30C 5 Bytes JMP 00110804
.text C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe[4272] USER32.dll!SetWinEventHook 75CB24DC 5 Bytes JMP 001101F8
.text C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe[4272] USER32.dll!SetWindowsHookExA 75CD6D0C 5 Bytes JMP 00110600
.text C:\Program Files\Common Files\Research in Motion\USB Drivers\RIMBBLaunchAgent.exe[4308] ntdll.dll!LdrUnloadDll 7704C86E 5 Bytes JMP 000703FC
.text C:\Program Files\Common Files\Research in Motion\USB Drivers\RIMBBLaunchAgent.exe[4308] ntdll.dll!LdrLoadDll 7705223E 5 Bytes JMP 000701F8
.text C:\Program Files\Common Files\Research in Motion\USB Drivers\RIMBBLaunchAgent.exe[4308] kernel32.dll!GetBinaryTypeW + 70 76DD69F4 1 Byte [62]
.text C:\Program Files\Common Files\Research in Motion\USB Drivers\RIMBBLaunchAgent.exe[4308] USER32.dll!UnhookWindowsHookEx 75CAADF9 5 Bytes JMP 000A0A08
.text C:\Program Files\Common Files\Research in Motion\USB Drivers\RIMBBLaunchAgent.exe[4308] USER32.dll!UnhookWinEvent 75CAB750 5 Bytes JMP 000A03FC
.text C:\Program Files\Common Files\Research in Motion\USB Drivers\RIMBBLaunchAgent.exe[4308] USER32.dll!SetWindowsHookExW 75CAE30C 5 Bytes JMP 000A0804
.text C:\Program Files\Common Files\Research in Motion\USB Drivers\RIMBBLaunchAgent.exe[4308] USER32.dll!SetWinEventHook 75CB24DC 5 Bytes JMP 000A01F8
.text C:\Program Files\Common Files\Research in Motion\USB Drivers\RIMBBLaunchAgent.exe[4308] USER32.dll!SetWindowsHookExA 75CD6D0C 5 Bytes JMP 000A0600
.text C:\Windows\system32\igfxext.exe[4384] ntdll.dll!LdrUnloadDll 7704C86E 5 Bytes JMP 001603FC
.text C:\Windows\system32\igfxext.exe[4384] ntdll.dll!LdrLoadDll 7705223E 5 Bytes JMP 001601F8
.text C:\Windows\system32\igfxext.exe[4384] kernel32.dll!GetBinaryTypeW + 70 76DD69F4 1 Byte [62]
.text C:\Windows\system32\igfxext.exe[4384] USER32.dll!UnhookWindowsHookEx 75CAADF9 5 Bytes JMP 001F0A08
.text C:\Windows\system32\igfxext.exe[4384] USER32.dll!UnhookWinEvent 75CAB750 5 Bytes JMP 001F03FC
.text C:\Windows\system32\igfxext.exe[4384] USER32.dll!SetWindowsHookExW 75CAE30C 5 Bytes JMP 001F0804
.text C:\Windows\system32\igfxext.exe[4384] USER32.dll!SetWinEventHook 75CB24DC 5 Bytes JMP 001F01F8
.text C:\Windows\system32\igfxext.exe[4384] USER32.dll!SetWindowsHookExA 75CD6D0C 5 Bytes JMP 001F0600
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[4424] ntdll.dll!LdrUnloadDll 7704C86E 5 Bytes JMP 000603FC
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[4424] ntdll.dll!LdrLoadDll 7705223E 5 Bytes JMP 000601F8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[4424] kernel32.dll!GetBinaryTypeW + 70 76DD69F4 1 Byte [62]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[4424] USER32.dll!UnhookWindowsHookEx 75CAADF9 5 Bytes JMP 00110A08
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[4424] USER32.dll!UnhookWinEvent 75CAB750 5 Bytes JMP 001103FC
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[4424] USER32.dll!SetWindowsHookExW 75CAE30C 5 Bytes JMP 00110804
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[4424] USER32.dll!SetWinEventHook 75CB24DC 5 Bytes JMP 001101F8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[4424] USER32.dll!SetWindowsHookExA 75CD6D0C 5 Bytes JMP 00110600
.text C:\Windows\System32\rundll32.exe[4432] ntdll.dll!LdrUnloadDll 7704C86E 5 Bytes JMP 000703FC
.text C:\Windows\System32\rundll32.exe[4432] ntdll.dll!LdrLoadDll 7705223E 5 Bytes JMP 000701F8
.text C:\Windows\System32\rundll32.exe[4432] kernel32.dll!GetBinaryTypeW + 70 76DD69F4 1 Byte [62]
.text C:\Windows\System32\rundll32.exe[4432] USER32.dll!UnhookWindowsHookEx 75CAADF9 5 Bytes JMP 00100A08
.text C:\Windows\System32\rundll32.exe[4432] USER32.dll!UnhookWinEvent 75CAB750 5 Bytes JMP 001003FC
.text C:\Windows\System32\rundll32.exe[4432] USER32.dll!SetWindowsHookExW 75CAE30C 5 Bytes JMP 00100804
.text C:\Windows\System32\rundll32.exe[4432] USER32.dll!SetWinEventHook 75CB24DC 5 Bytes JMP 001001F8
.text C:\Windows\System32\rundll32.exe[4432] USER32.dll!SetWindowsHookExA 75CD6D0C 5 Bytes JMP 00100600
.text C:\Windows\system32\svchost.exe[4464] ntdll.dll!LdrUnloadDll 7704C86E 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[4464] ntdll.dll!LdrLoadDll 7705223E 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[4464] kernel32.dll!GetBinaryTypeW + 70 76DD69F4 1 Byte [62]
.text C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe[4476] ntdll.dll!LdrUnloadDll 7704C86E 5 Bytes JMP 001603FC
.text C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe[4476] ntdll.dll!LdrLoadDll 7705223E 5 Bytes JMP 001601F8
.text C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe[4476] kernel32.dll!GetBinaryTypeW + 70 76DD69F4 1 Byte [62]
.text C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe[4476] USER32.dll!UnhookWindowsHookEx 75CAADF9 5 Bytes JMP 003A0A08
.text C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe[4476] USER32.dll!UnhookWinEvent 75CAB750 5 Bytes JMP 003A03FC
.text C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe[4476] USER32.dll!SetWindowsHookExW 75CAE30C 5 Bytes JMP 003A0804
.text C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe[4476] USER32.dll!SetWinEventHook 75CB24DC 5 Bytes JMP 003A01F8
.text C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe[4476] USER32.dll!SetWindowsHookExA 75CD6D0C 5 Bytes JMP 003A0600
.text C:\Program Files\Internet Explorer\iexplore.exe[4496] ntdll.dll!LdrUnloadDll 7704C86E 5 Bytes JMP 000503FC
.text C:\Program Files\Internet Explorer\iexplore.exe[4496] ntdll.dll!LdrLoadDll 7705223E 5 Bytes JMP 000501F8
.text C:\Program Files\Internet Explorer\iexplore.exe[4496] kernel32.dll!CreateThread 76DBDCC2 5 Bytes JMP 6AD772FB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4496] kernel32.dll!GetBinaryTypeW + 70 76DD69F4 1 Byte [62]
.text C:\Program Files\Internet Explorer\iexplore.exe[4496] USER32.dll!EnableWindow 75CA8D02 5 Bytes JMP 6ADB9A14 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4496] USER32.dll!GetAsyncKeyState 75CAA256 5 Bytes JMP 6AD5DD9D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4496] USER32.dll!CallNextHookEx 75CAABE1 5 Bytes JMP 6ADD7BB7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4496] USER32.dll!UnhookWindowsHookEx 75CAADF9 5 Bytes JMP 6ADFEB10 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4496] USER32.dll!UnhookWinEvent 75CAB750 5 Bytes JMP 000F03FC
.text C:\Program Files\Internet Explorer\iexplore.exe[4496] USER32.dll!DefWindowProcA 75CABB1C 7 Bytes JMP 6AD79525 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4496] USER32.dll!CreateWindowExA 75CABF40 5 Bytes JMP 6AD8335B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4496] USER32.dll!SetWindowsHookExW 75CAE30C 5 Bytes JMP 6ADB2194 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4496] USER32.dll!CreateWindowExW 75CAEC7C 5 Bytes JMP 6ADDFF8F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4496] USER32.dll!SetWinEventHook 75CB24DC 5 Bytes JMP 000F01F8
.text C:\Program Files\Internet Explorer\iexplore.exe[4496] USER32.dll!GetKeyState 75CB2B4D 5 Bytes JMP 6AD5DC73 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4496] USER32.dll!IsDialogMessageW 75CB4104 5 Bytes JMP 6AF06EDD C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4496] USER32.dll!DefWindowProcW 75CB507D 7 Bytes JMP 6ADD7C1A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4496] USER32.dll!CreateDialogParamA 75CC1F42 5 Bytes JMP 6AF06740 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4496] USER32.dll!IsDialogMessage 75CC2019 5 Bytes JMP 6AF06EB5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4496] USER32.dll!DialogBoxParamW 75CC3B9B 5 Bytes JMP 6AD1170B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4496] USER32.dll!CreateDialogIndirectParamA 75CC721D 5 Bytes JMP 6AF067B0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4496] USER32.dll!CreateDialogIndirectParamW 75CCEA10 5 Bytes JMP 6AF067E8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4496] USER32.dll!DialogBoxIndirectParamW 75CD3B7F 5 Bytes JMP 6AF0640E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4496] USER32.dll!EndDialog 75CD3BA3 5 Bytes JMP 6AF07189 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4496] USER32.dll!CreateDialogParamW 75CD5630 5 Bytes JMP 6AF06778 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4496] USER32.dll!SetKeyboardState 75CD695A 5 Bytes JMP 6AF077A5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4496] USER32.dll!SetWindowsHookExA 75CD6D0C 5 Bytes JMP 000F0600
.text C:\Program Files\Internet Explorer\iexplore.exe[4496] USER32.dll!SendInput 75CD7019 5 Bytes JMP 6AF0774D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4496] USER32.dll!SetCursorPos 75CEC1B0 5 Bytes JMP 6AF07826 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4496] USER32.dll!DialogBoxParamA 75CECF42 5 Bytes JMP 6AF063A9 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4496] USER32.dll!DialogBoxIndirectParamA 75CED274 5 Bytes JMP 6AF06473 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4496] USER32.dll!MessageBoxIndirectA 75CFE869 5 Bytes JMP 6AF06330 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4496] USER32.dll!MessageBoxIndirectW 75CFE963 5 Bytes JMP 6AF062B7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4496] USER32.dll!MessageBoxExA 75CFE9C9 5 Bytes JMP 6AF06253 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4496] USER32.dll!MessageBoxExW 75CFE9ED 5 Bytes JMP 6AF061EF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4496] USER32.dll!keybd_event 75CFEC3B 5 Bytes JMP 6AF0770A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4496] SHELL32.dll!RealDriveType + 173D 75E6FDD0 4 Bytes [CF, 01, C2, 66]
.text C:\Program Files\Internet Explorer\iexplore.exe[4496] SHELL32.dll!RealDriveType + 1745 75E6FDD8 8 Bytes [E0, 61, C1, 66, 79, F7, C1, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[4496] ole32.dll!OleLoadFromStream 76AB6143 5 Bytes JMP 6AF06BE7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Digital Line Detect\DLG.exe[4516] ntdll.dll!LdrUnloadDll 7704C86E 5 Bytes JMP 001503FC
.text C:\Program Files\Digital Line Detect\DLG.exe[4516] ntdll.dll!LdrLoadDll 7705223E 5 Bytes JMP 001501F8
.text C:\Program Files\Digital Line Detect\DLG.exe[4516] kernel32.dll!GetBinaryTypeW + 70 76DD69F4 1 Byte [62]
.text C:\Program Files\Digital Line Detect\DLG.exe[4516] USER32.dll!UnhookWindowsHookEx 75CAADF9 5 Bytes JMP 002E0A08
.text C:\Program Files\Digital Line Detect\DLG.exe[4516] USER32.dll!UnhookWinEvent 75CAB750 5 Bytes JMP 002E03FC
.text C:\Program Files\Digital Line Detect\DLG.exe[4516] USER32.dll!SetWindowsHookExW 75CAE30C 5 Bytes JMP 002E0804
.text C:\Program Files\Digital Line Detect\DLG.exe[4516] USER32.dll!SetWinEventHook 75CB24DC 5 Bytes JMP 002E01F8
.text C:\Program Files\Digital Line Detect\DLG.exe[4516] USER32.dll!SetWindowsHookExA 75CD6D0C 5 Bytes JMP 002E0600
.text C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe[4772] ntdll.dll!LdrUnloadDll 7704C86E 5 Bytes JMP 001603FC
.text C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe[4772] ntdll.dll!LdrLoadDll 7705223E 5 Bytes JMP 001601F8
.text C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe[4772] kernel32.dll!GetBinaryTypeW + 70 76DD69F4 1 Byte [62]
.text C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe[4772] USER32.dll!UnhookWindowsHookEx 75CAADF9 5 Bytes JMP 003A0A08
.text C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe[4772] USER32.dll!UnhookWinEvent 75CAB750 5 Bytes JMP 003A03FC
.text C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe[4772] USER32.dll!SetWindowsHookExW 75CAE30C 5 Bytes JMP 003A0804
.text C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe[4772] USER32.dll!SetWinEventHook 75CB24DC 5 Bytes JMP 003A01F8
.text C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe[4772] USER32.dll!SetWindowsHookExA 75CD6D0C 5 Bytes JMP 003A0600
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4824] ntdll.dll!LdrUnloadDll 7704C86E 5 Bytes JMP 000603FC
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4824] ntdll.dll!LdrLoadDll 7705223E 5 Bytes JMP 000601F8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4824] kernel32.dll!GetBinaryTypeW + 70 76DD69F4 1 Byte [62]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4824] USER32.dll!UnhookWindowsHookEx 75CAADF9 5 Bytes JMP 00100A08
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4824] USER32.dll!UnhookWinEvent 75CAB750 5 Bytes JMP 001003FC
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4824] USER32.dll!SetWindowsHookExW 75CAE30C 5 Bytes JMP 00100804
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4824] USER32.dll!SetWinEventHook 75CB24DC 5 Bytes JMP 001001F8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4824] USER32.dll!SetWindowsHookExA 75CD6D0C 5 Bytes JMP 00100600
.text C:\Program Files\Internet Explorer\iexplore.exe[4836] ntdll.dll!LdrUnloadDll 7704C86E 5 Bytes JMP 001503FC
.text C:\Program Files\Internet Explorer\iexplore.exe[4836] ntdll.dll!LdrLoadDll 7705223E 5 Bytes JMP 001501F8
.text C:\Program Files\Internet Explorer\iexplore.exe[4836] kernel32.dll!GetBinaryTypeW + 70 76DD69F4 1 Byte [62]
.text C:\Program Files\Internet Explorer\iexplore.exe[4836] USER32.dll!EnableWindow 75CA8D02 5 Bytes JMP 6ADB9A14 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4836] USER32.dll!UnhookWindowsHookEx 75CAADF9 5 Bytes JMP 001F0A08
.text C:\Program Files\Internet Explorer\iexplore.exe[4836] USER32.dll!UnhookWinEvent 75CAB750 5 Bytes JMP 001F03FC
.text C:\Program Files\Internet Explorer\iexplore.exe[4836] USER32.dll!SetWindowsHookExW 75CAE30C 5 Bytes JMP 001F0804
.text C:\Program Files\Internet Explorer\iexplore.exe[4836] USER32.dll!SetWinEventHook 75CB24DC 5 Bytes JMP 001F01F8
.text C:\Program Files\Internet Explorer\iexplore.exe[4836] USER32.dll!DialogBoxParamW 75CC3B9B 5 Bytes JMP 6AD1170B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4836] USER32.dll!DialogBoxIndirectParamW 75CD3B7F 5 Bytes JMP 6AF0640E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4836] USER32.dll!SetWindowsHookExA 75CD6D0C 5 Bytes JMP 001F0600
.text C:\Program Files\Internet Explorer\iexplore.exe[4836] USER32.dll!DialogBoxParamA 75CECF42 5 Bytes JMP 6AF063A9 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4836] USER32.dll!DialogBoxIndirectParamA 75CED274 5 Bytes JMP 6AF06473 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4836] USER32.dll!MessageBoxIndirectA 75CFE869 5 Bytes JMP 6AF06330 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4836] USER32.dll!MessageBoxIndirectW 75CFE963 5 Bytes JMP 6AF062B7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4836] USER32.dll!MessageBoxExA 75CFE9C9 5 Bytes JMP 6AF06253 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4836] USER32.dll!MessageBoxExW 75CFE9ED 5 Bytes JMP 6AF061EF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Windows\system32\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe[4904] ntdll.dll!LdrUnloadDll 7704C86E 5 Bytes JMP 000703FC
.text C:\Windows\system32\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe[4904] ntdll.dll!LdrLoadDll 7705223E 5 Bytes JMP 000701F8
.text C:\Windows\system32\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe[4904] kernel32.dll!GetBinaryTypeW + 70 76DD69F4 1 Byte [62]
.text C:\Windows\system32\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe[4904] USER32.dll!UnhookWindowsHookEx 75CAADF9 5 Bytes JMP 00090A08
.text C:\Windows\system32\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe[4904] USER32.dll!UnhookWinEvent 75CAB750 5 Bytes JMP 000903FC
.text C:\Windows\system32\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe[4904] USER32.dll!SetWindowsHookExW 75CAE30C 5 Bytes JMP 00090804
.text C:\Windows\system32\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe[4904] USER32.dll!SetWinEventHook 75CB24DC 5 Bytes JMP 000901F8
.text C:\Windows\system32\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe[4904] USER32.dll!SetWindowsHookExA 75CD6D0C 5 Bytes JMP 00090600
.text C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe[4992] ntdll.dll!LdrUnloadDll 7704C86E 5 Bytes JMP 001603FC
.text C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe[4992] ntdll.dll!LdrLoadDll 7705223E 5 Bytes JMP 001601F8
.text C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe[4992] kernel32.dll!GetBinaryTypeW + 70 76DD69F4 1 Byte [62]
.text C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe[4992] USER32.dll!UnhookWindowsHookEx 75CAADF9 5 Bytes JMP 00200A08
.text C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe[4992] USER32.dll!UnhookWinEvent 75CAB750 5 Bytes JMP 002003FC
.text C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe[4992] USER32.dll!SetWindowsHookExW 75CAE30C 5 Bytes JMP 00200804
.text C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe[4992] USER32.dll!SetWinEventHook 75CB24DC 5 Bytes JMP 002001F8
.text C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe[4992] USER32.dll!SetWindowsHookExA 75CD6D0C 5 Bytes JMP 00200600
.text C:\Program Files\Internet Explorer\iexplore.exe[5840] ntdll.dll!LdrUnloadDll 7704C86E 5 Bytes JMP 001503FC
.text C:\Program Files\Internet Explorer\iexplore.exe[5840] ntdll.dll!LdrLoadDll 7705223E 5 Bytes JMP 001501F8
.text C:\Program Files\Internet Explorer\iexplore.exe[5840] kernel32.dll!CreateThread 76DBDCC2 5 Bytes JMP 6AD772FB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5840] kernel32.dll!GetBinaryTypeW + 70 76DD69F4 1 Byte [62]
.text C:\Program Files\Internet Explorer\iexplore.exe[5840] USER32.dll!EnableWindow 75CA8D02 5 Bytes JMP 6ADB9A14 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5840] USER32.dll!GetAsyncKeyState 75CAA256 5 Bytes JMP 6AD5DD9D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5840] USER32.dll!CallNextHookEx 75CAABE1 5 Bytes JMP 6ADD7BB7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5840] USER32.dll!UnhookWindowsHookEx 75CAADF9 5 Bytes JMP 6ADFEB10 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5840] USER32.dll!UnhookWinEvent 75CAB750 5 Bytes JMP 001F03FC
.text C:\Program Files\Internet Explorer\iexplore.exe[5840] USER32.dll!DefWindowProcA 75CABB1C 7 Bytes JMP 6AD79525 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5840] USER32.dll!CreateWindowExA 75CABF40 5 Bytes JMP 6AD8335B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5840] USER32.dll!SetWindowsHookExW 75CAE30C 5 Bytes JMP 6ADB2194 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5840] USER32.dll!CreateWindowExW 75CAEC7C 5 Bytes JMP 6ADDFF8F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5840] USER32.dll!SetWinEventHook 75CB24DC 5 Bytes JMP 001F01F8
.text C:\Program Files\Internet Explorer\iexplore.exe[5840] USER32.dll!GetKeyState 75CB2B4D 5 Bytes JMP 6AD5DC73 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5840] USER32.dll!IsDialogMessageW 75CB4104 5 Bytes JMP 6AF06EDD C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5840] USER32.dll!DefWindowProcW 75CB507D 7 Bytes JMP 6ADD7C1A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5840] USER32.dll!CreateDialogParamA 75CC1F42 5 Bytes JMP 6AF06740 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5840] USER32.dll!IsDialogMessage 75CC2019 5 Bytes JMP 6AF06EB5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5840] USER32.dll!DialogBoxParamW 75CC3B9B 5 Bytes JMP 6AD1170B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5840] USER32.dll!CreateDialogIndirectParamA 75CC721D 5 Bytes JMP 6AF067B0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5840] USER32.dll!CreateDialogIndirectParamW 75CCEA10 5 Bytes JMP 6AF067E8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5840] USER32.dll!DialogBoxIndirectParamW 75CD3B7F 5 Bytes JMP 6AF0640E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5840] USER32.dll!EndDialog 75CD3BA3 5 Bytes JMP 6AF07189 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5840] USER32.dll!CreateDialogParamW 75CD5630 5 Bytes JMP 6AF06778 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5840] USER32.dll!SetKeyboardState 75CD695A 5 Bytes JMP 6AF077A5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5840] USER32.dll!SetWindowsHookExA 75CD6D0C 5 Bytes JMP 001F0600
.text C:\Program Files\Internet Explorer\iexplore.exe[5840] USER32.dll!SendInput 75CD7019 5 Bytes JMP 6AF0774D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5840] USER32.dll!SetCursorPos 75CEC1B0 5 Bytes JMP 6AF07826 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5840] USER32.dll!DialogBoxParamA 75CECF42 5 Bytes JMP 6AF063A9 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5840] USER32.dll!DialogBoxIndirectParamA 75CED274 5 Bytes JMP 6AF06473 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5840] USER32.dll!MessageBoxIndirectA 75CFE869 5 Bytes JMP 6AF06330 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5840] USER32.dll!MessageBoxIndirectW 75CFE963 5 Bytes JMP 6AF062B7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5840] USER32.dll!MessageBoxExA 75CFE9C9 5 Bytes JMP 6AF06253 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5840] USER32.dll!MessageBoxExW 75CFE9ED 5 Bytes JMP 6AF061EF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5840] USER32.dll!keybd_event 75CFEC3B 5 Bytes JMP 6AF0770A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5840] SHELL32.dll!RealDriveType + 173D 75E6FDD0 4 Bytes [CF, 01, C2, 66]
.text C:\Program Files\Internet Explorer\iexplore.exe[5840] SHELL32.dll!RealDriveType + 1745 75E6FDD8 8 Bytes [E0, 61, C1, 66, 79, F7, C1, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[5840] ole32.dll!OleLoadFromStream 76AB6143 5 Bytes JMP 6AF06BE7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\0000005a halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device \Driver\BTHUSB \Device\00000088 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\BTHUSB \Device\0000008a bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001f3aef4913
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\LocalRadioSettings
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001f3aef4913 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\LocalRadioSettings (not active ControlSet)

---- Files - GMER 1.0.15 ----

File C:\avast! sandbox 0 bytes
File C:\avast! sandbox\S-1-5-21-2830950596-55948969-1931547583-1000 0 bytes
File C:\avast! sandbox\S-1-5-21-2830950596-55948969-1931547583-1000\r107 0 bytes
File C:\avast! sandbox\S-1-5-21-2830950596-55948969-1931547583-1000\r107\dds.scr_{750670a3-ad2c-11e1-b05f-001f3aef4913} 0 bytes
File C:\avast! sandbox\S-1-5-21-2830950596-55948969-1931547583-1000\r107\PEV.DAT_{750670b9-ad2c-11e1-b05f-001f3aef4913} 0 bytes
File C:\avast! sandbox\S-1-5-21-2830950596-55948969-1931547583-1000\r107\PEV.DAT_{750670be-ad2c-11e1-b05f-001f3aef4913} 0 bytes
File C:\avast! sandbox\S-1-5-21-2830950596-55948969-1931547583-1000\r107\PEV.DAT_{750670c3-ad2c-11e1-b05f-001f3aef4913} 0 bytes
File C:\avast! sandbox\S-1-5-21-2830950596-55948969-1931547583-1000\r107\PEV.DAT_{750670e6-ad2c-11e1-b05f-001f3aef4913} 0 bytes
File C:\avast! sandbox\S-1-5-21-2830950596-55948969-1931547583-1000\r107\PEV.DAT_{750670fa-ad2c-11e1-b05f-001f3aef4913} 0 bytes
File C:\avast! sandbox\snx_rhive 262144 bytes
File C:\avast! sandbox\snx_rhive.LOG1 9216 bytes
File C:\avast! sandbox\snx_rhive.LOG2 0 bytes
File C:\avast! sandbox\snx_rhive{750670a5-ad2c-11e1-b05f-001f3aef4913}.TM.blf 65536 bytes
File C:\avast! sandbox\snx_rhive{750670a5-ad2c-11e1-b05f-001f3aef4913}.TMContainer00000000000000000001.regtrans-ms 524288 bytes
File C:\avast! sandbox\snx_rhive{750670a5-ad2c-11e1-b05f-001f3aef4913}.TMContainer00000000000000000002.regtrans-ms 524288 bytes
File C:\avast! sandbox\snx_rhive{750670ab-ad2c-11e1-b05f-001f3aef4913}.TM.blf 65536 bytes
File C:\avast! sandbox\snx_rhive{750670ab-ad2c-11e1-b05f-001f3aef4913}.TMContainer00000000000000000001.regtrans-ms 524288 bytes
File C:\avast! sandbox\snx_rhive{750670ab-ad2c-11e1-b05f-001f3aef4913}.TMContainer00000000000000000002.regtrans-ms 524288 bytes
File C:\Users\Keith Roehner\AppData\Roaming\Microsoft\Windows\Cookies\Low\I3SGUP48.txt 580 bytes

---- EOF - GMER 1.0.15 ----

#4 M-K-D-B

M-K-D-B

  • Malware Response Team
  • 1,598 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bavaria
  • Local time:03:28 PM

Posted 04 June 2012 - 07:21 AM

Hi depcdivr,

I will be handling your log to help you get cleaned up. Please give me some time to look it over and I will get back to you as soon as possible.
Regards,
M-K-D-B

#5 M-K-D-B

M-K-D-B

  • Malware Response Team
  • 1,598 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bavaria
  • Local time:03:28 PM

Posted 05 June 2012 - 04:37 AM

Hi depcdivr,


:welcome: to BleepingComputer.

My name is M-K-D-B and I'll help you with the cleanup of your computer.

Please be aware of the following:
  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you were doing and describe the problems you encountered as precisely as you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • If you can't answer for the next few days, please let me know. If you haven't answered within 3 days, I am assuming that you don't need help anymore and your topic will be closed.
  • I can not guarantee that we will find and be able to remove all malware. Formatting is usually faster and always the safest way.
  • If you decide to clean your PC, work with us until a team member tells you that you are clean.
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.





Step 1
We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Please include the C:\ComboFix.txt in your next reply for further review.





Step 2
I would like you to answer the following questions as exactly and detailed as you can:
  • How is your compter running at the moment?
  • Are you still being redirected after ComboFix has been run?





What you should post with your next answer:
  • the logfile from ComboFix,
  • an answer to my questions.

Regards,
M-K-D-B

#6 depcdivr

depcdivr
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:28 AM

Posted 06 June 2012 - 08:00 AM

I would like you to answer the following questions as exactly and detailed as you can:
•How is your compter running at the moment?

After combofix ran it deleted IE. It rebooted the computer. Afterwards I tried running IE and it said the registry was deleted. I rebooted again and then IE worked.

•Are you still being redirected after ComboFix has been run?

I am not being redirected anymore but it is taking a very long time to load the link from google. Sometimes I have to click on the link twice before it will connect me.

Here is the combofix log

ComboFix 12-06-05.04 - Keith Roehner 06/06/2012 7:39.1.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3046.1619 [GMT -4:00]
Running from: c:\users\Keith Roehner\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Keith Roehner\AppData\Local\Apps\Adobe\hkkihc.dll
c:\users\Keith Roehner\AppData\Local\Temp\{502AD6E2-F90D-4627-805C-D4E9F6EF8D63}\fpb.tmp
c:\users\Keith Roehner\g2mdlhlpx.exe
c:\users\KEITHR~1\AppData\Local\Temp\{502AD6E2-F90D-4627-805C-D4E9F6EF8D63}\fpb.tmp
c:\windows\security\Database\tmp.edb
.
.
((((((((((((((((((((((((( Files Created from 2012-05-06 to 2012-06-06 )))))))))))))))))))))))))))))))
.
.
2012-06-06 11:50 . 2012-06-06 11:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-06 11:38 . 2012-06-06 11:38 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{74059ADD-9641-477A-B3E2-7491AC6605A8}\offreg.dll
2012-06-05 14:24 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{74059ADD-9641-477A-B3E2-7491AC6605A8}\mpengine.dll
2012-06-03 03:09 . 2012-06-03 03:09 -------- d-----w- c:\users\Keith Roehner\AppData\Roaming\Malwarebytes
2012-06-03 03:09 . 2012-06-03 03:09 -------- d-----w- c:\programdata\Malwarebytes
2012-06-03 03:09 . 2012-06-03 03:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-03 03:09 . 2012-04-04 19:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-09 10:06 . 2012-03-30 10:23 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-09 10:06 . 2012-03-31 04:29 936960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-09 10:06 . 2012-03-31 04:30 1221632 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-09 10:06 . 2012-03-31 04:29 989184 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-09 10:06 . 2012-03-31 04:29 969216 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-09 10:06 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-09 10:06 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-09 10:06 . 2012-03-31 02:36 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-05-09 10:05 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-05-09 10:05 . 2012-03-17 07:27 56176 ----a-w- c:\windows\system32\drivers\partmgr.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-21 22:12 . 2010-09-29 18:02 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-05-21 22:12 . 2010-09-29 18:02 52096 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2012-05-21 22:12 . 2010-09-29 18:02 30592 ----a-w- c:\windows\system32\LMIport.dll
2012-05-21 22:12 . 2010-09-29 18:02 87424 ----a-w- c:\windows\system32\LMIinit.dll
2012-05-05 14:39 . 2012-04-01 13:22 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-05 14:39 . 2011-05-20 12:57 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-09 14:35 . 2011-08-01 16:58 17816 ----a-w- c:\programdata\Microsoft\MSOIdentityCRL\production\msoidconfig.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-07-07 1491920]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-07-07 21:53 1491920 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-07-07 1491920]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-07-07 1491920]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DDNIUser"="c:\program files\DDNI\SBITS\DDNIUSER.EXE" [2007-09-28 227816]
"LenovoOobeOffers"="c:\swtools\LenovoWelcome\LenovoOobeOffers.exe" [2007-09-25 28672]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2007-03-09 66176]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2007-01-09 536576]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2007-03-28 243248]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-05-18 1314816]
"TrackPointSrv"="c:\program files\Lenovo\TrackPoint\tp4serv.exe" [2009-11-24 93032]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-06 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-06 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-06 150552]
"SignIn"="c:\program files\Microsoft Online Services\Sign In\SignIn.exe" [2009-11-24 1734512]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2010-08-25 894312]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2010-05-31 63048]
"VERIZONDM"="c:\program files\VERIZONDM\bin\sprtcmd.exe" [2010-09-29 206120]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 1808784]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-07-07 399312]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2011-11-12 268640]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-08-12 82256]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\users\Keith Roehner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2007-3-29 719664]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2010-9-27 50688]
LenovoRegistration.lnk - c:\swtools\LenovoWelcome\LenovoRegistration.cmd [2007-10-4 166]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u msoidssp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-12 136176]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [2007-01-09 569344]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
R3 DozeSvc;Lenovo Doze Mode Service;c:\program files\ThinkPad\Utilities\DOZESVC.EXE [2010-08-25 132456]
R3 DrmRAudio;DrmRAudio;c:\windows\system32\drivers\DrmRAudio.sys [2011-09-02 23608]
R3 FlyUsb;FLY Fusion;c:\windows\system32\DRIVERS\FlyUsb.sys [2011-11-12 19456]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-12 136176]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [2010-08-25 75112]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 usb2ser64;usb2ser64;c:\windows\system32\DRIVERS\usb2ser64.sys [2010-10-29 52216]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-28 1343400]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2011-09-06 25704]
R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2011-09-06 25704]
R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2011-09-06 25704]
R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2011-09-06 25704]
R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2011-09-06 25704]
S0 DozeHDD;DozeHDD;c:\windows\System32\DRIVERS\DozeHDD.sys [2010-08-25 24304]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [2006-08-30 13744]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-03-06 57688]
S2 DDNIOEMService;DDNIOEMService;c:\program files\DDNI\SBITS\DDNIOEMService.exe [2007-09-28 162280]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [2012-05-21 374152]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2010-05-31 12856]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 msoidsvc;Microsoft Online Services Sign-in Assistant;c:\program files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [2011-09-28 1589152]
S2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files\VERIZONDM\bin\sprtsvc.exe [2010-09-29 206120]
S2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files\VERIZONDM\bin\tgsrvc.exe [2010-09-29 185640]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2007-03-02 55936]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-14 45736]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344]
S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 Tp4Track;PS/2 TrackPoint Driver;c:\windows\system32\DRIVERS\tp4track.sys [2009-11-24 23152]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - PROCDD
*Deregistered* - smihlp
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 14:39]
.
2012-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-12 13:25]
.
2012-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-12 13:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.simcona.com/i/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
Trusted Zone: key.com\accounts
Trusted Zone: key.com\www
TCP: DhcpNameServer = 192.168.11.1
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-Adobe - c:\users\Keith Roehner\AppData\Local\Apps\Adobe\hkkihc.dll
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(5368)
c:\windows\system32\btmmhook.dll
c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL
c:\progra~1\ThinkPad\UTILIT~1\US\PWMRT32V.DLL
c:\progra~1\ThinkPad\UTILIT~1\PWMIF32V.DLL
c:\windows\system32\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\AEADISRV.EXE
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\LeapFrog\LeapFrog Connect\CommandService.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSvcm.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\windows\system32\conhost.exe
c:\program files\ThinkPad\Utilities\EZEJMNAP.EXE
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\Zoom\TpScrex.exe
c:\windows\System32\rundll32.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\ThinkPad\Bluetooth Software\BtStackServer.exe
c:\windows\system32\igfxext.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\taskhost.exe
.
**************************************************************************
.
Completion time: 2012-06-06 08:01:37 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-06 12:01
.
Pre-Run: 41,681,666,048 bytes free
Post-Run: 42,485,141,504 bytes free
.
- - End Of File - - D1A696C7CA3917E31B43AB8029C5308F

#7 depcdivr

depcdivr
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:28 AM

Posted 06 June 2012 - 04:25 PM

Been using it today and the redirect issue has been fixed. The slow connection must have been my wireless connection when I was at the hotel. when I switched to a different location it worked perfectly fine. Thank you for all of your assistance. You can consider this issue resolved. Thank you.

#8 M-K-D-B

M-K-D-B

  • Malware Response Team
  • 1,598 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bavaria
  • Local time:03:28 PM

Posted 08 June 2012 - 04:32 AM

Hi depcdivr,



To confirm that all is well and we haven't overseen any residual infection that might still be present, a few more steps are necessary.
I would be very happy if you can stay with me for further analysis.
Thank you! :)




Step 1
  • Please start Malwarebytes' Anti-Malware.
  • Click on the Update tab and download the newest definitions updates.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.





Step 2
Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 7 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, select your OS and Platform (32-bit or 64-bit).
  • If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u4-windows-i586.exe (or jre-7u4-windows-x64.exe for 64-bit) to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
  • The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.
Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.





Step 3
ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista/Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here to run the scan.

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!





Step 4
Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.





What you should post with your next answer:
  • the logfile from MBAM,
  • the logfile from ESET Online Scanner,
  • the logfile from SecurityCheck.

Regards,
M-K-D-B

#9 M-K-D-B

M-K-D-B

  • Malware Response Team
  • 1,598 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bavaria
  • Local time:03:28 PM

Posted 11 June 2012 - 11:48 PM

Hi depcdivr,


do you still need help with you computer?
If you don't respond within the next 48 hours, your topic will be closed.
Regards,
M-K-D-B

#10 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:28 AM

Posted 14 June 2012 - 09:01 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users