1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Applications freezing during startup

Discussion in 'Virus & Other Malware Removal' started by gillivt, Jun 23, 2012.

Thread Status:
Not open for further replies.
  1. gillivt

    gillivt Thread Starter

    Joined:
    Jun 22, 2012
    Messages:
    2
    Problem Description:

    A few days ago my laptop started to behave erratically:-
    • sometimes slow to boot
    • application startup slow
    • some applications fail to run
    • malware bytes freezes on updates at 100% and update window doesn't close
    • cannot install certain programs eg revo uninstaller
    When an application fails to run or freezes during startup, then all other programs will also fail (eg Internet Explorer) until a reboot has been done. Neither maware bytes nor avast show any viruses.

    I am not sure if my problem is virus/spyware related or Windows is corrupt.

    Thanks for any assistance,

    Terry

    Tech Details Below:

    Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft Windows 7 Ultimate, Service Pack 1, 32 bit
    Processor: Intel(R) Pentium(R) Dual CPU T3400 @ 2.16GHz, x64 Family 6 Model 15 Stepping 13
    Processor Count: 2
    RAM: 2939 Mb
    Graphics Card: Mobile Intel(R) 4 Series Express Chipset Family, 1341 Mb
    Hard Drives: C: Total - 305142 MB, Free - 105131 MB;
    Motherboard: TOSHIBA, Portable PC
    Antivirus: avast! Antivirus, Updated and Enabled

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 11:53:39, on 22/06/2012
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16446)
    Boot mode: Normal
    Running processes:
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
    C:\Program Files\EASEUS\Todo Backup\bin\EuWatch.exe
    C:\Program Files\EASEUS\Todo Backup\bin\TrayNotify.exe
    C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\AVS4YOU\AVSFirewall\AVSFirewall.exe
    C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
    C:\Program Files\DAEMON Tools Pro\DTAgent.exe
    C:\Program Files\RocketDock\RocketDock.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Windows\System32\mobsync.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
    C:\Users\terry\Desktop\OTL.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = MrTaxSoftware;<local>
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - {124d001a-bdcb-472f-aa59-bbe7e4bc3204} - (no file)
    R3 - URLSearchHook: (no name) - {8040829d-1177-46e2-9157-8282438b79c7} - (no file)
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Ad-Aware Security Toolbar - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MIF5BA~1\Office14\URLREDIR.DLL
    O3 - Toolbar: Ad-Aware Security Toolbar - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll
    O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [EaseUs Watch] "C:\Program Files\EaseUS\Todo Backup\bin\EuWatch.exe"
    O4 - HKLM\..\Run: [EaseUs Tray] "C:\Program Files\EaseUS\Todo Backup\bin\TrayNotify.exe"
    O4 - HKLM\..\Run: [AVSFirewall] C:\Program Files\AVS4YOU\AVSFirewall\AVSFirewall.exe
    O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"
    O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTAgent.exe" -autorun
    O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office14\EXCEL.EXE/3000
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MIF5BA~1\Office14\ONBttnIE.dll/105
    O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
    O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\avsantispamlsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\avsantispamlsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\avsantispamlsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} (Bitdefender QuickScan Control) - http://quickscan.bitdefender.com/qsax/qsax.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    O23 - Service: AVSFirewall Service (AVSFirewallService) - Online Media Technologies Ltd. - C:\Program Files\AVS4YOU\AVSFirewall\AVSFirewallService.exe
    O23 - Service: Defragmentation-Service (DfSdkS) - mst software GmbH, Germany - C:\Program Files\Ashampoo\Ashampoo WinOptimizer 8\DfsdkS.exe
    O23 - Service: EaseUS Agent Service (EaseUS Agent) - CHENGDU YIWO Tech Development Co., Ltd - C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe
    O23 - Service: Guard Agent Service (Guard Agent) - CHENGDU YIWO Tech Development Co., Ltd - C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: Macrium Reflect Image Mounting Service (ReflectService.exe) - Unknown owner - C:\Program Files\Macrium\Reflect\ReflectService.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
    O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
    O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
    O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.21\bin\httpd.exe
    O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.5.20\bin\mysqld.exe
    --
    End of file - 11054 bytes

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.1
    Run by terry at 11:55:10 on 2012-06-22
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.2940.1392 [GMT 1:00]
    .
    AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Spybot - Search and Destroy *Disabled/Updated* {1EAF1D03-5480-F3B2-EB14-11F0F5EE2699}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k apphost
    C:\Program Files\AVS4YOU\AVSFirewall\AVSFirewallService.exe
    C:\Program Files\Ashampoo\Ashampoo WinOptimizer 8\DfsdkS.exe
    C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe
    C:\Program Files\Macrium\Reflect\ReflectService.exe
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
    C:\Program Files\EASEUS\Todo Backup\bin\EuWatch.exe
    C:\Program Files\EASEUS\Todo Backup\bin\TrayNotify.exe
    C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\AVS4YOU\AVSFirewall\AVSFirewall.exe
    C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
    C:\Program Files\DAEMON Tools Pro\DTAgent.exe
    C:\Program Files\RocketDock\RocketDock.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\System32\vds.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\System32\mobsync.exe
    C:\Windows\system32\svchost.exe -k WindowsMobile
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.co.uk/
    uInternet Settings,ProxyOverride = MrTaxSoftware;<local>
    uURLSearchHooks: H - No File
    uURLSearchHooks: N/A: {8040829d-1177-46e2-9157-8282438b79c7} -
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\mif5ba~1\office14\URLREDIR.DLL
    TB: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    TB: {124D001A-BDCB-472F-AA59-BBE7E4BC3204} - No File
    EB: Web Test Recorder 10.0: {5802d092-1784-4908-8cdb-99b6842d353d} - mscoree.dll
    uRun: [DAEMON Tools Pro Agent] "c:\program files\daemon tools pro\DTAgent.exe" -autorun
    uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe"
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
    mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
    mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [EaseUs Watch] "c:\program files\easeus\todo backup\bin\EuWatch.exe"
    mRun: [EaseUs Tray] "c:\program files\easeus\todo backup\bin\TrayNotify.exe"
    mRun: [AVSFirewall] c:\program files\avs4you\avsfirewall\AVSFirewall.exe
    mRun: [SDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"
    mPolicies-explorer: NoAutorun = 2 (0x2)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\mif5ba~1\office14\ONBttnIE.dll/105
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
    IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
    IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    LSP: c:\windows\system32\AVSAntiSpamLSP.dll
    DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab
    DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{A37EBBE3-2C43-43B5-8E1A-62ED898666D2} : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{A37EBBE3-2C43-43B5-8E1A-62ED898666D2}\1637862697966716E686F656 : DhcpNameServer = 192.168.2.1
    TCP: Interfaces\{A37EBBE3-2C43-43B5-8E1A-62ED898666D2}\2445F40756E6A7F6E656 : DhcpNameServer = 192.168.22.22 192.168.22.23
    TCP: Interfaces\{A37EBBE3-2C43-43B5-8E1A-62ED898666D2}\3596475636F6D6 : DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{A37EBBE3-2C43-43B5-8E1A-62ED898666D2}\4586560205C6F6577686021437862697 : DhcpNameServer = 192.168.2.1
    TCP: Interfaces\{DB7A45B7-A7A7-4AFB-B07C-7EF1A5B046FA} : DhcpNameServer = 194.168.4.100 194.168.8.100
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
    Notify: igfxcui - igfxdev.dll
    Notify: SDWinLogon - SDWinLogon.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\mif5ba~1\office14\GROOVEEX.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\terry\appdata\roaming\mozilla\firefox\profiles\yae6lcx6.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2481032&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk
    FF - prefs.js: keyword.URL - hxxp://www.google.co.uk/search?q=
    FF - plugin: c:\progra~1\mif5ba~1\office14\NPAUTHZ.DLL
    FF - plugin: c:\progra~1\mif5ba~1\office14\NPSPWRAP.DLL
    FF - plugin: c:\program files\adobe\acrobat 10.0\acrobat\air\nppdf32.dll
    FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
    FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
    FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
    FF - plugin: c:\program files\microsoft\web platform installer\NPWPIDetector.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
    FF - plugin: c:\program files\mywebface_5a\bar\1.bin\NP5aStub.dll
    FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - plugin: c:\windows\system32\npDeployJava1.dll
    FF - plugin: c:\windows\system32\npmproxy.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=112560&tt=220512_53all
    FF - user.js: extensions.BabylonToolbar_i.babExt -
    FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
    FF - user.js: extensions.BabylonToolbar_i.id - 9ce5eed7000000000000001e3390b2e2
    FF - user.js: extensions.BabylonToolbar_i.hardId - 9ce5eed7000000000000001e3390b2e2
    FF - user.js: extensions.BabylonToolbar_i.instlDay - 15490
    FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
    FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
    FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1713:10:06
    FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
    FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
    FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
    FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
    FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
    FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [2012-5-21 50312]
    R0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [2012-5-21 42120]
    R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [2012-3-29 16024]
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-4-21 612184]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-4-21 337880]
    R1 AVSRegMonDrv;AVSRegMonDrv;c:\program files\avs4you\avsfirewall\AVSRegMonDrv.sys [2012-6-15 17992]
    R1 AVSTDIFilterDrv;AVSTDIFilterDrv;c:\program files\avs4you\avsfirewall\AVSTDIFilterDrv.sys [2012-6-15 24648]
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-11-26 232512]
    R1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [2012-5-21 17032]
    R1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys [2012-5-21 187016]
    R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2012-6-21 223864]
    R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-4-21 20696]
    R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-4-21 57688]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-3-29 44768]
    R2 AVSFirewallService;AVSFirewall Service;c:\program files\avs4you\avsfirewall\AVSFirewallService.exe [2012-6-15 80456]
    R2 DfSdkS;Defragmentation-Service;c:\program files\ashampoo\ashampoo winoptimizer 8\DfSdkS.exe [2011-11-25 406016]
    R2 EaseUS Agent;EaseUS Agent Service;c:\program files\easeus\todo backup\bin\Agent.exe [2012-5-21 70280]
    R2 Guard Agent;Guard Agent Service;c:\program files\easeus\todo backup\bin\GuardAgent.exe [2012-5-21 24712]
    R2 ReflectService.exe;Macrium Reflect Image Mounting Service;c:\program files\macrium\reflect\ReflectService.exe [2012-3-29 224920]
    R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2012-6-19 838136]
    R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2012-6-19 166528]
    R2 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\terry\appdata\local\microsoft\windows sidebar\gadgets\intelcoreseries25.gadget\WinRing0.sys [2012-6-2 14416]
    R3 AVSNDISIMMP;AVSNDISIMMP;c:\windows\system32\drivers\AVSNDISIMDriver.sys [2012-6-15 23624]
    R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-6-10 394856]
    R3 xpvcom;XPVCOM Port;c:\windows\system32\drivers\XPVCOM.sys [2007-3-23 30032]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2012-6-19 1153368]
    S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2012-6-19 1122296]
    S3 AVSNDISIM;AVSNDISIM Service;c:\windows\system32\drivers\AVSNDISIMDriver.sys [2012-6-15 23624]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 DsAudioDevice_310;DsAudioDevice_310;c:\windows\system32\drivers\DsAudioDevice_310.sys [2012-1-17 16640]
    S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-8-26 14216]
    S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-8-26 8456]
    S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2012-4-19 39272]
    S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2012-3-8 1492840]
    S3 GenericMount;Generic Mount Driver;c:\windows\system32\drivers\GenericMount.sys [2009-9-21 46192]
    S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-6-22 40776]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]
    S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-25 129976]
    S3 MsDepSvc;Web Deployment Agent Service;c:\program files\iis\microsoft web deploy\MsDepSvc.exe [2011-4-1 67400]
    S3 NUVision;Pinnacle DVC 80 Video;c:\windows\system32\drivers\nuvvid2.sys [2011-6-4 155264]
    S3 pbfilter;pbfilter;c:\program files\peerblock\pbfilter.sys [2011-6-18 20080]
    S3 PSMounter;Macrium Reflect Image Explorer Service;c:\windows\system32\drivers\psmounter.sys [2012-3-29 47256]
    S3 PSVolAcc;PSVolAcc;c:\windows\system32\drivers\PSVolAcc.sys [2012-3-29 12952]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-4-25 15872]
    S3 sbwtis;sbwtis;c:\windows\system32\drivers\sbwtis.sys [2011-12-19 72312]
    S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-4-25 52224]
    S3 vpcuxd;USB Virtualization Stub Service;c:\windows\system32\drivers\vpcuxd.sys [2012-3-15 12800]
    S3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files\microsoft visual studio 10.0\team tools\performance tools\VSPerfDrv100.sys [2011-1-18 54144]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-4-27 1343400]
    S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2012-1-23 25704]
    S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2012-1-23 25704]
    S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2012-1-23 25704]
    S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2012-1-23 25704]
    S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2012-1-23 25704]
    S4 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files\bitcomet\tools\bitcometservice.exe -service --> c:\program files\bitcomet\tools\BitCometService.exe -service [?]
    S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-5-10 135664]
    S4 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-5-10 135664]
    S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2010-4-3 44896]
    S4 RsFx0151;RsFx0151 Driver;c:\windows\system32\drivers\RsFx0151.sys [2011-6-17 240736]
    S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10_50.sqlexpress\mssql\binn\SQLAGENT.EXE [2011-6-17 370016]
    S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
    S4 WO_LiveService;Ashampoo LiveTuner Service;c:\program files\ashampoo\ashampoo winoptimizer 8\LiveTunerService.exe [2011-11-25 885160]
    .
    =============== Created Last 30 ================
    .
    2012-06-22 08:19:12 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2012-06-22 00:51:04 -------- d-----w- c:\program files\MSXML 4.0
    2012-06-21 15:43:45 388096 ----a-r- c:\users\terry\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
    2012-06-21 15:43:45 -------- d-----w- c:\program files\Trend Micro
    2012-06-21 13:31:28 223864 ----a-w- c:\windows\system32\drivers\SbFw.sys
    2012-06-21 13:29:11 -------- d-----w- c:\users\terry\appdata\local\adawarebp
    2012-06-21 13:28:56 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
    2012-06-21 13:28:48 -------- d-----w- c:\program files\Toolbar Cleaner
    2012-06-21 13:28:31 -------- d-----w- c:\program files\adawaretb
    2012-06-21 13:27:17 -------- d-----w- c:\users\terry\appdata\roaming\Ad-Aware Antivirus
    2012-06-21 13:20:21 2422272 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-21 13:19:37 33792 ----a-w- c:\windows\system32\wuapp.exe
    2012-06-21 13:19:37 171904 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-21 13:04:14 -------- d-----w- c:\program files\Safer Networking
    2012-06-20 15:51:13 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-06-20 15:51:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-06-20 02:52:47 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{afbefea4-eaf1-4d51-a301-83efaa4a85bd}\offreg.dll
    2012-06-20 02:51:14 6762896 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{afbefea4-eaf1-4d51-a301-83efaa4a85bd}\mpengine.dll
    2012-06-19 12:42:25 15224 ----a-w- c:\windows\system32\sdnclean.exe
    2012-06-19 12:42:04 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
    2012-06-19 12:33:32 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2012-06-19 12:33:32 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2012-06-18 14:18:30 6144 ----a-w- c:\windows\system32\Microsoft.Internal.Performance.CodeMarkers.dll
    2012-06-18 12:12:02 -------- d-----w- c:\users\terry\appdata\roaming\Serif
    2012-06-18 12:01:08 83304 ----a-w- c:\windows\system32\AVSAntiSpamLSP.dll
    2012-06-18 11:23:49 -------- d-----w- c:\program files\common files\MSSoap
    2012-06-18 11:21:37 -------- d-----w- c:\program files\Serif
    2012-06-15 11:55:11 -------- d-----w- c:\users\terry\appdata\local\ElevatedDiagnostics
    2012-06-15 11:10:51 23624 ----a-w- c:\windows\system32\drivers\AVSNDISIMDriver.sys
    2012-06-15 01:24:50 -------- d-----w- c:\users\terry\appdata\local\{06473E53-7F36-44AD-99BD-C4726CB0A11D}
    2012-06-14 12:46:35 -------- d-----w- c:\users\terry\appdata\local\{6F57A138-E91C-4247-B605-964085281AA1}
    2012-06-14 12:46:05 -------- d-----w- c:\users\terry\appdata\local\{576CE8F3-D62A-40F8-8297-320E6AC81295}
    2012-06-14 12:23:14 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
    2012-06-14 12:23:14 58880 ----a-w- c:\windows\system32\rdpwsx.dll
    2012-06-14 12:23:14 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
    2012-06-14 12:23:12 919040 ----a-w- c:\windows\system32\rdpcorets.dll
    2012-06-14 12:23:12 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-06-14 12:23:05 2343936 ----a-w- c:\windows\system32\win32k.sys
    2012-06-14 12:23:01 2342400 ----a-w- c:\windows\system32\msi.dll
    2012-06-14 12:23:00 164352 ----a-w- c:\windows\system32\profsvc.dll
    2012-06-14 12:22:52 140288 ----a-w- c:\windows\system32\cryptsvc.dll
    2012-06-14 12:22:52 1158656 ----a-w- c:\windows\system32\crypt32.dll
    2012-06-14 12:22:52 103936 ----a-w- c:\windows\system32\cryptnet.dll
    2012-06-12 11:21:14 -------- d-----w- c:\users\terry\appdata\local\{E1D588CE-C9AA-48F2-8AB3-0521377D291E}
    2012-06-12 11:20:43 -------- d-----w- c:\users\terry\appdata\local\{8CCB0E2C-1CD7-4329-8D50-141E690810EB}
    2012-06-09 12:05:05 -------- d-----w- c:\users\terry\appdata\local\{9AFA9A97-82CC-49BA-9538-47ABC3960CE1}
    2012-06-08 19:17:09 -------- d-----w- c:\users\terry\appdata\local\{5F965941-7077-4094-A552-70AD2751911F}
    2012-06-08 19:16:45 -------- d-----w- c:\users\terry\appdata\local\{00C1331B-6416-4096-9E58-F27A97647A8C}
    2012-06-08 02:16:23 -------- d-----w- c:\users\terry\appdata\local\{AC189125-1A32-4973-9FF9-7E9C8D62F790}
    2012-06-08 02:16:09 -------- d-----w- c:\users\terry\appdata\local\{18754F94-5B14-4AD2-BF7D-B6B0FB78F635}
    2012-06-06 14:20:35 -------- d-----w- c:\users\terry\.eclipse
    2012-06-06 14:18:09 -------- d-----w- c:\program files\eclipse
    2012-06-02 11:55:16 -------- d-----w- c:\users\terry\appdata\local\APN
    2012-06-02 11:42:52 -------- d-----w- c:\users\terry\appdata\local\{E8EF1B39-AB34-4EC5-9DAD-868EC6C55ED0}
    2012-06-02 11:42:26 -------- d-----w- c:\users\terry\appdata\local\{A20F273A-6078-4712-9C0C-4F4CAA62345E}
    2012-06-01 12:29:31 -------- d-----w- c:\users\terry\appdata\local\{FAE4252A-63F7-4C43-B4E8-692BCE718C86}
    2012-06-01 12:29:08 -------- d-----w- c:\users\terry\appdata\local\{6CB6A5ED-6A0F-4BFE-8C4B-F09134D3BB8C}
    2012-06-01 00:09:50 -------- d-----w- c:\users\terry\appdata\local\{AD8D3BA8-A1EA-41B3-A30D-90678A302B0D}
    2012-05-31 12:19:44 -------- d-----w- c:\program files\VB Converter
    2012-05-30 12:03:42 -------- d-----w- c:\users\terry\appdata\roaming\YourFileDownloader
    2012-05-30 11:46:18 -------- d-----w- c:\users\terry\appdata\local\Ilivid Player
    2012-05-29 16:20:31 -------- d-----w- c:\program files\Oracle
    2012-05-29 16:14:06 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
    2012-05-29 15:11:56 -------- d-----w- c:\program files\shortcuts
    2012-05-29 11:02:31 -------- d-----w- c:\users\terry\appdata\local\Apple Computer
    2012-05-29 11:01:25 -------- d-----w- c:\users\terry\appdata\local\Apple
    2012-05-29 10:16:23 -------- d-----w- c:\users\terry\appdata\local\{529E1F41-C238-447C-A99A-E4714EA18157}
    2012-05-29 10:13:30 -------- d-----w- c:\users\terry\appdata\local\{0A9A2091-A4A1-4B89-A05F-42422A2D2343}
    2012-05-28 16:21:43 -------- d-----w- C:\Casino
    2012-05-28 16:15:18 -------- d-----w- c:\users\terry\appdata\roaming\RBotPlus
    2012-05-28 16:15:01 -------- d-----w- c:\program files\RBPlus
    2012-05-28 12:45:51 -------- d-----w- c:\users\terry\appdata\local\{40274F13-8F76-4FD4-AA8C-3B281FA22957}
    2012-05-28 12:44:54 -------- d-----w- c:\users\terry\appdata\local\{BB8B5CC7-F639-4C36-B7D9-470B861B81EF}
    2012-05-25 12:43:42 -------- d-----w- c:\users\terry\android-sdks
    2012-05-25 12:17:39 -------- d-----w- c:\users\terry\workspace
    2012-05-25 09:20:55 -------- d-----w- c:\program files\Mozilla Maintenance Service
    2012-05-25 09:19:59 157352 ----a-w- c:\program files\mozilla firefox\maintenanceservice_installer.exe
    2012-05-25 09:19:59 129976 ----a-w- c:\program files\mozilla firefox\maintenanceservice.exe
    2012-05-25 05:16:36 -------- d-----w- c:\users\terry\appdata\local\NuGet
    2012-05-24 17:29:51 -------- d-----w- c:\users\terry\.android
    2012-05-24 17:29:33 -------- d-----w- c:\program files\Android
    2012-05-24 16:58:36 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
    2012-05-24 16:57:52 -------- d-----w- c:\program files\Microsoft Expression
    2012-05-24 16:57:42 -------- d-----w- c:\program files\WPF Toolkit
    2012-05-24 16:50:56 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
    2012-05-24 16:50:56 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
    2012-05-24 16:50:56 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
    2012-05-24 16:50:55 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
    2012-05-24 16:50:54 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
    2012-05-24 16:50:53 3495784 ----a-w- c:\windows\system32\d3dx9_33.dll
    2012-05-24 16:49:19 81768 ----a-w- c:\windows\system32\xinput1_3.dll
    2012-05-24 16:48:09 -------- d-----w- c:\windows\system32\xlive
    2012-05-24 16:48:07 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
    2012-05-24 16:47:29 -------- d-----w- c:\program files\Microsoft XNA
    2012-05-24 16:41:31 204224 ----a-w- c:\programdata\microsoft\vpdexpress\10.0\1033\ResourceCache.dll
    2012-05-24 16:25:53 -------- d-----w- c:\program files\Microsoft XDE
    2012-05-24 16:25:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
    2012-05-24 15:59:41 -------- d-----w- c:\users\terry\appdata\roaming\NuGet
    2012-05-24 15:46:31 -------- d-----w- c:\program files\NuGet 1.6
    2012-05-24 15:26:05 -------- d-----w- c:\programdata\Package Cache
    2012-05-24 13:39:13 -------- d-----w- c:\users\terry\appdata\roaming\CellularEmulator
    2012-05-24 12:25:26 -------- d-----w- c:\program files\Windows Mobile 6 SDK
    2012-05-24 12:06:02 -------- d-----w- c:\program files\Microsoft Device Emulator
    2012-05-24 11:56:23 -------- d-----w- C:\WebAppToolkitMobileVS2010
    .
    ==================== Find3M ====================
    .
    2012-05-21 13:55:49 305664 --sha-w- C:\EUMONBMP.SYS
    2012-05-17 22:45:37 1800192 ----a-w- c:\windows\system32\jscript9.dll
    2012-05-17 22:35:47 1129472 ----a-w- c:\windows\system32\wininet.dll
    2012-05-17 22:35:39 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-05-17 22:29:45 142848 ----a-w- c:\windows\system32\ieUnatt.exe
    2012-05-17 22:24:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2012-05-03 16:52:08 20616 ----a-w- c:\windows\system32\fbnative.exe
    2012-05-03 16:52:02 187016 ----a-w- c:\windows\system32\drivers\EuFdDisk.sys
    2012-05-03 16:52:00 42120 ----a-w- c:\windows\system32\drivers\EUBKMON.sys
    2012-05-03 16:51:54 17032 ----a-w- c:\windows\system32\drivers\eudskacs.sys
    2012-05-03 16:51:52 50312 ----a-w- c:\windows\system32\drivers\eubakup.sys
    2012-04-04 17:47:02 687504 ----a-w- c:\windows\system32\deployJava1.dll
    2012-03-31 04:39:37 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2012-03-31 04:39:37 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-03-30 10:23:11 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2012-03-29 13:51:52 12952 ----a-w- c:\windows\system32\drivers\PSVolAcc.sys
    2012-03-29 13:51:42 16024 ----a-w- c:\windows\system32\drivers\pssnap.sys
    2012-03-29 13:51:36 47256 ----a-w- c:\windows\system32\drivers\psmounter.sys
    .
    ============= FINISH: 11:56:47.20 ===============

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-06-22 13:19:07
    Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD3200BEVS-26VAT0 rev.11.01A11
    Running: hxmd2f0t.exe; Driver: C:\Users\terry\AppData\Local\Temp\fgloipob.sys

    ---- System - GMER 1.0.15 ----
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x8EA99DF8]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x9375CA5A]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0x8EA9A85E]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x8EA9F2E4]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x8EA9F330]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x8EA9F422]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x8EA9F252]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x8EA9F374]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x8EA9F29A]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x8EA9F3DC]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x8EA99E44]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x9375CB34]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x8EA99AD6]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x8EA99E90]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x8EA9CD1C]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x8EA9AB02]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x8EA9F30E]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x8EA9F352]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x8EA9F446]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x8EA9F278]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x8EA9F3AE]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x8EA9F2C2]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x8EA9F400]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x9375CCA0]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x8EA9A9CE]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x8EA99EDC]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x8EA99F28]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x8EA99B46]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x8EA99CEA]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x8EA99C92]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x8EA99D5A]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwTerminateProcess [0x9375CD60]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x8EA99F74]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwWriteVirtualMemory [0x9375CBE0]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x93772D92]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
    ---- Kernel code sections - GMER 1.0.15 ----
    .text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82C593C9 1 Byte [06]
    .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C92D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
    .text ntkrnlpa.exe!KeRemoveQueueEx + 10CB 82C99D80 4 Bytes [F8, 9D, A9, 8E]
    .text ntkrnlpa.exe!KeRemoveQueueEx + 10F3 82C99DA8 4 Bytes [5A, CA, 75, 93] {POP EDX; RETF 0x9375}
    .text ntkrnlpa.exe!KeRemoveQueueEx + 1153 82C99E08 4 Bytes [5E, A8, A9, 8E]
    .text ntkrnlpa.exe!KeRemoveQueueEx + 11A7 82C99E5C 8 Bytes [E4, F2, A9, 8E, 30, F3, A9, ...]
    .text ntkrnlpa.exe!KeRemoveQueueEx + 11B3 82C99E68 4 Bytes [22, F4, A9, 8E]
    .text ...
    PAGE ntkrnlpa.exe!ObMakeTemporaryObject 82E26C64 5 Bytes JMP 9376FC8C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntkrnlpa.exe!ObInsertObject + 27 82E3F290 5 Bytes JMP 93771764 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108 82E543D7 4 Bytes CALL 8EA9B1B5 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122 82E6E1E0 4 Bytes CALL 8EA9B1CB \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    PAGE ntkrnlpa.exe!ZwCreateProcessEx 82EF811A 7 Bytes JMP 93772D96 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    .text win32k.sys!EngFntCacheLookUp + 8B1B 9B1C01C5 5 Bytes JMP 8EA9D536 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCreateRectRgn + 3819 9B1D4292 5 Bytes JMP 8EA9D67C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCTGetGammaTable + 310 9B1F0BBD 5 Bytes JMP 8EA9E0BA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCTGetGammaTable + 4C63 9B1F5510 5 Bytes JMP 8EA9CF84 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCTGetGammaTable + 60B0 9B1F695D 5 Bytes JMP 8EA9E2EA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCTGetGammaTable + BE11 9B1FC6BE 5 Bytes JMP 8EA9D70C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCTGetGammaTable + C060 9B1FC90D 5 Bytes JMP 8EA9D7FE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngMapFontFileFD + 650 9B2163C5 5 Bytes JMP 8EA9CD52 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngMapFontFileFD + 70E 9B216483 5 Bytes JMP 8EA9D724 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngMapFontFileFD + 38FE 9B219673 5 Bytes JMP 8EA9CE4E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngMapFontFileFD + 39BC 9B219731 5 Bytes JMP 8EA9CE66 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngIsSemaphoreOwnedByCurrentThread + 1EDC 9B21DDA7 5 Bytes JMP 8EA9D562 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngUnmapFontFileFD + 2B26 9B2277F9 5 Bytes JMP 8EA9D384 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngUnmapFontFileFD + ACDC 9B22F9AF 5 Bytes JMP 8EA9CFF4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngUnmapFontFileFD + 14F8D 9B239C60 5 Bytes JMP 8EA9DF8C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngAlphaBlend + 5066 9B2513BE 5 Bytes JMP 8EA9E036 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngBitBlt + 42AA 9B25ED91 5 Bytes JMP 8EA9E4F2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngUnlockSurface + B265 9B274624 5 Bytes JMP 8EA9E07C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngUnlockSurface + CC24 9B275FE3 5 Bytes JMP 8EA9F544 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngDeleteClip + 480C 9B286E88 5 Bytes JMP 8EA9CF22 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngEqualRgn + 41B2 9B294E1C 5 Bytes JMP 8EA9D2E4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngEqualRgn + B3FE 9B29C068 5 Bytes JMP 8EA9E3A8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngDeleteRgn + 2198 9B2B2E17 5 Bytes JMP 8EA9D1AC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngFillPath + 8671 9B2D3F49 5 Bytes JMP 8EA9E450 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!PATHOBJ_vGetBounds + 2EC6 9B2EBF2B 5 Bytes JMP 8EA9E232 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!PATHOBJ_vGetBounds + 3457 9B2EC4BC 5 Bytes JMP 8EA9D0B0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!PATHOBJ_vGetBounds + 6545 9B2EF5AA 5 Bytes JMP 8EA9D73C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!PATHOBJ_vGetBounds + 968D 9B2F26F2 5 Bytes JMP 8EA9D104 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!PATHOBJ_vGetBounds + BF58 9B2F4FBD 5 Bytes JMP 8EA9D7E6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCTGetCurrentGamma + 640F 9B30116E 5 Bytes JMP 8EA9D248 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text peauth.sys BCE0EC9D 28 Bytes [CF, AE, E9, DB, F6, F9, 57, ...]
    .text peauth.sys BCE0ECC1 28 Bytes [CF, AE, E9, DB, F6, F9, 57, ...]
    ? C:\Users\terry\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !
    .text ntdll.dll!LdrUnloadDll 76F9C86E 5 Bytes [E9, 89, 3B, 1C, 89] {JMP 0xffffffff891c3b8e}
    .text ntdll.dll!LdrLoadDll 76FA223E 5 Bytes [E9, B5, DF, 1B, 89] {JMP 0xffffffff891bdfba}
    ---- User code sections - GMER 1.0.15 ----
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[480] ntdll.dll!LdrUnloadDll 76F9C86E 5 Bytes JMP 001703FC
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[480] ntdll.dll!LdrLoadDll 76FA223E 5 Bytes JMP 001701F8
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[480] kernel32.dll!GetBinaryTypeW + 70 76D669F4 1 Byte [62]
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[480] USER32.dll!UnhookWindowsHookEx 7697ADF9 5 Bytes JMP 00210A08
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[480] USER32.dll!UnhookWinEvent 7697B750 5 Bytes JMP 002103FC
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[480] USER32.dll!SetWindowsHookExW 7697E30C 5 Bytes JMP 00210804
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[480] USER32.dll!SetWinEventHook 769824DC 5 Bytes JMP 002101F8
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[480] USER32.dll!SetWindowsHookExA 769A6D0C 5 Bytes JMP 00210600
    .text C:\Windows\system32\SearchIndexer.exe[484] ntdll.dll!LdrUnloadDll 76F9C86E 5 Bytes JMP 000603FC
    .text C:\Windows\system32\SearchIndexer.exe[484] ntdll.dll!LdrLoadDll 76FA223E 5 Bytes JMP 000601F8
    .text C:\Windows\system32\SearchIndexer.exe[484] kernel32.dll!GetBinaryTypeW + 70 76D669F4 1 Byte [62]
    .text C:\Windows\system32\SearchIndexer.exe[484] USER32.dll!UnhookWindowsHookEx 7697ADF9 5 Bytes JMP 00090A08
    .text C:\Windows\system32\SearchIndexer.exe[484] USER32.dll!UnhookWinEvent 7697B750 5 Bytes JMP 000903FC
    .text C:\Windows\system32\SearchIndexer.exe[484] USER32.dll!SetWindowsHookExW 7697E30C 5 Bytes JMP 00090804
    .text C:\Windows\system32\SearchIndexer.exe[484] USER32.dll!SetWinEventHook 769824DC 5 Bytes JMP 000901F8
    .text C:\Windows\system32\SearchIndexer.exe[484] USER32.dll!SetWindowsHookExA 769A6D0C 5 Bytes JMP 00090600
    .text C:\Windows\system32\csrss.exe[496] kernel32.dll!GetBinaryTypeW + 70 76D669F4 1 Byte [62]
    .text C:\Windows\system32\wininit.exe[552] ntdll.dll!LdrUnloadDll 76F9C86E 5 Bytes JMP 000303FC
    .text C:\Windows\system32\wininit.exe[552] ntdll.dll!LdrLoadDll 76FA223E 5 Bytes JMP 000301F8
    .text C:\Windows\system32\wininit.exe[552] kernel32.dll!GetBinaryTypeW + 70 76D669F4 1 Byte [62]
    .text C:\Windows\system32\wininit.exe[552] USER32.dll!UnhookWindowsHookEx 7697ADF9 5 Bytes JMP 00200A08
    .text C:\Windows\system32\wininit.exe[552] USER32.dll!UnhookWinEvent 7697B750 5 Bytes JMP 002003FC
    .text C:\Windows\system32\wininit.exe[552] USER32.dll!SetWindowsHookExW 7697E30C 5 Bytes JMP 00200804
    .text C:\Windows\system32\wininit.exe[552] USER32.dll!SetWinEventHook 769824DC 5 Bytes JMP 002001F8
    .text C:\Windows\system32\wininit.exe[552] USER32.dll!SetWindowsHookExA 769A6D0C 5 Bytes JMP 00200600
    .text C:\Windows\system32\csrss.exe[564] kernel32.dll!GetBinaryTypeW + 70 76D669F4 1 Byte [62]
    .text C:\Windows\System32\vds.exe[576] ntdll.dll!LdrUnloadDll 76F9C86E 5 Bytes JMP 000603FC
    .text C:\Windows\System32\vds.exe[576] ntdll.dll!LdrLoadDll 76FA223E 5 Bytes JMP 000601F8
    .text C:\Windows\System32\vds.exe[576] kernel32.dll!GetBinaryTypeW + 70 76D669F4 1 Byte [62]
    .text C:\Windows\System32\vds.exe[576] USER32.dll!UnhookWindowsHookEx 7697ADF9 5 Bytes JMP 00080A08
    .text C:\Windows\System32\vds.exe[576] USER32.dll!UnhookWinEvent 7697B750 5 Bytes JMP 000803FC
    .text C:\Windows\System32\vds.exe[576] USER32.dll!SetWindowsHookExW 7697E30C 5 Bytes JMP 00080804
    .text C:\Windows\System32\vds.exe[576] USER32.dll!SetWinEventHook 769824DC 5 Bytes JMP 000801F8
    .text C:\Windows\System32\vds.exe[576] USER32.dll!SetWindowsHookExA 769A6D0C 5 Bytes JMP 00080600
    .text C:\Windows\system32\services.exe[608] ntdll.dll!LdrUnloadDll 76F9C86E 5 Bytes JMP 000A03FC
    .text C:\Windows\system32\services.exe[608] ntdll.dll!LdrLoadDll 76FA223E 5 Bytes JMP 000A01F8
    .text C:\Windows\system32\services.exe[608] kernel32.dll!GetBinaryTypeW + 70 76D669F4 1 Byte [62]
    .text C:\Program Files\EASEUS\Todo Backup\bin\TrayNotify.exe[616] ntdll.dll!LdrUnloadDll 76F9C86E 5 Bytes JMP 001603FC
    .text C:\Program Files\EASEUS\Todo Backup\bin\TrayNotify.exe[616] ntdll.dll!LdrLoadDll 76FA223E 5 Bytes JMP 001601F8
    .text C:\Program Files\EASEUS\Todo Backup\bin\TrayNotify.exe[616] kernel32.dll!GetBinaryTypeW + 70 76D669F4 1 Byte [62]
    .text C:\Program Files\EASEUS\Todo Backup\bin\TrayNotify.exe[616] USER32.dll!UnhookWindowsHookEx 7697ADF9 5 Bytes JMP 001F0A08
    .text C:\Program Files\EASEUS\Todo Backup\bin\TrayNotify.exe[616] USER32.dll!UnhookWinEvent 7697B750 5 Bytes JMP 001F03FC
    .text C:\Program Files\EASEUS\Todo Backup\bin\TrayNotify.exe[616] USER32.dll!SetWindowsHookExW 7697E30C 5 Bytes JMP 001F0804
    .text C:\Program Files\EASEUS\Todo Backup\bin\TrayNotify.exe[616] USER32.dll!SetWinEventHook 769824DC 5 Bytes JMP 001F01F8
    .text C:\Program Files\EASEUS\Todo Backup\bin\TrayNotify.exe[616] USER32.dll!SetWindowsHookExA 769A6D0C 5 Bytes JMP 001F0600
    .text C:\Windows\system32\winlogon.exe[640] ntdll.dll!LdrUnloadDll 76F9C86E 5 Bytes JMP 000303FC
    .text C:\Windows\system32\winlogon.exe[640] ntdll.dll!LdrLoadDll 76FA223E 5 Bytes JMP 000301F8
    .text C:\Windows\system32\winlogon.exe[640] kernel32.dll!GetBinaryTypeW + 70 76D669F4 1 Byte [62]
    .text C:\Windows\system32\winlogon.exe[640] USER32.dll!UnhookWindowsHookEx 7697ADF9 5 Bytes JMP 000C0A08
    .text C:\Windows\system32\winlogon.exe[640] USER32.dll!UnhookWinEvent 7697B750 5 Bytes JMP 000C03FC
    .text C:\Windows\system32\winlogon.exe[640] USER32.dll!SetWindowsHookExW 7697E30C 5 Bytes JMP 000C0804
    .text C:\Windows\system32\winlogon.exe[640] USER32.dll!SetWinEventHook 769824DC 5 Bytes JMP 000C01F8
    .text C:\Windows\system32\winlogon.exe[640] USER32.dll!SetWindowsHookExA 769A6D0C 5 Bytes JMP 000C0600
    .text C:\Windows\system32\lsass.exe[652] ntdll.dll!LdrUnloadDll 76F9C86E 5 Bytes JMP 000603FC
    .text C:\Windows\system32\lsass.exe[652] ntdll.dll!LdrLoadDll 76FA223E 5 Bytes JMP 000601F8
    .text C:\Windows\system32\lsass.exe[652] kernel32.dll!GetBinaryTypeW + 70 76D669F4 1 Byte [62]
    .text C:\Windows\system32\lsm.exe[660] ntdll.dll!LdrUnloadDll 76F9C86E 5 Bytes JMP 000603FC
    .text C:\Windows\system32\lsm.exe[660] ntdll.dll!LdrLoadDll 76FA223E 5 Bytes JMP 000601F8
    .text C:\Windows\system32\lsm.exe[660] kernel32.dll!GetBinaryTypeW + 70 76D669F4 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[776] ntdll.dll!LdrUnloadDll 76F9C86E 5 Bytes JMP 000603FC
    .text C:\Windows\system32\svchost.exe[776] ntdll.dll!LdrLoadDll 76FA223E 5 Bytes JMP 000601F8
    .text C:\Windows\system32\svchost.exe[776] kernel32.dll!GetBinaryTypeW + 70 76D669F4 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[864] ntdll.dll!LdrUnloadDll 76F9C86E 5 Bytes JMP 000603FC
    .text C:\Windows\system32\svchost.exe[864] ntdll.dll!LdrLoadDll 76FA223E 5 Bytes JMP 000601F8
    .text C:\Windows\system32\svchost.exe[864] kernel32.dll!GetBinaryTypeW + 70 76D669F4 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[864] user32.dll!UnhookWindowsHookEx 7697ADF9 5 Bytes JMP 00160A08
    .text C:\Windows\system32\svchost.exe[864] user32.dll!UnhookWinEvent 7697B750 5 Bytes JMP 001603FC
    .text C:\Windows\system32\svchost.exe[864] user32.dll!SetWindowsHookExW 7697E30C 5 Bytes JMP 00160804
    .text C:\Windows\system32\svchost.exe[864] user32.dll!SetWinEventHook 769824DC 5 Bytes JMP 001601F8
    .text C:\Windows\system32\svchost.exe[864] user32.dll!SetWindowsHookExA 769A6D0C 5 Bytes JMP 00160600
    .text C:\Windows\System32\svchost.exe[948] ntdll.dll!LdrUnloadDll 76F9C86E 5 Bytes JMP 000603FC
    .text C:\Windows\System32\svchost.exe[948] ntdll.dll!LdrLoadDll 76FA223E 5 Bytes JMP 000601F8
    .text C:\Windows\System32\svchost.exe[948] kernel32.dll!GetBinaryTypeW + 70 76D669F4 1 Byte [62]
    .text C:\Windows\System32\svchost.exe[948] USER32.dll!UnhookWindowsHookEx 7697ADF9 5 Bytes JMP 00200A08
    .text C:\Windows\System32\svchost.exe[948] USER32.dll!UnhookWinEvent 7697B750 5 Bytes JMP 002003FC
    .text C:\Windows\System32\svchost.exe[948] USER32.dll!SetWindowsHookExW 7697E30C 5 Bytes JMP 00200804
    .text C:\Windows\System32\svchost.exe[948] USER32.dll!SetWinEventHook 769824DC 5 Bytes JMP 002001F8
    .text C:\Windows\System32\svchost.exe[948] USER32.dll!SetWindowsHookExA 769A6D0C 5 Bytes JMP 00200600
    .text C:\Windows\System32\svchost.exe[996] ntdll.dll!LdrUnloadDll 76F9C86E 5 Bytes JMP 000603FC
    .text C:\Windows\System32\svchost.exe[996] ntdll.dll!LdrLoadDll 76FA223E 5 Bytes JMP 000601F8
    .text C:\Windows\System32\svchost.exe[996] kernel32.dll!GetBinaryTypeW + 70 76D669F4 1 Byte [62]
    .text C:\Windows\System32\svchost.exe[996] USER32.dll!UnhookWindowsHookEx 7697ADF9 5 Bytes JMP 001D0A08
    .text C:\Windows\System32\svchost.exe[996] USER32.dll!UnhookWinEvent 7697B750 5 Bytes JMP 001D03FC
    .text C:\Windows\System32\svchost.exe[996] USER32.dll!SetWindowsHookExW 7697E30C 5 Bytes JMP 001D0804
    .text C:\Windows\System32\svchost.exe[996] USER32.dll!SetWinEventHook 769824DC 5 Bytes JMP 001D01F8
    .text C:\Windows\System32\svchost.exe[996] USER32.dll!SetWindowsHookExA 769A6D0C 5 Bytes JMP 001D0600
    .text C:\Windows\system32\svchost.exe[1024] ntdll.dll!LdrUnloadDll 76F9C86E 5 Bytes JMP 000603FC
    .text C:\Windows\system32\svchost.exe[1024] ntdll.dll!LdrLoadDll 76FA223E 5 Bytes JMP 000601F8
    .text C:\Windows\system32\svchost.exe[1024] kernel32.dll!GetBinaryTypeW + 70 76D669F4 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[1024] USER32.dll!UnhookWindowsHookEx 7697ADF9 5 Bytes JMP 00BA0A08
    .text C:\Windows\system32\svchost.exe[1024] USER32.dll!UnhookWinEvent 7697B750 5 Bytes JMP 00BA03FC
    .text C:\Windows\system32\svchost.exe[1024] USER32.dll!SetWindowsHookExW 7697E30C 5 Bytes JMP 00BA0804
    .text C:\Windows\system32\svchost.exe[1024] USER32.dll!SetWinEventHook 769824DC 5 Bytes JMP 00BA01F8
    .text C:\Windows\system32\svchost.exe[1024] USER32.dll!SetWindowsHookExA 769A6D0C 5 Bytes JMP 00BA0600
    .text C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[1184] ntdll.dll!LdrUnloadDll 76F9C86E 5 Bytes JMP 001603FC
    .text C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[1184] ntdll.dll!LdrLoadDll 76FA223E 5 Bytes JMP 001601F8
    .text C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[1184] kernel32.dll!GetBinaryTypeW + 70 76D669F4 1 Byte [62]
    .text C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[1184] USER32.dll!UnhookWindowsHookEx 7697ADF9 5 Bytes JMP 001F0A08
    .text C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[1184] USER32.dll!UnhookWinEvent 7697B750 5 Bytes JMP 001F03FC
    .text C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[1184] USER32.dll!SetWindowsHookExW 7697E30C 5 Bytes JMP 001F0804
    .text C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[1184] USER32.dll!SetWinEventHook 769824DC 5 Bytes JMP 001F01F8
    .text C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[1184] USER32.dll!SetWindowsHookExA 769A6D0C 5 Bytes JMP 001F0600
    .text C:\Windows\system32\svchost.exe[1188] ntdll.dll!LdrUnloadDll 76F9C86E 5 Bytes JMP 000603FC
    .text C:\Windows\system32\svchost.exe[1188] ntdll.dll!LdrLoadDll 76FA223E 5 Bytes JMP 000601F8
    .text C:\Windows\system32\svchost.exe[1188] kernel32.dll!GetBinaryTypeW + 70 76D669F4 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[1188] USER32.dll!UnhookWindowsHookEx 7697ADF9 5 Bytes JMP 00440A08
    .text C:\Windows\system32\svchost.exe[1188] USER32.dll!UnhookWinEvent 7697B750 5 Bytes JMP 004403FC
    .text C:\Windows\system32\svchost.exe[1188] USER32.dll!SetWindowsHookExW 7697E30C 5 Bytes JMP 00440804
    .text C:\Windows\system32\svchost.exe[1188] USER32.dll!SetWinEventHook 769824DC 5 Bytes JMP 004401F8
    .text C:\Windows\system32\svchost.exe[1188] USER32.dll!SetWindowsHookExA 769A6D0C 5 Bytes JMP 00440600
    .text C:\Windows\system32\svchost.exe[1288] ntdll.dll!LdrUnloadDll 76F9C86E 5 Bytes JMP 000603FC
    .text C:\Windows\system32\svchost.exe[1288] ntdll.dll!LdrLoadDll 76FA223E 5 Bytes JMP 000601F8
    .text C:\Windows\system32\svchost.exe[1288] kernel32.dll!GetBinaryTypeW + 70 76D669F4 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[1288] USER32.dll!UnhookWindowsHookEx 7697ADF9 5 Bytes JMP 00450A08
    .text C:\Windows\system32\svchost.exe[1288] USER32.dll!UnhookWinEvent 7697B750 5 Bytes JMP 004503FC
    .text C:\Windows\system32\svchost.exe[1288] USER32.dll!SetWindowsHookExW 7697E30C 5 Bytes JMP 00450804
    .text C:\Windows\system32\svchost.exe[1288] USER32.dll!SetWinEventHook 769824DC 5 Bytes JMP 004501F8
    .text C:\Windows\system32\svchost.exe[1288] USER32.dll!SetWindowsHookExA 769A6D0C 5 Bytes JMP 00450600
    .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1392] kernel32.dll!SetUnhandledExceptionFilter 76D4F4FB 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
    .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1392] kernel32.dll!GetBinaryTypeW + 70 76D669F4 1 Byte [62]
    .text C:\Windows\System32\spoolsv.exe[1624] ntdll.dll!LdrUnloadDll 76F9C86E 5 Bytes JMP 000603FC
    .text C:\Windows\System32\spoolsv.exe[1624] ntdll.dll!LdrLoadDll 76FA223E 5 Bytes JMP 000601F8
    .text C:\Windows\System32\spoolsv.exe[1624] kernel32.dll!GetBinaryTypeW + 70 76D669F4 1 Byte [62]
    .text C:\Windows\System32\spoolsv.exe[1624] USER32.dll!UnhookWindowsHookEx 7697ADF9 5 Bytes JMP 00100A08
    .text C:\Windows\System32\spoolsv.exe[1624] USER32.dll!UnhookWinEvent 7697B750 5 Bytes JMP 001003FC
    .text C:\Windows\System32\spoolsv.exe[1624] USER32.dll!SetWindowsHookExW 7697E30C 5 Bytes JMP 00100804
    .text C:\Windows\System32\spoolsv.exe[1624] USER32.dll!SetWinEventHook 769824DC 5 Bytes JMP 001001F8
    .text C:\Windows\System32\spoolsv.exe[1624] USER32.dll!SetWindowsHookExA 769A6D0C 5 Bytes JMP 00100600
    .text C:\Windows\system32\svchost.exe[1656] ntdll.dll!LdrUnloadDll 76F9C86E 5 Bytes JMP 000603FC
    .text C:\Windows\system32\svchost.exe[1656] ntdll.dll!LdrLoadDll 76FA223E 5 Bytes JMP 000601F8
    .text C:\Windows\system32\svchost.exe[1656] kernel32.dll!GetBinaryTypeW + 70 76D669F4 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[1656] USER32.dll!UnhookWindowsHookEx 7697ADF9 5 Bytes JMP 003D0A08
    .text C:\Windows\system32\svchost.exe[1656] USER32.dll!UnhookWinEvent 7697B750 5 Bytes JMP 003D03FC
    .text C:\Windows\system32\svchost.exe[1656] USER32.dll!SetWindowsHookExW 7697E30C 5 Bytes JMP 003D0804
    .text C:\Windows\system32\svchost.exe[1656] USER32.dll!SetWinEventHook 769824DC 5 Bytes JMP 003D01F8
    .text C:\Windows\system32\svchost.exe[1656] USER32.dll!SetWindowsHookExA 769A6D0C 5 Bytes JMP 003D0600
    .text C:\Windows\system32\svchost.exe[1776] ntdll.dll!LdrUnloadDll 76F9C86E 5 Bytes JMP 000603FC
    .text C:\Windows\system32\svchost.exe[1776] ntdll.dll!LdrLoadDll 76FA223E 5 Bytes JMP 000601F8
    .text C:\Windows\system32\svchost.exe[1776] kernel32.dll!GetBinaryTypeW + 70 76D669F4 1 Byte [62]
    .text C:\Program Files\AVS4YOU\AVSFirewall\AVSFirewallService.exe[1808] ntdll.dll!LdrUnloadDll 76F9C86E 5 Bytes JMP 001603FC
    .text C:\Program Files\AVS4YOU\AVSFirewall\AVSFirewallService.exe[1808] ntdll.dll!LdrLoadDll 76FA223E 5 Bytes JMP 001601F8
    .text C:\Program Files\AVS4YOU\AVSFirewall\AVSFirewallService.exe[1808] kernel32.dll!GetBinaryTypeW + 70 76D669F4 1 Byte [62]
    .text C:\Program Files\AVS4YOU\AVSFirewall\AVSFirewallService.exe[1808] USER32.dll!UnhookWindowsHookEx 7697ADF9 5 Bytes JMP 00300A08
    .text C:\Program Files\AVS4YOU\AVSFirewall\AVSFirewallService.exe[1808] USER32.dll!UnhookWinEvent 7697B750 5 Bytes JMP 003003FC
    .text C:\Program Files\AVS4YOU\AVSFirewall\AVSFirewallService.exe[1808] USER32.dll!SetWindowsHookExW 7697E30C 5 Bytes JMP 00300804
    .text C:\Program Files\AVS4YOU\AVSFirewall\AVSFirewallService.exe[1808] USER32.dll!SetWinEventHook 769824DC 5 Bytes JMP 003001F8
    .text C:\Program Files\AVS4YOU\AVSFirewall\AVSFirewallService.exe[1808] USER32.dll!SetWindowsHookExA 769A6D0C 5 Bytes JMP 00300600
    .text C:\Program Files\Ashampoo\Ashampoo WinOptimizer 8\DfsdkS.exe[1832] ntdll.dll!LdrUnloadDll 76F9C86E 5 Bytes JMP 001603FC
    .text C:\Program Files\Ashampoo\Ashampoo WinOptimizer 8\DfsdkS.exe[1832] ntdll.dll!LdrLoadDll 76FA223E 5 Bytes JMP 001601F8
    .text C:\Program Files\Ashampoo\Ashampoo WinOptimizer 8\DfsdkS.exe[1832] kernel32.dll!GetBinaryTypeW + 70 76D669F4 1 Byte [62]
    .text C:\Program Files\Ashampoo\Ashampoo WinOptimizer 8\DfsdkS.exe[1832] user32.dll!UnhookWindowsHookEx 7697ADF9 5 Bytes JMP 001F0A08
    .text C:\Program Files\Ashampoo\Ashampoo WinOptimizer 8\DfsdkS.exe[1832] user32.dll!UnhookWinEvent 7697B750 5 Bytes JMP 001F03FC
    .text C:\Program Files\Ashampoo\Ashampoo WinOptimizer 8\DfsdkS.exe[1832] user32.dll!SetWindowsHookExW 7697E30C 5 Bytes JMP 001F0804
    .text C:\Program Files\Ashampoo\Ashampoo WinOptimizer 8\DfsdkS.exe[1832] user32.dll!SetWinEventHook 769824DC 5 Bytes JMP 001F01F8
    .text C:\Program Files\Ashampoo\Ashampoo WinOptimizer 8\DfsdkS.exe[1832] user32.dll!SetWindowsHookExA 769A6D0C 5 Bytes JMP 001F0600
    .text C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe[1940] ntdll.dll!LdrUnloadDll 76F9C86E 5 Bytes JMP 001603FC
    .text C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe[1940] ntdll.dll!LdrLoadDll 76FA223E 5 Bytes JMP 001601F8
    .text C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe[1940] kernel32.dll!GetBinaryTypeW + 70 76D669F4 1 Byte [62]
    .text C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe[1940] USER32.dll!UnhookWindowsHookEx 7697ADF9 5 Bytes JMP 001F0A08
    .text C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe[1940] USER32.dll!UnhookWinEvent 7697B750 5 Bytes JMP 001F03FC
    .text C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe[1940] USER32.dll!SetWindowsHookExW 7697E30C 5 Bytes JMP 001F0804
    .text C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe[1940] USER32.dll!SetWinEventHook 769824DC 5 Bytes JMP 001F01F8
    .text C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe[1940] USER32.dll!SetWindowsHookExA 769A6D0C 5 Bytes JMP 001F0600
    .text C:\Windows\system32\svchost.exe[2004] ntdll.dll!LdrUnloadDll 76F9C86E 5 Bytes JMP 000603FC
    .text C:\Windows\system32\svchost.exe[2004] ntdll.dll!LdrLoadDll 76FA223E 5 Bytes JMP 000601F8
    .text C:\Windows\system32\svchost.exe[2004] kernel32.dll!GetBinaryTypeW + 70 76D669F4 1 Byte [62]
    .text C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe[2036] ntdll.dll!LdrUnloadDll 76F9C86E 5 Bytes JMP 000603FC
    .text C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe[2036] ntdll.dll!LdrLoadDll 76FA223E 5 Bytes JMP 000601F8
    .text C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe[2036] kernel32.dll!GetBinaryTypeW + 70 76D669F4 1 Byte [62]
    .text C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe[2036] USER32.dll!UnhookWindowsHookEx 7697ADF9 5 Bytes JMP 00080A08
    .text C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe[2036] USER32.dll!UnhookWinEvent 7697B750 5 Bytes JMP 000803FC
    .text C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe[2036] USER32.dll!SetWindowsHookExW 7697E30C 5 Bytes JMP 00080804
    .text C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe[2036] USER32.dll!SetWinEventHook 769824DC 5 Bytes JMP 000801F8
    .text C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe[2036] USER32.dll!SetWindowsHookExA 769A6D0C 5 Bytes JMP 00080600
    .text C:\Program Files\RocketDock\RocketDock.exe[2440] ntdll.dll!LdrUnloadDll 76F9C86E 5 Bytes JMP 001603FC
    .text C:\Program Files\RocketDock\RocketDock.exe[2440] ntdll.dll!LdrLoadDll 76FA223E 5 Bytes JMP 001601F8
    .text C:\Program Files\RocketDock\RocketDock.exe[2440] kernel32.dll!GetBinaryTypeW + 70 76D669F4 1 Byte [62]
    .text C:\Program Files\RocketDock\RocketDock.exe[2440] USER32.dll!UnhookWindowsHookEx 7697ADF9 5 Bytes JMP 00180A08
    .text C:\Program Files\RocketDock\RocketDock.exe[2440] USER32.dll!UnhookWinEvent 7697B750 5 Bytes JMP 001803FC
    .text C:\Program Files\RocketDock\RocketDock.exe[2440] USER32.dll!SetWindowsHookExW 7697E30C 5 Bytes JMP 00180804
    .text C:\Program Files\RocketDock\RocketDock.exe[2440] USER32.dll!SetWinEventHook 769824DC 5 Bytes JMP 001801F8
    .text C:\Program Files\RocketDock\RocketDock.exe[2440] USER32.dll!SetWindowsHookExA 769A6D0C 5 Bytes JMP 00180600
    .text C:\Program Files\Windows Sidebar\sidebar.exe[2460] ntdll.dll!LdrUnloadDll 76F9C86E 5 Bytes JMP 000603FC
    .text C:\Program Files\Windows Sidebar\sidebar.exe[2460] ntdll.dll!LdrLoadDll 76FA223E 5 Bytes JMP 000601F8
    .text C:\Program Files\Windows Sidebar\sidebar.exe[2460] kernel32.dll!GetBinaryTypeW + 70 76D669F4 1 Byte [62]
    .text C:\Program Files\Windows Sidebar\sidebar.exe[2460] USER32.dll!UnhookWindowsHookEx 7697ADF9 5 Bytes JMP 000A0A08
    .text C:\Program Files\Windows Sidebar\sidebar.exe[2460] USER32.dll!UnhookWinEvent 7697B750 5 Bytes JMP 000A03FC
    .text C:\Program Files\Windows Sidebar\sidebar.exe[2460] USER32.dll!SetWindowsHookExW 7697E30C 5 Bytes JMP 000A0804
    .text C:\Program Files\Windows Sidebar\sidebar.exe[2460] USER32.dll!SetWinEventHook 769824DC 5 Bytes JMP 000A01F8
    .text C:\Program Files\Windows Sidebar\sidebar.exe[2460] USER32.dll!SetWindowsHookExA 769A6D0C 5 Bytes JMP 000A0600
    .text C:\Program Files\Macrium\Reflect\ReflectService.exe[2520] ntdll.dll!LdrUnloadDll 76F9C86E 5 Bytes JMP 001603FC
    .text C:\Program Files\Macrium\Reflect\ReflectService.exe[2520] ntdll.dll!LdrLoadDll 76FA223E 5 Bytes JMP 001601F8
    .text C:\Program Files\Macrium\Reflect\ReflectService.exe[2520] kernel32.dll!GetBinaryTypeW + 70 76D669F4 1 Byte [62]
    .text C:\Program Files\Macrium\Reflect\ReflectService.exe[2520] USER32.dll!UnhookWindowsHookEx 7697ADF9 5 Bytes JMP 00180A08
    .text C:\Program Files\Macrium\Reflect\ReflectService.exe[2520] USER32.dll!UnhookWinEvent 7697B750 5 Bytes JMP 001803FC
    .text C:\Program Files\Macrium\Reflect\ReflectService.exe[2520] USER32.dll!SetWindowsHookExW 7697E30C 5 Bytes JMP 00180804
    .text C:\Program Files\Macrium\Reflect\ReflectService.exe[2520] USER32.dll!SetWinEventHook 769824DC 5 Bytes JMP 001801F8
    .text C:\Program Files\Macrium\Reflect\ReflectService.exe[2520] USER32.dll!SetWindowsHookExA 769A6D0C 5 Bytes JMP 00180600
    .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2644] ntdll.dll!LdrUnloadDll 76F9C86E 5 Bytes JMP 000603FC
    .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2644] ntdll.dll!LdrLoadDll 76FA223E 5 Bytes JMP 000601F8
    .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2644] kernel32.dll!GetBinaryTypeW + 70 76D669F4 1 Byte [62]
    .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2644] USER32.dll!UnhookWindowsHookEx 7697ADF9 5 Bytes JMP 00180A08
    .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2644] USER32.dll!UnhookWinEvent 7697B750 5 Bytes JMP 001803FC
    .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2644] USER32.dll!SetWindowsHookExW 7697E30C 5 Bytes JMP 00180804
    .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2644] USER32.dll!SetWinEventHook 769824DC 5 Bytes JMP 001801F8
    .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2644] USER32.dll!SetWindowsHookExA 769A6D0C 5 Bytes JMP 00180600
    .text C:\Windows\system32\svchost.exe[2664] ntdll.dll!LdrUnloadDll 76F9C86E 5 Bytes JMP 000603FC
    .text C:\Windows\system32\svchost.exe[2664] ntdll.dll!LdrLoadDll 76FA223E 5 Bytes JMP 000601F8
    .text C:\Windows\system32\svchost.exe[2664] kernel32.dll!GetBinaryTypeW + 70 76D669F4 1 Byte [62]
    .text C:\Windows\system32\AUDIODG.EXE[2704] kernel32.dll!GetBinaryTypeW + 70 76D669F4 1 Byte [62]
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2744] ntdll.dll!LdrUnloadDll 76F9C86E 5 Bytes JMP 000603FC
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2744] ntdll.dll!LdrLoadDll 76FA223E 5 Bytes JMP 000601F8
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2744] kernel32.dll!GetBinaryTypeW + 70 76D669F4 1 Byte [62]
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2744] USER32.dll!UnhookWindowsHookEx 7697ADF9 5 Bytes JMP 00100A08
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2744] USER32.dll!UnhookWinEvent 7697B750 5 Bytes JMP 001003FC
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2744] USER32.dll!SetWindowsHookExW 7697E30C 5 Bytes JMP 00100804
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2744] USER32.dll!SetWinEventHook 769824DC 5 Bytes JMP 001001F8
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2744] USER32.dll!SetWindowsHookExA 769A6D0C 5 Bytes JMP 00100600
    .text C:\Program Files\AVS4YOU\AVSFirewall\AVSFirewall.exe[2776] ntdll.dll!LdrUnloadDll 76F9C86E 5 Bytes JMP 001503FC
    .text C:\Program Files\AVS4YOU\AVSFirewall\AVSFirewall.exe[2776] ntdll.dll!LdrLoadDll 76FA223E 5 Bytes JMP 001501F8
    .text C:\Program Files\AVS4YOU\AVSFirewall\AVSFirewall.exe[2776] kernel32.dll!GetBinaryTypeW + 70 76D669F4 1 Byte [62]
    .text C:\Program Files\AVS4YOU\AVSFirewall\AVSFirewall.exe[2776] USER32.dll!UnhookWindowsHookEx 7697ADF9 5 Bytes JMP 002F0A08
    .text C:\Program Files\AVS4YOU\AVSFirewall\AVSFirewall.exe[2776] USER32.dll!UnhookWinEvent 7697B750 5 Bytes JMP 002F03FC
    .text C:\Program Files\AVS4YOU\AVSFirewall\AVSFirewall.exe[2776] USER32.dll!SetWindowsHookExW 7697E30C 5 Bytes JMP 002F0804
    .text C:\Program Files\AVS4YOU\AVSFirewall\AVSFirewall.exe[2776] USER32.dll!SetWinEventHook 769824DC 5 Bytes JMP 002F01F8
    .text C:\Program Files\AVS4YOU\AVSFirewall\AVSFirewall.exe[2776] USER32.dll!SetWindowsHookExA 769A6D0C 5 Bytes JMP 002F0600
    .text C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe[2920] ntdll.dll!LdrUnloadDll 76F9C86E 5 Bytes JMP 001603FC
    .text C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe[2920] ntdll.dll!LdrLoadDll 76FA223E 5 Bytes JMP 001601F8
    .text C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe[2920] kernel32.dll!GetBinaryTypeW + 70 76D669F4 1 Byte [62]
    .text C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe[2920] USER32.dll!UnhookWindowsHookEx 7697ADF9 5 Bytes JMP 001B0A08
    .text C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe[2920] USER32.dll!UnhookWinEvent 7697B750 5 Bytes JMP 001B03FC
    .text C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe[2920] USER32.dll!SetWindowsHookExW 7697E30C 5 Bytes JMP 001B0804
    .text C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe[2920] USER32.dll!SetWinEventHook 769824DC 5 Bytes JMP 001B01F8
    .text C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe[2920] USER32.dll!SetWindowsHookExA 769A6D0C 5 Bytes JMP 001B0600
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2928] ntdll.dll!LdrUnloadDll 76F9C86E 5 Bytes JMP 000603FC
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2928] ntdll.dll!LdrLoadDll 76FA223E 5 Bytes JMP 000601F8
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2928] kernel32.dll!GetBinaryTypeW + 70 76D669F4 1 Byte [62]
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2928] USER32.dll!UnhookWindowsHookEx 7697ADF9 5 Bytes JMP 00100A08
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2928] USER32.dll!UnhookWinEvent 7697B750 5 Bytes JMP 001003FC
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2928] USER32.dll!SetWindowsHookExW 7697E30C 5 Bytes JMP 00100804
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2928] USER32.dll!SetWinEventHook 769824DC 5 Bytes JMP 001001F8
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2928] USER32.dll!SetWindowsHookExA 769A6D0C 5 Bytes JMP 00100600
    .text C:\Windows\system32\taskhost.exe[2984] ntdll.dll!LdrUnloadDll 76F9C86E 5 Bytes JMP 000503FC
    .text C:\Windows\system32\taskhost.exe[2984] ntdll.dll!LdrLoadDll 76FA223E 5 Bytes JMP 000501F8
    .text C:\Windows\system32\taskhost.exe[2984] kernel32.dll!GetBinaryTypeW + 70 76D669F4 1 Byte [62]
    .text C:\Windows\system32\taskhost.exe[2984] USER32.dll!UnhookWindowsHookEx 7697ADF9 5 Bytes JMP 000F0A08
    .text C:\Windows\system32\taskhost.exe[2984] USER32.dll!UnhookWinEvent 7697B750 5 Bytes JMP 000F03FC
    .text C:\Windows\system32\taskhost.exe[2984] USER32.dll!SetWindowsHookExW 7697E30C 5 Bytes JMP 000F0804
    .text C:\Windows\system32\taskhost.exe[2984] USER32.dll!SetWinEventHook 769824DC 5 Bytes JMP 000F01F8
    .text C:\Windows\system32\taskhost.exe[2984] USER32.dll!SetWindowsHookExA 769A6D0C 5 Bytes JMP 000F0600
    .text C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe[3032] ntdll.dll!LdrUnloadDll 76F9C86E 5 Bytes JMP 001603FC
    .text C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe[3032] ntdll.dll!LdrLoadDll 76FA223E 5 Bytes JMP 001601F8
    .text C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe[3032] kernel32.dll!GetBinaryTypeW + 70 76D669F4 1 Byte [62]
    .text C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe[3032] USER32.dll!UnhookWindowsHookEx 7697ADF9 5 Bytes JMP 003F0A08
    .text C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe[3032] USER32.dll!UnhookWinEvent 7697B750 5 Bytes JMP 003F03FC
    .text C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe[3032] USER32.dll!SetWindowsHookExW 7697E30C 5 Bytes JMP 003F0804
    .text C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe[3032] USER32.dll!SetWinEventHook 769824DC 5 Bytes JMP 003F01F8
    .text C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe[3032] USER32.dll!SetWindowsHookExA 769A6D0C 5 Bytes JMP 003F0600
    .text C:\Windows\system32\Dwm.exe[3092] ntdll.dll!LdrUnloadDll 76F9C86E 5 Bytes JMP 000A03FC
    .text C:\Windows\system32\Dwm.exe[3092] ntdll.dll!LdrLoadDll 76FA223E 5 Bytes JMP 000A01F8
    .text C:\Windows\system32\Dwm.exe[3092] kernel32.dll!GetBinaryTypeW + 70 76D669F4 1 Byte [62]
    .text C:\Windows\system32\Dwm.exe[3092] USER32.dll!UnhookWindowsHookEx 7697ADF9 5 Bytes JMP 00230A08
    .text C:\Windows\system32\Dwm.exe[3092] USER32.dll!UnhookWinEvent 7697B750 5 Bytes JMP 002303FC
    .text C:\Windows\system32\Dwm.exe[3092] USER32.dll!SetWindowsHookExW 7697E30C 3 Bytes JMP 00230804
    .text C:\Windows\system32\Dwm.exe[3092] USER32.dll!SetWindowsHookExW + 4 7697E310 1 Byte [89]
    .text C:\Windows\system32\Dwm.exe[3092] USER32.dll!SetWinEventHook 769824DC 5 Bytes JMP 002301F8
    .text C:\Windows\system32\Dwm.exe[3092] USER32.dll!SetWindowsHookExA 769A6D0C 5 Bytes JMP 00230600
    .text C:\Windows\Explorer.EXE[3128] ntdll.dll!LdrUnloadDll 76F9C86E 5 Bytes JMP 000603FC
    .text C:\Windows\Explorer.EXE[3128] ntdll.dll!LdrLoadDll 76FA223E 5 Bytes JMP 000601F8
    .text C:\Windows\Explorer.EXE[3128] kernel32.dll!GetBinaryTypeW + 70 76D669F4 1 Byte [62]
    .text C:\Windows\Explorer.EXE[3128] USER32.dll!UnhookWindowsHookEx 7697ADF9 5 Bytes JMP 003E0A08
    .text C:\Windows\Explorer.EXE[3128] USER32.dll!UnhookWinEvent 7697B750 5 Bytes JMP 003E03FC
    .text C:\Windows\Explorer.EXE[3128] USER32.dll!SetWindowsHookExW 7697E30C 5 Bytes JMP 003E0804
    .text C:\Windows\Explorer.EXE[3128] USER32.dll!SetWinEventHook 769824DC 5 Bytes JMP 003E01F8
    .text C:\Windows\Explorer.EXE[3128] USER32.dll!SetWindowsHookExA 769A6D0C 5 Bytes JMP 003E0600
    .text C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe[3248] ntdll.dll!LdrUnloadDll 76F9C86E 5 Bytes JMP 000603FC
    .text C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe[3248] ntdll.dll!LdrLoadDll 76FA223E 5 Bytes JMP 000601F8
    .text C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe[3248] kernel32.dll!GetBinaryTypeW + 70 76D669F4 1 Byte [62]
    .text C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe[3248] USER32.dll!UnhookWindowsHookEx 7697ADF9 5 Bytes JMP 002F0A08
    .text C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe[3248] USER32.dll!UnhookWinEvent 7697B750 5 Bytes JMP 002F03FC
    .text C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe[3248] USER32.dll!SetWindowsHookExW 7697E30C 5 Bytes JMP 002F0804
    .text C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe[3248] USER32.dll!SetWinEventHook 769824DC 5 Bytes JMP 002F01F8
    .text C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe[3248] USER32.dll!SetWindowsHookExA 769A6D0C 5 Bytes JMP 002F0600
    .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3556] kernel32.dll!GetBinaryTypeW + 70 76D669F4 1 Byte [62]
    .text C:\Windows\System32\igfxtray.exe[3648] ntdll.dll!LdrUnloadDll 76F9C86E 5 Bytes JMP 001603FC
    .text C:\Windows\System32\igfxtray.exe[3648] ntdll.dll!LdrLoadDll 76FA223E 5 Bytes JMP 001601F8
    .text C:\Windows\System32\igfxtray.exe[3648] kernel32.dll!GetBinaryTypeW + 70 76D669F4 1 Byte [62]
    .text C:\Windows\System32\igfxtray.exe[3648] USER32.dll!UnhookWindowsHookEx 7697ADF9 5 Bytes JMP 00200A08
    .text C:\Windows\System32\igfxtray.exe[3648] USER32.dll!UnhookWinEvent 7697B750 5 Bytes JMP 002003FC
    .text C:\Windows\System32\igfxtray.exe[3648] USER32.dll!SetWindowsHookExW 7697E30C 5 Bytes JMP 00200804
    .text C:\Windows\System32\igfxtray.exe[3648] USER32.dll!SetWinEventHook 769824DC 5 Bytes JMP 002001F8
    .text C:\Windows\System32\igfxtray.exe[3648] USER32.dll!SetWindowsHookExA 769A6D0C 5 Bytes JMP 00200600
    .text C:\Windows\System32\hkcmd.exe[3656] ntdll.dll!LdrUnloadDll 76F9C86E 5 Bytes JMP 001603FC
    .text C:\Windows\System32\hkcmd.exe[3656] ntdll.dll!LdrLoadDll 76FA223E 5 Bytes JMP 001601F8
    .text C:\Windows\System32\hkcmd.exe[3656] kernel32.dll!GetBinaryTypeW + 70 76D669F4 1 Byte [62]
    .text C:\Windows\System32\hkcmd.exe[3656] USER32.dll!UnhookWindowsHookEx 7697ADF9 5 Bytes JMP 00190A08
    .text C:\Windows\System32\hkcmd.exe[3656] USER32.dll!UnhookWinEvent 7697B750 5 Bytes JMP 001903FC
    .text C:\Windows\System32\hkcmd.exe[3656] USER32.dll!SetWindowsHookExW 7697E30C 5 Bytes JMP 00190804
    .text C:\Windows\System32\hkcmd.exe[3656] USER32.dll!SetWinEventHook 769824DC 5 Bytes JMP 001901F8
    .text C:\Windows\System32\hkcmd.exe[3656] USER32.dll!SetWindowsHookExA 769A6D0C 5 Bytes JMP 00190600
    .text C:\Windows\System32\igfxpers.exe[3676] ntdll.dll!LdrUnloadDll 76F9C86E 5 Bytes JMP 001603FC
    .text C:\Windows\System32\igfxpers.exe[3676] ntdll.dll!LdrLoadDll 76FA223E 5 Bytes JMP 001601F8
    .text C:\Windows\System32\igfxpers.exe[3676] kernel32.dll!GetBinaryTypeW + 70 76D669F4 1 Byte [62]
    .text C:\Windows\System32\igfxpers.exe[3676] USER32.dll!UnhookWindowsHookEx 7697ADF9 5 Bytes JMP 00210A08
    .text C:\Windows\System32\igfxpers.exe[3676] USER32.dll!UnhookWinEvent 7697B750 5 Bytes JMP 002103FC
    .text C:\Windows\System32\igfxpers.exe[3676] USER32.dll!SetWindowsHookExW 7697E30C 5 Bytes JMP 00210804
    .text C:\Windows\System32\igfxpers.exe[3676] USER32.dll!SetWinEventHook 769824DC 5 Bytes JMP 002101F8
    .text C:\Windows\System32\igfxpers.exe[3676] USER32.dll!SetWindowsHookExA 769A6D0C 5 Bytes JMP 00210600
    .text C:\Users\terry\Desktop\hxmd2f0t.exe[3764] ntdll.dll!LdrUnloadDll 76F9C86E 5 Bytes JMP 001603FC
    .text C:\Users\terry\Desktop\hxmd2f0t.exe[3764] ntdll.dll!LdrLoadDll 76FA223E 5 Bytes JMP 001601F8
    .text C:\Users\terry\Desktop\hxmd2f0t.exe[3764] kernel32.dll!GetBinaryTypeW + 70 76D669F4 1 Byte [62]
    .text C:\Users\terry\Desktop\hxmd2f0t.exe[3764] USER32.dll!UnhookWindowsHookEx 7697ADF9 5 Bytes JMP 00210A08
    .text C:\Users\terry\Desktop\hxmd2f0t.exe[3764] USER32.dll!UnhookWinEvent 7697B750 5 Bytes JMP 002103FC
    .text C:\Users\terry\Desktop\hxmd2f0t.exe[3764] USER32.dll!SetWindowsHookExW 7697E30C 5 Bytes JMP 00210804
    .text C:\Users\terry\Desktop\hxmd2f0t.exe[3764] USER32.dll!SetWinEventHook 769824DC 5 Bytes JMP 002101F8
    .text C:\Users\terry\Desktop\hxmd2f0t.exe[3764] USER32.dll!SetWindowsHookExA 769A6D0C 5 Bytes JMP 00210600
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3840] ntdll.dll!LdrUnloadDll 76F9C86E 5 Bytes JMP 001503FC
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3840] ntdll.dll!LdrLoadDll 76FA223E 5 Bytes JMP 001501F8
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3840] kernel32.dll!GetBinaryTypeW + 70 76D669F4 1 Byte [62]
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3840] USER32.dll!UnhookWindowsHookEx 7697ADF9 5 Bytes JMP 001E0A08
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3840] USER32.dll!UnhookWinEvent 7697B750 5 Bytes JMP 001E03FC
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3840] USER32.dll!SetWindowsHookExW 7697E30C 5 Bytes JMP 001E0804
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3840] USER32.dll!SetWinEventHook 769824DC 5 Bytes JMP 001E01F8
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3840] USER32.dll!SetWindowsHookExA 769A6D0C 5 Bytes JMP 001E0600
    .text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[3976] ntdll.dll!LdrUnloadDll 76F9C86E 5 Bytes JMP 001603FC
    .text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[3976] ntdll.dll!LdrLoadDll 76FA223E 5 Bytes JMP 001601F8
    .text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[3976] kernel32.dll!GetBinaryTypeW + 70 76D669F4 1 Byte [62]
    .text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[3976] USER32.dll!UnhookWindowsHookEx 7697ADF9 5 Bytes JMP 001F0A08
    .text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[3976] USER32.dll!UnhookWinEvent 7697B750 5 Bytes JMP 001F03FC
    .text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[3976] USER32.dll!SetWindowsHookExW 7697E30C 5 Bytes JMP 001F0804
    .text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[3976] USER32.dll!SetWinEventHook 769824DC 5 Bytes JMP 001F01F8
    .text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[3976] USER32.dll!SetWindowsHookExA 769A6D0C 5 Bytes JMP 001F0600
    .text C:\Program Files\EASEUS\Todo Backup\bin\EuWatch.exe[4044] ntdll.dll!LdrUnloadDll 76F9C86E 5 Bytes JMP 000603FC
    .text C:\Program Files\EASEUS\Todo Backup\bin\EuWatch.exe[4044] ntdll.dll!LdrLoadDll 76FA223E 5 Bytes JMP 000601F8
    .text C:\Program Files\EASEUS\Todo Backup\bin\EuWatch.exe[4044] kernel32.dll!GetBinaryTypeW + 70 76D669F4 1 Byte [62]
    .text C:\Program Files\EASEUS\Todo Backup\bin\EuWatch.exe[4044] USER32.dll!UnhookWindowsHookEx 7697ADF9 5 Bytes JMP 001F0A08
    .text C:\Program Files\EASEUS\Todo Backup\bin\EuWatch.exe[4044] USER32.dll!UnhookWinEvent 7697B750 5 Bytes JMP 001F03FC
    .text C:\Program Files\EASEUS\Todo Backup\bin\EuWatch.exe[4044] USER32.dll!SetWindowsHookExW 7697E30C 5 Bytes JMP 001F0804
    .text C:\Program Files\EASEUS\Todo Backup\bin\EuWatch.exe[4044] USER32.dll!SetWinEventHook 769824DC 5 Bytes JMP 001F01F8
    .text C:\Program Files\EASEUS\Todo Backup\bin\EuWatch.exe[4044] USER32.dll!SetWindowsHookExA 769A6D0C 5 Bytes JMP 001F0600
    .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4212] ntdll.dll!LdrUnloadDll 76F9C86E 5 Bytes JMP 001603FC
    .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4212] ntdll.dll!LdrLoadDll 76FA223E 5 Bytes JMP 001601F8
    .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4212] kernel32.dll!GetBinaryTypeW + 70 76D669F4 1 Byte [62]
    .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4212] USER32.dll!UnhookWindowsHookEx 7697ADF9 5 Bytes JMP 002F0A08
    .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4212] USER32.dll!UnhookWinEvent 7697B750 5 Bytes JMP 002F03FC
    .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4212] USER32.dll!SetWindowsHookExW 7697E30C 5 Bytes JMP 002F0804
    .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4212] USER32.dll!SetWinEventHook 769824DC 5 Bytes JMP 002F01F8
    .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4212] USER32.dll!SetWindowsHookExA 769A6D0C 5 Bytes JMP 002F0600
    .text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[4376] ntdll.dll!LdrUnloadDll 76F9C86E 5 Bytes JMP 000603FC
    .text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[4376] ntdll.dll!LdrLoadDll 76FA223E 5 Bytes JMP 000601F8
    .text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[4376] kernel32.dll!GetBinaryTypeW + 70 76D669F4 1 Byte [62]
    .text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[4376] USER32.dll!UnhookWindowsHookEx 7697ADF9 5 Bytes JMP 00100A08
    .text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[4376] USER32.dll!UnhookWinEvent 7697B750 5 Bytes JMP 001003FC
    .text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[4376] USER32.dll!SetWindowsHookExW 7697E30C 5 Bytes JMP 00100804
    .text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[4376] USER32.dll!SetWinEventHook 769824DC 5 Bytes JMP 001001F8
    .text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[4376] USER32.dll!SetWindowsHookExA 769A6D0C 5 Bytes JMP 00100600
    .text C:\Windows\System32\svchost.exe[4424] ntdll.dll!LdrUnloadDll 76F9C86E 5 Bytes JMP 000A03FC
    .text C:\Windows\System32\svchost.exe[4424] ntdll.dll!LdrLoadDll 76FA223E 5 Bytes JMP 000A01F8
    .text C:\Windows\System32\svchost.exe[4424] kernel32.dll!GetBinaryTypeW + 70 76D669F4 1 Byte [62]
    .text C:\Windows\System32\svchost.exe[4424] USER32.dll!UnhookWindowsHookEx 7697ADF9 5 Bytes JMP 00180A08
    .text C:\Windows\System32\svchost.exe[4424] USER32.dll!UnhookWinEvent 7697B750 5 Bytes JMP 001803FC
    .text C:\Windows\System32\svchost.exe[4424] USER32.dll!SetWindowsHookExW 7697E30C 5 Bytes JMP 00180804
    .text C:\Windows\System32\svchost.exe[4424] USER32.dll!SetWinEventHook 769824DC 5 Bytes JMP 001801F8
    .text C:\Windows\System32\svchost.exe[4424] USER32.dll!SetWindowsHookExA 769A6D0C 5 Bytes JMP 00180600
    .text C:\Windows\system32\svchost.exe[4456] ntdll.dll!LdrUnloadDll 76F9C86E 5 Bytes JMP 000603FC
    .text C:\Windows\system32\svchost.exe[4456] ntdll.dll!LdrLoadDll 76FA223E 5 Bytes JMP 000601F8
    .text C:\Windows\system32\svchost.exe[4456] kernel32.dll!GetBinaryTypeW + 70 76D669F4 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[4456] USER32.dll!UnhookWindowsHookEx 7697ADF9 5 Bytes JMP 00200A08
    .text C:\Windows\system32\svchost.exe[4456] USER32.dll!UnhookWinEvent 7697B750 5 Bytes JMP 002003FC
    .text C:\Windows\system32\svchost.exe[4456] USER32.dll!SetWindowsHookExW 7697E30C 5 Bytes JMP 00200804
    .text C:\Windows\system32\svchost.exe[4456] USER32.dll!SetWinEventHook 769824DC 5 Bytes JMP 002001F8
    .text C:\Windows\system32\svchost.exe[4456] USER32.dll!SetWindowsHookExA 769A6D0C 5 Bytes JMP 00200600
    .text C:\Program Files\Internet Explorer\iexplore.exe[4764] ntdll.dll!LdrUnloadDll 76F9C86E 5 Bytes JMP 001603FC
    .text C:\Program Files\Internet Explorer\iexplore.exe[4764] ntdll.dll!LdrLoadDll 76FA223E 5 Bytes JMP 001601F8
    .text C:\Program Files\Internet Explorer\iexplore.exe[4764] kernel32.dll!CreateThread 76D4DCC2 5 Bytes JMP 6B0B75CB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4764] kernel32.dll!GetBinaryTypeW + 70 76D669F4 1 Byte [62]
    .text C:\Program Files\Internet Explorer\iexplore.exe[4764] USER32.dll!EnableWindow 76978D02 5 Bytes JMP 6B0F9EAC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4764] USER32.dll!CallNextHookEx 7697ABE1 5 Bytes JMP 6B117FDF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4764] USER32.dll!UnhookWindowsHookEx 7697ADF9 5 Bytes JMP 6B13ECE0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4764] USER32.dll!UnhookWinEvent 7697B750 5 Bytes JMP 002003FC
    .text C:\Program Files\Internet Explorer\iexplore.exe[4764] USER32.dll!DefWindowProcA 7697BB1C 7 Bytes JMP 6B0B97F5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4764] USER32.dll!CreateWindowExA 7697BF40 5 Bytes JMP 6B0C362B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4764] USER32.dll!SetWindowsHookExW 7697E30C 5 Bytes JMP 6B0F25AC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4764] USER32.dll!CreateWindowExW 7697EC7C 5 Bytes JMP 6B1203B7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4764] USER32.dll!SetWinEventHook 769824DC 5 Bytes JMP 002001F8
    .text C:\Program Files\Internet Explorer\iexplore.exe[4764] USER32.dll!DefWindowProcW 7698507D 7 Bytes JMP 6B118042 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4764] USER32.dll!DialogBoxParamW 76993B9B 5 Bytes JMP 6B05187B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4764] USER32.dll!DialogBoxIndirectParamW 769A3B7F 5 Bytes JMP 6B248D86 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4764] USER32.dll!SetWindowsHookExA 769A6D0C 5 Bytes JMP 00200600
    .text C:\Program Files\Internet Explorer\iexplore.exe[4764] USER32.dll!DialogBoxParamA 769BCF42 5 Bytes JMP 6B248D21 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4764] USER32.dll!DialogBoxIndirectParamA 769BD274 5 Bytes JMP 6B248DEB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4764] USER32.dll!MessageBoxIndirectA 769CE869 5 Bytes JMP 6B248CA8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4764] USER32.dll!MessageBoxIndirectW 769CE963 5 Bytes JMP 6B248C2F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4764] USER32.dll!MessageBoxExA 769CE9C9 5 Bytes JMP 6B248BCB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4764] USER32.dll!MessageBoxExW 769CE9ED 5 Bytes JMP 6B248B67 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4764] ole32.dll!OleLoadFromStream 76DE6143 5 Bytes JMP 6B24955F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Windows\system32\wuauclt.exe[5144] ntdll.dll!LdrUnloadDll 76F9C86E 5 Bytes JMP 000B03FC
    .text C:\Windows\system32\wuauclt.exe[5144] ntdll.dll!LdrLoadDll 76FA223E 5 Bytes JMP 000B01F8
    .text C:\Windows\system32\wuauclt.exe[5144] kernel32.dll!GetBinaryTypeW + 70 76D669F4 1 Byte [62]
    .text C:\Windows\system32\wuauclt.exe[5144] USER32.dll!UnhookWindowsHookEx 7697ADF9 5 Bytes JMP 00150A08
    .text C:\Windows\system32\wuauclt.exe[5144] USER32.dll!UnhookWinEvent 7697B750 5 Bytes JMP 001503FC
    .text C:\Windows\system32\wuauclt.exe[5144] USER32.dll!SetWindowsHookExW 7697E30C 5 Bytes JMP 00150804
    .text C:\Windows\system32\wuauclt.exe[5144] USER32.dll!SetWinEventHook 769824DC 5 Bytes JMP 001501F8
    .text C:\Windows\system32\wuauclt.exe[5144] USER32.dll!SetWindowsHookExA 769A6D0C 5 Bytes JMP 00150600
    .text C:\Windows\System32\mobsync.exe[5208] ntdll.dll!LdrUnloadDll 76F9C86E 5 Bytes JMP 000603FC
    .text C:\Windows\System32\mobsync.exe[5208] ntdll.dll!LdrLoadDll 76FA223E 5 Bytes JMP 000601F8
    .text C:\Windows\System32\mobsync.exe[5208] kernel32.dll!GetBinaryTypeW + 70 76D669F4 1 Byte [62]
    .text C:\Windows\System32\mobsync.exe[5208] USER32.dll!UnhookWindowsHookEx 7697ADF9 5 Bytes JMP 000D0A08
    .text C:\Windows\System32\mobsync.exe[5208] USER32.dll!UnhookWinEvent 7697B750 5 Bytes JMP 000D03FC
    .text C:\Windows\System32\mobsync.exe[5208] USER32.dll!SetWindowsHookExW 7697E30C 5 Bytes JMP 000D0804
    .text C:\Windows\System32\mobsync.exe[5208] USER32.dll!SetWinEventHook 769824DC 5 Bytes JMP 000D01F8
    .text C:\Windows\System32\mobsync.exe[5208] USER32.dll!SetWindowsHookExA 769A6D0C 5 Bytes JMP 000D0600
    .text C:\Windows\system32\svchost.exe[5256] ntdll.dll!LdrUnloadDll 76F9C86E 5 Bytes JMP 000603FC
    .text C:\Windows\system32\svchost.exe[5256] ntdll.dll!LdrLoadDll 76FA223E 5 Bytes JMP 000601F8
    .text C:\Windows\system32\svchost.exe[5256] kernel32.dll!GetBinaryTypeW + 70 76D669F4 1 Byte [62]
    .text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[5568] ntdll.dll!LdrUnloadDll 76F9C86E 5 Bytes JMP 000703FC
    .text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[5568] ntdll.dll!LdrLoadDll 76FA223E 5 Bytes JMP 000701F8
    .text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[5568] kernel32.dll!SetUnhandledExceptionFilter 76D4F4FB 5 Bytes JMP 5F3D6376 C:\Program Files\Common Files\Microsoft Shared\office14\mso.dll (Microsoft Office 2010 component/Microsoft Corporation)
    .text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[5568] kernel32.dll!GetBinaryTypeW + 70 76D669F4 1 Byte [62]
    .text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[5568] USER32.dll!UnhookWindowsHookEx 7697ADF9 5 Bytes JMP 000A0A08
    .text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[5568] USER32.dll!UnhookWinEvent 7697B750 5 Bytes JMP 000A03FC
    .text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[5568] USER32.dll!SetWindowsHookExW 7697E30C 5 Bytes JMP 000A0804
    .text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[5568] USER32.dll!SetWinEventHook 769824DC 5 Bytes JMP 000A01F8
    .text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[5568] USER32.dll!SetWindowsHookExA 769A6D0C 5 Bytes JMP 000A0600
    .text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[5568] ole32.dll!OleLoadFromStream 76DE6143 5 Bytes JMP 5FC95530 C:\Program Files\Common Files\Microsoft Shared\office14\mso.dll (Microsoft Office 2010 component/Microsoft Corporation)
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5572] ntdll.dll!LdrUnloadDll 76F9C86E 5 Bytes JMP 000603FC
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5572] ntdll.dll!LdrLoadDll 76FA223E 5 Bytes JMP 000601F8
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5572] kernel32.dll!GetBinaryTypeW + 70 76D669F4 1 Byte [62]
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5572] USER32.dll!UnhookWindowsHookEx 7697ADF9 5 Bytes JMP 00100A08
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5572] USER32.dll!UnhookWinEvent 7697B750 5 Bytes JMP 001003FC
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5572] USER32.dll!SetWindowsHookExW 7697E30C 5 Bytes JMP 00100804
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5572] USER32.dll!SetWinEventHook 769824DC 5 Bytes JMP 001001F8
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5572] USER32.dll!SetWindowsHookExA 769A6D0C 5 Bytes JMP 00100600
    .text C:\Program Files\Internet Explorer\iexplore.exe[5792] ntdll.dll!LdrUnloadDll 76F9C86E 5 Bytes JMP 000603FC
    .text C:\Program Files\Internet Explorer\iexplore.exe[5792] ntdll.dll!LdrLoadDll 76FA223E 5 Bytes JMP 000601F8
    .text C:\Program Files\Internet Explorer\iexplore.exe[5792] kernel32.dll!GetBinaryTypeW + 70 76D669F4 1 Byte [62]
    .text C:\Program Files\Internet Explorer\iexplore.exe[5792] USER32.dll!EnableWindow 76978D02 5 Bytes JMP 6B0F9EAC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5792] USER32.dll!UnhookWindowsHookEx 7697ADF9 5 Bytes JMP 00200A08
    .text C:\Program Files\Internet Explorer\iexplore.exe[5792] USER32.dll!UnhookWinEvent 7697B750 5 Bytes JMP 002003FC
    .text C:\Program Files\Internet Explorer\iexplore.exe[5792] USER32.dll!SetWindowsHookExW 7697E30C 5 Bytes JMP 00200804
    .text C:\Program Files\Internet Explorer\iexplore.exe[5792] USER32.dll!SetWinEventHook 769824DC 5 Bytes JMP 002001F8
    .text C:\Program Files\Internet Explorer\iexplore.exe[5792] USER32.dll!DialogBoxParamW 76993B9B 5 Bytes JMP 6B05187B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5792] USER32.dll!DialogBoxIndirectParamW 769A3B7F 5 Bytes JMP 6B248D86 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5792] USER32.dll!SetWindowsHookExA 769A6D0C 5 Bytes JMP 00200600
    .text C:\Program Files\Internet Explorer\iexplore.exe[5792] USER32.dll!DialogBoxParamA 769BCF42 5 Bytes JMP 6B248D21 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5792] USER32.dll!DialogBoxIndirectParamA 769BD274 5 Bytes JMP 6B248DEB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5792] USER32.dll!MessageBoxIndirectA 769CE869 5 Bytes JMP 6B248CA8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5792] USER32.dll!MessageBoxIndirectW 769CE963 5 Bytes JMP 6B248C2F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5792] USER32.dll!MessageBoxExA 769CE9C9 5 Bytes JMP 6B248BCB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5792] USER32.dll!MessageBoxExW 769CE9ED 5 Bytes JMP 6B248B67 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5812] ntdll.dll!LdrUnloadDll 76F9C86E 5 Bytes JMP 000603FC
    .text C:\Program Files\Internet Explorer\iexplore.exe[5812] ntdll.dll!LdrLoadDll 76FA223E 5 Bytes JMP 000601F8
    .text C:\Program Files\Internet Explorer\iexplore.exe[5812] kernel32.dll!CreateThread 76D4DCC2 5 Bytes JMP 6B0B75CB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5812] kernel32.dll!GetBinaryTypeW + 70 76D669F4 1 Byte [62]
    .text C:\Program Files\Internet Explorer\iexplore.exe[5812] USER32.dll!EnableWindow 76978D02 5 Bytes JMP 6B0F9EAC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5812] USER32.dll!CallNextHookEx 7697ABE1 5 Bytes JMP 6B117FDF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5812] USER32.dll!UnhookWindowsHookEx 7697ADF9 5 Bytes JMP 6B13ECE0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5812] USER32.dll!UnhookWinEvent 7697B750 5 Bytes JMP 003003FC
    .text C:\Program Files\Internet Explorer\iexplore.exe[5812] USER32.dll!DefWindowProcA 7697BB1C 7 Bytes JMP 6B0B97F5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5812] USER32.dll!CreateWindowExA 7697BF40 5 Bytes JMP 6B0C362B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5812] USER32.dll!SetWindowsHookExW 7697E30C 5 Bytes JMP 6B0F25AC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5812] USER32.dll!CreateWindowExW 7697EC7C 5 Bytes JMP 6B1203B7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5812] USER32.dll!SetWinEventHook 769824DC 5 Bytes JMP 003001F8
    .text C:\Program Files\Internet Explorer\iexplore.exe[5812] USER32.dll!DefWindowProcW 7698507D 7 Bytes JMP 6B118042 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5812] USER32.dll!DialogBoxParamW 76993B9B 5 Bytes JMP 6B05187B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5812] USER32.dll!DialogBoxIndirectParamW 769A3B7F 5 Bytes JMP 6B248D86 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5812] USER32.dll!SetWindowsHookExA 769A6D0C 5 Bytes JMP 00300600
    .text C:\Program Files\Internet Explorer\iexplore.exe[5812] USER32.dll!DialogBoxParamA 769BCF42 5 Bytes JMP 6B248D21 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5812] USER32.dll!DialogBoxIndirectParamA 769BD274 5 Bytes JMP 6B248DEB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5812] USER32.dll!MessageBoxIndirectA 769CE869 5 Bytes JMP 6B248CA8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5812] USER32.dll!MessageBoxIndirectW 769CE963 5 Bytes JMP 6B248C2F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5812] USER32.dll!MessageBoxExA 769CE9C9 5 Bytes JMP 6B248BCB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5812] USER32.dll!MessageBoxExW 769CE9ED 5 Bytes JMP 6B248B67 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5812] ole32.dll!OleLoadFromStream 76DE6143 5 Bytes JMP 6B24955F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    ---- Devices - GMER 1.0.15 ----
    Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
    AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
    AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
    Device \Driver\ACPI_HAL \Device\00000061 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
    AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 EUBKMON.sys
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 EUBKMON.sys
    AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\tdx \Device\RawIp AVSTDIFilterDrv.sys
    ---- Processes - GMER 1.0.15 ----
    Library C:\Program (*** hidden *** ) @ C:\Windows\Explorer.EXE [3128] 0x60160000
    Library C:\Program (*** hidden *** ) @ C:\Program Files\Internet Explorer\iexplore.exe [5792] 0x60160000
    ---- Registry - GMER 1.0.15 ----
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001060a6f128
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001060a6f128 (not active ControlSet)
    ---- EOF - GMER 1.0.15 ----
     

    Attached Files:

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Applications freezing during
  1. GadgetPodda
    Replies:
    0
    Views:
    239
  2. HollyG
    Replies:
    14
    Views:
    1,188
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1058231

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice