1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Multiple Adware and Spyware issues

Discussion in 'Virus & Other Malware Removal' started by sabba, Jan 29, 2013.

Thread Status:
Not open for further replies.
  1. sabba

    sabba Thread Starter

    Joined:
    Jan 29, 2013
    Messages:
    1
    Hi,

    i have adware on my system, i am not sure if there are any other problems please could you have at look at the following logs i would be grateful.

    Thanks, Sabba.

    LOGS

    HijackThis

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 18:39:27, on 29/01/2013
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16457)
    Boot mode: Normal
    Running processes:
    C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe
    C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
    C:\Program Files (x86)\AVG\AVG2013\avgui.exe
    C:\Program Files (x86)\AVG Secure Search\vprot.exe
    C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
    C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
    C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Microsoft\BingBar\BingBar.exe
    C:\Program Files (x86)\Microsoft\BingBar\BingApp.exe
    C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe
    C:\Users\sabba\Desktop\HijackThis.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung.msn.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snap.do/?publisher=Vert...51e-b780c8db40c9&searchtype=ds&q={searchTerms}
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.snap.do/?publisher=Vert...51e-b780c8db40c9&searchtype=ds&q={searchTerms}
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://feed.snap.do/?publisher=Vert...491-5625-4896-951e-b780c8db40c9&searchtype=hp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://samsung.msn.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snap.do/?publisher=Vert...51e-b780c8db40c9&searchtype=ds&q={searchTerms}
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snap.do/?publisher=Vert...51e-b780c8db40c9&searchtype=ds&q={searchTerms}
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: PlayBryte BHO - {61e0ef7a-9bc0-45ea-9b2f-f3e9f02692bd} - mscoree.dll (file missing)
    O2 - BHO: Funmoods Helper Object - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - C:\Program Files (x86)\Funmoods\1.5.23.22\bh\escort.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
    O2 - BHO: Wajam IE BHO - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll
    O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
    O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
    O3 - Toolbar: Funmoods Toolbar - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - C:\Program Files (x86)\Funmoods\1.5.23.22\escorTlbr.dll
    O3 - Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - (no file)
    O3 - Toolbar: (no name) - {b278d9f8-0fa9-465e-9938-0c392605d8e3} - (no file)
    O3 - Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
    O4 - HKLM\..\Run: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
    O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
    O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
    O4 - HKCU\..\Run: [Facebook Update] "C:\Users\sabba\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
    O4 - Global Startup: E-POP.lnk = ?
    O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.3.2\ViProtocol.dll
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O20 - AppInit_DLLs: C:\windows\SysWOW64\nvinit.dll
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
    O23 - Service: Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service (AMPPALR3) - Intel Corporation - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
    O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgfws.exe
    O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
    O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
    O23 - Service: Bluetooth Device Monitor - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
    O23 - Service: Bluetooth Media Service - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
    O23 - Service: Bluetooth OBEX Service - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
    O23 - Service: Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service (BTHSSecurityMgr) - Intel(R) Corporation - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\WildGames\Game Console - WildGames\GameConsoleService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
    O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
    O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\windows\system32\nvvsvc.exe (file missing)
    O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
    O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
    O23 - Service: vToolbarUpdater13.3.2 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.3.2\ToolbarUpdater.exe
    O23 - Service: WajamUpdater - Wajam - C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    --
    End of file - 11297 bytes

    DDS

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16457
    Run by sabba at 18:40:12 on 2013-01-29
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.6058.4289 [GMT 0:00]
    .
    AV: AVG Internet Security 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: AVG Internet Security 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
    FW: AVG Internet Security 2013 *Disabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
    .
    ============== Running Processes ===============
    .
    C:\windows\system32\lsm.exe
    C:\windows\system32\svchost.exe -k DcomLaunch
    C:\windows\system32\nvvsvc.exe
    C:\windows\system32\svchost.exe -k RPCSS
    C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\windows\system32\svchost.exe -k netsvcs
    C:\windows\system32\svchost.exe -k LocalService
    C:\windows\system32\svchost.exe -k NetworkService
    C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
    C:\windows\System32\spoolsv.exe
    C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
    C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
    C:\windows\system32\svchost.exe -k bthsvcs
    C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.3.2\ToolbarUpdater.exe
    C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe
    C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
    C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\windows\System32\WUDFHost.exe
    C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
    C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    C:\windows\System32\svchost.exe -k secsvcs
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\windows\system32\taskeng.exe
    C:\windows\system32\Dwm.exe
    C:\windows\Explorer.EXE
    C:\windows\system32\taskhost.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
    C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe
    C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
    C:\Program Files (x86)\AVG\AVG2013\avgui.exe
    C:\Program Files (x86)\AVG Secure Search\vprot.exe
    C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\windows\System32\svchost.exe -k LocalServicePeerNet
    C:\windows\system32\taskeng.exe
    C:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exe
    C:\windows\system32\wbem\wmiprvse.exe
    C:\windows\servicing\TrustedInstaller.exe
    C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe
    C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
    C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe
    C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe
    C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Microsoft\BingBar\BingBar.exe
    C:\Program Files (x86)\Microsoft\BingBar\BingApp.exe
    C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe
    C:\windows\system32\igfxext.exe
    C:\windows\system32\igfxsrvc.exe
    C:\windows\system32\wuauclt.exe
    C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
    C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
    C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe
    C:\windows\system32\hkcmd.exe
    C:\windows\system32\igfxtray.exe
    C:\windows\system32\igfxpers.exe
    C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
    C:\windows\system32\SearchProtocolHost.exe
    C:\Program Files (x86)\Samsung\Easy Support Center\SSCKbdHk.exe
    C:\windows\system32\SearchFilterHost.exe
    C:\windows\SysWOW64\NOTEPAD.EXE
    c:\program files\windows defender\MpCmdRun.exe
    C:\windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://feed.snap.do/?publisher=VertiTechnology&dpid=VertiTechnology&co=GB&userid=36857491-5625-4896-951e-b780c8db40c9&searchtype=hp
    uSearch Bar = hxxp://feed.snap.do/?publisher=VertiTechnology&dpid=VertiTechnology&co=GB&userid=36857491-5625-4896-951e-b780c8db40c9&searchtype=ds&q={searchTerms}
    uSearch Page = hxxp://feed.snap.do/?publisher=VertiTechnology&dpid=VertiTechnology&co=GB&userid=36857491-5625-4896-951e-b780c8db40c9&searchtype=ds&q={searchTerms}
    uDefault_Page_URL = hxxp://samsung.msn.com
    mStart Page = hxxp://samsung.msn.com
    uSearchAssistant = hxxp://feed.snap.do/?publisher=VertiTechnology&dpid=VertiTechnology&co=GB&userid=36857491-5625-4896-951e-b780c8db40c9&searchtype=ds&q={searchTerms}
    mWinlogon: Userinit = userinit.exe
    BHO: PlayBryte BHO: {61e0ef7a-9bc0-45ea-9b2f-f3e9f02692bd} -
    BHO: Funmoods Helper Object: {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - C:\Program Files (x86)\Funmoods\1.5.23.22\bh\escort.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: {95B7759C-8C7F-4BF1-B163-73684A933233} - <orphaned>
    BHO: Wajam: {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
    TB: Funmoods Toolbar: {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - C:\Program Files (x86)\Funmoods\1.5.23.22\escorTlbr.dll
    TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>
    uRun: [Facebook Update] "C:\Users\sabba\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
    mRun: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
    mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
    mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\E-POP.lnk - C:\Program Files (x86)\Samsung\E-POP\E-POP.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    TCP: NameServer = 194.168.4.100 194.168.8.100
    TCP: Interfaces\{7175F74E-B701-42C9-B8D3-303291C51D18} : DHCPNameServer = 194.168.4.100 194.168.8.100
    TCP: Interfaces\{7175F74E-B701-42C9-B8D3-303291C51D18}\2656C6B696E6534376 : DHCPNameServer = 192.168.2.1
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.3.2\ViProtocol.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    AppInit_DLLs= C:\windows\SysWOW64\nvinit.dll
    SSODL: WebCheck - <orphaned>
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>
    x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    x64-Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
    x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
    x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\sabba\AppData\Roaming\mozilla\firefox\Profiles\1gqigqn2.default\
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\13.3.2\npsitesafety.dll
    FF - plugin: C:\Program Files (x86)\McAfee Security Scan\3.0.313\npMcAfeeMSS.dll
    FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Users\sabba\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
    FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll
    FF - ExtSQL: 2012-12-07 01:13; [email protected]; C:\Users\sabba\AppData\Roaming\Mozilla\Firefox\Profiles\1gqigqn2.default\extensions\[email protected]
    FF - ExtSQL: 2012-12-07 01:29; {5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}; C:\Users\sabba\AppData\Roaming\Mozilla\Firefox\Profiles\1gqigqn2.default\extensions\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi
    FF - ExtSQL: 2012-12-30 13:28; [email protected]; C:\ProgramData\AVG Secure Search\FireFoxExt\13.3.0.17
    FF - ExtSQL: 2013-01-21 18:52; {f34c9277-6577-4dff-b2d7-7d58092f272f}; C:\Users\sabba\AppData\Roaming\Mozilla\Firefox\Profiles\1gqigqn2.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f}
    FF - ExtSQL: 2013-01-21 19:11; [email protected]; C:\Users\sabba\AppData\Roaming\Mozilla\Firefox\Profiles\1gqigqn2.default\extensions\[email protected]
    FF - ExtSQL: !HIDDEN! 2013-01-21 18:53; {1FD91A9C-410C-4090-BBCC-55D3450EF433}; C:\Program Files (x86)\Search Results Toolbar\Datamngr\FirefoxExtension
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: extensions.autoDisableScopes - 14//Playbryte-fa-verti
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSHA;AVGIDSHA;C:\windows\System32\drivers\avgidsha.sys [2012-10-15 63328]
    R0 Avgloga;AVG Logging Driver;C:\windows\System32\drivers\avgloga.sys [2012-9-21 225120]
    R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\windows\System32\drivers\avgmfx64.sys [2012-10-5 111456]
    R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\System32\drivers\avgrkx64.sys [2012-9-14 40800]
    R0 nvpciflt;nvpciflt;C:\windows\System32\drivers\nvpciflt.sys [2012-3-8 25960]
    R1 Avgfwfd;AVG network filter service;C:\windows\System32\drivers\avgfwd6a.sys [2012-9-4 50296]
    R1 AVGIDSDriver;AVGIDSDriver;C:\windows\System32\drivers\avgidsdrivera.sys [2012-10-22 154464]
    R1 Avgldx64;AVG AVI Loader Driver;C:\windows\System32\drivers\avgldx64.sys [2012-10-2 185696]
    R1 Avgtdia;AVG TDI Driver;C:\windows\System32\drivers\avgtdia.sys [2012-9-21 200032]
    R1 avgtp;avgtp;C:\windows\System32\drivers\avgtpx64.sys [2012-12-30 30568]
    R1 SABI;SAMSUNG Kernel Driver For Windows 7;C:\windows\System32\drivers\SABI.sys [2012-3-8 13824]
    R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-12-5 659968]
    R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
    R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-11-14 921664]
    R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2011-11-14 995392]
    R2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-12-4 135952]
    R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
    R2 SGDrv;SGDrv;C:\windows\System32\drivers\SGDrv64.sys [2012-3-8 7680]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-3-8 2656536]
    R2 vToolbarUpdater13.3.2;vToolbarUpdater13.3.2;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.3.2\ToolbarUpdater.exe [2012-12-30 894920]
    R2 WajamUpdater;WajamUpdater;C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe [2012-10-5 109064]
    R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;C:\windows\System32\drivers\AmpPal.sys [2011-12-5 195584]
    R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2011-11-14 1355840]
    R3 btmaux;Intel Bluetooth Auxiliary Service;C:\windows\System32\drivers\btmaux.sys [2011-11-14 84480]
    R3 btmhsf;btmhsf;C:\windows\System32\drivers\btmhsf.sys [2011-11-14 327168]
    R3 clwvd;CyberLink WebCam Virtual Driver;C:\windows\System32\drivers\clwvd.sys [2012-2-16 31216]
    R3 iBtFltCoex;iBtFltCoex;C:\windows\System32\drivers\iBtFltCoex.sys [2011-12-9 60416]
    R3 IntcDAud;Intel(R) Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2011-7-21 317440]
    R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2012-3-8 471144]
    S2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2013\avgfws.exe [2012-12-10 1340976]
    S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-15 5814392]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;C:\windows\System32\drivers\AmpPal.sys [2011-12-5 195584]
    S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-1 183560]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe [2012-9-5 234776]
    S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-10-28 1255736]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    SUnknown elhkthrj;elhkthrj; [x]
    .
    =============== Created Last 30 ================
    .
    2013-01-29 18:29:18 9161176 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CD88DCD4-C477-45C0-BA41-8093B751D901}\mpengine.dll
    2013-01-21 19:11:45 -------- d-----w- C:\Program Files (x86)\Yontoo
    2013-01-21 19:09:41 -------- d-----w- C:\ProgramData\BrowserProtect
    2013-01-21 19:09:26 -------- d-----w- C:\ProgramData\Tarma Installer
    2013-01-21 19:09:23 -------- d-----w- C:\Users\sabba\AppData\Roaming\Babylon
    2013-01-21 19:09:23 -------- d-----w- C:\ProgramData\Babylon
    2013-01-21 18:52:51 -------- d-----w- C:\Program Files (x86)\Search Results Toolbar
    2013-01-18 00:46:00 -------- d-----w- C:\ProgramData\VirtualizedApplications
    2013-01-17 15:51:05 -------- d-----w- C:\Users\sabba\AppData\Local\SoftGrid Client
    2013-01-17 15:51:03 -------- d-----w- C:\Users\sabba\AppData\Roaming\SoftGrid Client
    2013-01-17 15:49:38 -------- d-----w- C:\Program Files (x86)\Microsoft Application Virtualization Client
    2013-01-17 15:49:23 -------- d-----w- C:\Users\sabba\AppData\Roaming\TP
    2013-01-15 20:49:17 -------- d-----w- C:\Users\sabba\AppData\Roaming\MotioninJoy
    2013-01-11 22:12:48 -------- d-----w- C:\Program Files\MotioninJoy
    2013-01-11 11:55:04 -------- d-----w- C:\Users\sabba\AppData\Local\CrashDumps
    2013-01-08 00:13:21 707728 ----a-w- C:\Program Files (x86)\64Uninstall TelevisionFanatic.dll
    2013-01-08 00:13:21 178720 ----a-w- C:\Program Files (x86)\64res.dll
    .
    ==================== Find3M ====================
    .
    2013-01-10 02:12:17 74248 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-01-10 02:12:17 697864 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
    2012-12-30 13:28:22 30568 ----a-w- C:\windows\System32\drivers\avgtpx64.sys
    2012-12-16 17:11:22 46080 ----a-w- C:\windows\System32\atmlib.dll
    2012-12-16 14:45:03 367616 ----a-w- C:\windows\System32\atmfd.dll
    2012-12-16 14:13:28 295424 ----a-w- C:\windows\SysWow64\atmfd.dll
    2012-12-16 14:13:20 34304 ----a-w- C:\windows\SysWow64\atmlib.dll
    2012-11-22 03:26:40 3149824 ----a-w- C:\windows\System32\win32k.sys
    2012-11-14 06:11:44 2312704 ----a-w- C:\windows\System32\jscript9.dll
    2012-11-14 06:04:11 1392128 ----a-w- C:\windows\System32\wininet.dll
    2012-11-14 06:02:49 1494528 ----a-w- C:\windows\System32\inetcpl.cpl
    2012-11-14 05:57:46 599040 ----a-w- C:\windows\System32\vbscript.dll
    2012-11-14 05:57:35 173056 ----a-w- C:\windows\System32\ieUnatt.exe
    2012-11-14 05:52:40 2382848 ----a-w- C:\windows\System32\mshtml.tlb
    2012-11-14 02:09:22 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll
    2012-11-14 01:58:15 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl
    2012-11-14 01:57:37 1129472 ----a-w- C:\windows\SysWow64\wininet.dll
    2012-11-14 01:49:25 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe
    2012-11-14 01:48:27 420864 ----a-w- C:\windows\SysWow64\vbscript.dll
    2012-11-14 01:44:42 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
    2012-11-09 05:45:09 2048 ----a-w- C:\windows\System32\tzres.dll
    2012-11-09 04:42:49 2048 ----a-w- C:\windows\SysWow64\tzres.dll
    2012-11-02 05:59:11 478208 ----a-w- C:\windows\System32\dpnet.dll
    2012-11-02 05:11:31 376832 ----a-w- C:\windows\SysWow64\dpnet.dll
    .
    ============= FINISH: 18:40:48.10 ===============

    Attach.txt

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 19/10/2012 16:11:18
    System Uptime: 29/01/2013 18:31:18 (0 hours ago)
    .
    Motherboard: SAMSUNG ELECTRONICS CO., LTD. | | 300E4A/300E5A/300E7A/3430EA/3530EA
    Processor: Intel(R) Pentium(R) CPU B950 @ 2.10GHz | CPU | 2100/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 271 GiB total, 218.953 GiB free.
    D: is FIXED (NTFS) - 404 GiB total, 373.592 GiB free.
    E: is CDROM ()
    F: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP46: 10/01/2013 11:18:25 - Windows Update
    RP47: 15/01/2013 20:51:29 - Device Driver Package Install: www.MotioninJoy.com Microsoft Common Controller For Windows Class
    RP48: 19/01/2013 05:18:28 - Windows Update
    RP49: 28/01/2013 20:16:34 - Restore Operation
    RP50: 28/01/2013 20:54:37 - Windows Update
    RP51: 29/01/2013 03:00:10 - Windows Update
    RP53: 29/01/2013 04:11:36 - Windows Defender Checkpoint
    RP54: 29/01/2013 18:01:12 - Restore Operation
    RP55: 29/01/2013 18:27:47 - Windows Update
    RP57: 29/01/2013 18:30:26 - Windows Defender Checkpoint
    .
    ==== Installed Programs ======================
    .
    ???? ??? Windows Live
    ???? Windows Live
    ????? Windows Live
    ?????? ??????? ?? Windows Live
    ???????? ?????????? Windows Live
    ?????????? Windows Live
    ??????????? ?? Windows Live
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Agatha Christie - Death on the Nile
    AVG 2013
    „Windows Live Essentials“
    „Windows Live Mail“
    „Windows Live Messenger“
    „Windows Live“ fotogalerija
    Bejeweled 2 Deluxe
    Bing Bar
    Build-a-lot
    Chuzzle Deluxe
    CyberLink Media Suite
    CyberLink Media+ Player10
    CyberLink MediaShow
    CyberLink Power2Go
    CyberLink PowerDirector
    CyberLink YouCam
    D3DX10
    Diner Dash 2 Restaurant Rescue
    E-POP
    Easy File Share
    Easy Migration
    Easy Settings
    Easy Software Manager
    Easy Support Center 1.0
    Facebook Video Calling 1.2.0.287
    Farm Frenzy
    Fotogalerija Windows Live
    Funmoods
    Galeria de Fotografias do Windows Live
    Galeria fotografii uslugi Windows Live
    Galerie de photos Windows Live
    Galerie foto Windows Live
    Galería fotográfica de Windows Live
    HTC BMP USB Driver
    HTC Sync
    Insaniquarium Deluxe
    Intel PROSet Wireless
    Intel(R) Management Engine Components
    Intel(R) Processor Graphics
    Intel(R) PROSet/Wireless for Bluetooth(R) 3.0 + High Speed
    Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
    Intel(R) Rapid Storage Technology
    Intel® PROSet/Wireless WiFi Software
    John Deere Drive Green
    Junk Mail filter update
    McAfee Security Scan Plus
    Mesh Runtime
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Office 2010
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Mozilla Firefox 17.0.1 (x86 en-US)
    Mozilla Maintenance Service
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP3 Parser
    MSXML 4.0 SP3 Parser (KB2721691)
    Multimedia POP
    Norton Online Backup
    NVIDIA Display Control Panel
    NVIDIA Graphics Driver 268.83
    NVIDIA Install Application
    NVIDIA Optimus 1.0.23
    NVIDIA Update Components
    Peggle
    Penguins!
    Plants vs. Zombies
    PlayBryte
    Poczta uslugi Windows Live
    Podstawowe programy Windows Live
    Polar Golfer
    Pošta Windows Live
    Raccolta foto di Windows Live
    Realtek Ethernet Controller Driver
    Realtek High Definition Audio Driver
    S?????? f?t???af??? t?? Windows Live
    Samsung Recovery Solution 5
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    SISShortcut
    Software Launcher
    SopCast 3.5.0
    Synaptics Pointing Device Driver
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    User Guide
    Visual Studio 2010 x64 Redistributables
    Wajam
    WildTangent Games
    WildTangent ORB Game Console
    Windows Live
    Windows Live ??
    Windows Live ?? ???
    Windows Live ???
    Windows Live ????
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Fotótár
    Windows Live Foto-galerija
    Windows Live fotoattelu galerija
    Windows Live Fotogalerie
    Windows Live Fotogalleri
    Windows Live Fotogaléria
    Windows Live Fotograf Galerisi
    Windows Live Galeria de Fotos
    Windows Live Galerija fotografija
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Language Selector
    Windows Live Mail
    Windows Live Mesh
    Windows Live Messenger
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live Pošta
    Windows Live Remote Client
    Windows Live Remote Client Resources
    Windows Live Remote Service
    Windows Live Remote Service Resources
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Temel Parçalar
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Windows Liven asennustyökalu
    Windows Liven sähköposti
    Windows Liven valokuvavalikoima
    Zuma Deluxe
    .
    ==== Event Viewer Messages From Past Week ========
    .
    29/01/2013 18:41:07, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
    29/01/2013 18:32:28, Error: Service Control Manager [7024] - The AVG Firewall service terminated with service-specific error %%-536805289.
    29/01/2013 18:32:28, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
    29/01/2013 18:32:16, Error: Service Control Manager [7024] - The AVGIDSAgent service terminated with service-specific error %%-536753636.
    .
    ==== End Of File ===========================


    Ark

    GMER 2.0.18454 - http://www.gmer.net
    Rootkit scan 2013-01-29 18:48:57
    Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.JE4O 698.64GB
    Running: nul1se1b.exe; Driver: C:\Users\sabba\AppData\Local\Temp\ugloypog.sys

    ---- User code sections - GMER 2.0 ----
    .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[648] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075f21401 2 bytes [F2, 75]
    .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[648] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075f21419 2 bytes [F2, 75]
    .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[648] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075f21431 2 bytes [F2, 75]
    .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[648] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075f2144a 2 bytes [F2, 75]
    .text ... * 9
    .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[648] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075f214dd 2 bytes [F2, 75]
    .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[648] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075f214f5 2 bytes [F2, 75]
    .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[648] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075f2150d 2 bytes [F2, 75]
    .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[648] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075f21525 2 bytes [F2, 75]
    .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[648] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075f2153d 2 bytes [F2, 75]
    .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[648] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075f21555 2 bytes [F2, 75]
    .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[648] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075f2156d 2 bytes [F2, 75]
    .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[648] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075f21585 2 bytes [F2, 75]
    .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[648] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075f2159d 2 bytes [F2, 75]
    .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[648] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075f215b5 2 bytes [F2, 75]
    .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[648] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075f215cd 2 bytes [F2, 75]
    .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[648] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075f216b2 2 bytes [F2, 75]
    .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[648] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075f216bd 2 bytes [F2, 75]
    .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[3156] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075f21401 2 bytes [F2, 75]
    .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[3156] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075f21419 2 bytes [F2, 75]
    .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[3156] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075f21431 2 bytes [F2, 75]
    .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[3156] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075f2144a 2 bytes [F2, 75]
    .text ... * 9
    .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[3156] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075f214dd 2 bytes [F2, 75]
    .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[3156] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075f214f5 2 bytes [F2, 75]
    .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[3156] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075f2150d 2 bytes [F2, 75]
    .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[3156] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075f21525 2 bytes [F2, 75]
    .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[3156] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075f2153d 2 bytes [F2, 75]
    .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[3156] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075f21555 2 bytes [F2, 75]
    .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[3156] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075f2156d 2 bytes [F2, 75]
    .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[3156] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075f21585 2 bytes [F2, 75]
    .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[3156] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075f2159d 2 bytes [F2, 75]
    .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[3156] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075f215b5 2 bytes [F2, 75]
    .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[3156] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075f215cd 2 bytes [F2, 75]
    .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[3156] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075f216b2 2 bytes [F2, 75]
    .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[3156] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075f216bd 2 bytes [F2, 75]
    .text C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe[3352] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075f21401 2 bytes [F2, 75]
    .text C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe[3352] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075f21419 2 bytes [F2, 75]
    .text C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe[3352] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075f21431 2 bytes [F2, 75]
    .text C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe[3352] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075f2144a 2 bytes [F2, 75]
    .text ... * 9
    .text C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe[3352] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075f214dd 2 bytes [F2, 75]
    .text C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe[3352] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075f214f5 2 bytes [F2, 75]
    .text C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe[3352] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075f2150d 2 bytes [F2, 75]
    .text C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe[3352] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075f21525 2 bytes [F2, 75]
    .text C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe[3352] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075f2153d 2 bytes [F2, 75]
    .text C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe[3352] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075f21555 2 bytes [F2, 75]
    .text C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe[3352] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075f2156d 2 bytes [F2, 75]
    .text C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe[3352] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075f21585 2 bytes [F2, 75]
    .text C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe[3352] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075f2159d 2 bytes [F2, 75]
    .text C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe[3352] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075f215b5 2 bytes [F2, 75]
    .text C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe[3352] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075f215cd 2 bytes [F2, 75]
    .text C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe[3352] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075f216b2 2 bytes [F2, 75]
    .text C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe[3352] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075f216bd 2 bytes [F2, 75]
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[3404] C:\windows\syswow64\Psapi.dll!GetModuleFileNameExW + 17 0000000075f21401 2 bytes [F2, 75]
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[3404] C:\windows\syswow64\Psapi.dll!EnumProcessModules + 17 0000000075f21419 2 bytes [F2, 75]
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[3404] C:\windows\syswow64\Psapi.dll!GetModuleInformation + 17 0000000075f21431 2 bytes [F2, 75]
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[3404] C:\windows\syswow64\Psapi.dll!GetModuleInformation + 42 0000000075f2144a 2 bytes [F2, 75]
    .text ... * 9
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[3404] C:\windows\syswow64\Psapi.dll!EnumDeviceDrivers + 17 0000000075f214dd 2 bytes [F2, 75]
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[3404] C:\windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameA + 17 0000000075f214f5 2 bytes [F2, 75]
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[3404] C:\windows\syswow64\Psapi.dll!QueryWorkingSetEx + 17 0000000075f2150d 2 bytes [F2, 75]
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[3404] C:\windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameW + 17 0000000075f21525 2 bytes [F2, 75]
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[3404] C:\windows\syswow64\Psapi.dll!GetModuleBaseNameW + 17 0000000075f2153d 2 bytes [F2, 75]
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[3404] C:\windows\syswow64\Psapi.dll!EnumProcesses + 17 0000000075f21555 2 bytes [F2, 75]
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[3404] C:\windows\syswow64\Psapi.dll!GetProcessMemoryInfo + 17 0000000075f2156d 2 bytes [F2, 75]
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[3404] C:\windows\syswow64\Psapi.dll!GetPerformanceInfo + 17 0000000075f21585 2 bytes [F2, 75]
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[3404] C:\windows\syswow64\Psapi.dll!QueryWorkingSet + 17 0000000075f2159d 2 bytes [F2, 75]
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[3404] C:\windows\syswow64\Psapi.dll!GetModuleBaseNameA + 17 0000000075f215b5 2 bytes [F2, 75]
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[3404] C:\windows\syswow64\Psapi.dll!GetModuleFileNameExA + 17 0000000075f215cd 2 bytes [F2, 75]
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[3404] C:\windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 20 0000000075f216b2 2 bytes [F2, 75]
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[3404] C:\windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 31 0000000075f216bd 2 bytes [F2, 75]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4372] C:\windows\syswow64\USER32.dll!EnableWindow 00000000764f2da4 5 bytes JMP 000000016c4b9eb4
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4372] C:\windows\syswow64\USER32.dll!DialogBoxIndirectParamW 000000007650cbf3 5 bytes JMP 000000016c608fb6
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4372] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007650cfca 5 bytes JMP 000000016c411893
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4372] C:\windows\syswow64\USER32.dll!DialogBoxParamA 000000007652cb0c 5 bytes JMP 000000016c608f51
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4372] C:\windows\syswow64\USER32.dll!DialogBoxIndirectParamA 000000007652ce64 5 bytes JMP 000000016c60901b
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4372] C:\windows\syswow64\USER32.dll!MessageBoxIndirectA 000000007653fbd1 5 bytes JMP 000000016c608ed8
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4372] C:\windows\syswow64\USER32.dll!MessageBoxIndirectW 000000007653fc9d 5 bytes JMP 000000016c608e5f
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4372] C:\windows\syswow64\USER32.dll!MessageBoxExA 000000007653fcd6 5 bytes JMP 000000016c608dfb
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4372] C:\windows\syswow64\USER32.dll!MessageBoxExW 000000007653fcfa 5 bytes JMP 000000016c608d97
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4372] C:\windows\syswow64\OLEAUT32.dll!OleCreatePropertyFrameIndirect 00000000748f93ec 5 bytes JMP 000000016c6091d0
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4372] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075f21401 2 bytes [F2, 75]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4372] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075f21419 2 bytes [F2, 75]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4372] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075f21431 2 bytes [F2, 75]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4372] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075f2144a 2 bytes [F2, 75]
    .text ... * 9
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4372] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075f214dd 2 bytes [F2, 75]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4372] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075f214f5 2 bytes [F2, 75]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4372] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075f2150d 2 bytes [F2, 75]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4372] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075f21525 2 bytes [F2, 75]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4372] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075f2153d 2 bytes [F2, 75]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4372] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075f21555 2 bytes [F2, 75]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4372] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075f2156d 2 bytes [F2, 75]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4372] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075f21585 2 bytes [F2, 75]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4372] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075f2159d 2 bytes [F2, 75]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4372] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075f215b5 2 bytes [F2, 75]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4372] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075f215cd 2 bytes [F2, 75]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4372] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075f216b2 2 bytes [F2, 75]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4372] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075f216bd 2 bytes [F2, 75]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4372] C:\windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheetW 000000007250388e 5 bytes JMP 000000016c609080
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4372] C:\windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheet 00000000725a7922 5 bytes JMP 000000016c609128
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4372] C:\windows\syswow64\comdlg32.dll!PageSetupDlgW 00000000749a2694 5 bytes JMP 000000016c6093c8
    ? C:\windows\system32\mssprxy.dll [4372] entry point in ".rdata" section 000000006d5071e6
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4456] C:\windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 00000000771825fd 6 bytes JMP 000000016c4d8042
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4456] C:\windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077192a63 6 bytes JMP 000000016c479805
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4456] C:\windows\syswow64\kernel32.dll!CreateThread 0000000074eb34b5 5 bytes JMP 000000016c4775db
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4456] C:\windows\syswow64\USER32.dll!CreateWindowExW 00000000764e8a29 5 bytes JMP 000000016c4e03cf
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4456] C:\windows\syswow64\USER32.dll!CreateWindowExA 00000000764ed22e 5 bytes JMP 000000016c48363b
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4456] C:\windows\syswow64\USER32.dll!GetKeyState 00000000764f291f 5 bytes JMP 000000016c45ddab
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4456] C:\windows\syswow64\USER32.dll!EnableWindow 00000000764f2da4 5 bytes JMP 000000016c4b9eb4
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4456] C:\windows\syswow64\USER32.dll!CallNextHookEx 00000000764f6285 5 bytes JMP 000000016c4d7fdf
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4456] C:\windows\syswow64\USER32.dll!SetWindowsHookExW 00000000764f7603 5 bytes JMP 000000016c4b25ac
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4456] C:\windows\syswow64\USER32.dll!CreateDialogIndirectParamA 00000000764fb029 5 bytes JMP 000000016c609358
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4456] C:\windows\syswow64\USER32.dll!CreateDialogIndirectParamW 00000000764fc63e 5 bytes JMP 000000016c609390
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4456] C:\windows\syswow64\USER32.dll!IsDialogMessage 00000000765050ed 5 bytes JMP 000000016c609a52
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4456] C:\windows\syswow64\USER32.dll!CreateDialogParamA 0000000076505246 5 bytes JMP 000000016c6092e8
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4456] C:\windows\syswow64\USER32.dll!EndDialog 000000007650b99c 5 bytes JMP 000000016c609d26
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4456] C:\windows\syswow64\USER32.dll!IsDialogMessageW 000000007650c701 5 bytes JMP 000000016c609a7a
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4456] C:\windows\syswow64\USER32.dll!DialogBoxIndirectParamW 000000007650cbf3 5 bytes JMP 000000016c608fb6
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4456] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007650cfca 5 bytes JMP 000000016c411893
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4456] C:\windows\syswow64\USER32.dll!GetAsyncKeyState 000000007650eb96 5 bytes JMP 000000016c45ded5
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4456] C:\windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007650f52b 5 bytes JMP 000000016c4fed00
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4456] C:\windows\syswow64\USER32.dll!SendInput 000000007650ff4a 5 bytes JMP 000000016c60a2e9
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4456] C:\windows\syswow64\USER32.dll!CreateDialogParamW 00000000765110dc 5 bytes JMP 000000016c609320
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4456] C:\windows\syswow64\USER32.dll!SetKeyboardState 00000000765114b2 5 bytes JMP 000000016c60a341
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4456] C:\windows\syswow64\USER32.dll!SetCursorPos 0000000076529cfd 5 bytes JMP 000000016c60a3c2
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4456] C:\windows\syswow64\USER32.dll!DialogBoxParamA 000000007652cb0c 5 bytes JMP 000000016c608f51
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4456] C:\windows\syswow64\USER32.dll!DialogBoxIndirectParamA 000000007652ce64 5 bytes JMP 000000016c60901b
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4456] C:\windows\syswow64\USER32.dll!MessageBoxIndirectA 000000007653fbd1 5 bytes JMP 000000016c608ed8
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4456] C:\windows\syswow64\USER32.dll!MessageBoxIndirectW 000000007653fc9d 5 bytes JMP 000000016c608e5f
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4456] C:\windows\syswow64\USER32.dll!MessageBoxExA 000000007653fcd6 5 bytes JMP 000000016c608dfb
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4456] C:\windows\syswow64\USER32.dll!MessageBoxExW 000000007653fcfa 5 bytes JMP 000000016c608d97
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4456] C:\windows\syswow64\USER32.dll!keybd_event 00000000765402bf 5 bytes JMP 000000016c60a2a6
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4456] C:\windows\syswow64\ole32.dll!OleLoadFromStream 0000000075f36143 5 bytes JMP 000000016c609784
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4456] C:\windows\syswow64\OLEAUT32.dll!SysFreeString 0000000074893e59 5 bytes JMP 000000016c60987c
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4456] C:\windows\syswow64\OLEAUT32.dll!VariantClear 0000000074893eae 5 bytes JMP 000000016c6098fa
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4456] C:\windows\syswow64\OLEAUT32.dll!SysAllocStringByteLen 0000000074894731 5 bytes JMP 000000016c6097ee
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4456] C:\windows\syswow64\OLEAUT32.dll!VariantChangeType 0000000074895dee 5 bytes JMP 000000016c60989a
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4456] C:\windows\syswow64\OLEAUT32.dll!OleCreatePropertyFrameIndirect 00000000748f93ec 5 bytes JMP 000000016c6091d0
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4456] C:\windows\syswow64\WININET.dll!HttpOpenRequestA 00000000766b5761 5 bytes JMP 000000016cf8f983
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4456] C:\windows\syswow64\WININET.dll!HttpOpenRequestW 00000000766b5fef 5 bytes JMP 000000016cf8fae7
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4456] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075f21401 2 bytes [F2, 75]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4456] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075f21419 2 bytes [F2, 75]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4456] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075f21431 2 bytes [F2, 75]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4456] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075f2144a 2 bytes [F2, 75]
    .text ... * 9
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4456] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075f214dd 2 bytes [F2, 75]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4456] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075f214f5 2 bytes [F2, 75]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4456] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075f2150d 2 bytes [F2, 75]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4456] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075f21525 2 bytes [F2, 75]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4456] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075f2153d 2 bytes [F2, 75]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4456] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075f21555 2 bytes [F2, 75]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4456] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075f2156d 2 bytes [F2, 75]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4456] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075f21585 2 bytes [F2, 75]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4456] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075f2159d 2 bytes [F2, 75]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4456] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075f215b5 2 bytes [F2, 75]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4456] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075f215cd 2 bytes [F2, 75]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4456] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075f216b2 2 bytes [F2, 75]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4456] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075f216bd 2 bytes [F2, 75]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4456] C:\windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheetW 000000007250388e 5 bytes JMP 000000016c609080
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4456] C:\windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheet 00000000725a7922 5 bytes JMP 000000016c609128
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4456] C:\windows\syswow64\comdlg32.dll!PrintDlgW 00000000749933a3 5 bytes JMP 000000016c60946c
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4456] C:\windows\syswow64\comdlg32.dll!PageSetupDlgW 00000000749a2694 5 bytes JMP 000000016c6093c8
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4456] C:\windows\syswow64\comdlg32.dll!PrintDlgA 00000000749ae8ff 5 bytes JMP 000000016c609538
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4456] C:\windows\syswow64\WS2_32.dll!closesocket 0000000074e63918 5 bytes JMP 000000016ce36378
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4456] C:\windows\syswow64\WS2_32.dll!socket 0000000074e63eb8 5 bytes JMP 000000016ce35683
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4456] C:\windows\syswow64\WS2_32.dll!getaddrinfo 0000000074e64296 5 bytes JMP 000000016ce3583b
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4456] C:\windows\syswow64\WS2_32.dll!recv 0000000074e66b0e 5 bytes JMP 000000016ce3667c
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4456] C:\windows\syswow64\WS2_32.dll!connect 0000000074e66bdd 5 bytes JMP 000000016ce35713
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4456] C:\windows\syswow64\WS2_32.dll!send 0000000074e66f01 5 bytes JMP 000000016ce35c8e
    .text C:\Program Files (x86)\Microsoft\BingBar\BingApp.exe[4660] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075f21401 2 bytes [F2, 75]
    .text C:\Program Files (x86)\Microsoft\BingBar\BingApp.exe[4660] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075f21419 2 bytes [F2, 75]
    .text C:\Program Files (x86)\Microsoft\BingBar\BingApp.exe[4660] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075f21431 2 bytes [F2, 75]
    .text C:\Program Files (x86)\Microsoft\BingBar\BingApp.exe[4660] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075f2144a 2 bytes [F2, 75]
    .text ... * 9
    .text C:\Program Files (x86)\Microsoft\BingBar\BingApp.exe[4660] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075f214dd 2 bytes [F2, 75]
    .text C:\Program Files (x86)\Microsoft\BingBar\BingApp.exe[4660] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075f214f5 2 bytes [F2, 75]
    .text C:\Program Files (x86)\Microsoft\BingBar\BingApp.exe[4660] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075f2150d 2 bytes [F2, 75]
    .text C:\Program Files (x86)\Microsoft\BingBar\BingApp.exe[4660] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075f21525 2 bytes [F2, 75]
    .text C:\Program Files (x86)\Microsoft\BingBar\BingApp.exe[4660] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075f2153d 2 bytes [F2, 75]
    .text C:\Program Files (x86)\Microsoft\BingBar\BingApp.exe[4660] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075f21555 2 bytes [F2, 75]
    .text C:\Program Files (x86)\Microsoft\BingBar\BingApp.exe[4660] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075f2156d 2 bytes [F2, 75]
    .text C:\Program Files (x86)\Microsoft\BingBar\BingApp.exe[4660] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075f21585 2 bytes [F2, 75]
    .text C:\Program Files (x86)\Microsoft\BingBar\BingApp.exe[4660] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075f2159d 2 bytes [F2, 75]
    .text C:\Program Files (x86)\Microsoft\BingBar\BingApp.exe[4660] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075f215b5 2 bytes [F2, 75]
    .text C:\Program Files (x86)\Microsoft\BingBar\BingApp.exe[4660] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075f215cd 2 bytes [F2, 75]
    .text C:\Program Files (x86)\Microsoft\BingBar\BingApp.exe[4660] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075f216b2 2 bytes [F2, 75]
    .text C:\Program Files (x86)\Microsoft\BingBar\BingApp.exe[4660] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075f216bd 2 bytes [F2, 75]
    .text C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4756] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075f21401 2 bytes [F2, 75]
    .text C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4756] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075f21419 2 bytes [F2, 75]
    .text C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4756] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075f21431 2 bytes [F2, 75]
    .text C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4756] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075f2144a 2 bytes [F2, 75]
    .text ... * 9
    .text C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4756] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075f214dd 2 bytes [F2, 75]
    .text C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4756] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075f214f5 2 bytes [F2, 75]
    .text C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4756] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075f2150d 2 bytes [F2, 75]
    .text C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4756] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075f21525 2 bytes [F2, 75]
    .text C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4756] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075f2153d 2 bytes [F2, 75]
    .text C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4756] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075f21555 2 bytes [F2, 75]
    .text C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4756] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075f2156d 2 bytes [F2, 75]
    .text C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4756] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075f21585 2 bytes [F2, 75]
    .text C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4756] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075f2159d 2 bytes [F2, 75]
    .text C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4756] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075f215b5 2 bytes [F2, 75]
    .text C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4756] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075f215cd 2 bytes [F2, 75]
    .text C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4756] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075f216b2 2 bytes [F2, 75]
    .text C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4756] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075f216bd 2 bytes [F2, 75]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[968] C:\windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 00000000771825fd 6 bytes JMP 000000016c4d8042
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[968] C:\windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077192a63 6 bytes JMP 000000016c479805
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[968] C:\windows\syswow64\kernel32.dll!CreateThread 0000000074eb34b5 5 bytes JMP 000000016c4775db
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[968] C:\windows\syswow64\USER32.dll!CreateWindowExW 00000000764e8a29 5 bytes JMP 000000016c4e03cf
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[968] C:\windows\syswow64\USER32.dll!CreateWindowExA 00000000764ed22e 5 bytes JMP 000000016c48363b
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[968] C:\windows\syswow64\USER32.dll!GetKeyState 00000000764f291f 5 bytes JMP 000000016c45ddab
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[968] C:\windows\syswow64\USER32.dll!EnableWindow 00000000764f2da4 5 bytes JMP 000000016c4b9eb4
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[968] C:\windows\syswow64\USER32.dll!CallNextHookEx 00000000764f6285 5 bytes JMP 000000016c4d7fdf
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[968] C:\windows\syswow64\USER32.dll!SetWindowsHookExW 00000000764f7603 5 bytes JMP 000000016c4b25ac
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[968] C:\windows\syswow64\USER32.dll!CreateDialogIndirectParamA 00000000764fb029 5 bytes JMP 000000016c609358
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[968] C:\windows\syswow64\USER32.dll!CreateDialogIndirectParamW 00000000764fc63e 5 bytes JMP 000000016c609390
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[968] C:\windows\syswow64\USER32.dll!IsDialogMessage 00000000765050ed 5 bytes JMP 000000016c609a52
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[968] C:\windows\syswow64\USER32.dll!CreateDialogParamA 0000000076505246 5 bytes JMP 000000016c6092e8
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[968] C:\windows\syswow64\USER32.dll!EndDialog 000000007650b99c 5 bytes JMP 000000016c609d26
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[968] C:\windows\syswow64\USER32.dll!IsDialogMessageW 000000007650c701 5 bytes JMP 000000016c609a7a
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[968] C:\windows\syswow64\USER32.dll!DialogBoxIndirectParamW 000000007650cbf3 5 bytes JMP 000000016c608fb6
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[968] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007650cfca 5 bytes JMP 000000016c411893
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[968] C:\windows\syswow64\USER32.dll!GetAsyncKeyState 000000007650eb96 5 bytes JMP 000000016c45ded5
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[968] C:\windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007650f52b 5 bytes JMP 000000016c4fed00
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[968] C:\windows\syswow64\USER32.dll!SendInput 000000007650ff4a 5 bytes JMP 000000016c60a2e9
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[968] C:\windows\syswow64\USER32.dll!CreateDialogParamW 00000000765110dc 5 bytes JMP 000000016c609320
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[968] C:\windows\syswow64\USER32.dll!SetKeyboardState 00000000765114b2 5 bytes JMP 000000016c60a341
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[968] C:\windows\syswow64\USER32.dll!SetCursorPos 0000000076529cfd 5 bytes JMP 000000016c60a3c2
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[968] C:\windows\syswow64\USER32.dll!DialogBoxParamA 000000007652cb0c 5 bytes JMP 000000016c608f51
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[968] C:\windows\syswow64\USER32.dll!DialogBoxIndirectParamA 000000007652ce64 5 bytes JMP 000000016c60901b
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[968] C:\windows\syswow64\USER32.dll!MessageBoxIndirectA 000000007653fbd1 5 bytes JMP 000000016c608ed8
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[968] C:\windows\syswow64\USER32.dll!MessageBoxIndirectW 000000007653fc9d 5 bytes JMP 000000016c608e5f
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[968] C:\windows\syswow64\USER32.dll!MessageBoxExA 000000007653fcd6 5 bytes JMP 000000016c608dfb
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[968] C:\windows\syswow64\USER32.dll!MessageBoxExW 000000007653fcfa 5 bytes JMP 000000016c608d97
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[968] C:\windows\syswow64\USER32.dll!keybd_event 00000000765402bf 5 bytes JMP 000000016c60a2a6
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[968] C:\windows\syswow64\ole32.dll!OleLoadFromStream 0000000075f36143 5 bytes JMP 000000016c609784
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[968] C:\windows\syswow64\OLEAUT32.dll!SysFreeString 0000000074893e59 5 bytes JMP 000000016c60987c
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[968] C:\windows\syswow64\OLEAUT32.dll!VariantClear 0000000074893eae 5 bytes JMP 000000016c6098fa
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[968] C:\windows\syswow64\OLEAUT32.dll!SysAllocStringByteLen 0000000074894731 5 bytes JMP 000000016c6097ee
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[968] C:\windows\syswow64\OLEAUT32.dll!VariantChangeType 0000000074895dee 5 bytes JMP 000000016c60989a
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[968] C:\windows\syswow64\OLEAUT32.dll!OleCreatePropertyFrameIndirect 00000000748f93ec 5 bytes JMP 000000016c6091d0
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[968] C:\windows\syswow64\WININET.dll!HttpOpenRequestA 00000000766b5761 5 bytes JMP 000000016cf8f983
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[968] C:\windows\syswow64\WININET.dll!HttpOpenRequestW 00000000766b5fef 5 bytes JMP 000000016cf8fae7
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[968] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075f21401 2 bytes [F2, 75]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[968] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075f21419 2 bytes [F2, 75]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[968] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075f21431 2 bytes [F2, 75]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[968] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075f2144a 2 bytes [F2, 75]
    .text ... * 9
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[968] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075f214dd 2 bytes [F2, 75]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[968] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075f214f5 2 bytes [F2, 75]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[968] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075f2150d 2 bytes [F2, 75]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[968] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075f21525 2 bytes [F2, 75]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[968] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075f2153d 2 bytes [F2, 75]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[968] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075f21555 2 bytes [F2, 75]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[968] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075f2156d 2 bytes [F2, 75]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[968] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075f21585 2 bytes [F2, 75]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[968] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075f2159d 2 bytes [F2, 75]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[968] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075f215b5 2 bytes [F2, 75]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[968] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075f215cd 2 bytes [F2, 75]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[968] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075f216b2 2 bytes [F2, 75]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[968] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075f216bd 2 bytes [F2, 75]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[968] C:\windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheetW 000000007250388e 5 bytes JMP 000000016c609080
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[968] C:\windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheet 00000000725a7922 5 bytes JMP 000000016c609128
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[968] C:\windows\syswow64\comdlg32.dll!PrintDlgW 00000000749933a3 5 bytes JMP 000000016c60946c
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[968] C:\windows\syswow64\comdlg32.dll!PageSetupDlgW 00000000749a2694 5 bytes JMP 000000016c6093c8
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[968] C:\windows\syswow64\comdlg32.dll!PrintDlgA 00000000749ae8ff 5 bytes JMP 000000016c609538
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[968] C:\windows\syswow64\WS2_32.dll!closesocket 0000000074e63918 5 bytes JMP 000000016ce36378
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[968] C:\windows\syswow64\WS2_32.dll!socket 0000000074e63eb8 5 bytes JMP 000000016ce35683
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[968] C:\windows\syswow64\WS2_32.dll!getaddrinfo 0000000074e64296 5 bytes JMP 000000016ce3583b
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[968] C:\windows\syswow64\WS2_32.dll!recv 0000000074e66b0e 5 bytes JMP 000000016ce3667c
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[968] C:\windows\syswow64\WS2_32.dll!connect 0000000074e66bdd 5 bytes JMP 000000016ce35713
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[968] C:\windows\syswow64\WS2_32.dll!send 0000000074e66f01 5 bytes JMP 000000016ce35c8e
    ---- Threads - GMER 2.0 ----
    Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4056:3124] 000007fefafb2a7c
    Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4056:3980] 000007fef8875124
    ---- Registry - GMER 2.0 ----
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\b4749f59338f
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\b80305a941af
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\dca9710749bd
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\dca971179d36
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\e8039a807837
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\e81132e52fba
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\e81132e9b7f3
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\b4749f59338f (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\b80305a941af (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\dca9710749bd (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\dca971179d36 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\e8039a807837 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\e81132e52fba (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\e81132e9b7f3 (not active ControlSet)
    ---- Disk sectors - GMER 2.0 ----
    Disk \Device\Harddisk0\DR0 unknown MBR code
    ---- EOF - GMER 2.0 ----
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1087412

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice