1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Weird things appening

Discussion in 'Virus & Other Malware Removal' started by ti-gris, Jan 10, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. ti-gris

    ti-gris Thread Starter

    Joined:
    Apr 23, 2005
    Messages:
    205
    Weird things appening


    Some of the things: machine very slow; once on internet, sites take 3 to 5 mins to open if they ever do, have to use alt+ctrl+delete and click on log off. Updates are marked as done but they continuously
    ask for downoad (I do a restart). The service provider's main page: some of the links are missing or dont work, or I'm told to let the scripts go through, it is already; and more...

    I am sending the requested scans: HJT, DDS, GMER.

    HJT log

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 11:26:05 AM, on 10/01/2013
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v8.00 (8.00.6001.19393)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
    C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files (x86)\Ask.com\Updater\Updater.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
    C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Users\Tigris\Downloads\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sympatico.ca/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=93&bd=Pavilion&pf=cndt
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=93&bd=Pavilion&pf=cndt
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: YTNavAssist.YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll
    O1 - Hosts: ÿþ1
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - c:\Program Files (x86)\WOT\WOT.dll
    O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
    O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - c:\Program Files (x86)\WOT\WOT.dll
    O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
    O4 - HKLM\..\Run: [Microsoft Default Manager] "c:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
    O4 - HKLM\..\Run: [CLMLServer for HP TouchSmart] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
    O4 - HKLM\..\Run: [DVDAgent] "c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
    O4 - HKLM\..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
    O4 - HKLM\..\Run: [WinPatrol] "C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe" -expressboot
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - http://gfx1.hotmail.com/mail/w4/m3/photouploadcontrol/VistaMSNPUplden-ca.cab
    O18 - Protocol: intu-ir2009 - {E4616804-F2F8-4839-B728-5305004DA6A7} - C:\Program Files (x86)\ImpotRapide 2009\ic2009pp.dll
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\Program Files (x86)\WOT\WOT.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe
    O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
    O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

    --
    End of file - 11192 bytes

    DDS
    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 8.0.6001.19393 BrowserJavaVersion: 10.10.2
    Run by Tigris at 11:46:45 on 2013-01-10
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.3838.1944 [GMT -5:00]
    .
    AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
    SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
    SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe
    C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
    C:\Windows\System32\nvraidservice.exe
    C:\Windows\SysWOW64\java.exe
    C:\Program Files\Microsoft LifeCam\MSCamS64.exe
    C:\Windows\ehome\ehtray.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\PROGRA~1\HEWLET~1\HPREMO~1\HPREMO~1.EXE
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
    C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files (x86)\Ask.com\Updater\Updater.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
    C:\Windows\System32\WUDFHost.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
    C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\System32\mobsync.exe
    C:\Windows\system32\conime.exe
    C:\Windows\System32\svchost.exe -k swprv
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\vssvc.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.sympatico.ca/
    uSearch Bar = Preserve
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=93&bd=Pavilion&pf=cndt
    uURLSearchHooks: YTNavAssist.YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll
    BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - c:\Program Files (x86)\WOT\WOT.dll
    BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
    TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: WOT: {71576546-354D-41C9-AAE8-31F2EC22BF0D} - c:\Program Files (x86)\WOT\WOT.dll
    TB: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll
    TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
    TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - c:\Program Files (x86)\WOT\WOT.dll
    TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    mRun: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
    mRun: [Microsoft Default Manager] "c:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
    mRun: [CLMLServer for HP TouchSmart] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
    mRun: [DVDAgent] "c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
    mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
    mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
    mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
    mRun: [WinPatrol] "C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe" -expressboot
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    .
    INFO: HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/m3/photouploadcontrol/VistaMSNPUplden-ca.cab
    TCP: NameServer = 192.168.2.1
    TCP: Interfaces\{C4046FFA-F295-4F6C-A778-51E85819CCD9} : DHCPNameServer = 192.168.2.1
    TCP: Interfaces\{F06E95AE-873D-4A14-B963-ADB09E044612} : DHCPNameServer = 192.168.2.1
    Handler: intu-ir2009 - {E4616804-F2F8-4839-B728-5305004DA6A7} - C:\Program Files (x86)\ImpotRapide 2009\ic2009pp.dll
    Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\Program Files (x86)\WOT\WOT.dll
    LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
    x64-mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=93&bd=Pavilion&pf=cndt
    x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg64.dll
    x64-BHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - c:\Program Files\WOT\WOT.dll
    x64-TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - c:\Program Files\WOT\WOT.dll
    x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
    x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-Run: [SmartMenu] C:\Program Files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
    x64-Run: [NVRaidService] C:\Windows\System32\nvraidservice.exe
    x64-Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\System32\NvCpl.dll,NvStartup
    x64-Run: [HP Remote Software] C:\Program Files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe
    x64-mPolicies-Explorer: NoActiveDesktop = dword:1
    x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
    x64-mPolicies-System: EnableUIADesktopToggle = dword:0
    .
    INFO: x64-HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    x64-Handler: intu-ir2009 - {E4616804-F2F8-4839-B728-5305004DA6A7} - <orphaned>
    x64-Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll
    x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - LocalServer32 - <no file>
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\Program Files\WOT\WOT.dll
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2010-3-25 203888]
    R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2012-11-1 984144]
    R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2012-11-1 370288]
    R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2012-1-20 27760]
    R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
    R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
    R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2012-7-11 140672]
    R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-1-20 86224]
    R2 AntiVirService;Avira Realtime Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2012-1-20 110032]
    R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2012-11-1 25232]
    R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-11-1 71600]
    R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-11-1 44808]
    R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2012-1-20 98848]
    R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
    R2 LinksysUpdater;Linksys Updater;C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe [2008-11-13 204800]
    R2 SSPORT;SSPORT;C:\Windows\System32\drivers\SSPORT.SYS [2009-10-25 11576]
    R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2012-12-7 3463080]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]
    S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-24 98688]
    S3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0;PCDSRVC{F36B3A4C-F95654BD-06000000}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\PC-Doctor for Windows\pcdsrvc_x64.pkms [2009-2-2 23536]
    S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
    S3 rcmirror;rcmirror;C:\Windows\System32\drivers\rcmirror.sys [2008-10-9 5120]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
    S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-9-11 89920]
    .
    =============== File Associations ===============
    .
    FileExt: .reg: regfile=regedit.exe "%1" [UserChoice]
    FileExt: .js: JSFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
    FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
    .
    =============== Created Last 30 ================
    .
    .
    ==================== Find3M ====================
    .
    2013-01-09 14:29:30 67599240 ----a-w- C:\Windows\System32\mrt.exe
    2013-01-09 13:50:35 74248 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-01-09 13:50:35 697864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2013-01-07 00:57:08 95184 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2013-01-07 00:57:05 260528 ----a-w- C:\Windows\SysWow64\javaws.exe
    2013-01-07 00:57:04 174000 ----a-w- C:\Windows\SysWow64\javaw.exe
    2013-01-07 00:57:04 173992 ----a-w- C:\Windows\SysWow64\java.exe
    2013-01-07 00:57:03 859072 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
    2013-01-07 00:57:03 779704 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2012-12-16 13:31:20 48128 ----a-w- C:\Windows\System32\atmlib.dll
    2012-12-16 13:12:54 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
    2012-12-16 11:08:21 368128 ----a-w- C:\Windows\System32\atmfd.dll
    2012-12-16 10:50:29 293376 ----a-w- C:\Windows\SysWow64\atmfd.dll
    2012-12-14 21:49:28 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-11-23 01:54:35 2770432 ----a-w- C:\Windows\System32\win32k.sys
    2012-11-22 04:22:38 456192 ----a-w- C:\Windows\System32\shlwapi.dll
    2012-11-22 03:54:36 353280 ----a-w- C:\Windows\SysWow64\shlwapi.dll
    2012-11-20 04:22:50 204288 ----a-w- C:\Windows\SysWow64\ncrypt.dll
    2012-11-20 04:21:04 253952 ----a-w- C:\Windows\System32\ncrypt.dll
    2012-11-13 01:45:48 2048 ----a-w- C:\Windows\System32\tzres.dll
    2012-11-13 01:29:51 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2012-11-09 12:35:23 1147392 ----a-w- C:\Windows\System32\wininet.dll
    2012-11-09 12:35:05 1488384 ----a-w- C:\Windows\System32\urlmon.dll
    2012-11-09 12:35:05 108032 ----a-w- C:\Windows\System32\url.dll
    2012-11-09 12:33:23 243712 ----a-w- C:\Windows\System32\occache.dll
    2012-11-09 12:31:32 1062912 ----a-w- C:\Windows\System32\mstime.dll
    2012-11-09 12:31:01 98304 ----a-w- C:\Windows\System32\mshtmled.dll
    2012-11-09 12:30:57 9329152 ----a-w- C:\Windows\System32\mshtml.dll
    2012-11-09 12:30:52 743424 ----a-w- C:\Windows\System32\msfeeds.dll
    2012-11-09 12:30:52 71680 ----a-w- C:\Windows\System32\msfeedsbs.dll
    2012-11-09 12:30:09 56832 ----a-w- C:\Windows\System32\licmgr10.dll
    2012-11-09 12:29:50 31744 ----a-w- C:\Windows\System32\jsproxy.dll
    2012-11-09 12:29:40 1538560 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-11-09 12:29:23 219136 ----a-w- C:\Windows\System32\ieui.dll
    2012-11-09 12:29:23 132096 ----a-w- C:\Windows\System32\iesysprep.dll
    2012-11-09 12:29:22 77312 ----a-w- C:\Windows\System32\iesetup.dll
    2012-11-09 12:29:22 2350592 ----a-w- C:\Windows\System32\iertutil.dll
    2012-11-09 12:29:21 72192 ----a-w- C:\Windows\System32\iernonce.dll
    2012-11-09 12:29:21 252416 ----a-w- C:\Windows\System32\iepeers.dll
    2012-11-09 12:29:21 12509696 ----a-w- C:\Windows\System32\ieframe.dll
    2012-11-09 12:29:15 459776 ----a-w- C:\Windows\System32\iedkcs32.dll
    2012-11-09 10:55:37 479232 ----a-w- C:\Windows\System32\html.iec
    2012-11-09 10:42:46 916992 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-11-09 10:42:27 1212416 ----a-w- C:\Windows\SysWow64\urlmon.dll
    2012-11-09 10:42:26 105984 ----a-w- C:\Windows\SysWow64\url.dll
    2012-11-09 10:40:28 206848 ----a-w- C:\Windows\SysWow64\occache.dll
    2012-11-09 10:38:29 611840 ----a-w- C:\Windows\SysWow64\mstime.dll
    2012-11-09 10:37:57 67072 ----a-w- C:\Windows\SysWow64\mshtmled.dll
    2012-11-09 10:37:57 6008832 ----a-w- C:\Windows\SysWow64\mshtml.dll
    2012-11-09 10:37:52 630272 ----a-w- C:\Windows\SysWow64\msfeeds.dll
    2012-11-09 10:37:52 55296 ----a-w- C:\Windows\SysWow64\msfeedsbs.dll
    2012-11-09 10:37:14 43520 ----a-w- C:\Windows\SysWow64\licmgr10.dll
    2012-11-09 10:36:54 25600 ----a-w- C:\Windows\SysWow64\jsproxy.dll
    2012-11-09 10:36:43 1469440 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-11-09 10:36:28 71680 ----a-w- C:\Windows\SysWow64\iesetup.dll
    2012-11-09 10:36:28 2000384 ----a-w- C:\Windows\SysWow64\iertutil.dll
    2012-11-09 10:36:28 164352 ----a-w- C:\Windows\SysWow64\ieui.dll
    2012-11-09 10:36:28 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
    2012-11-09 10:36:27 55808 ----a-w- C:\Windows\SysWow64\iernonce.dll
    2012-11-09 10:36:27 184320 ----a-w- C:\Windows\SysWow64\iepeers.dll
    2012-11-09 10:36:27 11111424 ----a-w- C:\Windows\SysWow64\ieframe.dll
    2012-11-09 10:36:22 387584 ----a-w- C:\Windows\SysWow64\iedkcs32.dll
    2012-11-09 09:09:03 162816 ----a-w- C:\Windows\System32\ieUnatt.exe
    2012-11-09 09:08:51 70656 ----a-w- C:\Windows\System32\ie4uinit.exe
    2012-11-09 09:08:13 12288 ----a-w- C:\Windows\System32\msfeedssync.exe
    2012-11-09 09:07:25 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-11-09 09:01:43 385024 ----a-w- C:\Windows\SysWow64\html.iec
    2012-11-09 07:13:56 133632 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-11-09 07:13:43 174080 ----a-w- C:\Windows\SysWow64\ie4uinit.exe
    2012-11-09 07:12:06 13312 ----a-w- C:\Windows\SysWow64\msfeedssync.exe
    2012-11-09 07:11:28 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-11-02 10:47:16 1869824 ----a-w- C:\Windows\System32\msxml3.dll
    2012-11-02 10:47:16 1794560 ----a-w- C:\Windows\System32\msxml6.dll
    2012-11-02 10:45:52 477696 ----a-w- C:\Windows\System32\dpnet.dll
    2012-11-02 10:45:51 68096 ----a-w- C:\Windows\System32\dpnathlp.dll
    2012-11-02 10:19:34 1400832 ----a-w- C:\Windows\SysWow64\msxml6.dll
    2012-11-02 10:19:33 1248768 ----a-w- C:\Windows\SysWow64\msxml3.dll
    2012-11-02 10:18:17 376320 ----a-w- C:\Windows\SysWow64\dpnet.dll
    2012-11-02 08:59:56 26112 ----a-w- C:\Windows\System32\dpnsvr.exe
    2012-11-02 08:26:06 23040 ----a-w- C:\Windows\SysWow64\dpnsvr.exe
    2012-10-30 22:51:56 59728 ----a-w- C:\Windows\System32\drivers\aswTdi.sys
    2012-10-30 22:51:55 984144 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
    2012-10-30 22:51:55 71600 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
    2012-10-30 22:51:55 44272 ----a-w- C:\Windows\System32\drivers\aswRdr.sys
    2012-10-30 22:51:55 370288 ----a-w- C:\Windows\System32\drivers\aswSP.sys
    2012-10-30 22:51:53 25232 ----a-w- C:\Windows\System32\drivers\aswFsBlk.sys
    2012-10-30 22:51:07 41224 ----a-w- C:\Windows\avastSS.scr
    2012-10-30 22:50:59 227648 ----a-w- C:\Windows\SysWow64\aswBoot.exe
    2012-10-30 22:50:30 285328 ----a-w- C:\Windows\System32\aswBoot.exe
    2012-10-16 23:29:29 916456 ----a-w- C:\Windows\System32\deployJava1.dll
    2012-10-16 23:29:29 1034216 ----a-w- C:\Windows\System32\npdeployJava1.dll
    .
    ============= FINISH: 11:46:59.97 ===============

    Attch log
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 08/06/2009 7:11:28 PM
    System Uptime: 10/01/2013 9:13:55 AM (2 hours ago)
    .
    Motherboard: PEGATRON CORPORATION | | VIOLET
    Processor: AMD Phenom(tm) 8450 Triple-Core Processor | CPU 1 | 2100/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 684 GiB total, 563.88 GiB free.
    D: is FIXED (NTFS) - 14 GiB total, 1.412 GiB free.
    E: is CDROM ()
    F: is Removable
    G: is Removable
    H: is Removable
    I: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP1560: 23/12/2012 5:47:07 PM - Scheduled Checkpoint
    RP1561: 24/12/2012 10:51:55 AM - Scheduled Checkpoint
    RP1562: 25/12/2012 8:27:50 AM - Scheduled Checkpoint
    RP1563: 26/12/2012 3:19:59 PM - Scheduled Checkpoint
    RP1564: 27/12/2012 9:51:59 AM - Scheduled Checkpoint
    RP1565: 29/12/2012 6:34:25 PM - Scheduled Checkpoint
    RP1566: 30/12/2012 12:11:41 PM - Scheduled Checkpoint
    RP1567: 31/12/2012 1:41:57 PM - Scheduled Checkpoint
    RP1568: 01/01/2013 12:44:00 PM - Scheduled Checkpoint
    RP1569: 03/01/2013 10:00:53 AM - Windows Modules Installer
    RP1570: 03/01/2013 1:40:11 PM - Removed Java 7 Update 7 (64-bit)
    RP1571: 03/01/2013 1:41:03 PM - Installed Java 7 Update 7 (64-bit)
    RP1572: 03/01/2013 2:12:25 PM - Installed Java(TM) 7 Update 1
    RP1573: 04/01/2013 12:06:15 PM - Installed Java 7 Update 10
    RP1574: 04/01/2013 5:15:17 PM - Removed Java 7 Update 10
    RP1575: 04/01/2013 5:17:14 PM - Installed Java 7 Update 10
    RP1576: 05/01/2013 1:18:12 PM - Removed Java 7 Update 7 (64-bit)
    RP1577: 05/01/2013 1:19:44 PM - Removed Java 7 Update 10
    RP1578: 05/01/2013 2:02:33 PM - Installed Java 7 Update 10
    RP1579: 05/01/2013 4:30:16 PM - Restore Operation
    RP1580: 06/01/2013 12:38:33 PM - Scheduled Checkpoint
    RP1581: 06/01/2013 7:24:12 PM - Removed Java 7 Update 7 (64-bit)
    RP1582: 06/01/2013 7:56:35 PM - Installed Java 7 Update 10
    RP1583: 07/01/2013 9:01:16 AM - Scheduled Checkpoint
    RP1584: 09/01/2013 9:11:23 AM - Scheduled Checkpoint
    RP1585: 09/01/2013 9:27:55 AM - Windows Update
    RP1586: 09/01/2013 10:05:16 AM - Windows Update
    RP1587: 09/01/2013 11:54:55 AM - Windows Update
    RP1588: 10/01/2013 9:56:16 AM - Scheduled Checkpoint
    RP1589: 10/01/2013 11:13:04 AM - Removed HiJackThis
    .
    ==== Installed Programs ======================
    .
    Updater
    ActiveCheck component for HP Active Support Library
    Adobe Flash Player 11 ActiveX
    Adobe Photoshop Elements 2.0
    Adobe Reader XI (11.0.01)
    Apple Application Support
    Apple Software Update
    Auslogics Disk Defrag
    avast! Free Antivirus
    Avira Free Antivirus
    Canon ScanGear Toolbox 3.1
    CCleaner
    Compatibility Pack for the 2007 Office system
    D3DX10
    Default Manager
    DirectX for Managed Code Update (Summer 2004)
    FileHippo.com Update Checker
    Google Toolbar for Internet Explorer
    Google Update Helper
    Hardware Diagnostic Tools
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HP Active Support Library
    HP Advisor
    HP Customer Experience Enhancements
    HP MediaSmart DVD
    HP MediaSmart Music/Photo/Video
    HP MediaSmart SmartMenu
    HP Odometer
    HP Picasso Media Center Add-In
    HP Recovery Manager RSS
    HP Remote Software
    HP Support Information
    HP Total Care Setup
    HP Update
    HPAsset component for HP Active Support Library
    ImpôtRapide 2009
    Java 7 Update 10
    Java Auto Updater
    Junk Mail filter update
    LightScribe System Software
    Malwarebytes Anti-Malware version 1.70.0.1100
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Age of Empires
    Microsoft Application Error Reporting
    Microsoft Corporation
    Microsoft LifeCam
    Microsoft Live Search Toolbar
    Microsoft Office Excel Viewer
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Word Viewer 2003
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable (x64)
    Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
    Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    NVIDIA Drivers
    PVSonyDll
    Python 2.6.1
    Realtek High Definition Audio Driver
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Segoe UI
    Skype Click to Call
    Skype™ 6.0
    Some PDF to Txt Converter 1.5
    SpywareBlaster 4.6
    SUPERAntiSpyware
    TeamViewer 8
    U3Launcher
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    VLC media player 2.0.3
    VLC media player 2.0.4
    WebEx Support Manager for Internet Explorer
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Language Selector
    Windows Live Mail
    Windows Live Messenger
    Windows Live MIME IFilter
    Windows Live Photo Common
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    WinPatrol
    WOT for Internet Explorer
    Yahoo! Software Update
    Yahoo! Toolbar
    .
    ==== Event Viewer Messages From Past Week ========
    .
    10/01/2013 9:17:12 AM, Error: Service Control Manager [7024] - The KtmRm for Distributed Transaction Coordinator service terminated with service-specific error 2147942438 (0x80070026).
    10/01/2013 9:16:41 AM, Error: Microsoft-Windows-LanguagePackSetup [1001] - Application initialization failed. Last error: 0x80070032
    10/01/2013 9:15:19 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt
    10/01/2013 9:15:19 AM, Error: Service Control Manager [7023] -
    10/01/2013 9:15:19 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Pure Networks Platform Service service to connect.
    10/01/2013 9:15:19 AM, Error: Service Control Manager [7000] - The Pure Networks Platform Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    10/01/2013 9:15:19 AM, Error: Service Control Manager [7000] - The DgiVecp service failed to start due to the following error: The system cannot find the device specified.
    08/01/2013 7:25:43 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
    08/01/2013 7:25:43 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    08/01/2013 7:25:42 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    06/01/2013 7:43:58 PM, Error: Service Control Manager [7034] - The Linksys Updater service terminated unexpectedly. It has done this 1 time(s).
    06/01/2013 11:36:25 AM, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {73C9DFA0-750D-11E1-B0C4-0800200C9A66}. The error: "5" Happened while starting this command: C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe -Embedding
    05/01/2013 4:42:57 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
    .
    ==== End Of File ===========================

    gmer log ark

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 8.0.6001.19393 BrowserJavaVersion: 10.10.2
    Run by Tigris at 11:46:45 on 2013-01-10
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.3838.1944 [GMT -5:00]
    .
    AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
    SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
    SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe
    C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
    C:\Windows\System32\nvraidservice.exe
    C:\Windows\SysWOW64\java.exe
    C:\Program Files\Microsoft LifeCam\MSCamS64.exe
    C:\Windows\ehome\ehtray.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\PROGRA~1\HEWLET~1\HPREMO~1\HPREMO~1.EXE
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
    C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files (x86)\Ask.com\Updater\Updater.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
    C:\Windows\System32\WUDFHost.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
    C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\System32\mobsync.exe
    C:\Windows\system32\conime.exe
    C:\Windows\System32\svchost.exe -k swprv
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\vssvc.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.sympatico.ca/
    uSearch Bar = Preserve
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=93&bd=Pavilion&pf=cndt
    uURLSearchHooks: YTNavAssist.YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll
    BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - c:\Program Files (x86)\WOT\WOT.dll
    BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
    TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: WOT: {71576546-354D-41C9-AAE8-31F2EC22BF0D} - c:\Program Files (x86)\WOT\WOT.dll
    TB: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll
    TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
    TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - c:\Program Files (x86)\WOT\WOT.dll
    TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    mRun: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
    mRun: [Microsoft Default Manager] "c:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
    mRun: [CLMLServer for HP TouchSmart] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
    mRun: [DVDAgent] "c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
    mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
    mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
    mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
    mRun: [WinPatrol] "C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe" -expressboot
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    .
    INFO: HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/m3/photouploadcontrol/VistaMSNPUplden-ca.cab
    TCP: NameServer = 192.168.2.1
    TCP: Interfaces\{C4046FFA-F295-4F6C-A778-51E85819CCD9} : DHCPNameServer = 192.168.2.1
    TCP: Interfaces\{F06E95AE-873D-4A14-B963-ADB09E044612} : DHCPNameServer = 192.168.2.1
    Handler: intu-ir2009 - {E4616804-F2F8-4839-B728-5305004DA6A7} - C:\Program Files (x86)\ImpotRapide 2009\ic2009pp.dll
    Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\Program Files (x86)\WOT\WOT.dll
    LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
    x64-mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=93&bd=Pavilion&pf=cndt
    x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg64.dll
    x64-BHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - c:\Program Files\WOT\WOT.dll
    x64-TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - c:\Program Files\WOT\WOT.dll
    x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
    x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-Run: [SmartMenu] C:\Program Files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
    x64-Run: [NVRaidService] C:\Windows\System32\nvraidservice.exe
    x64-Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\System32\NvCpl.dll,NvStartup
    x64-Run: [HP Remote Software] C:\Program Files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe
    x64-mPolicies-Explorer: NoActiveDesktop = dword:1
    x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
    x64-mPolicies-System: EnableUIADesktopToggle = dword:0
    .
    INFO: x64-HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    x64-Handler: intu-ir2009 - {E4616804-F2F8-4839-B728-5305004DA6A7} - <orphaned>
    x64-Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll
    x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - LocalServer32 - <no file>
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\Program Files\WOT\WOT.dll
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2010-3-25 203888]
    R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2012-11-1 984144]
    R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2012-11-1 370288]
    R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2012-1-20 27760]
    R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
    R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
    R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2012-7-11 140672]
    R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-1-20 86224]
    R2 AntiVirService;Avira Realtime Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2012-1-20 110032]
    R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2012-11-1 25232]
    R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-11-1 71600]
    R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-11-1 44808]
    R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2012-1-20 98848]
    R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
    R2 LinksysUpdater;Linksys Updater;C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe [2008-11-13 204800]
    R2 SSPORT;SSPORT;C:\Windows\System32\drivers\SSPORT.SYS [2009-10-25 11576]
    R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2012-12-7 3463080]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]
    S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-24 98688]
    S3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0;PCDSRVC{F36B3A4C-F95654BD-06000000}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\PC-Doctor for Windows\pcdsrvc_x64.pkms [2009-2-2 23536]
    S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
    S3 rcmirror;rcmirror;C:\Windows\System32\drivers\rcmirror.sys [2008-10-9 5120]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
    S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-9-11 89920]
    .
    =============== File Associations ===============
    .
    FileExt: .reg: regfile=regedit.exe "%1" [UserChoice]
    FileExt: .js: JSFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
    FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
    .
    =============== Created Last 30 ================
    .
    .
    ==================== Find3M ====================
    .
    2013-01-09 14:29:30 67599240 ----a-w- C:\Windows\System32\mrt.exe
    2013-01-09 13:50:35 74248 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-01-09 13:50:35 697864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2013-01-07 00:57:08 95184 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2013-01-07 00:57:05 260528 ----a-w- C:\Windows\SysWow64\javaws.exe
    2013-01-07 00:57:04 174000 ----a-w- C:\Windows\SysWow64\javaw.exe
    2013-01-07 00:57:04 173992 ----a-w- C:\Windows\SysWow64\java.exe
    2013-01-07 00:57:03 859072 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
    2013-01-07 00:57:03 779704 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2012-12-16 13:31:20 48128 ----a-w- C:\Windows\System32\atmlib.dll
    2012-12-16 13:12:54 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
    2012-12-16 11:08:21 368128 ----a-w- C:\Windows\System32\atmfd.dll
    2012-12-16 10:50:29 293376 ----a-w- C:\Windows\SysWow64\atmfd.dll
    2012-12-14 21:49:28 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-11-23 01:54:35 2770432 ----a-w- C:\Windows\System32\win32k.sys
    2012-11-22 04:22:38 456192 ----a-w- C:\Windows\System32\shlwapi.dll
    2012-11-22 03:54:36 353280 ----a-w- C:\Windows\SysWow64\shlwapi.dll
    2012-11-20 04:22:50 204288 ----a-w- C:\Windows\SysWow64\ncrypt.dll
    2012-11-20 04:21:04 253952 ----a-w- C:\Windows\System32\ncrypt.dll
    2012-11-13 01:45:48 2048 ----a-w- C:\Windows\System32\tzres.dll
    2012-11-13 01:29:51 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2012-11-09 12:35:23 1147392 ----a-w- C:\Windows\System32\wininet.dll
    2012-11-09 12:35:05 1488384 ----a-w- C:\Windows\System32\urlmon.dll
    2012-11-09 12:35:05 108032 ----a-w- C:\Windows\System32\url.dll
    2012-11-09 12:33:23 243712 ----a-w- C:\Windows\System32\occache.dll
    2012-11-09 12:31:32 1062912 ----a-w- C:\Windows\System32\mstime.dll
    2012-11-09 12:31:01 98304 ----a-w- C:\Windows\System32\mshtmled.dll
    2012-11-09 12:30:57 9329152 ----a-w- C:\Windows\System32\mshtml.dll
    2012-11-09 12:30:52 743424 ----a-w- C:\Windows\System32\msfeeds.dll
    2012-11-09 12:30:52 71680 ----a-w- C:\Windows\System32\msfeedsbs.dll
    2012-11-09 12:30:09 56832 ----a-w- C:\Windows\System32\licmgr10.dll
    2012-11-09 12:29:50 31744 ----a-w- C:\Windows\System32\jsproxy.dll
    2012-11-09 12:29:40 1538560 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-11-09 12:29:23 219136 ----a-w- C:\Windows\System32\ieui.dll
    2012-11-09 12:29:23 132096 ----a-w- C:\Windows\System32\iesysprep.dll
    2012-11-09 12:29:22 77312 ----a-w- C:\Windows\System32\iesetup.dll
    2012-11-09 12:29:22 2350592 ----a-w- C:\Windows\System32\iertutil.dll
    2012-11-09 12:29:21 72192 ----a-w- C:\Windows\System32\iernonce.dll
    2012-11-09 12:29:21 252416 ----a-w- C:\Windows\System32\iepeers.dll
    2012-11-09 12:29:21 12509696 ----a-w- C:\Windows\System32\ieframe.dll
    2012-11-09 12:29:15 459776 ----a-w- C:\Windows\System32\iedkcs32.dll
    2012-11-09 10:55:37 479232 ----a-w- C:\Windows\System32\html.iec
    2012-11-09 10:42:46 916992 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-11-09 10:42:27 1212416 ----a-w- C:\Windows\SysWow64\urlmon.dll
    2012-11-09 10:42:26 105984 ----a-w- C:\Windows\SysWow64\url.dll
    2012-11-09 10:40:28 206848 ----a-w- C:\Windows\SysWow64\occache.dll
    2012-11-09 10:38:29 611840 ----a-w- C:\Windows\SysWow64\mstime.dll
    2012-11-09 10:37:57 67072 ----a-w- C:\Windows\SysWow64\mshtmled.dll
    2012-11-09 10:37:57 6008832 ----a-w- C:\Windows\SysWow64\mshtml.dll
    2012-11-09 10:37:52 630272 ----a-w- C:\Windows\SysWow64\msfeeds.dll
    2012-11-09 10:37:52 55296 ----a-w- C:\Windows\SysWow64\msfeedsbs.dll
    2012-11-09 10:37:14 43520 ----a-w- C:\Windows\SysWow64\licmgr10.dll
    2012-11-09 10:36:54 25600 ----a-w- C:\Windows\SysWow64\jsproxy.dll
    2012-11-09 10:36:43 1469440 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-11-09 10:36:28 71680 ----a-w- C:\Windows\SysWow64\iesetup.dll
    2012-11-09 10:36:28 2000384 ----a-w- C:\Windows\SysWow64\iertutil.dll
    2012-11-09 10:36:28 164352 ----a-w- C:\Windows\SysWow64\ieui.dll
    2012-11-09 10:36:28 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
    2012-11-09 10:36:27 55808 ----a-w- C:\Windows\SysWow64\iernonce.dll
    2012-11-09 10:36:27 184320 ----a-w- C:\Windows\SysWow64\iepeers.dll
    2012-11-09 10:36:27 11111424 ----a-w- C:\Windows\SysWow64\ieframe.dll
    2012-11-09 10:36:22 387584 ----a-w- C:\Windows\SysWow64\iedkcs32.dll
    2012-11-09 09:09:03 162816 ----a-w- C:\Windows\System32\ieUnatt.exe
    2012-11-09 09:08:51 70656 ----a-w- C:\Windows\System32\ie4uinit.exe
    2012-11-09 09:08:13 12288 ----a-w- C:\Windows\System32\msfeedssync.exe
    2012-11-09 09:07:25 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-11-09 09:01:43 385024 ----a-w- C:\Windows\SysWow64\html.iec
    2012-11-09 07:13:56 133632 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-11-09 07:13:43 174080 ----a-w- C:\Windows\SysWow64\ie4uinit.exe
    2012-11-09 07:12:06 13312 ----a-w- C:\Windows\SysWow64\msfeedssync.exe
    2012-11-09 07:11:28 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-11-02 10:47:16 1869824 ----a-w- C:\Windows\System32\msxml3.dll
    2012-11-02 10:47:16 1794560 ----a-w- C:\Windows\System32\msxml6.dll
    2012-11-02 10:45:52 477696 ----a-w- C:\Windows\System32\dpnet.dll
    2012-11-02 10:45:51 68096 ----a-w- C:\Windows\System32\dpnathlp.dll
    2012-11-02 10:19:34 1400832 ----a-w- C:\Windows\SysWow64\msxml6.dll
    2012-11-02 10:19:33 1248768 ----a-w- C:\Windows\SysWow64\msxml3.dll
    2012-11-02 10:18:17 376320 ----a-w- C:\Windows\SysWow64\dpnet.dll
    2012-11-02 08:59:56 26112 ----a-w- C:\Windows\System32\dpnsvr.exe
    2012-11-02 08:26:06 23040 ----a-w- C:\Windows\SysWow64\dpnsvr.exe
    2012-10-30 22:51:56 59728 ----a-w- C:\Windows\System32\drivers\aswTdi.sys
    2012-10-30 22:51:55 984144 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
    2012-10-30 22:51:55 71600 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
    2012-10-30 22:51:55 44272 ----a-w- C:\Windows\System32\drivers\aswRdr.sys
    2012-10-30 22:51:55 370288 ----a-w- C:\Windows\System32\drivers\aswSP.sys
    2012-10-30 22:51:53 25232 ----a-w- C:\Windows\System32\drivers\aswFsBlk.sys
    2012-10-30 22:51:07 41224 ----a-w- C:\Windows\avastSS.scr
    2012-10-30 22:50:59 227648 ----a-w- C:\Windows\SysWow64\aswBoot.exe
    2012-10-30 22:50:30 285328 ----a-w- C:\Windows\System32\aswBoot.exe
    2012-10-16 23:29:29 916456 ----a-w- C:\Windows\System32\deployJava1.dll
    2012-10-16 23:29:29 1034216 ----a-w- C:\Windows\System32\npdeployJava1.dll
    .
    ============= FINISH: 11:46:59.97 ===============
     
  2. ti-gris

    ti-gris Thread Starter

    Joined:
    Apr 23, 2005
    Messages:
    205
  3. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    No GMER log?
     
  4. ti-gris

    ti-gris Thread Starter

    Joined:
    Apr 23, 2005
    Messages:
    205
    Sorry, Ive got one on te Desk, but hit the wrong one. Will send t=it to you SAP
     
  5. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
  6. ti-gris

    ti-gris Thread Starter

    Joined:
    Apr 23, 2005
    Messages:
    205
    Kevinf80
    here is the ark log, sorry about that and thanks for picking thread
     
  7. ti-gris

    ti-gris Thread Starter

    Joined:
    Apr 23, 2005
    Messages:
    205
    kevinf80

    having hard time to send Log ark:
    GMER 2.0.18444 - http://www.gmer.net
    Rootkit scan 2013-01-13 15:31:15
    Windows 6.0.6002 Service Pack 2 x64 \Device\Harddisk0\DR0 -> \Device\0000005a ST375052 rev.HP22 698.64GB
    Running: e8uedwi1.exe; Driver: C:\Users\Tigris\AppData\Local\Temp\pxdiipob.sys


    ---- User code sections - GMER 2.0 ----

    .text C:\Windows\system32\wininit.exe[624] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 194 00000000771e2c52 1 byte [62]
    .text C:\Windows\system32\winlogon.exe[904] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 194 00000000771e2c52 1 byte [62]
    .text C:\Windows\system32\nvvsvc.exe[948] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 194 00000000771e2c52 1 byte [62]
    .text C:\Windows\System32\svchost.exe[412] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 194 00000000771e2c52 1 byte [62]
    .text C:\Windows\System32\svchost.exe[532] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 194 00000000771e2c52 1 byte [62]
    .text C:\Windows\system32\svchost.exe[544] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 194 00000000771e2c52 1 byte [62]
    .text C:\Windows\system32\nvvsvc.exe[1188] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 194 00000000771e2c52 1 byte [62]
    .text C:\Windows\system32\svchost.exe[1460] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 194 00000000771e2c52 1 byte [62]
    .text C:\Windows\system32\svchost.exe[1300] C:\Windows\system32\ntdll.dll!LdrUnloadDll 0000000077386d20 5 bytes JMP 000000010017075c
    .text C:\Windows\system32\svchost.exe[1300] C:\Windows\system32\ntdll.dll!LdrLoadDll 00000000773a3bd0 5 bytes JMP 00000001001703a4
    .text C:\Windows\system32\svchost.exe[1300] C:\Windows\system32\ntdll.dll!NtAllocateVirtualMemory 00000000773b6ff0 5 bytes JMP 0000000100170b14
    .text C:\Windows\system32\svchost.exe[1300] C:\Windows\system32\ntdll.dll!NtFreeVirtualMemory 00000000773b7050 5 bytes JMP 0000000100170ecc
    .text C:\Windows\system32\svchost.exe[1300] C:\Windows\system32\ntdll.dll!NtTerminateProcess 00000000773b7130 5 bytes JMP 000000010017163c
    .text C:\Windows\system32\svchost.exe[1300] C:\Windows\system32\ntdll.dll!NtProtectVirtualMemory 00000000773b7370 5 bytes JMP 0000000100171284
    .text C:\Windows\system32\taskeng.exe[1432] C:\Windows\system32\ntdll.dll!LdrUnloadDll 0000000077386d20 5 bytes JMP 00000001001d075c
    .text C:\Windows\system32\taskeng.exe[1432] C:\Windows\system32\ntdll.dll!LdrLoadDll 00000000773a3bd0 5 bytes JMP 00000001001d03a4
    .text C:\Windows\system32\taskeng.exe[1432] C:\Windows\system32\ntdll.dll!NtAllocateVirtualMemory 00000000773b6ff0 5 bytes JMP 00000001001d0b14
    .text C:\Windows\system32\taskeng.exe[1432] C:\Windows\system32\ntdll.dll!NtFreeVirtualMemory 00000000773b7050 5 bytes JMP 00000001001d0ecc
    .text C:\Windows\system32\taskeng.exe[1432] C:\Windows\system32\ntdll.dll!NtTerminateProcess 00000000773b7130 5 bytes JMP 00000001001d163c
    .text C:\Windows\system32\taskeng.exe[1432] C:\Windows\system32\ntdll.dll!NtProtectVirtualMemory 00000000773b7370 5 bytes JMP 00000001001d1284
    .text C:\Windows\system32\Dwm.exe[1308] C:\Windows\system32\ntdll.dll!LdrUnloadDll 0000000077386d20 5 bytes JMP 000000010078075c
    .text C:\Windows\system32\Dwm.exe[1308] C:\Windows\system32\ntdll.dll!LdrLoadDll 00000000773a3bd0 5 bytes JMP 00000001007803a4
    .text C:\Windows\system32\Dwm.exe[1308] C:\Windows\system32\ntdll.dll!NtAllocateVirtualMemory 00000000773b6ff0 5 bytes JMP 0000000100780b14
    .text C:\Windows\system32\Dwm.exe[1308] C:\Windows\system32\ntdll.dll!NtFreeVirtualMemory 00000000773b7050 5 bytes JMP 0000000100780ecc
    .text C:\Windows\system32\Dwm.exe[1308] C:\Windows\system32\ntdll.dll!NtTerminateProcess 00000000773b7130 5 bytes JMP 000000010078163c
    .text C:\Windows\system32\Dwm.exe[1308] C:\Windows\system32\ntdll.dll!NtProtectVirtualMemory 00000000773b7370 5 bytes JMP 0000000100781284
    .text C:\Windows\Explorer.EXE[1760] C:\Windows\system32\ntdll.dll!LdrUnloadDll 0000000077386d20 5 bytes JMP 00000001006b075c
    .text C:\Windows\Explorer.EXE[1760] C:\Windows\system32\ntdll.dll!LdrLoadDll 00000000773a3bd0 5 bytes JMP 00000001006b03a4
    .text C:\Windows\Explorer.EXE[1760] C:\Windows\system32\ntdll.dll!NtAllocateVirtualMemory 00000000773b6ff0 5 bytes JMP 00000001006b0b14
    .text C:\Windows\Explorer.EXE[1760] C:\Windows\system32\ntdll.dll!NtFreeVirtualMemory 00000000773b7050 5 bytes JMP 00000001006b0ecc
    .text C:\Windows\Explorer.EXE[1760] C:\Windows\system32\ntdll.dll!NtTerminateProcess 00000000773b7130 5 bytes JMP 00000001006b163c
    .text C:\Windows\Explorer.EXE[1760] C:\Windows\system32\ntdll.dll!NtProtectVirtualMemory 00000000773b7370 5 bytes JMP 00000001006b1284
    .text C:\Windows\Explorer.EXE[1760] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 194 00000000771e2c52 1 byte [62]
    .text C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE[2812] C:\Windows\system32\ADVAPI32.dll!SetServiceObjectSecurity 000007fefd948250 5 bytes JMP 000007ff7d9d1dac
    .text C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE[2812] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fefd9489a0 5 bytes JMP 000007ff7d9d0ecc
    .text C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE[2812] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007fefd948cc0 5 bytes JMP 000007ff7d9d1284
    .text C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE[2812] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfig2A 000007fefd948e58 5 bytes JMP 000007ff7d9d163c
    .text C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE[2812] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfig2W 000007fefd949010 5 bytes JMP 000007ff7d9d19f4
    .text C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE[2812] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fefd9490d8 5 bytes JMP 000007ff7d9d03a4
    .text C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE[2812] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fefd949420 5 bytes JMP 000007ff7d9d075c
    .text C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE[2812] C:\Windows\system32\ADVAPI32.dll!DeleteService 000007fefd9495e8 5 bytes JMP 000007ff7d9d0b14
    .text C:\Windows\System32\nvraidservice.exe[2820] C:\Windows\system32\ntdll.dll!LdrUnloadDll 0000000077386d20 5 bytes JMP 00000001001d075c
    .text C:\Windows\System32\nvraidservice.exe[2820] C:\Windows\system32\ntdll.dll!LdrLoadDll 00000000773a3bd0 5 bytes JMP 00000001001d03a4
    .text C:\Windows\System32\nvraidservice.exe[2820] C:\Windows\system32\ntdll.dll!NtAllocateVirtualMemory 00000000773b6ff0 5 bytes JMP 00000001001d0b14
    .text C:\Windows\System32\nvraidservice.exe[2820] C:\Windows\system32\ntdll.dll!NtFreeVirtualMemory 00000000773b7050 5 bytes JMP 00000001001d0ecc
    .text C:\Windows\System32\nvraidservice.exe[2820] C:\Windows\system32\ntdll.dll!NtTerminateProcess 00000000773b7130 5 bytes JMP 00000001001d163c
    .text C:\Windows\System32\nvraidservice.exe[2820] C:\Windows\system32\ntdll.dll!NtProtectVirtualMemory 00000000773b7370 5 bytes JMP 00000001001d1284
    .text C:\Windows\System32\nvraidservice.exe[2820] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 194 00000000771e2c52 1 byte [62]
    .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2848] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000775617d7 5 bytes JMP 00000001000301f8
    .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2848] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077563221 5 bytes JMP 00000001000303fc
    .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2848] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077579578 5 bytes JMP 0000000100030600
    .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2848] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077579608 5 bytes JMP 0000000100030804
    .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2848] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077579758 5 bytes JMP 0000000100030c0c
    .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2848] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077579ab8 5 bytes JMP 0000000100030a08
    .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2848] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 130 0000000075bb4228 1 byte [62]
    .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2848] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000076ec010d 5 bytes JMP 00000001000d0a08
    .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2848] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076ec03d2 5 bytes JMP 00000001000d0804
    .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2848] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076ec1b58 5 bytes JMP 00000001000d0600
    .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2848] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000076ec6530 5 bytes JMP 00000001000d03fc
    .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2848] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076ed653e 5 bytes JMP 00000001000d01f8
    .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2848] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 0000000075a99eb4 5 bytes JMP 00000001000c03fc
    .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2848] C:\Windows\syswow64\ADVAPI32.dll!DeleteService 0000000075a9a07e 5 bytes JMP 00000001000c0600
    .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2848] C:\Windows\syswow64\ADVAPI32.dll!SetServiceObjectSecurity 0000000075ad6cd9 5 bytes JMP 00000001000c1014
    .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2848] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA 0000000075ad6dd9 5 bytes JMP 00000001000c0804
    .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2848] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW 0000000075ad6f81 5 bytes JMP 00000001000c0a08
    .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2848] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfig2A 0000000075ad7099 5 bytes JMP 00000001000c0c0c
    .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2848] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfig2W 0000000075ad71e1 5 bytes JMP 00000001000c0e10
    .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2848] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 0000000075ad72a1 5 bytes JMP 00000001000c01f8
    .text C:\PROGRA~1\HEWLET~1\HPREMO~1\HPREMO~1.EXE[2960] C:\Windows\system32\ntdll.dll!LdrUnloadDll 0000000077386d20 5 bytes JMP 000000010025075c
    .text C:\PROGRA~1\HEWLET~1\HPREMO~1\HPREMO~1.EXE[2960] C:\Windows\system32\ntdll.dll!LdrLoadDll 00000000773a3bd0 5 bytes JMP 00000001002503a4
    .text C:\PROGRA~1\HEWLET~1\HPREMO~1\HPREMO~1.EXE[2960] C:\Windows\system32\ntdll.dll!NtAllocateVirtualMemory 00000000773b6ff0 5 bytes JMP 0000000100250b14
    .text C:\PROGRA~1\HEWLET~1\HPREMO~1\HPREMO~1.EXE[2960] C:\Windows\system32\ntdll.dll!NtFreeVirtualMemory 00000000773b7050 5 bytes JMP 0000000100250ecc
    .text C:\PROGRA~1\HEWLET~1\HPREMO~1\HPREMO~1.EXE[2960] C:\Windows\system32\ntdll.dll!NtTerminateProcess 00000000773b7130 5 bytes JMP 000000010025163c
    .text C:\PROGRA~1\HEWLET~1\HPREMO~1\HPREMO~1.EXE[2960] C:\Windows\system32\ntdll.dll!NtProtectVirtualMemory 00000000773b7370 5 bytes JMP 0000000100251284
    .text C:\Windows\ehome\ehmsas.exe[2072] C:\Windows\system32\ntdll.dll!LdrUnloadDll 0000000077386d20 5 bytes JMP 000000010012075c
    .text C:\Windows\ehome\ehmsas.exe[2072] C:\Windows\system32\ntdll.dll!LdrLoadDll 00000000773a3bd0 5 bytes JMP 00000001001203a4
    .text C:\Windows\ehome\ehmsas.exe[2072] C:\Windows\system32\ntdll.dll!NtAllocateVirtualMemory 00000000773b6ff0 5 bytes JMP 0000000100120b14
    .text C:\Windows\ehome\ehmsas.exe[2072] C:\Windows\system32\ntdll.dll!NtFreeVirtualMemory 00000000773b7050 5 bytes JMP 0000000100120ecc
    .text C:\Windows\ehome\ehmsas.exe[2072] C:\Windows\system32\ntdll.dll!NtTerminateProcess 00000000773b7130 5 bytes JMP 000000010012163c
    .text C:\Windows\ehome\ehmsas.exe[2072] C:\Windows\system32\ntdll.dll!NtProtectVirtualMemory 00000000773b7370 5 bytes JMP 0000000100121284
    .text c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2128] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000775617d7 5 bytes JMP 00000001001b01f8
    .text c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2128] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077563221 5 bytes JMP 00000001001b03fc
    .text c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2128] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077579578 5 bytes JMP 00000001001b0600
    .text c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2128] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077579608 5 bytes JMP 00000001001b0804
    .text c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2128] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077579758 5 bytes JMP 00000001001b0c0c
    .text c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2128] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077579ab8 5 bytes JMP 00000001001b0a08
    .text c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2128] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 130 0000000075bb4228 1 byte [62]
    .text c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2128] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 0000000075a99eb4 5 bytes JMP 00000001001d03fc
    .text c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2128] C:\Windows\syswow64\ADVAPI32.dll!DeleteService 0000000075a9a07e 5 bytes JMP 00000001001d0600
    .text c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2128] C:\Windows\syswow64\ADVAPI32.dll!SetServiceObjectSecurity 0000000075ad6cd9 5 bytes JMP 00000001001d1014
    .text c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2128] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA 0000000075ad6dd9 5 bytes JMP 00000001001d0804
    .text c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2128] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW 0000000075ad6f81 5 bytes JMP 00000001001d0a08
    .text c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2128] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfig2A 0000000075ad7099 5 bytes JMP 00000001001d0c0c
    .text c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2128] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfig2W 0000000075ad71e1 5 bytes JMP 00000001001d0e10
    .text c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2128] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 0000000075ad72a1 5 bytes JMP 00000001001d01f8
    .text c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2128] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000076ec010d 5 bytes JMP 00000001001e0a08
    .text c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2128] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076ec03d2 5 bytes JMP 00000001001e0804
    .text c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2128] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076ec1b58 5 bytes JMP 00000001001e0600
    .text c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2128] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000076ec6530 5 bytes JMP 00000001001e03fc
    .text c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2128] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076ed653e 5 bytes JMP 00000001001e01f8
    .text C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe[1152] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000775617d7 5 bytes JMP 00000001000301f8
    .text C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe[1152] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077563221 5 bytes JMP 00000001000303fc
    .text C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe[1152] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077579578 5 bytes JMP 0000000100030600
    .text C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe[1152] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077579608 5 bytes JMP 0000000100030804
    .text C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe[1152] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077579758 5 bytes JMP 0000000100030c0c
    .text C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe[1152] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077579ab8 5 bytes JMP 0000000100030a08
    .text C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe[1152] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 130 0000000075bb4228 1 byte [62]
    .text C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe[1152] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 0000000075a99eb4 5 bytes JMP 00000001001c03fc
    .text C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe[1152] C:\Windows\syswow64\ADVAPI32.dll!DeleteService 0000000075a9a07e 5 bytes JMP 00000001001c0600
    .text C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe[1152] C:\Windows\syswow64\ADVAPI32.dll!SetServiceObjectSecurity 0000000075ad6cd9 5 bytes JMP 00000001001c1014
    .text C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe[1152] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA 0000000075ad6dd9 5 bytes JMP 00000001001c0804
    .text C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe[1152] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW 0000000075ad6f81 5 bytes JMP 00000001001c0a08
    .text C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe[1152] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfig2A 0000000075ad7099 5 bytes JMP 00000001001c0c0c
    .text C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe[1152] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfig2W 0000000075ad71e1 5 bytes JMP 00000001001c0e10
    .text C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe[1152] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 0000000075ad72a1 5 bytes JMP 00000001001c01f8
    .text C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe[1152] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000076ec010d 5 bytes JMP 00000001001d0a08
    .text C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe[1152] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076ec03d2 5 bytes JMP 00000001001d0804
    .text C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe[1152] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076ec1b58 5 bytes JMP 00000001001d0600
    .text C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe[1152] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000076ec6530 5 bytes JMP 00000001001d03fc
    .text C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe[1152] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076ed653e 5 bytes JMP 00000001001d01f8
    .text C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe[1036] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000775617d7 5 bytes JMP 00000001000301f8
    .text C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe[1036] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077563221 5 bytes JMP 00000001000303fc
    .text C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe[1036] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077579578 5 bytes JMP 0000000100030600
    .text C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe[1036] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077579608 5 bytes JMP 0000000100030804
    .text C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe[1036] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077579758 5 bytes JMP 0000000100030c0c
    .text C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe[1036] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077579ab8 5 bytes JMP 0000000100030a08
    .text C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe[1036] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 130 0000000075bb4228 1 byte [62]
    .text C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe[1036] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 0000000075a99eb4 5 bytes JMP 00000001001b03fc
    .text C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe[1036] C:\Windows\syswow64\ADVAPI32.dll!DeleteService 0000000075a9a07e 5 bytes JMP 00000001001b0600
    .text C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe[1036] C:\Windows\syswow64\ADVAPI32.dll!SetServiceObjectSecurity 0000000075ad6cd9 5 bytes JMP 00000001001b1014
    .text C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe[1036] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA 0000000075ad6dd9 5 bytes JMP 00000001001b0804
    .text C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe[1036] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW 0000000075ad6f81 5 bytes JMP 00000001001b0a08
    .text C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe[1036] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfig2A 0000000075ad7099 5 bytes JMP 00000001001b0c0c
    .text C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe[1036] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfig2W 0000000075ad71e1 5 bytes JMP 00000001001b0e10
    .text C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe[1036] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 0000000075ad72a1 5 bytes JMP 00000001001b01f8
    .text C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe[1036] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000076ec010d 5 bytes JMP 00000001001c0a08
    .text C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe[1036] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076ec03d2 5 bytes JMP 00000001001c0804
    .text C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe[1036] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076ec1b58 5 bytes JMP 00000001001c0600
    .text C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe[1036] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000076ec6530 5 bytes JMP 00000001001c03fc
    .text C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe[1036] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076ed653e 5 bytes JMP 00000001001c01f8
    .text C:\Program Files (x86)\Common Files\Motive\McciCMService.exe[304] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000775617d7 5 bytes JMP 00000001000301f8
    .text C:\Program Files (x86)\Common Files\Motive\McciCMService.exe[304] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077563221 5 bytes JMP 00000001000303fc
    .text C:\Program Files (x86)\Common Files\Motive\McciCMService.exe[304] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077579578 5 bytes JMP 0000000100030600
    .text C:\Program Files (x86)\Common Files\Motive\McciCMService.exe[304] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077579608 5 bytes JMP 0000000100030804
    .text C:\Program Files (x86)\Common Files\Motive\McciCMService.exe[304] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077579758 5 bytes JMP 0000000100030c0c
    .text C:\Program Files (x86)\Common Files\Motive\McciCMService.exe[304] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077579ab8 5 bytes JMP 0000000100030a08
    .text C:\Program Files (x86)\Common Files\Motive\McciCMService.exe[304] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 130 0000000075bb4228 1 byte [62]
    .text C:\Program Files (x86)\Common Files\Motive\McciCMService.exe[304] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000076ec010d 5 bytes JMP 00000001001b0a08
    .text C:\Program Files (x86)\Common Files\Motive\McciCMService.exe[304] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076ec03d2 5 bytes JMP 00000001001b0804
    .text C:\Program Files (x86)\Common Files\Motive\McciCMService.exe[304] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076ec1b58 5 bytes JMP 00000001001b0600
    .text C:\Program Files (x86)\Common Files\Motive\McciCMService.exe[304] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000076ec6530 5 bytes JMP 00000001001b03fc
    .text C:\Program Files (x86)\Common Files\Motive\McciCMService.exe[304] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076ed653e 5 bytes JMP 00000001001b01f8
    .text C:\Program Files (x86)\Common Files\Motive\McciCMService.exe[304] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 0000000075a99eb4 5 bytes JMP 00000001001c03fc
    .text C:\Program Files (x86)\Common Files\Motive\McciCMService.exe[304] C:\Windows\syswow64\ADVAPI32.dll!DeleteService 0000000075a9a07e 5 bytes JMP 00000001001c0600
    .text C:\Program Files (x86)\Common Files\Motive\McciCMService.exe[304] C:\Windows\syswow64\ADVAPI32.dll!SetServiceObjectSecurity 0000000075ad6cd9 5 bytes JMP 00000001001c1014
    .text C:\Program Files (x86)\Common Files\Motive\McciCMService.exe[304] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA 0000000075ad6dd9 5 bytes JMP 00000001001c0804
    .text C:\Program Files (x86)\Common Files\Motive\McciCMService.exe[304] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW 0000000075ad6f81 5 bytes JMP 00000001001c0a08
    .text C:\Program Files (x86)\Common Files\Motive\McciCMService.exe[304] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfig2A 0000000075ad7099 5 bytes JMP 00000001001c0c0c
    .text C:\Program Files (x86)\Common Files\Motive\McciCMService.exe[304] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfig2W 0000000075ad71e1 5 bytes JMP 00000001001c0e10
    .text C:\Program Files (x86)\Common Files\Motive\McciCMService.exe[304] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 0000000075ad72a1 5 bytes JMP 00000001001c01f8
    .text C:\Program Files\Microsoft LifeCam\MSCamS64.exe[1084] C:\Windows\system32\ntdll.dll!LdrUnloadDll 0000000077386d20 5 bytes JMP 00000001001f075c
    .text C:\Program Files\Microsoft LifeCam\MSCamS64.exe[1084] C:\Windows\system32\ntdll.dll!LdrLoadDll 00000000773a3bd0 5 bytes JMP 00000001001f03a4
    .text C:\Program Files\Microsoft LifeCam\MSCamS64.exe[1084] C:\Windows\system32\ntdll.dll!NtAllocateVirtualMemory 00000000773b6ff0 5 bytes JMP 00000001001f0b14
    .text C:\Program Files\Microsoft LifeCam\MSCamS64.exe[1084] C:\Windows\system32\ntdll.dll!NtFreeVirtualMemory 00000000773b7050 5 bytes JMP 00000001001f0ecc
    .text C:\Program Files\Microsoft LifeCam\MSCamS64.exe[1084] C:\Windows\system32\ntdll.dll!NtTerminateProcess 00000000773b7130 5 bytes JMP 00000001001f163c
    .text C:\Program Files\Microsoft LifeCam\MSCamS64.exe[1084] C:\Windows\system32\ntdll.dll!NtProtectVirtualMemory 00000000773b7370 5 bytes JMP 00000001001f1284
    .text C:\Program Files\Microsoft LifeCam\MSCamS64.exe[1084] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 194 00000000771e2c52 1 byte [62]
    .text C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe[2684] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000775617d7 5 bytes JMP 00000001000301f8
    .text C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe[2684] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077563221 5 bytes JMP 00000001000303fc
    .text C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe[2684] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077579578 5 bytes JMP 0000000100030600
    .text C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe[2684] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077579608 5 bytes JMP 0000000100030804
    .text C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe[2684] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077579758 5 bytes JMP 0000000100030c0c
    .text C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe[2684] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077579ab8 5 bytes JMP 0000000100030a08
    .text C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe[2684] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 130 0000000075bb4228 1 byte [62]
    .text C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe[2684] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000076ec010d 5 bytes JMP 00000001001b0a08
    .text C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe[2684] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076ec03d2 5 bytes JMP 00000001001b0804
    .text C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe[2684] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076ec1b58 5 bytes JMP 00000001001b0600
    .text C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe[2684] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000076ec6530 5 bytes JMP 00000001001b03fc
    .text C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe[2684] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076ed653e 5 bytes JMP 00000001001b01f8
    .text C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe[2684] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 0000000075a99eb4 5 bytes JMP 00000001001c03fc
    .text C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe[2684] C:\Windows\syswow64\ADVAPI32.dll!DeleteService 0000000075a9a07e 5 bytes JMP 00000001001c0600
    .text C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe[2684] C:\Windows\syswow64\ADVAPI32.dll!SetServiceObjectSecurity 0000000075ad6cd9 5 bytes JMP 00000001001c1014
    .text C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe[2684] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA 0000000075ad6dd9 5 bytes JMP 00000001001c0804
    .text C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe[2684] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW 0000000075ad6f81 5 bytes JMP 00000001001c0a08
    .text C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe[2684] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfig2A 0000000075ad7099 5 bytes JMP 00000001001c0c0c
    .text C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe[2684] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfig2W 0000000075ad71e1 5 bytes JMP 00000001001c0e10
    .text C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe[2684] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 0000000075ad72a1 5 bytes JMP 00000001001c01f8
    .text C:\Windows\SysWOW64\java.exe[2184] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000775617d7 5 bytes JMP 00000001000801f8
    .text C:\Windows\SysWOW64\java.exe[2184] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077563221 5 bytes JMP 00000001000803fc
    .text C:\Windows\SysWOW64\java.exe[2184] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077579578 5 bytes JMP 0000000100080600
    .text C:\Windows\SysWOW64\java.exe[2184] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077579608 5 bytes JMP 0000000100080804
    .text C:\Windows\SysWOW64\java.exe[2184] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077579758 5 bytes JMP 0000000100080c0c
    .text C:\Windows\SysWOW64\java.exe[2184] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077579ab8 5 bytes JMP 0000000100080a08
    .text C:\Windows\SysWOW64\java.exe[2184] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 130 0000000075bb4228 1 byte [62]
    .text C:\Windows\SysWOW64\java.exe[2184] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 0000000075a99eb4 5 bytes JMP 00000001000903fc
    .text C:\Windows\SysWOW64\java.exe[2184] C:\Windows\syswow64\ADVAPI32.dll!DeleteService 0000000075a9a07e 5 bytes JMP 0000000100090600
    .text C:\Windows\SysWOW64\java.exe[2184] C:\Windows\syswow64\ADVAPI32.dll!SetServiceObjectSecurity 0000000075ad6cd9 5 bytes JMP 0000000100091014
    .text C:\Windows\SysWOW64\java.exe[2184] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA 0000000075ad6dd9 5 bytes JMP 0000000100090804
    .text C:\Windows\SysWOW64\java.exe[2184] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW 0000000075ad6f81 5 bytes JMP 0000000100090a08
    .text C:\Windows\SysWOW64\java.exe[2184] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfig2A 0000000075ad7099 5 bytes JMP 0000000100090c0c
    .text C:\Windows\SysWOW64\java.exe[2184] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfig2W 0000000075ad71e1 5 bytes JMP 0000000100090e10
    .text C:\Windows\SysWOW64\java.exe[2184] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 0000000075ad72a1 5 bytes JMP 00000001000901f8
    .text C:\Windows\SysWOW64\java.exe[2184] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000076ec010d 5 bytes JMP 00000001000a0a08
    .text C:\Windows\SysWOW64\java.exe[2184] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076ec03d2 5 bytes JMP 00000001000a0804
    .text C:\Windows\SysWOW64\java.exe[2184] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076ec1b58 5 bytes JMP 00000001000a0600
    .text C:\Windows\SysWOW64\java.exe[2184] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000076ec6530 5 bytes JMP 00000001000a03fc
    .text C:\Windows\SysWOW64\java.exe[2184] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076ed653e 5 bytes JMP 00000001000a01f8
    .text C:\Windows\SysWOW64\java.exe[2184] C:\Windows\SysWOW64\WSOCK32.dll!recv + 81 00000000754418a9 2 bytes [44, 75]
    .text C:\Windows\SysWOW64\java.exe[2184] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 87 000000007544190e 2 bytes [44, 75]
    .text C:\Windows\SysWOW64\java.exe[2184] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 98 00000000754419f0 2 bytes [44, 75]
    .text C:\Windows\SysWOW64\java.exe[2184] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 109 00000000754419fb 2 bytes [44, 75]
    .text C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[2404] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000775617d7 5 bytes JMP 00000001000301f8
    .text C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[2404] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077563221 5 bytes JMP 00000001000303fc
    .text C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[2404] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077579578 5 bytes JMP 0000000100030600
    .text C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[2404] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077579608 5 bytes JMP 0000000100030804
    .text C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[2404] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077579758 5 bytes JMP 0000000100030c0c
    .text C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[2404] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077579ab8 5 bytes JMP 0000000100030a08
    .text C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[2404] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 130 0000000075bb4228 1 byte [62]
    .text C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[2404] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000076ec010d 5 bytes JMP 0000000100070a08
    .text C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[2404] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076ec03d2 5 bytes JMP 0000000100070804
    .text C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[2404] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076ec1b58 5 bytes JMP 0000000100070600
    .text C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[2404] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000076ec6530 5 bytes JMP 00000001000703fc
    .text C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[2404] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076ed653e 5 bytes JMP 00000001000701f8
    .text C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[2404] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 0000000075a99eb4 5 bytes JMP 00000001000803fc
    .text C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[2404] C:\Windows\syswow64\ADVAPI32.dll!DeleteService 0000000075a9a07e 5 bytes JMP 0000000100080600
    .text C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[2404] C:\Windows\syswow64\ADVAPI32.dll!SetServiceObjectSecurity 0000000075ad6cd9 5 bytes JMP 0000000100081014
    .text C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[2404] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA 0000000075ad6dd9 5 bytes JMP 0000000100080804
    .text C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[2404] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW 0000000075ad6f81 5 bytes JMP 0000000100080a08
    .text C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[2404] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfig2A 0000000075ad7099 5 bytes JMP 0000000100080c0c
    .text C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[2404] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfig2W 0000000075ad71e1 5 bytes JMP 0000000100080e10
    .text C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[2404] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 0000000075ad72a1 5 bytes JMP 00000001000801f8
    .text C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2116] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000775617d7 5 bytes JMP 00000001000701f8
    .text C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2116] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077563221 3 bytes JMP 00000001000703fc
    .text C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2116] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll + 4 0000000077563225 1 byte [88]
    .text C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2116] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077579578 5 bytes JMP 0000000100070600
    .text C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2116] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077579608 5 bytes JMP 0000000100070804
    .text C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2116] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077579758 5 bytes JMP 0000000100070c0c
    .text C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2116] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077579ab8 5 bytes JMP 0000000100070a08
    .text C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2116] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 130 0000000075bb4228 1 byte [62]
    .text C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2116] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 0000000075a99eb4 5 bytes JMP 00000001000803fc
    .text C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2116] C:\Windows\syswow64\ADVAPI32.dll!DeleteService 0000000075a9a07e 5 bytes JMP 0000000100080600
    .text C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2116] C:\Windows\syswow64\ADVAPI32.dll!SetServiceObjectSecurity 0000000075ad6cd9 5 bytes JMP 0000000100081014
    .text C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2116] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA 0000000075ad6dd9 5 bytes JMP 0000000100080804
    .text C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2116] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW 0000000075ad6f81 5 bytes JMP 0000000100080a08
    .text C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2116] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfig2A 0000000075ad7099 5 bytes JMP 0000000100080c0c
    .text C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2116] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfig2W 0000000075ad71e1 5 bytes JMP 0000000100080e10
    .text C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2116] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 0000000075ad72a1 5 bytes JMP 00000001000801f8
    .text C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2116] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000076ec010d 5 bytes JMP 0000000100010a08
    .text C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2116] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076ec03d2 5 bytes JMP 0000000100010804
    .text C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2116] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076ec1b58 5 bytes JMP 0000000100010600
    .text C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2116] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000076ec6530 5 bytes JMP 00000001000103fc
    .text C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2116] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076ed653e 5 bytes JMP 00000001000101f8
    .text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[844] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000775617d7 5 bytes JMP 00000001002101f8
    .text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[844] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077563221 5 bytes JMP 00000001002103fc
    .text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[844] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077579578 5 bytes JMP 0000000100210600
    .text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[844] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077579608 5 bytes JMP 0000000100210804
    .text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[844] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077579758 5 bytes JMP 0000000100210c0c
    .text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[844] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077579ab8 5 bytes JMP 0000000100210a08
    .text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[844] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 130 0000000075bb4228 1 byte [62]
    .text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[844] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000076ec010d 5 bytes JMP 0000000100220a08
    .text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[844] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076ec03d2 5 bytes JMP 0000000100220804
    .text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[844] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076ec1b58 5 bytes JMP 0000000100220600
    .text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[844] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000076ec6530 5 bytes JMP 00000001002203fc
    .text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[844] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076ed653e 5 bytes JMP 00000001002201f8
    .text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[844] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 0000000075a99eb4 5 bytes JMP 00000001002303fc
    .text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[844] C:\Windows\syswow64\ADVAPI32.dll!DeleteService 0000000075a9a07e 5 bytes JMP 0000000100230600
    .text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[844] C:\Windows\syswow64\ADVAPI32.dll!SetServiceObjectSecurity 0000000075ad6cd9 5 bytes JMP 0000000100231014
    .text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[844] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA 0000000075ad6dd9 5 bytes JMP 0000000100230804
    .text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[844] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW 0000000075ad6f81 5 bytes JMP 0000000100230a08
    .text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[844] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfig2A 0000000075ad7099 5 bytes JMP 0000000100230c0c
    .text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[844] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfig2W 0000000075ad71e1 5 bytes JMP 0000000100230e10
    .text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[844] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 0000000075ad72a1 5 bytes JMP 00000001002301f8
    .text C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe[2936] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000775617d7 5 bytes JMP 00000001001b01f8
    .text C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe[2936] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077563221 5 bytes JMP 00000001001b03fc
    .text C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe[2936] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077579578 5 bytes JMP 00000001001b0600
    .text C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe[2936] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077579608 5 bytes JMP 00000001001b0804
    .text C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe[2936] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077579758 5 bytes JMP 00000001001b0c0c
    .text C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe[2936] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077579ab8 5 bytes JMP 00000001001b0a08
    .text C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe[2936] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 130 0000000075bb4228 1 byte [62]
    .text C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe[2936] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000076ec010d 5 bytes JMP 00000001001d0a08
    .text C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe[2936] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076ec03d2 5 bytes JMP 00000001001d0804
    .text C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe[2936] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076ec1b58 5 bytes JMP 00000001001d0600
    .text C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe[2936] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000076ec6530 5 bytes JMP 00000001001d03fc
    .text C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe[2936] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076ed653e 5 bytes JMP 00000001001d01f8
    .text C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe[2936] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 0000000075a99eb4 5 bytes JMP 00000001001e03fc
    .text C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe[2936] C:\Windows\syswow64\ADVAPI32.dll!DeleteService 0000000075a9a07e 5 bytes JMP 00000001001e0600
    .text C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe[2936] C:\Windows\syswow64\ADVAPI32.dll!SetServiceObjectSecurity 0000000075ad6cd9 5 bytes JMP 00000001001e1014
    .text C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe[2936] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA 0000000075ad6dd9 5 bytes JMP 00000001001e0804
    .text C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe[2936] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW 0000000075ad6f81 5 bytes JMP 00000001001e0a08
    .text C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe[2936] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfig2A 0000000075ad7099 5 bytes JMP 00000001001e0c0c
    .text C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe[2936] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfig2W 0000000075ad71e1 5 bytes JMP 00000001001e0e10
    .text C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe[2936] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 0000000075ad72a1 5 bytes JMP 00000001001e01f8
    .text C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe[2268] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000775617d7 5 bytes JMP 00000001000301f8
    .text C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe[2268] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077563221 5 bytes JMP 00000001000303fc
    .text C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe[2268] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077579578 5 bytes JMP 0000000100030600
    .text C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe[2268] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077579608 5 bytes JMP 0000000100030804
    .text C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe[2268] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077579758 5 bytes JMP 0000000100030c0c
    .text C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe[2268] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077579ab8 5 bytes JMP 0000000100030a08
    .text C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe[2268] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 130 0000000075bb4228 1 byte [62]
    .text C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe[2268] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 0000000075a99eb4 5 bytes JMP 00000001000703fc
    .text C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe[2268] C:\Windows\syswow64\ADVAPI32.dll!DeleteService 0000000075a9a07e 5 bytes JMP 0000000100070600
    .text C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe[2268] C:\Windows\syswow64\ADVAPI32.dll!SetServiceObjectSecurity 0000000075ad6cd9 5 bytes JMP 0000000100071014
    .text C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe[2268] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA 0000000075ad6dd9 5 bytes JMP 0000000100070804
    .text C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe[2268] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW 0000000075ad6f81 5 bytes JMP 0000000100070a08
    .text C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe[2268] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfig2A 0000000075ad7099 5 bytes JMP 0000000100070c0c
    .text C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe[2268] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfig2W 0000000075ad71e1 5 bytes JMP 0000000100070e10
    .text C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe[2268] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 0000000075ad72a1 5 bytes JMP 00000001000701f8
    .text C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe[2268] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000076ec010d 5 bytes JMP 00000001000c0a08
    .text C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe[2268] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076ec03d2 5 bytes JMP 00000001000c0804
    .text C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe[2268] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076ec1b58 5 bytes JMP 00000001000c0600
    .text C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe[2268] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000076ec6530 5 bytes JMP 00000001000c03fc
    .text C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe[2268] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076ed653e 5 bytes JMP 00000001000c01f8
    .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2188] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 130 0000000075bb4228 1 byte [62]
    .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3092] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000775617d7 5 bytes JMP 00000001000301f8
    .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3092] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077563221 5 bytes JMP 00000001000303fc
    .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3092] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077579578 5 bytes JMP 0000000100030600
    .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3092] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077579608 5 bytes JMP 0000000100030804
    .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3092] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077579758 5 bytes JMP 0000000100030c0c
    .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3092] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077579ab8 5 bytes JMP 0000000100030a08
    .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3092] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 130 0000000075bb4228 1 byte [62]
    .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3092] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 0000000075a99eb4 5 bytes JMP 00000001001c03fc
    .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3092] C:\Windows\syswow64\ADVAPI32.dll!DeleteService 0000000075a9a07e 5 bytes JMP 00000001001c0600
    .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3092] C:\Windows\syswow64\ADVAPI32.dll!SetServiceObjectSecurity 0000000075ad6cd9 5 bytes JMP 00000001001c1014
    .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3092] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA 0000000075ad6dd9 5 bytes JMP 00000001001c0804
    .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3092] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW 0000000075ad6f81 5 bytes JMP 00000001001c0a08
    .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3092] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfig2A 0000000075ad7099 5 bytes JMP 00000001001c0c0c
    .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3092] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfig2W 0000000075ad71e1 5 bytes JMP 00000001001c0e10
    .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3092] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 0000000075ad72a1 5 bytes JMP 00000001001c01f8
    .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3092] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000076ec010d 5 bytes JMP 00000001001d0a08
    .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3092] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076ec03d2 5 bytes JMP 00000001001d0804
    .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3092] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076ec1b58 5 bytes JMP 00000001001d0600
    .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3092] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000076ec6530 5 bytes JMP 00000001001d03fc
    .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3092] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076ed653e 5 bytes JMP 00000001001d01f8
    .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[3196] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000775617d7 5 bytes JMP 00000001000301f8
    .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[3196] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077563221 5 bytes JMP 00000001000303fc
    .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[3196] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077579578 5 bytes JMP 0000000100030600
    .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[3196] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077579608 5 bytes JMP 0000000100030804
    .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[3196] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077579758 5 bytes JMP 0000000100030c0c
    .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[3196] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077579ab8 5 bytes JMP 0000000100030a08
    .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[3196] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 130 0000000075bb4228 1 byte [62]
    .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[3196] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000076ec010d 5 bytes JMP 0000000100070a08
    .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[3196] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076ec03d2 5 bytes JMP 0000000100070804
    .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[3196] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076ec1b58 5 bytes JMP 0000000100070600
    .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[3196] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000076ec6530 5 bytes JMP 00000001000703fc
    .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[3196] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076ed653e 5 bytes JMP 00000001000701f8
    .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[3196] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 0000000075a99eb4 5 bytes JMP 00000001000803fc
    .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[3196] C:\Windows\syswow64\ADVAPI32.dll!DeleteService 0000000075a9a07e 5 bytes JMP 0000000100080600
    .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[3196] C:\Windows\syswow64\ADVAPI32.dll!SetServiceObjectSecurity 0000000075ad6cd9 5 bytes JMP 0000000100081014
    .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[3196] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA 0000000075ad6dd9 5 bytes JMP 0000000100080804
    .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[3196] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW 0000000075ad6f81 5 bytes JMP 0000000100080a08
    .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[3196] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfig2A 0000000075ad7099 5 bytes JMP 0000000100080c0c
    .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[3196] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfig2W 0000000075ad71e1 5 bytes JMP 0000000100080e10
    .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[3196] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 0000000075ad72a1 5 bytes JMP 00000001000801f8
    .text C:\Windows\System32\svchost.exe[3296] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 194 00000000771e2c52 1 byte [62]
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3324] C:\Windows\system32\ntdll.dll!LdrUnloadDll 0000000077386d20 5 bytes JMP 00000001001e075c
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3324] C:\Windows\system32\ntdll.dll!LdrLoadDll 00000000773a3bd0 5 bytes JMP 00000001001e03a4
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3324] C:\Windows\system32\ntdll.dll!NtAllocateVirtualMemory 00000000773b6ff0 5 bytes JMP 00000001001e0b14
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3324] C:\Windows\system32\ntdll.dll!NtFreeVirtualMemory 00000000773b7050 5 bytes JMP 00000001001e0ecc
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3324] C:\Windows\system32\ntdll.dll!NtTerminateProcess 00000000773b7130 5 bytes JMP 00000001001e163c
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3324] C:\Windows\system32\ntdll.dll!NtProtectVirtualMemory 00000000773b7370 5 bytes JMP 00000001001e1284
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3324] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 194 00000000771e2c52 1 byte [62]
    .text C:\Windows\system32\SearchIndexer.exe[3376] C:\Windows\system32\ntdll.dll!LdrUnloadDll 0000000077386d20 5 bytes JMP 00000001000a075c
    .text C:\Windows\system32\SearchIndexer.exe[3376] C:\Windows\system32\ntdll.dll!LdrLoadDll 00000000773a3bd0 5 bytes JMP 00000001000a03a4
    .text C:\Windows\system32\SearchIndexer.exe[3376] C:\Windows\system32\ntdll.dll!NtAllocateVirtualMemory 00000000773b6ff0 5 bytes JMP 00000001000a0b14
    .text C:\Windows\system32\SearchIndexer.exe[3376] C:\Windows\system32\ntdll.dll!NtFreeVirtualMemory 00000000773b7050 5 bytes JMP 00000001000a0ecc
    .text C:\Windows\system32\SearchIndexer.exe[3376] C:\Windows\system32\ntdll.dll!NtTerminateProcess 00000000773b7130 5 bytes JMP 00000001000a163c
    .text C:\Windows\system32\SearchIndexer.exe[3376] C:\Windows\system32\ntdll.dll!NtProtectVirtualMemory 00000000773b7370 5 bytes JMP 00000001000a1284
    .text C:\Windows\system32\SearchIndexer.exe[3376] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 194 00000000771e2c52 1 byte [62]
    .text C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe[3532] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000775617d7 5 bytes JMP 00000001000301f8
    .text C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe[3532] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077563221 5 bytes JMP 00000001000303fc
    .text C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe[3532] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077579578 5 bytes JMP 0000000100030600
    .text C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe[3532] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077579608 5 bytes JMP 0000000100030804
    .text C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe[3532] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077579758 5 bytes JMP 0000000100030c0c
    .text C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe[3532] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077579ab8 5 bytes JMP 0000000100030a08
    .text C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe[3532] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 130 0000000075bb4228 1 byte [62]
    .text C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe[3532] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 0000000075a99eb4 5 bytes JMP 00000001001c03fc
    .text C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe[3532] C:\Windows\syswow64\ADVAPI32.dll!DeleteService 0000000075a9a07e 5 bytes JMP 00000001001c0600
    .text C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe[3532] C:\Windows\syswow64\ADVAPI32.dll!SetServiceObjectSecurity 0000000075ad6cd9 5 bytes JMP 00000001001c1014
    .text C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe[3532] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA 0000000075ad6dd9 5 bytes JMP 00000001001c0804
    .text C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe[3532] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW 0000000075ad6f81 5 bytes JMP 00000001001c0a08
    .text C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe[3532] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfig2A 0000000075ad7099 5 bytes JMP 00000001001c0c0c
    .text C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe[3532] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfig2W 0000000075ad71e1 5 bytes JMP 00000001001c0e10
    .text C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe[3532] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 0000000075ad72a1 5 bytes JMP 00000001001c01f8
    .text C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe[3532] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000076ec010d 5 bytes JMP 00000001001d0a08
    .text C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe[3532] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076ec03d2 5 bytes JMP 00000001001d0804
    .text C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe[3532] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076ec1b58 5 bytes JMP 00000001001d0600
    .text C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe[3532] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000076ec6530 5 bytes JMP 00000001001d03fc
    .text C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe[3532] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076ed653e 5 bytes JMP 00000001001d01f8
    .text C:\Windows\System32\WUDFHost.exe[3656] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 194 00000000771e2c52 1 byte [62]
    .text C:\Windows\system32\wbem\wmiprvse.exe[3700] C:\Windows\system32\ntdll.dll!LdrUnloadDll 0000000077386d20 5 bytes JMP 000000010016075c
    .text C:\Windows\system32\wbem\wmiprvse.exe[3700] C:\Windows\system32\ntdll.dll!LdrLoadDll 00000000773a3bd0 5 bytes JMP 00000001001603a4
    .text C:\Windows\system32\wbem\wmiprvse.exe[3700] C:\Windows\system32\ntdll.dll!NtAllocateVirtualMemory 00000000773b6ff0 5 bytes JMP 0000000100160b14
    .text C:\Windows\system32\wbem\wmiprvse.exe[3700] C:\Windows\system32\ntdll.dll!NtFreeVirtualMemory 00000000773b7050 5 bytes JMP 0000000100160ecc
    .text C:\Windows\system32\wbem\wmiprvse.exe[3700] C:\Windows\system32\ntdll.dll!NtTerminateProcess 00000000773b7130 5 bytes JMP 000000010016163c
    .text C:\Windows\system32\wbem\wmiprvse.exe[3700] C:\Windows\system32\ntdll.dll!NtProtectVirtualMemory 00000000773b7370 5 bytes JMP 0000000100161284
    .text c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe[3756] C:\Windows\system32\ntdll.dll!LdrUnloadDll 0000000077386d20 5 bytes JMP 000000010027075c
    .text c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe[3756] C:\Windows\system32\ntdll.dll!LdrLoadDll 00000000773a3bd0 5 bytes JMP 00000001002703a4
    .text c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe[3756] C:\Windows\system32\ntdll.dll!NtAllocateVirtualMemory 00000000773b6ff0 5 bytes JMP 0000000100270b14
    .text c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe[3756] C:\Windows\system32\ntdll.dll!NtFreeVirtualMemory 00000000773b7050 5 bytes JMP 0000000100270ecc
    .text c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe[3756] C:\Windows\system32\ntdll.dll!NtTerminateProcess 00000000773b7130 5 bytes JMP 000000010027163c
    .text c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe[3756] C:\Windows\system32\ntdll.dll!NtProtectVirtualMemory 00000000773b7370 5 bytes JMP 0000000100271284
    .text c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe[3756] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 194 00000000771e2c52 1 byte [62]
    .text C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2084] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000775617d7 5 bytes JMP 00000001000301f8
    .text C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2084] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077563221 5 bytes JMP 00000001000303fc
    .text C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2084] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077579578 5 bytes JMP 0000000100030600
    .text C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2084] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077579608 5 bytes JMP 0000000100030804
    .text C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2084] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077579758 5 bytes JMP 0000000100030c0c
    .text C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2084] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077579ab8 5 bytes JMP 0000000100030a08
    .text C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2084] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 130 0000000075bb4228 1 byte [62]
    .text C:\Windows\splwow64.exe[5112] C:\Windows\system32\ntdll.dll!LdrUnloadDll 0000000077386d20 5 bytes JMP 000000010016075c
    .text C:\Windows\splwow64.exe[5112] C:\Windows\system32\ntdll.dll!LdrLoadDll 00000000773a3bd0 5 bytes JMP 00000001001603a4
    .text C:\Windows\splwow64.exe[5112] C:\Windows\system32\ntdll.dll!NtAllocateVirtualMemory 00000000773b6ff0 5 bytes JMP 0000000100160b14
    .text C:\Windows\splwow64.exe[5112] C:\Windows\system32\ntdll.dll!NtFreeVirtualMemory 00000000773b7050 5 bytes JMP 0000000100160ecc
    .text C:\Windows\splwow64.exe[5112] C:\Windows\system32\ntdll.dll!NtTerminateProcess 00000000773b7130 5 bytes JMP 000000010016163c
    .text C:\Windows\splwow64.exe[5112] C:\Windows\system32\ntdll.dll!NtProtectVirtualMemory 00000000773b7370 5 bytes JMP 0000000100161284
    .text C:\Windows\splwow64.exe[5112] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 194 00000000771e2c52 1 byte [62]
    .text C:\Windows\System32\mobsync.exe[4248] C:\Windows\system32\ntdll.dll!LdrUnloadDll 0000000077386d20 5 bytes JMP 000000010018075c
    .text C:\Windows\System32\mobsync.exe[4248] C:\Windows\system32\ntdll.dll!LdrLoadDll 00000000773a3bd0 5 bytes JMP 00000001001803a4
    .text C:\Windows\System32\mobsync.exe[4248] C:\Windows\system32\ntdll.dll!NtAllocateVirtualMemory 00000000773b6ff0 5 bytes JMP 0000000100180b14
    .text C:\Windows\System32\mobsync.exe[4248] C:\Windows\system32\ntdll.dll!NtFreeVirtualMemory 00000000773b7050 5 bytes JMP 0000000100180ecc
    .text C:\Windows\System32\mobsync.exe[4248] C:\Windows\system32\ntdll.dll!NtTerminateProcess 00000000773b7130 5 bytes JMP 000000010018163c
    .text C:\Windows\System32\mobsync.exe[4248] C:\Windows\system32\ntdll.dll!NtProtectVirtualMemory 00000000773b7370 5 bytes JMP 0000000100181284
    .text C:\Windows\System32\mobsync.exe[4248] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 194 00000000771e2c52 1 byte [62]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000775617d7 5 bytes JMP 00000001000301f8
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077563221 5 bytes JMP 00000001000303fc
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077579578 5 bytes JMP 0000000100030600
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077579608 5 bytes JMP 0000000100030804
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077579758 5 bytes JMP 0000000100030c0c
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077579ab8 5 bytes JMP 0000000100030a08
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 130 0000000075bb4228 1 byte [62]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 0000000075a99eb4 5 bytes JMP 00000001000603fc
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\syswow64\ADVAPI32.dll!DeleteService 0000000075a9a07e 5 bytes JMP 0000000100060600
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\syswow64\ADVAPI32.dll!SetServiceObjectSecurity 0000000075ad6cd9 5 bytes JMP 0000000100061014
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA 0000000075ad6dd9 5 bytes JMP 0000000100060804
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW 0000000075ad6f81 5 bytes JMP 0000000100060a08
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfig2A 0000000075ad7099 5 bytes JMP 0000000100060c0c
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfig2W 0000000075ad71e1 5 bytes JMP 0000000100060e10
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 0000000075ad72a1 5 bytes JMP 00000001000601f8
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000076ec010d 5 bytes JMP 0000000100070a08
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076ec03d2 5 bytes JMP 0000000100070804
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076ec17ea 5 bytes JMP 000000016e11dafc
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076ec1b58 5 bytes JMP 0000000100070600
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000076ec6530 5 bytes JMP 00000001000703fc
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\syswow64\USER32.dll!DialogBoxParamA 0000000076ed081c 5 bytes JMP 000000016e2171fc
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamW 0000000076ed2483 5 bytes JMP 000000016e21725f
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA 0000000076ed4b7c 5 bytes JMP 000000016e217191
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076ed653e 5 bytes JMP 00000001000701f8
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW 0000000076ee9b0b 5 bytes JMP 000000016e217126
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000076ef5fb7 5 bytes JMP 000000016e04550d
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamA 0000000076ef6397 5 bytes JMP 000000016e2172c2
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\syswow64\USER32.dll!MessageBoxExA 0000000076f0d3ad 5 bytes JMP 000000016e2170c4
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\syswow64\USER32.dll!MessageBoxExW 0000000076f0d3d1 5 bytes JMP 000000016e217062
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\syswow64\OLEAUT32.dll!OleCreatePropertyFrameIndirect 00000000763070a6 5 bytes JMP 000000016e217e3e
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll!PropertySheetW 0000000074bc881c 5 bytes JMP 000000016e2187f5
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll!PropertySheet 0000000074bc8834 5 bytes JMP 000000016e218895
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\syswow64\comdlg32.dll!PageSetupDlgW 00000000760eed29 5 bytes JMP 000000016e217f70
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2588] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000775617d7 5 bytes JMP 00000001000301f8
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2588] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077563221 5 bytes JMP 00000001000303fc
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2588] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077579578 5 bytes JMP 0000000100030600
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2588] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077579608 5 bytes JMP 0000000100030804
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2588] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077579758 5 bytes JMP 0000000100030c0c
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2588] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077579ab8 5 bytes JMP 0000000100030a08
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2588] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 130 0000000075bb4228 1 byte [62]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2588] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 0000000075a99eb4 5 bytes JMP 00000001000603fc
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2588] C:\Windows\syswow64\ADVAPI32.dll!DeleteService 0000000075a9a07e 5 bytes JMP 0000000100060600
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2588] C:\Windows\syswow64\ADVAPI32.dll!SetServiceObjectSecurity 0000000075ad6cd9 5 bytes JMP 0000000100061014
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2588] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA 0000000075ad6dd9 5 bytes JMP 0000000100060804
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2588] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW 0000000075ad6f81 5 bytes JMP 0000000100060a08
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2588] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfig2A 0000000075ad7099 5 bytes JMP 0000000100060c0c
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2588] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfig2W 0000000075ad71e1 5 bytes JMP 0000000100060e10
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2588] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 0000000075ad72a1 5 bytes JMP 00000001000601f8
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2588] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000076eb7bb3 2 bytes JMP 000000016e10d0ed
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2588] C:\Windows\syswow64\USER32.dll!CallNextHookEx + 3 0000000076eb7bb6 2 bytes [25, F7]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2588] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000076ec010d 5 bytes JMP 000000016e08469c
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2588] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076ec03d2 5 bytes JMP 000000016e119a81
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2588] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076ec17ea 5 bytes JMP 000000016e11dafc
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2588] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076ec1b58 5 bytes JMP 0000000100070600
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2588] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000076ec6530 5 bytes JMP 00000001000703fc
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2588] C:\Windows\syswow64\USER32.dll!DialogBoxParamA 0000000076ed081c 5 bytes JMP 000000016e2171fc
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2588] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamW 0000000076ed2483 5 bytes JMP 000000016e21725f
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2588] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA 0000000076ed4b7c 5 bytes JMP 000000016e217191
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2588] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076ed653e 5 bytes JMP 00000001000701f8
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2588] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW 0000000076ee9b0b 5 bytes JMP 000000016e217126
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2588] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000076ef5fb7 5 bytes JMP 000000016e04550d
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2588] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamA 0000000076ef6397 5 bytes JMP 000000016e2172c2
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2588] C:\Windows\syswow64\USER32.dll!MessageBoxExA 0000000076f0d3ad 5 bytes JMP 000000016e2170c4
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2588] C:\Windows\syswow64\USER32.dll!MessageBoxExW 0000000076f0d3d1 5 bytes JMP 000000016e217062
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2588] C:\Windows\syswow64\ole32.dll!OleLoadFromStream 0000000075f91e80 5 bytes JMP 000000016e2175c7
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2588] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075fc9f3e 5 bytes JMP 000000016e11db58
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2588] C:\Windows\syswow64\OLEAUT32.dll!VariantClear 00000000762a3df0 5 bytes JMP 000000016e218209
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2588] C:\Windows\syswow64\OLEAUT32.dll!SysFreeString 00000000762a3e40 5 bytes JMP 000000016e21762f
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2588] C:\Windows\syswow64\OLEAUT32.dll!SysAllocStringByteLen 00000000762a462b 5 bytes JMP 000000016e21816f
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2588] C:\Windows\syswow64\OLEAUT32.dll!VariantChangeType 00000000762a74bc 5 bytes JMP 000000016e2181ba
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2588] C:\Windows\syswow64\OLEAUT32.dll!OleCreatePropertyFrameIndirect 00000000763070a6 5 bytes JMP 000000016e217e3e
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2588] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll!PropertySheetW 0000000074bc881c 5 bytes JMP 000000016e2187f5
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2588] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll!PropertySheet 0000000074bc8834 5 bytes JMP 000000016e218895
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2588] C:\Windows\syswow64\comdlg32.dll!PageSetupDlgW 00000000760eed29 5 bytes JMP 000000016e217f70
    .text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[3876] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000775617d7 5 bytes JMP 00000001000301f8
    .text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[3876] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077563221 5 bytes JMP 00000001000303fc
    .text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[3876] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077579578 5 bytes JMP 0000000100030600
    .text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[3876] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077579608 5 bytes JMP 0000000100030804
    .text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[3876] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077579758 5 bytes JMP 0000000100030c0c
    .text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[3876] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077579ab8 5 bytes JMP 0000000100030a08
    .text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[3876] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 130 0000000075bb4228 1 byte [62]
    .text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[3876] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 0000000075a99eb4 5 bytes JMP 00000001000703fc
    .text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[3876] C:\Windows\syswow64\ADVAPI32.dll!DeleteService 0000000075a9a07e 5 bytes JMP 0000000100070600
    .text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[3876] C:\Windows\syswow64\ADVAPI32.dll!SetServiceObjectSecurity 0000000075ad6cd9 5 bytes JMP 0000000100071014
    .text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[3876] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA 0000000075ad6dd9 5 bytes JMP 0000000100070804
    .text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[3876] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW 0000000075ad6f81 5 bytes JMP 0000000100070a08
    .text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[3876] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfig2A 0000000075ad7099 5 bytes JMP 0000000100070c0c
    .text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[3876] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfig2W 0000000075ad71e1 5 bytes JMP 0000000100070e10
    .text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[3876] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 0000000075ad72a1 5 bytes JMP 00000001000701f8
    .text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[3876] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000076ec010d 5 bytes JMP 0000000100080a08
    .text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[3876] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076ec03d2 5 bytes JMP 0000000100080804
    .text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[3876] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076ec1b58 5 bytes JMP 0000000100080600
    .text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[3876] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000076ec6530 5 bytes JMP 00000001000803fc
    .text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[3876] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076ed653e 5 bytes JMP 00000001000801f8
    .text C:\Windows\System32\notepad.exe[4292] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 194 00000000771e2c52 1 byte [62]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4072] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000775617d7 5 bytes JMP 00000001000301f8
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4072] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077563221 5 bytes JMP 00000001000303fc
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4072] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077579578 5 bytes JMP 0000000100030600
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4072] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077579608 5 bytes JMP 0000000100030804
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4072] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077579758 5 bytes JMP 0000000100030c0c
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4072] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077579ab8 5 bytes JMP 0000000100030a08
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4072] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 130 0000000075bb4228 1 byte [62]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4072] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 0000000075a99eb4 5 bytes JMP 00000001000603fc
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4072] C:\Windows\syswow64\ADVAPI32.dll!DeleteService 0000000075a9a07e 5 bytes JMP 0000000100060600
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4072] C:\Windows\syswow64\ADVAPI32.dll!SetServiceObjectSecurity 0000000075ad6cd9 5 bytes JMP 0000000100061014
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4072] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA 0000000075ad6dd9 5 bytes JMP 0000000100060804
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4072] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW 0000000075ad6f81 5 bytes JMP 0000000100060a08
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4072] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfig2A 0000000075ad7099 5 bytes JMP 0000000100060c0c
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4072] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfig2W 0000000075ad71e1 5 bytes JMP 0000000100060e10
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4072] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 0000000075ad72a1 5 bytes JMP 00000001000601f8
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4072] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000076ec010d 5 bytes JMP 0000000100070a08
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4072] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076ec03d2 5 bytes JMP 0000000100070804
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4072] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076ec17ea 5 bytes JMP 000000016e11dafc
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4072] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076ec1b58 5 bytes JMP 0000000100070600
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4072] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000076ec6530 5 bytes JMP 00000001000703fc
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4072] C:\Windows\syswow64\USER32.dll!DialogBoxParamA 0000000076ed081c 5 bytes JMP 000000016e2171fc
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4072] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamW 0000000076ed2483 5 bytes JMP 000000016e21725f
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4072] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA 0000000076ed4b7c 5 bytes JMP 000000016e217191
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4072] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076ed653e 5 bytes JMP 00000001000701f8
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4072] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW 0000000076ee9b0b 5 bytes JMP 000000016e217126
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4072] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000076ef5fb7 5 bytes JMP 000000016e04550d
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4072] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamA 0000000076ef6397 5 bytes JMP 000000016e2172c2
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4072] C:\Windows\syswow64\USER32.dll!MessageBoxExA 0000000076f0d3ad 5 bytes JMP 000000016e2170c4
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4072] C:\Windows\syswow64\USER32.dll!MessageBoxExW 0000000076f0d3d1 5 bytes JMP 000000016e217062
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4072] C:\Windows\syswow64\OLEAUT32.dll!OleCreatePropertyFrameIndirect 00000000763070a6 5 bytes JMP 000000016e217e3e
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4072] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll!PropertySheetW 0000000074bc881c 5 bytes JMP 000000016e2187f5
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4072] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll!PropertySheet 0000000074bc8834 5 bytes JMP 000000016e218895
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4072] C:\Windows\syswow64\comdlg32.dll!PageSetupDlgW 00000000760eed29 5 bytes JMP 000000016e217f70
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3880] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000775617d7 5 bytes JMP 00000001000601f8
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3880] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077563221 5 bytes JMP 00000001000603fc
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3880] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077579578 5 bytes JMP 0000000100060600
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3880] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077579608 5 bytes JMP 0000000100060804
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3880] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077579758 5 bytes JMP 0000000100060c0c
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3880] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077579ab8 5 bytes JMP 0000000100060a08
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3880] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 130 0000000075bb4228 1 byte [62]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3880] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 0000000075a99eb4 5 bytes JMP 00000001000703fc
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3880] C:\Windows\syswow64\ADVAPI32.dll!DeleteService 0000000075a9a07e 5 bytes JMP 0000000100070600
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3880] C:\Windows\syswow64\ADVAPI32.dll!SetServiceObjectSecurity 0000000075ad6cd9 5 bytes JMP 0000000100071014
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3880] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA 0000000075ad6dd9 5 bytes JMP 0000000100070804
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3880] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW 0000000075ad6f81 5 bytes JMP 0000000100070a08
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3880] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfig2A 0000000075ad7099 5 bytes JMP 0000000100070c0c
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3880] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfig2W 0000000075ad71e1 5 bytes JMP 0000000100070e10
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3880] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 0000000075ad72a1 5 bytes JMP 00000001000701f8
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3880] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000076eb7bb3 2 bytes JMP 000000016e10d0ed
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3880] C:\Windows\syswow64\USER32.dll!CallNextHookEx + 3 0000000076eb7bb6 2 bytes [25, F7]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3880] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000076eb8c38 5 bytes JMP 000000016e11d2bf
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3880] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000076ebf2ca 5 bytes JMP 000000016e038eff
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3880] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000076ec010d 5 bytes JMP 000000016e08469c
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3880] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076ec03d2 5 bytes JMP 000000016e119a81
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3880] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000076ec0827 5 bytes JMP 000000016e11dd15
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3880] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076ec17ea 5 bytes JMP 000000016e11dafc
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3880] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076ec1b58 5 bytes JMP 0000000100080600
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3880] C:\Windows\syswow64\USER32.dll!SetKeyboardState 0000000076ec263b 5 bytes JMP 000000016e217ad6
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3880] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000076ec6530 5 bytes JMP 00000001000803fc
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3880] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamW 0000000076ec78d1 5 bytes JMP 000000016e217f39
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3880] C:\Windows\syswow64\USER32.dll!IsDialogMessageW 0000000076ec805d 5 bytes JMP 000000016e045a1f
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3880] C:\Windows\syswow64\USER32.dll!EndDialog 0000000076ec87af 5 bytes JMP 000000016e047ec6
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3880] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamA 0000000076ecf8f3 5 bytes JMP 000000016e217f02
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3880] C:\Windows\syswow64\USER32.dll!DialogBoxParamA 0000000076ed081c 5 bytes JMP 000000016e2171fc
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3880] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamW 0000000076ed2483 5 bytes JMP 000000016e21725f
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3880] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA 0000000076ed4b7c 5 bytes JMP 000000016e217191
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3880] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076ed653e 5 bytes JMP 00000001000801f8
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3880] C:\Windows\syswow64\USER32.dll!CreateDialogParamA 0000000076ed9b1b 5 bytes JMP 000000016e217ecb
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3880] C:\Windows\syswow64\USER32.dll!IsDialogMessage 0000000076ed9c47 5 bytes JMP 000000016e217767
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3880] C:\Windows\syswow64\USER32.dll!CreateDialogParamW 0000000076edbd5b 5 bytes JMP 000000016e11de88
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3880] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW 0000000076ee9b0b 5 bytes JMP 000000016e217126
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3880] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000076ef2a58 5 bytes JMP 000000016e2186e7
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3880] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000076ef5fb7 5 bytes JMP 000000016e04550d
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3880] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamA 0000000076ef6397 5 bytes JMP 000000016e2172c2
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3880] C:\Windows\syswow64\USER32.dll!MessageBoxExA 0000000076f0d3ad 5 bytes JMP 000000016e2170c4
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3880] C:\Windows\syswow64\USER32.dll!MessageBoxExW 0000000076f0d3d1 5 bytes JMP 000000016e217062
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3880] C:\Windows\syswow64\USER32.dll!keybd_event 0000000076f0d782 5 bytes JMP 000000016e218a17
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3880] C:\Windows\syswow64\USER32.dll!SendInput 0000000076f15af6 5 bytes JMP 000000016e218693
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3880] C:\Windows\syswow64\ole32.dll!OleLoadFromStream 0000000075f91e80 5 bytes JMP 000000016e2175c7
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3880] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075fc9f3e 5 bytes JMP 000000016e11db58
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3880] C:\Windows\syswow64\OLEAUT32.dll!VariantClear 00000000762a3df0 5 bytes JMP 000000016e218209
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3880] C:\Windows\syswow64\OLEAUT32.dll!SysFreeString 00000000762a3e40 5 bytes JMP 000000016e21762f
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3880] C:\Windows\syswow64\OLEAUT32.dll!SysAllocStringByteLen 00000000762a462b 5 bytes JMP 000000016e21816f
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3880] C:\Windows\syswow64\OLEAUT32.dll!VariantChangeType 00000000762a74bc 5 bytes JMP 000000016e2181ba
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3880] C:\Windows\syswow64\OLEAUT32.dll!OleCreatePropertyFrameIndirect 00000000763070a6 5 bytes JMP 000000016e217e3e
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3880] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll!PropertySheetW 0000000074bc881c 5 bytes JMP 000000016e2187f5
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3880] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll!PropertySheet 0000000074bc8834 5 bytes JMP 000000016e218895
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3880] C:\Windows\syswow64\comdlg32.dll!PrintDlgW 00000000760c30cf 5 bytes JMP 000000016e21800a
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3880] C:\Windows\syswow64\comdlg32.dll!PageSetupDlgW 00000000760eed29 5 bytes JMP 000000016e217f70
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4640] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000775617d7 5 bytes JMP 00000001000301f8
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4640] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077563221 5 bytes JMP 00000001000303fc
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4640] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077579578 5 bytes JMP 0000000100030600
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4640] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077579608 5 bytes JMP 0000000100030804
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4640] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077579758 5 bytes JMP 0000000100030c0c
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4640] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077579ab8 5 bytes JMP 0000000100030a08
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4640] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 130 0000000075bb4228 1 byte [62]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4640] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000076ec010d 5 bytes JMP 0000000100080a08
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4640] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076ec03d2 5 bytes JMP 0000000100080804
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4640] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076ec1b58 5 bytes JMP 0000000100080600
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4640] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000076ec6530 5 bytes JMP 00000001000803fc
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4640] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076ed653e 5 bytes JMP 00000001000801f8
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4640] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 0000000075a99eb4 5 bytes JMP 00000001000903fc
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4640] C:\Windows\syswow64\ADVAPI32.dll!DeleteService 0000000075a9a07e 5 bytes JMP 0000000100090600
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4640] C:\Windows\syswow64\ADVAPI32.dll!SetServiceObjectSecurity 0000000075ad6cd9 5 bytes JMP 0000000100091014
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4640] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA 0000000075ad6dd9 5 bytes JMP 0000000100090804
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4640] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW 0000000075ad6f81 5 bytes JMP 0000000100090a08
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4640] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfig2A 0000000075ad7099 5 bytes JMP 0000000100090c0c
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4640] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfig2W 0000000075ad71e1 5 bytes JMP 0000000100090e10
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[4640] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 0000000075ad72a1 5 bytes JMP 00000001000901f8
    .text C:\Users\Tigris\Desktop\e8uedwi1.exe[4592] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000775617d7 5 bytes JMP 00000001000301f8
    .text C:\Users\Tigris\Desktop\e8uedwi1.exe[4592] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077563221 5 bytes JMP 00000001000303fc
    .text C:\Users\Tigris\Desktop\e8uedwi1.exe[4592] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077579578 5 bytes JMP 0000000100030600
    .text C:\Users\Tigris\Desktop\e8uedwi1.exe[4592] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077579608 5 bytes JMP 0000000100030804
    .text C:\Users\Tigris\Desktop\e8uedwi1.exe[4592] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077579758 5 bytes JMP 0000000100030c0c
    .text C:\Users\Tigris\Desktop\e8uedwi1.exe[4592] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077579ab8 5 bytes JMP 0000000100030a08
    .text C:\Users\Tigris\Desktop\e8uedwi1.exe[4592] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 130 0000000075bb4228 1 byte [62]
    .text C:\Users\Tigris\Desktop\e8uedwi1.exe[4592] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 0000000075a99eb4 5 bytes JMP 00000001001b03fc
    .text C:\Users\Tigris\Desktop\e8uedwi1.exe[4592] C:\Windows\syswow64\ADVAPI32.dll!DeleteService 0000000075a9a07e 5 bytes JMP 00000001001b0600
    .text C:\Users\Tigris\Desktop\e8uedwi1.exe[4592] C:\Windows\syswow64\ADVAPI32.dll!SetServiceObjectSecurity 0000000075ad6cd9 5 bytes JMP 00000001001b1014
    .text C:\Users\Tigris\Desktop\e8uedwi1.exe[4592] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA 0000000075ad6dd9 5 bytes JMP 00000001001b0804
    .text C:\Users\Tigris\Desktop\e8uedwi1.exe[4592] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW 0000000075ad6f81 5 bytes JMP 00000001001b0a08
    .text C:\Users\Tigris\Desktop\e8uedwi1.exe[4592] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfig2A 0000000075ad7099 5 bytes JMP 00000001001b0c0c
    .text C:\Users\Tigris\Desktop\e8uedwi1.exe[4592] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfig2W 0000000075ad71e1 5 bytes JMP 00000001001b0e10
    .text C:\Users\Tigris\Desktop\e8uedwi1.exe[4592] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 0000000075ad72a1 5 bytes JMP 00000001001b01f8
    .text C:\Users\Tigris\Desktop\e8uedwi1.exe[4592] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000076ec010d 5 bytes JMP 00000001001c0a08
    .text C:\Users\Tigris\Desktop\e8uedwi1.exe[4592] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076ec03d2 5 bytes JMP 00000001001c0804
    .text C:\Users\Tigris\Desktop\e8uedwi1.exe[4592] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076ec1b58 5 bytes JMP 00000001001c0600
    .text C:\Users\Tigris\Desktop\e8uedwi1.exe[4592] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000076ec6530 5 bytes JMP 00000001001c03fc
    .text C:\Users\Tigris\Desktop\e8uedwi1.exe[4592] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076ed653e 5 bytes JMP 00000001001c01f8

    ---- Threads - GMER 2.0 ----

    Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1604:1620] 0000000074f8345e
    Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1604:1624] 0000000075a5f36f
    Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1604:1632] 0000000074c98d60
    Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1604:1648] 00000000748f6fe0
    Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1604:1652] 00000000748f6900
    Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1604:1836] 00000000775f810d
    Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1604:1844] 00000000748ec220
    Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1604:1848] 00000000748ec220
    Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1604:1852] 00000000748ec220
    Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1604:1856] 00000000748ec220
    Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1604:1860] 00000000748ed470
    Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1604:1872] 00000000748eca80
    Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1604:1876] 00000000749086a0
    Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1604:1880] 0000000074907480
    Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1604:1884] 0000000074907850
    Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1604:1888] 00000000748ee780
    Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1604:1892] 00000000748ee780
    Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1604:1896] 00000000748ee780
    Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1604:1900] 00000000748ee780
    Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1604:1904] 00000000746d12f0
    Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1604:1908] 00000000746d2c10
    Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1604:1912] 00000000746d2c10
    Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1604:1916] 0000000074011070
    Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1604:1920] 0000000074f8345e
    Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1604:1924] 0000000074f8345e
    Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1604:1936] 0000000073fd12f0
    Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1604:1940] 0000000073fb1000
    Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1604:1944] 00000000748f7b60
    Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1604:1948] 00000000748ee280
    Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1604:1952] 0000000074f8345e
    Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1604:1960] 0000000074a05400
    Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1604:1964] 00000000740116a0
    Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1604:1984] 0000000073fb1280
    Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1604:1988] 0000000073d66120
    Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1604:1992] 0000000074c94290
    Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1604:1996] 0000000074f8345e
    Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1604:2000] 0000000074c98650
    Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1604:2020] 0000000074ca28c0
    Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1604:2024] 0000000074ca6680
    Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1604:2028] 0000000074c99280
    Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1604:2036] 0000000074ca0a60
    Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1604:2044] 0000000074c9b070
    Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1604:540] 0000000074c9b070
    Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1604:1040] 0000000074c9b070
    Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1604:1044] 0000000074c9b070
    Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1604:1100] 0000000074c9b070
    Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1604:1208] 0000000074f8345e
    Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1604:2412] 0000000073aa1670
    Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1604:2416] 0000000073aa1840
    Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1604:2420] 0000000074f832ce
    Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1604:2424] 0000000074f832ce
    Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1604:2428] 0000000074f832ce
    Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1604:2432] 0000000074f832ce
    Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1604:2436] 0000000074f832ce
    Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1604:2440] 0000000074f832ce
    Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1604:2444] 0000000074f832ce
    Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1604:2448] 0000000074f832ce
    Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1604:2452] 0000000074f832ce
    Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1604:2456] 0000000074f832ce
    Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1604:2460] 0000000074f832ce
    Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1604:4184] 0000000074f8345e
    Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1604:4188] 0000000074f8345e
    Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1604:4192] 0000000074f8345e
    Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1604:4308] 000000007756dd19
    Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1604:3896] 0000000073ef6488
    Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1604:3136] 00000000770a3402
    Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1604:4876] 00000000770a3402
    Thread C:\Windows\system32\svchost.exe [1300:728] 000007fef7db7ef4
    Thread C:\Windows\system32\svchost.exe [1300:696] 000007fef7dae984
    Thread C:\Windows\system32\svchost.exe [1300:668] 000007fef7dae984
    Thread C:\Windows\system32\svchost.exe [1300:1816] 000007fef7dae984
    Thread C:\Windows\system32\svchost.exe [1300:1812] 000007fef7dae984
    Thread C:\Windows\system32\svchost.exe [1300:1808] 000007fef7dae984
    Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2972:3020] 0000000075a5f36f
    Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2972:3028] 00000000743fc59c
    Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2972:3032] 00000000743fc59c
    Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2972:1556] 00000000743fc59c
    Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2972:2408] 00000000743fc41c
    Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2972:3904] 000000001000e2eb
    Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2972:3908] 00000000743fc59c
    Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2972:3912] 00000000743fc41c
    Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2972:3916] 00000000743fc41c
    Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2972:3920] 00000000743fc41c
    Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2972:3924] 00000000743fc41c
    Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2972:3928] 00000000743fc41c
    Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2972:3932] 00000000743fc41c
    Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2972:3936] 00000000743fc41c
    Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2972:3940] 00000000743fc41c
    Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2972:3952] 00000000743fc41c
    Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2972:3956] 00000000743fc41c
    Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2972:3960] 00000000743fc41c
    Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2972:3968] 00000000743fc41c
    Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2972:3976] 00000000743fc41c
    Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2972:3980] 00000000743fc41c
    Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2972:3984] 00000000743fc41c
    Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2972:3988] 00000000743fc41c
    Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2972:3992] 00000000743fc41c
    Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2972:3996] 00000000743fc59c
    Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2972:4000] 00000000015e66e0
    Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2972:4004] 00000000015e66e0
    Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2972:4008] 00000000015e66e0
    Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2972:4012] 00000000015e2560
    Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2972:4032] 00000000743fc59c
    Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2972:4128] 00000000743fc59c
    Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2972:3480] 00000000743fc59c
    ---- Processes - GMER 2.0 ----

    Library ? (*** suspicious ***) @ C:\Windows\system32\SLsvc.exe [1112] 000007fefc440000
    Library ? (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1300] 000007feff380000
    Library ? (*** suspicious ***) @ C:\Windows\ehome\ehtray.exe [2944] 000007fefc440000
    Library ? (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2972] 0000000077530000

    ---- Disk sectors - GMER 2.0 ----

    Disk \Device\Harddisk0\DR0 unknown MBR code

    ---- EOF - GMER 2.0 ----
     
  8. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    There are two Anti-virus applications installed, Avast and Avira. Can you uninstall whichever you prefer not to keep. Two AV`s will cause major issues for your system.

    Next,

    Download http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner by Xplode onto your Desktop.

    • Please close all open programs and internet browsers.
    • Double click on Adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with OK.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the content of that logfile in your reply.
    • You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

    Next,

    download RogueKiller from here http://tigzy.geekstogo.com/Tools/RogueKiller.exe or here http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe and save Direct to your Desktop.

    • Quit all running programs
    • Please disconnect any USB or external drives from the computer before you run this scan!
    • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
    • Wait until Prescan has finished...
    • The following EULA will appear, please select accept

      [​IMG]
    • Ensure MBR scan, Check faked and AntiRootkit are checked
    • Select Scan

      [​IMG]
    • When the scan completes select Report, copy and paste that to your reply.

      [​IMG]
    • The log should be found in RKreport[?].txt on your Desktop
    • Exit/Close RogueKiller

    Post those logs in next reply...
     
  9. ti-gris

    ti-gris Thread Starter

    Joined:
    Apr 23, 2005
    Messages:
    205
    # AdwCleaner v2.105 - Logfile created 01/13/2013 at 17:03:40
    # Updated 08/01/2013 by Xplode
    # Operating system : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
    # User : Tigris - TIGRIS-PC
    # Boot Mode : Normal
    # Running from : C:\Users\Tigris\Desktop\adwcleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****

    Deleted on reboot : C:\Program Files (x86)\Ask.com
    Deleted on reboot : C:\ProgramData\InstallMate
    Deleted on reboot : C:\Users\Tigris\AppData\LocalLow\AskToolbar

    ***** [Registry] *****

    Key Deleted : HKCU\Software\APN
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
    Key Deleted : HKCU\Software\Softonic
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
    Key Deleted : HKLM\Software\APN
    Key Deleted : HKLM\Software\AskToolbar
    Key Deleted : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v8.0.6001.19393

    [OK] Registry is clean.

    -\\ Google Chrome v24.0.1312.52

    File : C:\Users\Tigris\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[S1].txt - [2242 octets] - [13/01/2013 17:03:40]

    ########## EOF - C:\AdwCleaner[S1].txt - [2302 octets] ##########



    And here is the RogueKiller:
    RogueKiller V8.4.3 [Jan 10 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows Vista (6.0.6002 Service Pack 2) 64 bits version
    Started in : Normal mode
    User : Tigris [Admin rights]
    Mode : Scan -- Date : 01/13/2013 17:15:57

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 6 ¤¤¤
    [TASK][SUSP PATH] IHSelfDeleteTASK : CMD /C DEL C:\Users\Tigris\AppData\Local\Temp\IHU6C9B.tmp.exe -> FOUND
    [TASK][SUSP PATH] IHUninstallTrackingTASK : CMD /C DEL C:\Users\Tigris\AppData\Local\Temp\IHU5775.tmp.exe -> FOUND
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowRun (0) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts

    ÿþ1
    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com
    127.0.0.1 www.0scan.com
    127.0.0.1 0scan.com
    127.0.0.1 1000gratisproben.com
    127.0.0.1 www.1000gratisproben.com
    127.0.0.1 1001namen.com
    127.0.0.1 www.1001namen.com
    127.0.0.1 100888290cs.com
    127.0.0.1 www.100888290cs.com
    127.0.0.1 www.100sexlinks.com
    [...]


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: ST375052 8AS SCSI Disk Device +++++
    --- User ---
    [MBR] 5bb085218ece884884ae8d6a4130e7a1
    [BSP] cbe1a3892920c024e3e7b9efc684338e : HP tatooed MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 700898 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1435439880 | Size: 14503 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!

    Finished : << RKreport[1]_S_01132013_02d1715.txt >>
    RKreport[1]_S_01132013_02d1715.txt
     
  10. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from the following link :-

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    • Ensure that Combofix is saved directly to the Desktop <--- Very important
    • Disable all security programs as they will have a negative effect on Combofix, instructions available here http://www.bleepingcomputer.com/forums/topic114351.html if required. Be aware the list may not have all programs listed, if you need more help please ask.
    • Close any open browsers and any other programs you might have running
    • Double click the [​IMG] icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
    • Instructions for running Combofix available here http://www.bleepingcomputer.com/combofix/how-to-use-combofix if required.
    • If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
    • When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

    ****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

    Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
    Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read here http://thespykiller.co.uk/index.php?page=20 why disabling autoruns is recommended.

    *EXTRA NOTES*
    • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
    • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
    • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

    Post the log in next reply please...

    Kevin
     
  11. ti-gris

    ti-gris Thread Starter

    Joined:
    Apr 23, 2005
    Messages:
    205
    ComboFix 13-01-13.01 - Tigris 13/01/2013 19:40:25.1.3 - x64
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.3838.2365 [GMT -5:00]
    Running from: c:\users\Tigris\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\data
    c:\data\default\ca_sres.data
    c:\users\Old Files\AcrC0D3.TMP
    c:\users\Old Files\fbc2345.TMP
    c:\users\Old Files\fbc9212.TMP
    c:\users\Old Files\h2r2192.TMP
    c:\users\Old Files\h2r5361.TMP
    c:\users\Tigris\AppData\Roaming\Microsoft\Windows\Recent\Google.url
    c:\users\Tigris\GoogleEarthPluginSetup.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-12-14 to 2013-01-14 )))))))))))))))))))))))))))))))
    .
    .
    2013-01-14 00:49 . 2013-01-14 00:49 -------- d-----w- c:\users\Tigris\AppData\Local\temp
    2013-01-14 00:49 . 2013-01-14 00:49 -------- d-----w- c:\users\Default\AppData\Local\temp
    2013-01-11 21:23 . 2013-01-11 21:23 388096 ----a-r- c:\users\Tigris\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2013-01-09 14:25 . 2012-11-02 10:47 1869824 ----a-w- c:\windows\system32\msxml3.dll
    2013-01-09 14:25 . 2012-11-02 10:47 1794560 ----a-w- c:\windows\system32\msxml6.dll
    2013-01-09 14:25 . 2012-11-02 10:19 1400832 ----a-w- c:\windows\SysWow64\msxml6.dll
    2013-01-09 14:25 . 2012-11-02 10:19 1248768 ----a-w- c:\windows\SysWow64\msxml3.dll
    2013-01-09 14:25 . 2012-11-23 01:54 2770432 ----a-w- c:\windows\system32\win32k.sys
    2013-01-09 14:25 . 2012-11-20 04:21 253952 ----a-w- c:\windows\system32\ncrypt.dll
    2013-01-09 14:25 . 2012-11-20 04:22 204288 ----a-w- c:\windows\SysWow64\ncrypt.dll
    2013-01-09 14:25 . 2012-11-22 04:22 456192 ----a-w- c:\windows\system32\shlwapi.dll
    2013-01-07 00:57 . 2013-01-07 00:57 859072 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
    2013-01-07 00:57 . 2013-01-07 00:57 95184 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
    2013-01-04 22:18 . 2013-01-04 22:18 -------- d-----w- c:\program files (x86)\Common Files\Java(18)
    2012-12-28 16:30 . 2012-12-28 16:30 -------- d-----w- c:\program files\CCleaner
    2012-12-21 21:01 . 2012-12-16 13:31 48128 ----a-w- c:\windows\system32\atmlib.dll
    2012-12-21 21:01 . 2012-12-16 13:12 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
    2012-12-21 21:01 . 2012-12-16 11:08 368128 ----a-w- c:\windows\system32\atmfd.dll
    2012-12-21 21:01 . 2012-12-16 10:50 293376 ----a-w- c:\windows\SysWow64\atmfd.dll
    2012-12-18 19:51 . 2012-12-18 19:51 -------- d-----w- c:\program files (x86)\Auslogics
    2012-12-18 19:08 . 2012-12-18 19:08 209112 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-01-09 14:29 . 2006-11-02 12:35 67599240 ----a-w- c:\windows\system32\mrt.exe
    2013-01-09 13:50 . 2012-08-24 16:55 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-01-09 13:50 . 2012-08-24 16:55 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2013-01-07 00:57 . 2010-05-28 22:29 779704 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2012-12-14 21:49 . 2012-01-11 21:12 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-11-13 01:45 . 2012-12-11 20:40 2048 ----a-w- c:\windows\system32\tzres.dll
    2012-11-13 01:29 . 2012-12-11 20:40 2048 ----a-w- c:\windows\SysWow64\tzres.dll
    2012-11-09 12:35 . 2012-12-11 20:40 1147392 ----a-w- c:\windows\system32\wininet.dll
    2012-11-09 12:35 . 2012-12-11 20:40 1488384 ----a-w- c:\windows\system32\urlmon.dll
    2012-11-09 12:35 . 2012-12-11 20:40 108032 ----a-w- c:\windows\system32\url.dll
    2012-11-09 12:33 . 2012-12-11 20:40 243712 ----a-w- c:\windows\system32\occache.dll
    2012-11-09 12:31 . 2012-12-11 20:40 1062912 ----a-w- c:\windows\system32\mstime.dll
    2012-11-09 12:31 . 2012-12-11 20:40 98304 ----a-w- c:\windows\system32\mshtmled.dll
    2012-11-09 12:30 . 2012-12-11 20:40 9329152 ----a-w- c:\windows\system32\mshtml.dll
    2012-11-09 12:30 . 2012-12-11 20:40 743424 ----a-w- c:\windows\system32\msfeeds.dll
    2012-11-09 12:30 . 2012-12-11 20:40 71680 ----a-w- c:\windows\system32\msfeedsbs.dll
    2012-11-09 12:30 . 2012-12-11 20:40 56832 ----a-w- c:\windows\system32\licmgr10.dll
    2012-11-09 12:29 . 2012-12-11 20:40 31744 ----a-w- c:\windows\system32\jsproxy.dll
    2012-11-09 12:29 . 2012-12-11 20:40 1538560 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-11-09 12:29 . 2012-12-11 20:40 219136 ----a-w- c:\windows\system32\ieui.dll
    2012-11-09 12:29 . 2012-12-11 20:40 132096 ----a-w- c:\windows\system32\iesysprep.dll
    2012-11-09 12:29 . 2012-12-11 20:40 2350592 ----a-w- c:\windows\system32\iertutil.dll
    2012-11-09 12:29 . 2012-12-11 20:40 77312 ----a-w- c:\windows\system32\iesetup.dll
    2012-11-09 12:29 . 2012-12-11 20:40 12509696 ----a-w- c:\windows\system32\ieframe.dll
    2012-11-09 12:29 . 2012-12-11 20:40 252416 ----a-w- c:\windows\system32\iepeers.dll
    2012-11-09 12:29 . 2012-12-11 20:40 72192 ----a-w- c:\windows\system32\iernonce.dll
    2012-11-09 12:29 . 2012-12-11 20:40 459776 ----a-w- c:\windows\system32\iedkcs32.dll
    2012-11-09 10:55 . 2012-12-11 20:40 479232 ----a-w- c:\windows\system32\html.iec
    2012-11-09 10:42 . 2012-12-11 20:40 916992 ----a-w- c:\windows\SysWow64\wininet.dll
    2012-11-09 10:37 . 2012-12-11 20:40 43520 ----a-w- c:\windows\SysWow64\licmgr10.dll
    2012-11-09 10:36 . 2012-12-11 20:40 1469440 ----a-w- c:\windows\SysWow64\inetcpl.cpl
    2012-11-09 10:36 . 2012-12-11 20:40 71680 ----a-w- c:\windows\SysWow64\iesetup.dll
    2012-11-09 10:36 . 2012-12-11 20:40 109056 ----a-w- c:\windows\SysWow64\iesysprep.dll
    2012-11-09 09:09 . 2012-12-11 20:40 162816 ----a-w- c:\windows\system32\ieUnatt.exe
    2012-11-09 09:08 . 2012-12-11 20:40 70656 ----a-w- c:\windows\system32\ie4uinit.exe
    2012-11-09 09:08 . 2012-12-11 20:40 12288 ----a-w- c:\windows\system32\msfeedssync.exe
    2012-11-09 09:07 . 2012-12-11 20:40 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2012-11-09 09:01 . 2012-12-11 20:40 385024 ----a-w- c:\windows\SysWow64\html.iec
    2012-11-09 07:13 . 2012-12-11 20:40 133632 ----a-w- c:\windows\SysWow64\ieUnatt.exe
    2012-11-09 07:11 . 2012-12-11 20:40 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2012-11-02 10:45 . 2012-12-11 20:40 477696 ----a-w- c:\windows\system32\dpnet.dll
    2012-11-02 10:45 . 2012-12-11 20:40 68096 ----a-w- c:\windows\system32\dpnathlp.dll
    2012-11-02 10:18 . 2012-12-11 20:40 376320 ----a-w- c:\windows\SysWow64\dpnet.dll
    2012-11-02 08:59 . 2012-12-11 20:40 26112 ----a-w- c:\windows\system32\dpnsvr.exe
    2012-11-02 08:26 . 2012-12-11 20:40 23040 ----a-w- c:\windows\SysWow64\dpnsvr.exe
    2012-10-30 22:51 . 2012-11-01 23:55 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2012-10-30 22:51 . 2012-11-01 23:55 370288 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2012-10-30 22:51 . 2012-11-01 23:55 44272 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2012-10-30 22:51 . 2012-11-01 23:55 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2012-10-30 22:51 . 2012-11-01 23:55 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2012-10-30 22:51 . 2012-11-01 23:55 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2012-10-30 22:51 . 2012-11-01 23:54 41224 ----a-w- c:\windows\avastSS.scr
    2012-10-30 22:50 . 2012-11-01 23:54 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
    2012-10-30 22:50 . 2011-01-13 15:28 285328 ----a-w- c:\windows\system32\aswBoot.exe
    2012-10-16 23:29 . 2012-05-27 16:08 916456 ----a-w- c:\windows\system32\deployJava1.dll
    2012-10-16 23:29 . 2012-05-27 16:08 1034216 ----a-w- c:\windows\system32\npdeployJava1.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll" [2012-11-26 1525088]
    .
    [HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
    [HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
    [HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
    [HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-11-01 5629312]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "nmctxth"="c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-12-12 642856]
    "Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-06 224616]
    "CLMLServer for HP TouchSmart"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [2009-04-10 185640]
    "DVDAgent"="c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2009-09-09 1148200]
    "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
    "hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
    "WinPatrol"="c:\program files (x86)\BillP Studios\WinPatrol\WinPatrol.exe" [2012-12-10 363752]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
    "LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe"
    .
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672]
    .
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    Themes
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2013-01-13 21:39 1606760 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-01-14 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-24 13:50]
    .
    2013-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-04 09:57]
    .
    2013-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-04 09:57]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2012-10-30 22:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NVRaidService"="c:\windows\system32\nvraidservice.exe" [2008-08-19 333344]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-10-30 16335976]
    "HP Remote Software"="c:\program files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe" [2009-02-06 172032]
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.sympatico.ca
    uLocal Page = c:\windows\system32\blank.htm
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=93&bd=Pavilion&pf=cndt
    mLocal Page = c:\windows\system32\blank.htm
    TCP: DhcpNameServer = 192.168.2.1
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Wow6432Node-HKLM-Run-<NO NAME> - (no file)
    SafeBoot-WudfPf
    SafeBoot-WudfRd
    HKLM-Run-SmartMenu - c:\program files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet005\Services\PCDSRVC{F36B3A4C-F95654BD-06000000}_0]
    "ImagePath"="\??\c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @DACL=(02 0011)
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    @DACL=(02 0011)
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @DACL=(02 0011)
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @DACL=(02 0011)
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
    @="Shockwave Flash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
    @Denied: (A 2) (Everyone)
    @=""
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
    @="FlashBroker"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\VideoLAN.VLCPlugin.*1*]
    @="?????????????????? v1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\VideoLAN.VLCPlugin.*1*\CLSID]
    @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\VideoLAN.VLCPlugin.*2*]
    @="?????????????????? v2"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\VideoLAN.VLCPlugin.*2*\CLSID]
    @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
    @="?????????????????? v1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
    @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
    @="?????????????????? v2"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
    @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
    .
    Completion time: 2013-01-13 19:52:17
    ComboFix-quarantined-files.txt 2013-01-14 00:52
    .
    Pre-Run: 604,573,454,336 bytes free
    Post-Run: 604,710,338,560 bytes free
    .
    - - End Of File - - C274904DD82C76C483BB6F9A3CDF1A2D
     
  12. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    There are still two AV programs on your system Avast and Avira, one of those must be UNinstalled or you will have major issues with your system, do that first..

    Next,

    Run Eset Online Scanner

    **Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

    Go Eset web page http://www.eset.com/home/products/online-scanner/ to run an online scanner from ESET.

    • Turn off the real time scanner of any existing antivirus program while performing the online scan
    • click on the Run ESET Online Scanner button
    • Tick the box next to YES, I accept the Terms of Use.
      Click Start
    • When asked, allow the add/on to be installed
      Click Start
    • Make sure that the option Remove found threats is unticked
    • Click on Advanced Settings, ensure the options
    • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
      Click Scan
    • wait for the virus definitions to be downloaded
    • Wait for the scan to finish
    When the scan is complete

    • If no threats were found
    • put a checkmark in "Uninstall application on close"
    • close program
    • report to me that nothing was found
    If threats were found

    • click on "list of threats found"
    • click on "export to text file" and save it as ESET SCAN and save to the desktop
    • Click on back
    • put a checkmark in "Uninstall application on close"
    • click on finish
    close program
    copy and paste the report here

    Next,

    Download Security Check by screen317 from either of the following:
    http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe
    Save it to your Desktop.
    Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
    A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    Post those two logs...

    Kevin
     
  13. ti-gris

    ti-gris Thread Starter

    Joined:
    Apr 23, 2005
    Messages:
    205
    Kevin
    Nothing was found with ESET, took 1.5 hr. I'l do the 317 now.
    Paul
     
  14. ti-gris

    ti-gris Thread Starter

    Joined:
    Apr 23, 2005
    Messages:
    205
    Ken,
    Forgot to tell you that the Avira was disconneted for the ESET scan. The 317 doest wor (with Run as Admin) I get the following message and have been geting it with IE8 but not with Google Chrome:
    In IE8 this warning comes all the time in a box:
    _______________________________________________________
    Stop running this script?

    A script on this page is causing Internet Explorer to run slowly.
    If it continues to run, your computer might become
    unresponsive.

    Yes No.

    __________________________________________________________

    what is next? and again thanks for your time and stiking with me!
     
  15. ti-gris

    ti-gris Thread Starter

    Joined:
    Apr 23, 2005
    Messages:
    205
    I tried the second link nd it works, doing it now
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1084580

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice