Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Can not open certain startup programs CLR20r3 error [Closed] [Solved]


  • This topic is locked This topic is locked

#1
jasheeky

jasheeky

    New Member

  • Member
  • Pip
  • 8 posts
I am getting error CLR20r3 when trying to open certain applications. This is the aftermath post malware i believe.




Here is the hijackthis log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 03:51:29 PM, on 12/28/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16766)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\DYMO\DYMO Label Software\DLSService.exe
C:\Windows\SSDriver\fi5110\SsWiaChecker.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Aspire\Aspire Sync\AspireSyncService.exe
C:\Program Files\PFU\ScanSnap\CardMinder\CardLauncher.exe
C:\Program Files\PFU\ScanSnap\Driver\PfuSsMon.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\DYMO\DYMO Label Software\DLS.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [DLSService] "C:\Program Files\DYMO\DYMO Label Software\DLSService.exe"
O4 - HKLM\..\Run: [DYMOFileMonitor] "C:\Program Files\DYMO File\DYMOFileMonitor.exe"
O4 - HKLM\..\Run: [ScanSnap WIA Service Checker] C:\Windows\SSDriver\fi5110\SsWiaChecker.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [DymoQuickPrint] "C:\Program Files\DYMO\DYMO Label Software\DymoQuickPrint.exe" /startup
O4 - HKCU\..\Run: [Jing] C:\Program Files\TechSmith\Jing\Jing.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: AspireSyncService.lnk = ?
O4 - Global Startup: CardMinder Viewer.lnk = ?
O4 - Global Startup: Conversion to PDF with ScanSnap Organizer.lnk = ?
O4 - Global Startup: ScanSnap Manager.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - http://isi.texassecu...ols/ScriptX.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin....nderControl.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://akamaicdn.we...nt/ieatgpc1.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NitroPDFReaderDriverCreatorReadSpool2 (NitroReaderDriverReadSpool2) - Nitro PDF Software - C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService2.exe

--
End of file - 6419 bytes
  • 0

Advertisements


#2
myrti

myrti

    Expert

  • Expert
  • 2,580 posts
Hello and welcome to Geekstogo!

We apologize for the delay in responding to your request for help.
If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

If you haven't done so yet, please go to Malware and Spyware Cleaning Guide and follow the steps instructed there. If you have already done this, we still need a new log to see what has changed since you originally posted your problem.

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • In the custom scan box paste the following:
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
  • Push the Posted Image button.
  • A report will open, copy and paste it in a reply here:
    • OTL.txt <-- Will be opened

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti
  • 0

#3
jasheeky

jasheeky

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

OTL logfile created on: 1/6/2012 03:15:53 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Siria\Desktop
Professional (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.09 Gb Available Physical Memory | 54.52% Memory free
4.00 Gb Paging File | 2.87 Gb Available in Paging File | 71.90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148.96 Gb Total Space | 77.72 Gb Free Space | 52.17% Space Free | Partition Type: NTFS
Drive D: | 405.98 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: BOARDWALKPC | User Name: Siria | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/06 15:14:56 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Siria\Desktop\OTL.exe
PRC - [2011/12/24 17:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/11/28 12:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2009/12/01 08:28:54 | 001,146,880 | ---- | M] (PFU LIMITED) -- C:\Program Files\PFU\ScanSnap\Driver\PfuSsMon.exe
PRC - [2009/10/30 23:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/10/28 17:56:28 | 000,055,808 | ---- | M] (Sanford, L.P.) -- C:\Program Files\DYMO\DYMO Label Software\DLSService.exe
PRC - [2009/09/30 09:07:34 | 000,086,016 | ---- | M] (PFU LIMITED) -- C:\Windows\SSDriver\fi5110\SsWiaChecker.exe
PRC - [2009/09/16 12:24:48 | 000,077,824 | ---- | M] (PFU LIMITED) -- C:\Program Files\PFU\ScanSnap\CardMinder\CardLauncher.exe
PRC - [2009/07/13 19:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe


========== Modules (No Company Name) ==========

MOD - [2009/11/23 08:34:28 | 000,344,064 | ---- | M] () -- C:\Program Files\PFU\ScanSnap\Driver\PfuSsConfig.dll
MOD - [2009/10/15 08:02:00 | 000,233,472 | ---- | M] () -- C:\Program Files\PFU\ScanSnap\Driver\PfuSsExtention.dll
MOD - [2008/11/12 14:32:30 | 000,014,848 | ---- | M] () -- C:\Program Files\PFU\ScanSnap\CardMinder\CardPath.dll
MOD - [2007/06/26 19:27:18 | 000,167,936 | ---- | M] () -- C:\Program Files\PFU\ScanSnap\Driver\SSsltsa.dll
MOD - [2003/03/26 17:46:36 | 000,135,168 | ---- | M] () -- C:\Program Files\PFU\ScanSnap\Driver\PfuSsImgIO.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/11/28 12:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/10/10 07:32:12 | 000,196,912 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService2.exe -- (NitroReaderDriverReadSpool2)
SRV - [2009/07/13 19:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 19:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 19:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 19:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/11/28 11:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/11/28 11:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/11/28 11:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/11/28 11:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/11/28 11:52:07 | 000,055,128 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/11/28 11:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/07/13 19:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/13 19:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 19:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/13 17:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 17:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 17:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 16:09:17 | 004,194,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/07/13 16:02:50 | 000,211,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-4038012961-1903765026-630260959-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-4038012961-1903765026-630260959-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-4038012961-1903765026-630260959-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-4038012961-1903765026-630260959-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E1 3C CC FC B7 2A CC 01 [binary data]
IE - HKU\S-1-5-21-4038012961-1903765026-630260959-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-4038012961-1903765026-630260959-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files\Nitro PDF\Reader\npnitromozilla.dll ( )


[2011/07/15 16:49:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/03/15 15:44:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/03/15 15:44:43 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2006/09/18 15:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DLSService] C:\Program Files\DYMO\DYMO Label Software\DLSService.exe (Sanford, L.P.)
O4 - HKLM..\Run: [DYMOFileMonitor] C:\Program Files\DYMO File\DYMOFileMonitor.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [ScanSnap WIA Service Checker] C:\Windows\SSDriver\fi5110\SsWiaChecker.exe (PFU LIMITED)
O4 - HKU\S-1-5-21-4038012961-1903765026-630260959-1000..\Run: [Jing] C:\Program Files\TechSmith\Jing\Jing.exe (TechSmith Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O13 - gopher Prefix: missing
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} http://isi.texassecu...ols/ScriptX.cab (MeadCo ScriptX)
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} http://www.linkedin....nderControl.cab (LinkedIn ContactFinderControl)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.we...nt/ieatgpc1.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D38C567B-EF16-4024-8168-5824419F1ED3}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 15:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/07/18 08:52:30 | 000,000,031 | R--- | M] () - D:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{4c1863e3-4a95-11e0-acdb-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{4c1863e3-4a95-11e0-acdb-806e6f6e6963}\Shell\AutoRun\command - "" = D:\DLS8Setup.exe -- [2009/10/28 11:31:36 | 065,223,960 | R--- | M] (Sanford, L.P.)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/01/06 15:14:49 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Siria\Desktop\OTL.exe
[2011/12/28 15:45:49 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/12/28 15:45:49 | 000,000,000 | ---D | C] -- C:\Users\Siria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/12/28 15:41:51 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2011/12/28 14:50:03 | 000,020,568 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011/12/28 14:50:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/12/28 14:50:02 | 000,314,456 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/12/28 14:50:01 | 000,052,952 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/12/28 14:50:01 | 000,034,392 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/12/28 14:50:00 | 000,435,032 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/12/28 14:49:58 | 000,055,128 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/12/28 14:48:42 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/12/28 14:48:41 | 000,199,816 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/12/28 14:48:35 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/12/28 14:48:35 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/12/28 14:33:47 | 000,000,000 | ---D | C] -- C:\Users\Siria\AppData\Roaming\Malwarebytes
[2011/12/28 14:33:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/28 14:33:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/12/28 14:33:41 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/12/28 14:33:40 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/12/19 11:53:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/12/19 11:51:02 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/12/19 11:51:02 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/12/19 11:51:02 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/12/08 14:40:39 | 000,000,000 | ---D | C] -- C:\Program Files\XImport
[2011/12/08 14:40:16 | 000,303,616 | ---- | C] (InstallShield Software Corporation) -- C:\Windows\IsUninst.exe

========== Files - Modified Within 30 Days ==========

[2012/01/06 15:14:56 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Siria\Desktop\OTL.exe
[2012/01/06 15:10:46 | 000,001,110 | ---- | M] () -- C:\Users\Public\Desktop\DYMO Label v.8.lnk
[2012/01/06 15:10:29 | 000,000,037 | ---- | M] () -- C:\Windows\iltwain.ini
[2012/01/06 15:03:59 | 000,009,520 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/06 15:03:59 | 000,009,520 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/06 15:01:03 | 000,618,026 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/01/06 15:01:03 | 000,104,340 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/01/06 14:56:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/06 14:56:40 | 1609,175,040 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/28 15:45:49 | 000,002,963 | ---- | M] () -- C:\Users\Siria\Desktop\HiJackThis.lnk
[2011/12/28 14:50:03 | 000,001,994 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/12/28 14:49:58 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/12/28 14:47:26 | 064,207,032 | ---- | M] () -- C:\Users\Siria\Desktop\setup_av_free_cnet.exe
[2011/12/23 09:22:59 | 000,652,153 | ---- | M] () -- C:\Users\Siria\Desktop\Hassan ID Card.pdf
[2011/12/21 10:58:29 | 000,102,036 | ---- | M] () -- C:\Users\Siria\Documents\Acord35 Cancellation Request.pdf
[2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2011/12/28 15:45:49 | 000,002,963 | ---- | C] () -- C:\Users\Siria\Desktop\HiJackThis.lnk
[2011/12/28 14:50:03 | 000,001,994 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/12/28 14:47:25 | 064,207,032 | ---- | C] () -- C:\Users\Siria\Desktop\setup_av_free_cnet.exe
[2011/12/23 09:22:59 | 000,652,153 | ---- | C] () -- C:\Users\Siria\Desktop\Hassan ID Card.pdf
[2011/12/08 14:40:39 | 000,000,961 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XImport Utility.lnk
[2011/06/14 13:29:34 | 000,180,624 | ---- | C] () -- C:\Windows\System32\Primomonnt.dll
[2011/04/13 12:58:42 | 000,001,418 | -H-- | C] () -- C:\Users\Siria\AppData\Local\GDIPFONT478ROMV32.DAT
[2011/03/14 15:16:29 | 000,000,161 | ---- | C] () -- C:\Windows\DISPARAM.INI
[2011/03/10 14:11:39 | 000,000,037 | ---- | C] () -- C:\Windows\iltwain.ini
[2011/03/09 17:12:03 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/03/09 15:46:34 | 000,021,316 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2011/03/09 15:39:49 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/03/09 15:39:49 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011/02/09 22:03:48 | 000,000,314 | ---- | C] () -- C:\Windows\primopdf.ini
[2009/07/13 22:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:33:53 | 000,409,808 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 20:05:48 | 000,618,026 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 20:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 20:05:48 | 000,104,340 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 20:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 20:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 20:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 18:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/07/13 17:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 17:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 15:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/12/04 01:25:14 | 000,022,723 | ---- | C] () -- C:\Windows\System32\sugo3l3.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\drivers\*.sys /90 >
[2011/11/28 11:51:50 | 000,020,568 | ---- | M] (AVAST Software) -- C:\Windows\system32\drivers\aswFsBlk.sys
[2011/11/28 11:52:07 | 000,055,128 | ---- | M] (AVAST Software) -- C:\Windows\system32\drivers\aswMonFlt.sys
[2011/11/28 11:52:19 | 000,034,392 | ---- | M] (AVAST Software) -- C:\Windows\system32\drivers\aswRdr.sys
[2011/11/28 11:53:53 | 000,435,032 | ---- | M] (AVAST Software) -- C:\Windows\system32\drivers\aswSnx.sys
[2011/11/28 11:53:35 | 000,314,456 | ---- | M] (AVAST Software) -- C:\Windows\system32\drivers\aswSP.sys
[2011/11/28 11:52:16 | 000,052,952 | ---- | M] (AVAST Software) -- C:\Windows\system32\drivers\aswTdi.sys
[2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\system32\drivers\mbam.sys

< >

< End of report >


  • 0

#4
myrti

myrti

    Expert

  • Expert
  • 2,580 posts
Hi,

please run a scan with gmer next:
Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.
  • 0

#5
myrti

myrti

    Expert

  • Expert
  • 2,580 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#6
jasheeky

jasheeky

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
DYMO Label Software has stopped working:
Description:
Stopped working

Problem signature:
Problem Event Name: CLR20r3
Problem Signature 01: dls.exe
Problem Signature 02: 8.2.0.820
Problem Signature 03: 4ae8da55
Problem Signature 04: DYMO.DLS
Problem Signature 05: 8.2.0.820
Problem Signature 06: 4ae8da4f
Problem Signature 07: 5fb
Problem Signature 08: 0
Problem Signature 09: System.IO.FileNotFoundException
OS Version: 6.1.7600.2.0.0.256.48
Locale ID: 1033



Here is the GMER.LOG content:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-01-20 15:04:51
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST3160815AS rev.3.ADA
Running: s4n07dh6.exe; Driver: C:\Users\Siria\AppData\Local\Temp\pwliqkob.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x8E627FC4]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x8F106510]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x8E62A456]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x8E62A4AE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x8E62A5C4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x8E62A3AC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x8E62A4FE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x8E62A400]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x8E62A572]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x8E627FE8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x8F1065C0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x8E627DB2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x8E62800C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x8E62A9BC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x8E628AA4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x8E62A486]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x8E62A4D6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x8E62A5EE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x8E62A3D8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x8E62A53E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x8E62A42E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x8E62A59C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x8F106658]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x8E62896A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x8E628030]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x8E628054]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x8E627E0C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x8E627F48]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x8E627F24]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x8E627F6C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x8E628078]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8F11A7A2]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82C97539 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82CBC092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 224 82CC3884 4 Bytes [C4, 7F, 62, 8E]
.text ntkrnlpa.exe!RtlSidHashLookup + 24C 82CC38AC 4 Bytes [10, 65, 10, 8F]
.text ntkrnlpa.exe!RtlSidHashLookup + 300 82CC3960 8 Bytes [56, A4, 62, 8E, AE, A4, 62, ...] {PUSH ESI; MOVSB ; BOUND ECX, [ESI-0x719d5b52]}
.text ntkrnlpa.exe!RtlSidHashLookup + 30C 82CC396C 4 Bytes JMP E571FDF3
.text ntkrnlpa.exe!RtlSidHashLookup + 328 82CC3988 4 Bytes [AC, A3, 62, 8E]
.text ...
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 82E5D342 5 Bytes JMP 8F11769C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject + 27 82E77055 5 Bytes JMP 8F119174 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108 82EC165A 4 Bytes CALL 8E629025 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122 82EC9734 4 Bytes CALL 8E62903B \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 82F2F3C8 7 Bytes JMP 8F11A7A6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8F204000, 0x227A14, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\csrss.exe[380] kernel32.dll!GetBinaryTypeW + 70 75DF78FC 1 Byte [62]
.text C:\Windows\system32\wininit.exe[456] ntdll.dll!LdrUnloadDll 773FBEAF 5 Bytes JMP 000303FC
.text C:\Windows\system32\wininit.exe[456] ntdll.dll!LdrLoadDll 773FF5B5 5 Bytes JMP 000301F8
.text C:\Windows\system32\wininit.exe[456] kernel32.dll!GetBinaryTypeW + 70 75DF78FC 1 Byte [62]
.text C:\Windows\system32\wininit.exe[456] USER32.dll!UnhookWindowsHookEx 76D7CC7B 5 Bytes JMP 00210A08
.text C:\Windows\system32\wininit.exe[456] USER32.dll!UnhookWinEvent 76D7D924 5 Bytes JMP 002103FC
.text C:\Windows\system32\wininit.exe[456] USER32.dll!SetWindowsHookExW 76D8210A 5 Bytes JMP 00210804
.text C:\Windows\system32\wininit.exe[456] USER32.dll!SetWinEventHook 76D8507E 5 Bytes JMP 002101F8
.text C:\Windows\system32\wininit.exe[456] USER32.dll!SetWindowsHookExA 76DA6DFA 5 Bytes JMP 00210600
.text C:\Windows\system32\csrss.exe[464] kernel32.dll!GetBinaryTypeW + 70 75DF78FC 1 Byte [62]
.text C:\Windows\system32\services.exe[504] ntdll.dll!LdrUnloadDll 773FBEAF 5 Bytes JMP 000603FC
.text C:\Windows\system32\services.exe[504] ntdll.dll!LdrLoadDll 773FF5B5 5 Bytes JMP 000601F8
.text C:\Windows\system32\services.exe[504] kernel32.dll!GetBinaryTypeW + 70 75DF78FC 1 Byte [62]
.text C:\Windows\system32\lsass.exe[532] ntdll.dll!LdrUnloadDll 773FBEAF 5 Bytes JMP 000603FC
.text C:\Windows\system32\lsass.exe[532] ntdll.dll!LdrLoadDll 773FF5B5 5 Bytes JMP 000601F8
.text C:\Windows\system32\lsass.exe[532] kernel32.dll!GetBinaryTypeW + 70 75DF78FC 1 Byte [62]
.text C:\Windows\system32\lsm.exe[540] ntdll.dll!LdrUnloadDll 773FBEAF 5 Bytes JMP 000603FC
.text C:\Windows\system32\lsm.exe[540] ntdll.dll!LdrLoadDll 773FF5B5 5 Bytes JMP 000601F8
.text C:\Windows\system32\lsm.exe[540] kernel32.dll!GetBinaryTypeW + 70 75DF78FC 1 Byte [62]
.text C:\Windows\system32\winlogon.exe[600] ntdll.dll!LdrUnloadDll 773FBEAF 5 Bytes JMP 000303FC
.text C:\Windows\system32\winlogon.exe[600] ntdll.dll!LdrLoadDll 773FF5B5 5 Bytes JMP 000301F8
.text C:\Windows\system32\winlogon.exe[600] kernel32.dll!GetBinaryTypeW + 70 75DF78FC 1 Byte [62]
.text C:\Windows\system32\winlogon.exe[600] USER32.dll!UnhookWindowsHookEx 76D7CC7B 5 Bytes JMP 00100A08
.text C:\Windows\system32\winlogon.exe[600] USER32.dll!UnhookWinEvent 76D7D924 5 Bytes JMP 001003FC
.text C:\Windows\system32\winlogon.exe[600] USER32.dll!SetWindowsHookExW 76D8210A 5 Bytes JMP 00100804
.text C:\Windows\system32\winlogon.exe[600] USER32.dll!SetWinEventHook 76D8507E 5 Bytes JMP 001001F8
.text C:\Windows\system32\winlogon.exe[600] USER32.dll!SetWindowsHookExA 76DA6DFA 5 Bytes JMP 00100600
.text C:\Windows\system32\svchost.exe[700] ntdll.dll!LdrUnloadDll 773FBEAF 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[700] ntdll.dll!LdrLoadDll 773FF5B5 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[700] kernel32.dll!GetBinaryTypeW + 70 75DF78FC 1 Byte [62]
.text C:\Windows\system32\svchost.exe[700] USER32.dll!UnhookWindowsHookEx 76D7CC7B 5 Bytes JMP 00440A08
.text C:\Windows\system32\svchost.exe[700] USER32.dll!UnhookWinEvent 76D7D924 5 Bytes JMP 004403FC
.text C:\Windows\system32\svchost.exe[700] USER32.dll!SetWindowsHookExW 76D8210A 5 Bytes JMP 00440804
.text C:\Windows\system32\svchost.exe[700] USER32.dll!SetWinEventHook 76D8507E 5 Bytes JMP 004401F8
.text C:\Windows\system32\svchost.exe[700] USER32.dll!SetWindowsHookExA 76DA6DFA 5 Bytes JMP 00440600
.text C:\Windows\system32\svchost.exe[788] ntdll.dll!LdrUnloadDll 773FBEAF 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[788] ntdll.dll!LdrLoadDll 773FF5B5 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[788] kernel32.dll!GetBinaryTypeW + 70 75DF78FC 1 Byte [62]
.text C:\Windows\system32\svchost.exe[788] user32.dll!UnhookWindowsHookEx 76D7CC7B 5 Bytes JMP 003B0A08
.text C:\Windows\system32\svchost.exe[788] user32.dll!UnhookWinEvent 76D7D924 5 Bytes JMP 003B03FC
.text C:\Windows\system32\svchost.exe[788] user32.dll!SetWindowsHookExW 76D8210A 5 Bytes JMP 003B0804
.text C:\Windows\system32\svchost.exe[788] user32.dll!SetWinEventHook 76D8507E 5 Bytes JMP 003B01F8
.text C:\Windows\system32\svchost.exe[788] user32.dll!SetWindowsHookExA 76DA6DFA 5 Bytes JMP 003B0600
.text C:\Windows\System32\svchost.exe[896] ntdll.dll!LdrUnloadDll 773FBEAF 5 Bytes JMP 000A03FC
.text C:\Windows\System32\svchost.exe[896] ntdll.dll!LdrLoadDll 773FF5B5 5 Bytes JMP 000A01F8
.text C:\Windows\System32\svchost.exe[896] kernel32.dll!GetBinaryTypeW + 70 75DF78FC 1 Byte [62]
.text C:\Windows\System32\svchost.exe[896] USER32.dll!UnhookWindowsHookEx 76D7CC7B 5 Bytes JMP 00560A08
.text C:\Windows\System32\svchost.exe[896] USER32.dll!UnhookWinEvent 76D7D924 5 Bytes JMP 005603FC
.text C:\Windows\System32\svchost.exe[896] USER32.dll!SetWindowsHookExW 76D8210A 5 Bytes JMP 00560804
.text C:\Windows\System32\svchost.exe[896] USER32.dll!SetWinEventHook 76D8507E 5 Bytes JMP 005601F8
.text C:\Windows\System32\svchost.exe[896] USER32.dll!SetWindowsHookExA 76DA6DFA 5 Bytes JMP 00560600
.text C:\Windows\System32\svchost.exe[932] ntdll.dll!LdrUnloadDll 773FBEAF 5 Bytes JMP 000603FC
.text C:\Windows\System32\svchost.exe[932] ntdll.dll!LdrLoadDll 773FF5B5 5 Bytes JMP 000601F8
.text C:\Windows\System32\svchost.exe[932] kernel32.dll!GetBinaryTypeW + 70 75DF78FC 1 Byte [62]
.text C:\Windows\System32\svchost.exe[932] USER32.dll!UnhookWindowsHookEx 76D7CC7B 5 Bytes JMP 00560A08
.text C:\Windows\System32\svchost.exe[932] USER32.dll!UnhookWinEvent 76D7D924 5 Bytes JMP 005603FC
.text C:\Windows\System32\svchost.exe[932] USER32.dll!SetWindowsHookExW 76D8210A 5 Bytes JMP 00560804
.text C:\Windows\System32\svchost.exe[932] USER32.dll!SetWinEventHook 76D8507E 5 Bytes JMP 005601F8
.text C:\Windows\System32\svchost.exe[932] USER32.dll!SetWindowsHookExA 76DA6DFA 5 Bytes JMP 00560600
.text C:\Windows\system32\svchost.exe[972] ntdll.dll!LdrUnloadDll 773FBEAF 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[972] ntdll.dll!LdrLoadDll 773FF5B5 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[972] kernel32.dll!GetBinaryTypeW + 70 75DF78FC 1 Byte [62]
.text C:\Windows\system32\svchost.exe[972] USER32.dll!UnhookWindowsHookEx 76D7CC7B 5 Bytes JMP 00EE0A08
.text C:\Windows\system32\svchost.exe[972] USER32.dll!UnhookWinEvent 76D7D924 5 Bytes JMP 00EE03FC
.text C:\Windows\system32\svchost.exe[972] USER32.dll!SetWindowsHookExW 76D8210A 5 Bytes JMP 00EE0804
.text C:\Windows\system32\svchost.exe[972] USER32.dll!SetWinEventHook 76D8507E 5 Bytes JMP 00EE01F8
.text C:\Windows\system32\svchost.exe[972] USER32.dll!SetWindowsHookExA 76DA6DFA 5 Bytes JMP 00EE0600
.text C:\Windows\system32\svchost.exe[1124] ntdll.dll!LdrUnloadDll 773FBEAF 5 Bytes JMP 000A03FC
.text C:\Windows\system32\svchost.exe[1124] ntdll.dll!LdrLoadDll 773FF5B5 5 Bytes JMP 000A01F8
.text C:\Windows\system32\svchost.exe[1124] kernel32.dll!GetBinaryTypeW + 70 75DF78FC 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1124] USER32.dll!UnhookWindowsHookEx 76D7CC7B 5 Bytes JMP 00450A08
.text C:\Windows\system32\svchost.exe[1124] USER32.dll!UnhookWinEvent 76D7D924 5 Bytes JMP 004503FC
.text C:\Windows\system32\svchost.exe[1124] USER32.dll!SetWindowsHookExW 76D8210A 5 Bytes JMP 00450804
.text C:\Windows\system32\svchost.exe[1124] USER32.dll!SetWinEventHook 76D8507E 5 Bytes JMP 004501F8
.text C:\Windows\system32\svchost.exe[1124] USER32.dll!SetWindowsHookExA 76DA6DFA 5 Bytes JMP 00450600
.text C:\Windows\system32\svchost.exe[1288] ntdll.dll!LdrUnloadDll 773FBEAF 5 Bytes JMP 000A03FC
.text C:\Windows\system32\svchost.exe[1288] ntdll.dll!LdrLoadDll 773FF5B5 5 Bytes JMP 000A01F8
.text C:\Windows\system32\svchost.exe[1288] kernel32.dll!GetBinaryTypeW + 70 75DF78FC 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1288] USER32.dll!UnhookWindowsHookEx 76D7CC7B 5 Bytes JMP 005B0A08
.text C:\Windows\system32\svchost.exe[1288] USER32.dll!UnhookWinEvent 76D7D924 5 Bytes JMP 005B03FC
.text C:\Windows\system32\svchost.exe[1288] USER32.dll!SetWindowsHookExW 76D8210A 5 Bytes JMP 005B0804
.text C:\Windows\system32\svchost.exe[1288] USER32.dll!SetWinEventHook 76D8507E 5 Bytes JMP 005B01F8
.text C:\Windows\system32\svchost.exe[1288] USER32.dll!SetWindowsHookExA 76DA6DFA 5 Bytes JMP 005B0600
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1368] kernel32.dll!SetUnhandledExceptionFilter 75DE30E2 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1368] kernel32.dll!GetBinaryTypeW + 70 75DF78FC 1 Byte [62]
.text C:\Windows\System32\spoolsv.exe[1712] ntdll.dll!LdrUnloadDll 773FBEAF 5 Bytes JMP 000B03FC
.text C:\Windows\System32\spoolsv.exe[1712] ntdll.dll!LdrLoadDll 773FF5B5 5 Bytes JMP 000B01F8
.text C:\Windows\System32\spoolsv.exe[1712] kernel32.dll!GetBinaryTypeW + 70 75DF78FC 1 Byte [62]
.text C:\Windows\System32\spoolsv.exe[1712] USER32.dll!UnhookWindowsHookEx 76D7CC7B 5 Bytes JMP 000E0A08
.text C:\Windows\System32\spoolsv.exe[1712] USER32.dll!UnhookWinEvent 76D7D924 5 Bytes JMP 000E03FC
.text C:\Windows\System32\spoolsv.exe[1712] USER32.dll!SetWindowsHookExW 76D8210A 5 Bytes JMP 000E0804
.text C:\Windows\System32\spoolsv.exe[1712] USER32.dll!SetWinEventHook 76D8507E 5 Bytes JMP 000E01F8
.text C:\Windows\System32\spoolsv.exe[1712] USER32.dll!SetWindowsHookExA 76DA6DFA 5 Bytes JMP 000E0600
.text C:\Windows\system32\svchost.exe[1740] ntdll.dll!LdrUnloadDll 773FBEAF 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[1740] ntdll.dll!LdrLoadDll 773FF5B5 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[1740] kernel32.dll!GetBinaryTypeW + 70 75DF78FC 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1740] USER32.dll!UnhookWindowsHookEx 76D7CC7B 5 Bytes JMP 00190A08
.text C:\Windows\system32\svchost.exe[1740] USER32.dll!UnhookWinEvent 76D7D924 5 Bytes JMP 001903FC
.text C:\Windows\system32\svchost.exe[1740] USER32.dll!SetWindowsHookExW 76D8210A 5 Bytes JMP 00190804
.text C:\Windows\system32\svchost.exe[1740] USER32.dll!SetWinEventHook 76D8507E 5 Bytes JMP 001901F8
.text C:\Windows\system32\svchost.exe[1740] USER32.dll!SetWindowsHookExA 76DA6DFA 5 Bytes JMP 00190600
.text C:\Windows\system32\svchost.exe[1828] ntdll.dll!LdrUnloadDll 773FBEAF 5 Bytes JMP 000A03FC
.text C:\Windows\system32\svchost.exe[1828] ntdll.dll!LdrLoadDll 773FF5B5 5 Bytes JMP 000A01F8
.text C:\Windows\system32\svchost.exe[1828] kernel32.dll!GetBinaryTypeW + 70 75DF78FC 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1828] USER32.dll!UnhookWindowsHookEx 76D7CC7B 5 Bytes JMP 00A70A08
.text C:\Windows\system32\svchost.exe[1828] USER32.dll!UnhookWinEvent 76D7D924 5 Bytes JMP 00A703FC
.text C:\Windows\system32\svchost.exe[1828] USER32.dll!SetWindowsHookExW 76D8210A 5 Bytes JMP 00A70804
.text C:\Windows\system32\svchost.exe[1828] USER32.dll!SetWinEventHook 76D8507E 5 Bytes JMP 00A701F8
.text C:\Windows\system32\svchost.exe[1828] USER32.dll!SetWindowsHookExA 76DA6DFA 5 Bytes JMP 00A70600
.text C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService2.exe[1876] ntdll.dll!LdrUnloadDll 773FBEAF 5 Bytes JMP 001603FC
.text C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService2.exe[1876] ntdll.dll!LdrLoadDll 773FF5B5 5 Bytes JMP 001601F8
.text C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService2.exe[1876] kernel32.dll!GetBinaryTypeW + 70 75DF78FC 1 Byte [62]
.text C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService2.exe[1876] USER32.dll!UnhookWindowsHookEx 76D7CC7B 5 Bytes JMP 001F0A08
.text C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService2.exe[1876] USER32.dll!UnhookWinEvent 76D7D924 5 Bytes JMP 001F03FC
.text C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService2.exe[1876] USER32.dll!SetWindowsHookExW 76D8210A 5 Bytes JMP 001F0804
.text C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService2.exe[1876] USER32.dll!SetWinEventHook 76D8507E 5 Bytes JMP 001F01F8
.text C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService2.exe[1876] USER32.dll!SetWindowsHookExA 76DA6DFA 5 Bytes JMP 001F0600
.text C:\Windows\system32\svchost.exe[1924] ntdll.dll!LdrUnloadDll 773FBEAF 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[1924] ntdll.dll!LdrLoadDll 773FF5B5 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[1924] kernel32.dll!GetBinaryTypeW + 70 75DF78FC 1 Byte [62]
.text C:\Windows\system32\taskhost.exe[2172] ntdll.dll!LdrUnloadDll 773FBEAF 5 Bytes JMP 000503FC
.text C:\Windows\system32\taskhost.exe[2172] ntdll.dll!LdrLoadDll 773FF5B5 5 Bytes JMP 000501F8
.text C:\Windows\system32\taskhost.exe[2172] kernel32.dll!GetBinaryTypeW + 70 75DF78FC 1 Byte [62]
.text C:\Windows\system32\taskhost.exe[2172] USER32.dll!UnhookWindowsHookEx 76D7CC7B 5 Bytes JMP 00130A08
.text C:\Windows\system32\taskhost.exe[2172] USER32.dll!UnhookWinEvent 76D7D924 5 Bytes JMP 001303FC
.text C:\Windows\system32\taskhost.exe[2172] USER32.dll!SetWindowsHookExW 76D8210A 5 Bytes JMP 00130804
.text C:\Windows\system32\taskhost.exe[2172] USER32.dll!SetWinEventHook 76D8507E 5 Bytes JMP 001301F8
.text C:\Windows\system32\taskhost.exe[2172] USER32.dll!SetWindowsHookExA 76DA6DFA 5 Bytes JMP 00130600
.text C:\Windows\system32\Dwm.exe[2232] ntdll.dll!LdrUnloadDll 773FBEAF 5 Bytes JMP 000603FC
.text C:\Windows\system32\Dwm.exe[2232] ntdll.dll!LdrLoadDll 773FF5B5 5 Bytes JMP 000601F8
.text C:\Windows\system32\Dwm.exe[2232] kernel32.dll!GetBinaryTypeW + 70 75DF78FC 1 Byte [62]
.text C:\Windows\system32\Dwm.exe[2232] USER32.dll!UnhookWindowsHookEx 76D7CC7B 5 Bytes JMP 000F0A08
.text C:\Windows\system32\Dwm.exe[2232] USER32.dll!UnhookWinEvent 76D7D924 5 Bytes JMP 000F03FC
.text C:\Windows\system32\Dwm.exe[2232] USER32.dll!SetWindowsHookExW 76D8210A 5 Bytes JMP 000F0804
.text C:\Windows\system32\Dwm.exe[2232] USER32.dll!SetWinEventHook 76D8507E 5 Bytes JMP 000F01F8
.text C:\Windows\system32\Dwm.exe[2232] USER32.dll!SetWindowsHookExA 76DA6DFA 5 Bytes JMP 000F0600
.text C:\Windows\Explorer.EXE[2256] ntdll.dll!LdrUnloadDll 773FBEAF 5 Bytes JMP 000A03FC
.text C:\Windows\Explorer.EXE[2256] ntdll.dll!LdrLoadDll 773FF5B5 5 Bytes JMP 000A01F8
.text C:\Windows\Explorer.EXE[2256] kernel32.dll!GetBinaryTypeW + 70 75DF78FC 1 Byte [62]
.text C:\Windows\Explorer.EXE[2256] USER32.dll!UnhookWindowsHookEx 76D7CC7B 5 Bytes JMP 00150A08
.text C:\Windows\Explorer.EXE[2256] USER32.dll!UnhookWinEvent 76D7D924 5 Bytes JMP 001503FC
.text C:\Windows\Explorer.EXE[2256] USER32.dll!SetWindowsHookExW 76D8210A 5 Bytes JMP 00150804
.text C:\Windows\Explorer.EXE[2256] USER32.dll!SetWinEventHook 76D8507E 5 Bytes JMP 001501F8
.text C:\Windows\Explorer.EXE[2256] USER32.dll!SetWindowsHookExA 76DA6DFA 5 Bytes JMP 00150600
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2424] ntdll.dll!LdrUnloadDll 773FBEAF 5 Bytes JMP 001603FC
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2424] ntdll.dll!LdrLoadDll 773FF5B5 5 Bytes JMP 001601F8
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2424] kernel32.dll!GetBinaryTypeW + 70 75DF78FC 1 Byte [62]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2424] USER32.dll!UnhookWindowsHookEx 76D7CC7B 5 Bytes JMP 00310A08
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2424] USER32.dll!UnhookWinEvent 76D7D924 5 Bytes JMP 003103FC
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2424] USER32.dll!SetWindowsHookExW 76D8210A 5 Bytes JMP 00310804
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2424] USER32.dll!SetWinEventHook 76D8507E 5 Bytes JMP 003101F8
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2424] USER32.dll!SetWindowsHookExA 76DA6DFA 5 Bytes JMP 00310600
.text C:\Windows\SSDriver\fi5110\SsWiaChecker.exe[2656] ntdll.dll!LdrUnloadDll 773FBEAF 5 Bytes JMP 001603FC
.text C:\Windows\SSDriver\fi5110\SsWiaChecker.exe[2656] ntdll.dll!LdrLoadDll 773FF5B5 5 Bytes JMP 001601F8
.text C:\Windows\SSDriver\fi5110\SsWiaChecker.exe[2656] kernel32.dll!GetBinaryTypeW + 70 75DF78FC 1 Byte [62]
.text C:\Windows\SSDriver\fi5110\SsWiaChecker.exe[2656] USER32.dll!UnhookWindowsHookEx 76D7CC7B 5 Bytes JMP 00180A08
.text C:\Windows\SSDriver\fi5110\SsWiaChecker.exe[2656] USER32.dll!UnhookWinEvent 76D7D924 5 Bytes JMP 001803FC
.text C:\Windows\SSDriver\fi5110\SsWiaChecker.exe[2656] USER32.dll!SetWindowsHookExW 76D8210A 5 Bytes JMP 00180804
.text C:\Windows\SSDriver\fi5110\SsWiaChecker.exe[2656] USER32.dll!SetWinEventHook 76D8507E 5 Bytes JMP 001801F8
.text C:\Windows\SSDriver\fi5110\SsWiaChecker.exe[2656] USER32.dll!SetWindowsHookExA 76DA6DFA 5 Bytes JMP 00180600
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2680] ntdll.dll!LdrUnloadDll 773FBEAF 5 Bytes JMP 001703FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2680] ntdll.dll!LdrLoadDll 773FF5B5 5 Bytes JMP 001701F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2680] kernel32.dll!GetBinaryTypeW + 70 75DF78FC 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2680] USER32.dll!UnhookWindowsHookEx 76D7CC7B 5 Bytes JMP 00310A08
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2680] USER32.dll!UnhookWinEvent 76D7D924 5 Bytes JMP 003103FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2680] USER32.dll!SetWindowsHookExW 76D8210A 5 Bytes JMP 00310804
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2680] USER32.dll!SetWinEventHook 76D8507E 5 Bytes JMP 003101F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2680] USER32.dll!SetWindowsHookExA 76DA6DFA 5 Bytes JMP 00310600
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2748] kernel32.dll!GetBinaryTypeW + 70 75DF78FC 1 Byte [62]
.text C:\Program Files\PFU\ScanSnap\CardMinder\CardLauncher.exe[2872] ntdll.dll!LdrUnloadDll 773FBEAF 5 Bytes JMP 001703FC
.text C:\Program Files\PFU\ScanSnap\CardMinder\CardLauncher.exe[2872] ntdll.dll!LdrLoadDll 773FF5B5 5 Bytes JMP 001701F8
.text C:\Program Files\PFU\ScanSnap\CardMinder\CardLauncher.exe[2872] kernel32.dll!GetBinaryTypeW + 70 75DF78FC 1 Byte [62]
.text C:\Program Files\PFU\ScanSnap\CardMinder\CardLauncher.exe[2872] USER32.dll!UnhookWindowsHookEx 76D7CC7B 5 Bytes JMP 004B0A08
.text C:\Program Files\PFU\ScanSnap\CardMinder\CardLauncher.exe[2872] USER32.dll!UnhookWinEvent 76D7D924 5 Bytes JMP 004B03FC
.text C:\Program Files\PFU\ScanSnap\CardMinder\CardLauncher.exe[2872] USER32.dll!SetWindowsHookExW 76D8210A 5 Bytes JMP 004B0804
.text C:\Program Files\PFU\ScanSnap\CardMinder\CardLauncher.exe[2872] USER32.dll!SetWinEventHook 76D8507E 5 Bytes JMP 004B01F8
.text C:\Program Files\PFU\ScanSnap\CardMinder\CardLauncher.exe[2872] USER32.dll!SetWindowsHookExA 76DA6DFA 5 Bytes JMP 004B0600
.text C:\Program Files\PFU\ScanSnap\Driver\PfuSsMon.exe[2960] ntdll.dll!LdrUnloadDll 773FBEAF 5 Bytes JMP 001603FC
.text C:\Program Files\PFU\ScanSnap\Driver\PfuSsMon.exe[2960] ntdll.dll!LdrLoadDll 773FF5B5 5 Bytes JMP 001601F8
.text C:\Program Files\PFU\ScanSnap\Driver\PfuSsMon.exe[2960] kernel32.dll!GetBinaryTypeW + 70 75DF78FC 1 Byte [62]
.text C:\Program Files\PFU\ScanSnap\Driver\PfuSsMon.exe[2960] USER32.dll!UnhookWindowsHookEx 76D7CC7B 5 Bytes JMP 007A0A08
.text C:\Program Files\PFU\ScanSnap\Driver\PfuSsMon.exe[2960] USER32.dll!UnhookWinEvent 76D7D924 5 Bytes JMP 007A03FC
.text C:\Program Files\PFU\ScanSnap\Driver\PfuSsMon.exe[2960] USER32.dll!SetWindowsHookExW 76D8210A 5 Bytes JMP 007A0804
.text C:\Program Files\PFU\ScanSnap\Driver\PfuSsMon.exe[2960] USER32.dll!SetWinEventHook 76D8507E 5 Bytes JMP 007A01F8
.text C:\Program Files\PFU\ScanSnap\Driver\PfuSsMon.exe[2960] USER32.dll!SetWindowsHookExA 76DA6DFA 5 Bytes JMP 007A0600
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2968] ntdll.dll!LdrUnloadDll 773FBEAF 5 Bytes JMP 000603FC
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2968] ntdll.dll!LdrLoadDll 773FF5B5 5 Bytes JMP 000601F8
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2968] kernel32.dll!GetBinaryTypeW + 70 75DF78FC 1 Byte [62]
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2968] USER32.dll!UnhookWindowsHookEx 76D7CC7B 5 Bytes JMP 00100A08
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2968] USER32.dll!UnhookWinEvent 76D7D924 5 Bytes JMP 001003FC
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2968] USER32.dll!SetWindowsHookExW 76D8210A 5 Bytes JMP 00100804
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2968] USER32.dll!SetWinEventHook 76D8507E 5 Bytes JMP 001001F8
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2968] USER32.dll!SetWindowsHookExA 76DA6DFA 5 Bytes JMP 00100600
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3092] ntdll.dll!LdrUnloadDll 773FBEAF 5 Bytes JMP 000503FC
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3092] ntdll.dll!LdrLoadDll 773FF5B5 5 Bytes JMP 000501F8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3092] kernel32.dll!GetBinaryTypeW + 70 75DF78FC 1 Byte [62]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3092] USER32.dll!UnhookWindowsHookEx 76D7CC7B 5 Bytes JMP 000F0A08
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3092] USER32.dll!UnhookWinEvent 76D7D924 5 Bytes JMP 000F03FC
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3092] USER32.dll!SetWindowsHookExW 76D8210A 5 Bytes JMP 000F0804
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3092] USER32.dll!SetWinEventHook 76D8507E 5 Bytes JMP 000F01F8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3092] USER32.dll!SetWindowsHookExA 76DA6DFA 5 Bytes JMP 000F0600
.text C:\Windows\system32\SearchIndexer.exe[3124] ntdll.dll!LdrUnloadDll 773FBEAF 5 Bytes JMP 000603FC
.text C:\Windows\system32\SearchIndexer.exe[3124] ntdll.dll!LdrLoadDll 773FF5B5 5 Bytes JMP 000601F8
.text C:\Windows\system32\SearchIndexer.exe[3124] kernel32.dll!GetBinaryTypeW + 70 75DF78FC 1 Byte [62]
.text C:\Windows\system32\SearchIndexer.exe[3124] USER32.dll!UnhookWindowsHookEx 76D7CC7B 5 Bytes JMP 00090A08
.text C:\Windows\system32\SearchIndexer.exe[3124] USER32.dll!UnhookWinEvent 76D7D924 5 Bytes JMP 000903FC
.text C:\Windows\system32\SearchIndexer.exe[3124] USER32.dll!SetWindowsHookExW 76D8210A 5 Bytes JMP 00090804
.text C:\Windows\system32\SearchIndexer.exe[3124] USER32.dll!SetWinEventHook 76D8507E 5 Bytes JMP 000901F8
.text C:\Windows\system32\SearchIndexer.exe[3124] USER32.dll!SetWindowsHookExA 76DA6DFA 5 Bytes JMP 00090600
.text C:\Windows\System32\svchost.exe[3176] ntdll.dll!LdrUnloadDll 773FBEAF 5 Bytes JMP 000603FC
.text C:\Windows\System32\svchost.exe[3176] ntdll.dll!LdrLoadDll 773FF5B5 5 Bytes JMP 000601F8
.text C:\Windows\System32\svchost.exe[3176] kernel32.dll!GetBinaryTypeW + 70 75DF78FC 1 Byte [62]
.text C:\Windows\System32\svchost.exe[3176] USER32.dll!UnhookWindowsHookEx 76D7CC7B 5 Bytes JMP 00180A08
.text C:\Windows\System32\svchost.exe[3176] USER32.dll!UnhookWinEvent 76D7D924 5 Bytes JMP 001803FC
.text C:\Windows\System32\svchost.exe[3176] USER32.dll!SetWindowsHookExW 76D8210A 5 Bytes JMP 00180804
.text C:\Windows\System32\svchost.exe[3176] USER32.dll!SetWinEventHook 76D8507E 5 Bytes JMP 001801F8
.text C:\Windows\System32\svchost.exe[3176] USER32.dll!SetWindowsHookExA 76DA6DFA 5 Bytes JMP 00180600
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3208] ntdll.dll!LdrUnloadDll 773FBEAF 5 Bytes JMP 000603FC
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3208] ntdll.dll!LdrLoadDll 773FF5B5 5 Bytes JMP 000601F8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3208] kernel32.dll!GetBinaryTypeW + 70 75DF78FC 1 Byte [62]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3208] USER32.dll!UnhookWindowsHookEx 76D7CC7B 5 Bytes JMP 00220A08
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3208] USER32.dll!UnhookWinEvent 76D7D924 5 Bytes JMP 002203FC
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3208] USER32.dll!SetWindowsHookExW 76D8210A 5 Bytes JMP 00220804
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3208] USER32.dll!SetWinEventHook 76D8507E 5 Bytes JMP 002201F8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3208] USER32.dll!SetWindowsHookExA 76DA6DFA 5 Bytes JMP 00220600
.text C:\Windows\system32\taskhost.exe[3248] ntdll.dll!LdrUnloadDll 773FBEAF 5 Bytes JMP 000503FC
.text C:\Windows\system32\taskhost.exe[3248] ntdll.dll!LdrLoadDll 773FF5B5 5 Bytes JMP 000501F8
.text C:\Windows\system32\taskhost.exe[3248] kernel32.dll!GetBinaryTypeW + 70 75DF78FC 1 Byte [62]
.text C:\Windows\system32\taskhost.exe[3248] USER32.dll!UnhookWindowsHookEx 76D7CC7B 5 Bytes JMP 00120A08
.text C:\Windows\system32\taskhost.exe[3248] USER32.dll!UnhookWinEvent 76D7D924 5 Bytes JMP 001203FC
.text C:\Windows\system32\taskhost.exe[3248] USER32.dll!SetWindowsHookExW 76D8210A 5 Bytes JMP 00120804
.text C:\Windows\system32\taskhost.exe[3248] USER32.dll!SetWinEventHook 76D8507E 5 Bytes JMP 001201F8
.text C:\Windows\system32\taskhost.exe[3248] USER32.dll!SetWindowsHookExA 76DA6DFA 5 Bytes JMP 00120600
.text C:\Windows\system32\wuauclt.exe[3436] ntdll.dll!LdrUnloadDll 773FBEAF 5 Bytes JMP 000703FC
.text C:\Windows\system32\wuauclt.exe[3436] ntdll.dll!LdrLoadDll 773FF5B5 5 Bytes JMP 000701F8
.text C:\Windows\system32\wuauclt.exe[3436] kernel32.dll!GetBinaryTypeW + 70 75DF78FC 1 Byte [62]
.text C:\Windows\system32\wuauclt.exe[3436] USER32.dll!UnhookWindowsHookEx 76D7CC7B 5 Bytes JMP 00100A08
.text C:\Windows\system32\wuauclt.exe[3436] USER32.dll!UnhookWinEvent 76D7D924 5 Bytes JMP 001003FC
.text C:\Windows\system32\wuauclt.exe[3436] USER32.dll!SetWindowsHookExW 76D8210A 5 Bytes JMP 00100804
.text C:\Windows\system32\wuauclt.exe[3436] USER32.dll!SetWinEventHook 76D8507E 5 Bytes JMP 001001F8
.text C:\Windows\system32\wuauclt.exe[3436] USER32.dll!SetWindowsHookExA 76DA6DFA 5 Bytes JMP 00100600
.text C:\Program Files\Internet Explorer\iexplore.exe[3460] ntdll.dll!LdrUnloadDll 773FBEAF 5 Bytes JMP 001503FC
.text C:\Program Files\Internet Explorer\iexplore.exe[3460] ntdll.dll!LdrLoadDll 773FF5B5 5 Bytes JMP 001501F8
.text C:\Program Files\Internet Explorer\iexplore.exe[3460] kernel32.dll!GetBinaryTypeW + 70 75DF78FC 1 Byte [62]
.text C:\Program Files\Internet Explorer\iexplore.exe[3460] USER32.dll!UnhookWindowsHookEx 76D7CC7B 5 Bytes JMP 679383A2 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3460] USER32.dll!CallNextHookEx 76D7CC8F 5 Bytes JMP 67919D94 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3460] USER32.dll!UnhookWinEvent 76D7D924 5 Bytes JMP 001F03FC
.text C:\Program Files\Internet Explorer\iexplore.exe[3460] USER32.dll!CreateWindowExW 76D80E51 5 Bytes JMP 67928197 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3460] USER32.dll!SetWindowsHookExW 76D8210A 5 Bytes JMP 678D463B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3460] USER32.dll!SetWinEventHook 76D8507E 5 Bytes JMP 001F01F8
.text C:\Program Files\Internet Explorer\iexplore.exe[3460] USER32.dll!DialogBoxIndirectParamW 76DA4AA7 5 Bytes JMP 67A4FED8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3460] USER32.dll!DialogBoxParamW 76DA564A 5 Bytes JMP 67844BA7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3460] USER32.dll!SetWindowsHookExA 76DA6DFA 5 Bytes JMP 001F0600
.text C:\Program Files\Internet Explorer\iexplore.exe[3460] USER32.dll!DialogBoxParamA 76DBCF6A 5 Bytes JMP 67A4FE75 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3460] USER32.dll!DialogBoxIndirectParamA 76DBD29C 5 Bytes JMP 67A4FF3B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3460] USER32.dll!MessageBoxIndirectA 76DCE8C9 5 Bytes JMP 67A4FE0A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3460] USER32.dll!MessageBoxIndirectW 76DCE9C3 5 Bytes JMP 67A4FD9F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3460] USER32.dll!MessageBoxExA 76DCEA29 5 Bytes JMP 67A4FD3D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3460] USER32.dll!MessageBoxExW 76DCEA4D 5 Bytes JMP 67A4FCDB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3460] ole32.dll!OleLoadFromStream 75B75BF6 5 Bytes JMP 67A5022B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3460] ole32.dll!CoCreateInstance 75BC590C 5 Bytes JMP 67928C85 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[5904] ntdll.dll!LdrUnloadDll 773FBEAF 5 Bytes JMP 000603FC
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[5904] ntdll.dll!LdrLoadDll 773FF5B5 5 Bytes JMP 000601F8
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[5904] kernel32.dll!GetBinaryTypeW + 70 75DF78FC 1 Byte [62]
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[5904] USER32.dll!UnhookWindowsHookEx 76D7CC7B 5 Bytes JMP 00100A08
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[5904] USER32.dll!UnhookWinEvent 76D7D924 5 Bytes JMP 001003FC
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[5904] USER32.dll!SetWindowsHookExW 76D8210A 5 Bytes JMP 00100804
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[5904] USER32.dll!SetWinEventHook 76D8507E 5 Bytes JMP 001001F8
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[5904] USER32.dll!SetWindowsHookExA 76DA6DFA 5 Bytes JMP 00100600
.text C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[13680] ntdll.dll!LdrUnloadDll 773FBEAF 5 Bytes JMP 000703FC
.text C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[13680] ntdll.dll!LdrLoadDll 773FF5B5 5 Bytes JMP 000701F8
.text C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[13680] kernel32.dll!SetUnhandledExceptionFilter 75DE30E2 5 Bytes JMP 5C1A5465 C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)
.text C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[13680] kernel32.dll!GetBinaryTypeW + 70 75DF78FC 1 Byte [62]
.text C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[13680] USER32.dll!UnhookWindowsHookEx 76D7CC7B 5 Bytes JMP 00120A08
.text C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[13680] USER32.dll!UnhookWinEvent 76D7D924 5 Bytes JMP 001203FC
.text C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[13680] USER32.dll!SetWindowsHookExW 76D8210A 5 Bytes JMP 00120804
.text C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[13680] USER32.dll!SetWinEventHook 76D8507E 5 Bytes JMP 001201F8
.text C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[13680] USER32.dll!SetWindowsHookExA 76DA6DFA 5 Bytes JMP 00120600
.text C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[13680] ole32.dll!OleLoadFromStream 75B75BF6 5 Bytes JMP 5C4CB771 C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)
.text C:\Users\Siria\Desktop\s4n07dh6.exe[14976] ntdll.dll!LdrUnloadDll 773FBEAF 5 Bytes JMP 001603FC
.text C:\Users\Siria\Desktop\s4n07dh6.exe[14976] ntdll.dll!LdrLoadDll 773FF5B5 5 Bytes JMP 001601F8
.text C:\Users\Siria\Desktop\s4n07dh6.exe[14976] kernel32.dll!GetBinaryTypeW + 70 75DF78FC 1 Byte [62]
.text C:\Users\Siria\Desktop\s4n07dh6.exe[14976] USER32.dll!UnhookWindowsHookEx 76D7CC7B 5 Bytes JMP 00210A08
.text C:\Users\Siria\Desktop\s4n07dh6.exe[14976] USER32.dll!UnhookWinEvent 76D7D924 5 Bytes JMP 002103FC
.text C:\Users\Siria\Desktop\s4n07dh6.exe[14976] USER32.dll!SetWindowsHookExW 76D8210A 5 Bytes JMP 00210804
.text C:\Users\Siria\Desktop\s4n07dh6.exe[14976] USER32.dll!SetWinEventHook 76D8507E 5 Bytes JMP 002101F8
.text C:\Users\Siria\Desktop\s4n07dh6.exe[14976] USER32.dll!SetWindowsHookExA 76DA6DFA 5 Bytes JMP 00210600
.text C:\Program Files\Internet Explorer\iexplore.exe[18720] ntdll.dll!LdrUnloadDll 773FBEAF 5 Bytes JMP 000503FC
.text C:\Program Files\Internet Explorer\iexplore.exe[18720] ntdll.dll!LdrLoadDll 773FF5B5 5 Bytes JMP 000501F8
.text C:\Program Files\Internet Explorer\iexplore.exe[18720] kernel32.dll!GetBinaryTypeW + 70 75DF78FC 1 Byte [62]
.text C:\Program Files\Internet Explorer\iexplore.exe[18720] USER32.dll!UnhookWindowsHookEx 76D7CC7B 5 Bytes JMP 679383A2 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[18720] USER32.dll!CallNextHookEx 76D7CC8F 5 Bytes JMP 67919D94 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[18720] USER32.dll!UnhookWinEvent 76D7D924 5 Bytes JMP 000903FC
.text C:\Program Files\Internet Explorer\iexplore.exe[18720] USER32.dll!CreateWindowExW 76D80E51 5 Bytes JMP 67928197 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[18720] USER32.dll!SetWindowsHookExW 76D8210A 5 Bytes JMP 678D463B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[18720] USER32.dll!SetWinEventHook 76D8507E 5 Bytes JMP 000901F8
.text C:\Program Files\Internet Explorer\iexplore.exe[18720] USER32.dll!DialogBoxIndirectParamW 76DA4AA7 5 Bytes JMP 67A4FED8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[18720] USER32.dll!DialogBoxParamW 76DA564A 5 Bytes JMP 67844BA7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[18720] USER32.dll!SetWindowsHookExA 76DA6DFA 5 Bytes JMP 00090600
.text C:\Program Files\Internet Explorer\iexplore.exe[18720] USER32.dll!DialogBoxParamA 76DBCF6A 5 Bytes JMP 67A4FE75 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[18720] USER32.dll!DialogBoxIndirectParamA 76DBD29C 5 Bytes JMP 67A4FF3B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[18720] USER32.dll!MessageBoxIndirectA 76DCE8C9 5 Bytes JMP 67A4FE0A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[18720] USER32.dll!MessageBoxIndirectW 76DCE9C3 5 Bytes JMP 67A4FD9F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[18720] USER32.dll!MessageBoxExA 76DCEA29 5 Bytes JMP 67A4FD3D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[18720] USER32.dll!MessageBoxExW 76DCEA4D 5 Bytes JMP 67A4FCDB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[18720] ole32.dll!OleLoadFromStream 75B75BF6 5 Bytes JMP 67A5022B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[18720] ole32.dll!CoCreateInstance 75BC590C 5 Bytes JMP 67928C85 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Microsoft Office\Office12\EXCEL.EXE[18776] ntdll.dll!LdrUnloadDll 773FBEAF 5 Bytes JMP 000703FC
.text C:\Program Files\Microsoft Office\Office12\EXCEL.EXE[18776] ntdll.dll!LdrLoadDll 773FF5B5 5 Bytes JMP 000701F8
.text C:\Program Files\Microsoft Office\Office12\EXCEL.EXE[18776] kernel32.dll!SetUnhandledExceptionFilter 75DE30E2 5 Bytes JMP 5C1A5465 C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)
.text C:\Program Files\Microsoft Office\Office12\EXCEL.EXE[18776] kernel32.dll!GetBinaryTypeW + 70 75DF78FC 1 Byte [62]
.text C:\Program Files\Microsoft Office\Office12\EXCEL.EXE[18776] USER32.dll!UnhookWindowsHookEx 76D7CC7B 5 Bytes JMP 00120A08
.text C:\Program Files\Microsoft Office\Office12\EXCEL.EXE[18776] USER32.dll!UnhookWinEvent 76D7D924 5 Bytes JMP 001203FC
.text C:\Program Files\Microsoft Office\Office12\EXCEL.EXE[18776] USER32.dll!SetWindowsHookExW 76D8210A 5 Bytes JMP 00120804
.text C:\Program Files\Microsoft Office\Office12\EXCEL.EXE[18776] USER32.dll!SetWinEventHook 76D8507E 5 Bytes JMP 001201F8
.text C:\Program Files\Microsoft Office\Office12\EXCEL.EXE[18776] USER32.dll!SetWindowsHookExA 76DA6DFA 5 Bytes JMP 00120600
.text C:\Program Files\Microsoft Office\Office12\EXCEL.EXE[18776] ole32.dll!OleLoadFromStream 75B75BF6 5 Bytes JMP 5C4CB771 C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)
.text C:\Program Files\Microsoft Office\Office12\EXCEL.EXE[18776] ole32.dll!WriteClassStm + 189D 75BFAE2C 4 Bytes [0F, CD, 4A, 5C] {BSWAP EBP; DEC EDX; POP ESP}
.text C:\Program Files\DYMO\DYMO Label Software\DLSService.exe[18784] ntdll.dll!LdrUnloadDll 773FBEAF 5 Bytes JMP 001703FC
.text C:\Program Files\DYMO\DYMO Label Software\DLSService.exe[18784] ntdll.dll!LdrLoadDll 773FF5B5 5 Bytes JMP 001701F8
.text C:\Program Files\DYMO\DYMO Label Software\DLSService.exe[18784] kernel32.dll!GetBinaryTypeW + 70 75DF78FC 1 Byte [62]
.text C:\Program Files\DYMO\DYMO Label Software\DLSService.exe[18784] USER32.dll!UnhookWindowsHookEx 76D7CC7B 5 Bytes JMP 00200A08
.text C:\Program Files\DYMO\DYMO Label Software\DLSService.exe[18784] USER32.dll!UnhookWinEvent 76D7D924 5 Bytes JMP 002003FC
.text C:\Program Files\DYMO\DYMO Label Software\DLSService.exe[18784] USER32.dll!SetWindowsHookExW 76D8210A 5 Bytes JMP 00200804
.text C:\Program Files\DYMO\DYMO Label Software\DLSService.exe[18784] USER32.dll!SetWinEventHook 76D8507E 5 Bytes JMP 002001F8
.text C:\Program Files\DYMO\DYMO Label Software\DLSService.exe[18784] USER32.dll!SetWindowsHookExA 76DA6DFA 5 Bytes JMP 00200600
.text C:\Windows\system32\svchost.exe[19620] ntdll.dll!LdrUnloadDll 773FBEAF 5 Bytes JMP 000A03FC
.text C:\Windows\system32\svchost.exe[19620] ntdll.dll!LdrLoadDll 773FF5B5 5 Bytes JMP 000A01F8
.text C:\Windows\system32\svchost.exe[19620] kernel32.dll!GetBinaryTypeW + 70 75DF78FC 1 Byte [62]
.text C:\Program Files\Internet Explorer\iexplore.exe[21980] ntdll.dll!LdrUnloadDll 773FBEAF 5 Bytes JMP 000503FC
.text C:\Program Files\Internet Explorer\iexplore.exe[21980] ntdll.dll!LdrLoadDll 773FF5B5 5 Bytes JMP 000501F8
.text C:\Program Files\Internet Explorer\iexplore.exe[21980] kernel32.dll!GetBinaryTypeW + 70 75DF78FC 1 Byte [62]
.text C:\Program Files\Internet Explorer\iexplore.exe[21980] USER32.dll!UnhookWindowsHookEx 76D7CC7B 5 Bytes JMP 000F0A08
.text C:\Program Files\Internet Explorer\iexplore.exe[21980] USER32.dll!UnhookWinEvent 76D7D924 5 Bytes JMP 000F03FC
.text C:\Program Files\Internet Explorer\iexplore.exe[21980] USER32.dll!CreateWindowExW 76D80E51 5 Bytes JMP 67928197 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[21980] USER32.dll!SetWindowsHookExW 76D8210A 5 Bytes JMP 000F0804
.text C:\Program Files\Internet Explorer\iexplore.exe[21980] USER32.dll!SetWinEventHook 76D8507E 5 Bytes JMP 000F01F8
.text C:\Program Files\Internet Explorer\iexplore.exe[21980] USER32.dll!DialogBoxIndirectParamW 76DA4AA7 5 Bytes JMP 67A4FED8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[21980] USER32.dll!DialogBoxParamW 76DA564A 5 Bytes JMP 67844BA7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[21980] USER32.dll!SetWindowsHookExA 76DA6DFA 5 Bytes JMP 000F0600
.text C:\Program Files\Internet Explorer\iexplore.exe[21980] USER32.dll!DialogBoxParamA 76DBCF6A 5 Bytes JMP 67A4FE75 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[21980] USER32.dll!DialogBoxIndirectParamA 76DBD29C 5 Bytes JMP 67A4FF3B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[21980] USER32.dll!MessageBoxIndirectA 76DCE8C9 5 Bytes JMP 67A4FE0A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[21980] USER32.dll!MessageBoxIndirectW 76DCE9C3 5 Bytes JMP 67A4FD9F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[21980] USER32.dll!MessageBoxExA 76DCEA29 5 Bytes JMP 67A4FD3D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[21980] USER32.dll!MessageBoxExW 76DCEA4D 5 Bytes JMP 67A4FCDB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Windows\system32\AUDIODG.EXE[22164] kernel32.dll!GetBinaryTypeW + 70 75DF78FC 1 Byte [62]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\PFU\ScanSnap\CardMinder\CardLauncher.exe[2872] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75405E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\PFU\ScanSnap\CardMinder\CardLauncher.exe[2872] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75405E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\PFU\ScanSnap\CardMinder\CardLauncher.exe[2872] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75405E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\PFU\ScanSnap\CardMinder\CardLauncher.exe[2872] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75405E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[13680] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75405E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[13680] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75405E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[13680] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75405E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[13680] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75405E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[13680] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75405E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[13680] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [75405E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[13680] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [75405E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Microsoft Office\Office12\EXCEL.EXE[18776] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75405E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Microsoft Office\Office12\EXCEL.EXE[18776] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75405E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Microsoft Office\Office12\EXCEL.EXE[18776] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75405E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Microsoft Office\Office12\EXCEL.EXE[18776] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75405E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Microsoft Office\Office12\EXCEL.EXE[18776] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75405E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Microsoft Office\Office12\EXCEL.EXE[18776] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [75405E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Microsoft Office\Office12\EXCEL.EXE[18776] @ C:\Windows\system32\secur32.dll [KERNEL32.dll!GetProcAddress] [75405E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\DYMO\DYMO Label Software\DLSService.exe[18784] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75405E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\DYMO\DYMO Label Software\DLSService.exe[18784] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75405E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\DYMO\DYMO Label Software\DLSService.exe[18784] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75405E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
Device \Driver\ACPI_HAL \Device\00000042 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\Windows Error Reporting\Debug\[email protected] 0xD6 0x3E 0x38 0x00 ...

---- EOF - GMER 1.0.15 ----


  • 0

#7
myrti

myrti

    Expert

  • Expert
  • 2,580 posts
Hi,

is DYMO Label Software the only one that stops working?

regards myrti
  • 0

#8
jasheeky

jasheeky

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
No there are other programs as well that pop up with that error during startup. Reinstalling does nothing. Also got a Microsoft .Net error too. Reinstalled and still getting error.
  • 0

#9
myrti

myrti

    Expert

  • Expert
  • 2,580 posts
Hi,

Please run a system file check.

Click Start > All Programs > Accessories then right-click Command Prompt and then click Run as Administrator. Then type in this command

sfc /scannow

Make sure to include the space between the first "c" and the "/".

This will run the System File checker and it will scan for corrupt or missing files. It may prompt you to insert the CD if it needs to obtain files.

Please post back when it has finished letting me know what it has reported. Let me know if you still get the error afterwards.

regards myrti
  • 0

#10
jasheeky

jasheeky

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Did not work. still getting errors. see attached screen captures.

Attached Thumbnails

  • sfc scan.JPG
  • neterror.JPG
  • neterror2.JPG

  • 0

#11
jasheeky

jasheeky

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
What is MSCORLIB ?
System.IO.FileNotFoundException ?

i hope i don't have to back everything up and start from scratch with a fresh install.
  • 0

#12
jasheeky

jasheeky

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
I think I fixed it. Even though all my software ran fine prior to the malware/virus I had, I ran windows update and it installed win7 service pack 1 and a number of other updates. Now everything is working!


Thank you for spending your time helping me thus far. Cheers.
  • 0

#13
myrti

myrti

    Expert

  • Expert
  • 2,580 posts
Hi,

I'm happy to hear this! My next suggestion would've been to uninstall/reinstall .net. Just for the record this likely was not a direct malware problem but something that was broken within Windows. So it's not surprising that the Windows update fixed it.

Since all your software is up to date all that's left to do is to remove the programs we used:

Read those last few lines, in order to keep your pc safe and clean:
Please do the following to clean up your PC:
  • Delete the tools used during the disinfection:
    • Download OTC from the following mirror and save it to your desktop:
    • Double click on Posted Image
    • Push the large "Cleanup" button.
    • Allow your system to reboot.
  • If OTC faild to remove all programs from your Desktop, please delete the rest manually.
Please read these advices, in order to prevent reinfecting your PC:
  • Install and update the following programs regularly:
    • an outbound firewall
      A comprehensive tutorial and a list of possible firewalls can be found here.
    • an AntiVirus Software
      It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
    • an Anti-Spyware program
      Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
      SUPERAntiSpyware is another good scanner with high detection and removal rates.
      Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
    • Spyware Blaster
      A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.
    • MVPs hosts file
      A tutorial for MVPs hosts file can be found here. If you would like automatic updates you might want to take a look at HostMan host file manager. For more information on thehosts file, and what it can do for you,please consult the Tutorial on the Hosts file
  • Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holeswill allow an attacker unrestricted access to your computer.
    Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!
  • Keep your other software up to date as well
    Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.
  • Stay up to date!
    The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variantsevery single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing :(.
Some more links you might find of interest:Have a nice day
myrti
  • 0

#14
myrti

myrti

    Expert

  • Expert
  • 2,580 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP