Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

HELP: Infected by malware. [Closed]

Started by lyo laine , Jun 06 2012 10:26 AM

  • This topic is locked This topic is locked

#1
lyo laine
Posted 06 June 2012 - 10:26 AM

lyo laine

    New Member

  • Member
  • Pip
  • 6 posts
I was stalked. My computer was hacked. I don't know much about computer so I don't know how to describe this but they know everything I do on my computer, everything I type, every picture/movie/website I see. I've tried re-installing windows twice already but my computer is still hacked. I thought it was a trojan so I tried Avira, AVG and MacAphee but didn't find a thing. Lately, I turned to Avast and found a trojan horse dropper generic c something, I don't remember the exact name, and some rootkits, also got a warning of administrative shared document. Now I am not sure if my computer is safe or not and don't know what to do anymore. Please help me. I'd really gratful for your help.


OTL logfile created on: 06/06/2012 23:11:10 - Run 2
OTL by OldTimer - Version 3.2.42.1 Folder = D:\Laine
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 0.63 Gb Available Physical Memory | 31.62% Memory free
3.99 Gb Paging File | 1.90 Gb Available in Paging File | 47.55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 50.00 Gb Total Space | 20.53 Gb Free Space | 41.07% Space Free | Partition Type: NTFS
Drive D: | 100.00 Gb Total Space | 33.76 Gb Free Space | 33.76% Space Free | Partition Type: NTFS
Drive E: | 148.09 Gb Total Space | 25.21 Gb Free Space | 17.02% Space Free | Partition Type: NTFS

Computer Name: EIT-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/05 15:19:00 | 000,595,968 | ---- | M] (OldTimer Tools) -- D:\Laine\OTL.exe
PRC - [2012/06/05 13:08:32 | 000,419,096 | ---- | M] (BitDefender SRL) -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
PRC - [2012/06/05 13:07:19 | 000,782,336 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
PRC - [2012/06/03 13:29:22 | 001,116,544 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2012/06/02 15:04:21 | 000,935,480 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
PRC - [2012/05/11 20:03:49 | 000,880,496 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2012/05/11 19:56:54 | 000,105,288 | ---- | M] (SurfRight B.V.) -- C:\Program Files\HitmanPro\hmpsched.exe
PRC - [2012/04/23 19:23:40 | 003,487,128 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IDMan.exe
PRC - [2012/04/19 04:51:54 | 001,254,992 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2012/04/12 14:27:54 | 003,731,112 | ---- | M] (Gretech Corp.) -- C:\Program Files\GRETECH\GomPlayer\GOM.EXE
PRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/03/07 07:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/03/07 07:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/02/22 20:49:58 | 006,591,800 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2012/01/03 20:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/01/03 16:31:34 | 001,391,272 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
PRC - [2011/11/03 17:20:58 | 000,803,144 | ---- | M] (AVG) -- C:\Program Files\AVG\AVG PC Tuneup\BoostSpeed.exe
PRC - [2011/02/26 12:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/10/14 17:28:32 | 000,250,368 | ---- | M] () -- C:\ProgramData\DatacardService\DCService.exe
PRC - [2010/10/14 17:28:22 | 000,228,352 | ---- | M] () -- C:\ProgramData\DatacardService\DCSHelper.exe
PRC - [2010/05/25 19:28:58 | 000,263,600 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IEMonitor.exe
PRC - [2009/12/26 02:15:56 | 004,147,136 | ---- | M] (Lenovo(beijing) Limited) -- C:\Program Files\Lenovo\Energy Management\utility.exe
PRC - [2009/12/26 02:15:32 | 006,223,808 | ---- | M] (Lenovo (Beijing) Limited) -- C:\Program Files\Lenovo\Energy Management\Energy Management.exe
PRC - [2009/07/14 08:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/04/06 14:12:02 | 001,626,112 | ---- | M] (BitDefender S. R. L.) -- C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
PRC - [2009/03/27 15:25:28 | 000,438,272 | ---- | M] () -- C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
PRC - [2008/11/10 03:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2006/03/27 04:51:00 | 000,208,896 | ---- | M] () -- C:\Program Files\UniKey\UniKey.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/03 13:29:22 | 001,116,544 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2012/06/02 15:04:22 | 000,132,664 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\SiteSafety.dll
MOD - [2012/05/23 08:56:50 | 000,441,880 | ---- | M] () -- C:\Users\Administrator\AppData\Local\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll
MOD - [2012/05/23 08:56:49 | 003,922,456 | ---- | M] () -- C:\Users\Administrator\AppData\Local\Google\Chrome\Application\19.0.1084.52\pdf.dll
MOD - [2012/05/23 08:55:35 | 000,553,496 | ---- | M] () -- C:\Users\Administrator\AppData\Local\Google\Chrome\Application\19.0.1084.52\libglesv2.dll
MOD - [2012/05/23 08:55:33 | 000,117,784 | ---- | M] () -- C:\Users\Administrator\AppData\Local\Google\Chrome\Application\19.0.1084.52\libegl.dll
MOD - [2012/05/23 08:55:24 | 000,134,696 | ---- | M] () -- C:\Users\Administrator\AppData\Local\Google\Chrome\Application\19.0.1084.52\avutil-51.dll
MOD - [2012/05/23 08:55:23 | 000,250,408 | ---- | M] () -- C:\Users\Administrator\AppData\Local\Google\Chrome\Application\19.0.1084.52\avformat-54.dll
MOD - [2012/05/23 08:55:21 | 002,375,720 | ---- | M] () -- C:\Users\Administrator\AppData\Local\Google\Chrome\Application\19.0.1084.52\avcodec-54.dll
MOD - [2012/05/23 08:06:23 | 008,743,584 | ---- | M] () -- C:\Users\Administrator\AppData\Local\Google\Chrome\Application\19.0.1084.52\gcswf32.dll
MOD - [2012/05/23 08:06:23 | 008,743,584 | ---- | M] () -- C:\Users\ADMINI~1\AppData\Local\Google\Chrome\APPLIC~1\190108~1.52\gcswf32.dll
MOD - [2012/04/02 15:46:18 | 000,946,176 | ---- | M] () -- C:\Program Files\GRETECH\GomPlayer\GSFU.ax
MOD - [2012/02/22 20:49:56 | 000,921,600 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
MOD - [2012/02/22 20:49:38 | 000,078,336 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\pcre.dll
MOD - [2011/11/03 17:21:06 | 000,350,024 | ---- | M] () -- C:\Program Files\AVG\AVG PC Tuneup\madExcept_.bpl
MOD - [2011/11/03 17:21:06 | 000,184,136 | ---- | M] () -- C:\Program Files\AVG\AVG PC Tuneup\madBasic_.bpl
MOD - [2011/11/03 17:21:06 | 000,050,504 | ---- | M] () -- C:\Program Files\AVG\AVG PC Tuneup\madDisAsm_.bpl
MOD - [2011/09/08 16:03:56 | 000,594,944 | ---- | M] () -- C:\Program Files\GRETECH\GomPlayer\GVF.ax
MOD - [2011/08/03 11:31:02 | 003,373,568 | ---- | M] () -- C:\Program Files\GRETECH\GomPlayer\libavcodec.dll
MOD - [2011/08/03 11:31:02 | 000,184,320 | ---- | M] () -- C:\Program Files\GRETECH\GomPlayer\GRFU.ax
MOD - [2011/07/22 22:00:32 | 005,270,754 | ---- | M] () -- C:\Program Files\K-Lite Codec Pack\Filters\LAV\avcodec-53.dll
MOD - [2011/07/22 22:00:32 | 000,736,644 | ---- | M] () -- C:\Program Files\K-Lite Codec Pack\Filters\LAV\avformat-53.dll
MOD - [2011/07/22 22:00:32 | 000,213,337 | ---- | M] () -- C:\Program Files\K-Lite Codec Pack\Filters\LAV\avutil-51.dll
MOD - [2011/07/22 15:00:00 | 003,576,320 | ---- | M] () -- C:\Program Files\K-Lite Codec Pack\ffdshow\ffdshow.ax
MOD - [2011/07/22 15:00:00 | 000,327,680 | ---- | M] () -- C:\Program Files\K-Lite Codec Pack\ffdshow\ff_libfaad2.dll
MOD - [2011/05/17 07:49:30 | 000,421,520 | ---- | M] () -- C:\Program Files\GRETECH\GomPlayer\GomTVStrm.dll
MOD - [2010/10/15 16:35:54 | 001,433,600 | ---- | M] () -- C:\Program Files\GRETECH\GomPlayer\GAF.ax
MOD - [2010/10/14 17:28:22 | 000,228,352 | ---- | M] () -- C:\ProgramData\DatacardService\DCSHelper.exe
MOD - [2009/04/13 11:53:26 | 000,233,472 | ---- | M] () -- C:\Program Files\BitDefender\BitDefender 2009\ENU\seccenter.ui
MOD - [2009/03/27 15:25:28 | 000,438,272 | ---- | M] () -- C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
MOD - [2009/02/23 10:44:34 | 000,045,056 | ---- | M] () -- C:\Program Files\BitDefender\BitDefender 2009\actxcont.dll
MOD - [2008/12/20 03:20:50 | 000,063,304 | ---- | M] () -- C:\Program Files\Lenovo\Energy Management\KbdHook.dll
MOD - [2008/12/20 03:20:08 | 000,051,016 | ---- | M] () -- C:\Program Files\Lenovo\Energy Management\HookLib.dll
MOD - [2008/10/09 16:31:54 | 000,192,512 | ---- | M] () -- C:\Windows\System32\txmlutil.dll
MOD - [2006/03/27 04:51:00 | 000,208,896 | ---- | M] () -- C:\Program Files\UniKey\UniKey.exe
MOD - [2006/03/19 11:55:44 | 000,188,416 | ---- | M] () -- C:\Program Files\UniKey\UKHook40.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/06/05 13:08:32 | 000,419,096 | ---- | M] (BitDefender SRL) [Auto | Running] -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe -- (LIVESRV)
SRV - [2012/06/05 13:06:32 | 000,323,584 | ---- | M] (S.C. BitDefender S.R.L) [On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll -- (scan)
SRV - [2012/06/02 15:04:21 | 000,935,480 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe -- (vToolbarUpdater11.1.0)
SRV - [2012/05/11 19:56:54 | 000,105,288 | ---- | M] (SurfRight B.V.) [Auto | Running] -- C:\Program Files\HitmanPro\hmpsched.exe -- (HitmanProScheduler)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/03/07 07:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/02/25 01:36:12 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2012/02/16 16:17:19 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2012/01/03 20:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/10/14 17:28:32 | 000,250,368 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\DCService.exe -- (DCService.exe)
SRV - [2009/07/14 08:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 08:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/04/06 14:12:02 | 001,626,112 | ---- | M] (BitDefender S. R. L.) [Auto | Running] -- C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe -- (VSSERV)
SRV - [2008/11/10 03:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\xhunter1.sys -- (xhunter1)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\vtany.sys -- (vtany)
DRV - [2012/06/05 13:08:18 | 000,146,312 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\bdfm.sys -- (bdfm)
DRV - [2012/06/01 23:48:19 | 000,223,440 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\System32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2012/04/23 18:26:26 | 000,096,056 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\idmwfp.sys -- (IDMWFP)
DRV - [2012/04/19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/03/19 05:17:28 | 000,301,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/03/07 07:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/03/07 07:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/03/07 07:02:14 | 000,044,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2012/03/07 07:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/03/07 07:01:48 | 000,057,688 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/03/07 07:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/02/22 00:06:51 | 000,065,856 | ---- | M] (WinMount International Inc) [File_System | System | Running] -- C:\Windows\System32\drivers\WMDrive.sys -- (WMDrive)
DRV - [2012/01/05 06:01:54 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\taphss.sys -- (taphss)
DRV - [2011/07/22 11:28:26 | 000,145,496 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2010/09/27 19:58:36 | 000,106,880 | ---- | M] (MBB Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (mbbdatacard)
DRV - [2010/09/27 11:53:26 | 000,102,144 | ---- | M] (MBB Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_mbbusbdev.sys -- (ew_mbbusbdev)
DRV - [2010/07/13 17:56:36 | 000,065,640 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\itecir.sys -- (itecir)
DRV - [2009/11/27 16:51:02 | 009,794,568 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/09/15 19:40:18 | 006,114,816 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32) Intel®
DRV - [2009/09/03 10:16:14 | 000,021,256 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV - [2009/07/14 06:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/14 05:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel®
DRV - [2009/07/14 05:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink ™
DRV - [2009/06/27 04:25:12 | 000,066,080 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2009/04/06 16:44:58 | 000,266,376 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\bdfsfltr.sys -- (bdfsfltr)
DRV - [2009/01/12 12:27:58 | 000,008,832 | ---- | M] (BitDefender S.R.L.) [Kernel | On_Demand | Running] -- C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys -- (BDSelfPr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\prxtbHots.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...fr&d=2012-06-03 13:29:25&v=11.0.0.9&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=;ftp=;https=;

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..keyword.URL: "http://isearch.avg.c...4:23&sap=ku&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Administrator\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Administrator\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Administrator\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/06/02 15:00:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012/06/02 15:00:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.0.0.9\ [2012/06/03 13:29:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/06/03 13:41:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/04/19 22:51:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Administrator\AppData\Roaming\IDM\idmmzcc5 [2012/05/20 17:36:45 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Users\Administrator\AppData\Roaming\IDM\idmmzcc5 [2012/05/20 17:36:45 | 000,000,000 | ---D | M]

[2012/02/23 18:16:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Extensions
[2012/06/03 13:10:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\fmtdcq7g.default\extensions
[2012/03/06 19:21:47 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\fmtdcq7g.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/05/30 17:21:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/06/03 13:41:26 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012/06/02 15:00:12 | 000,000,000 | ---D | M] (AVG Do Not Track) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX\DONOTTRACK
[2012/06/02 15:00:12 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX4
[2012/06/03 13:29:36 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\11.0.0.9\
[2012/06/02 15:04:35 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\11.1.0.7
() (No name found) -- C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FMTDCQ7G.DEFAULT\EXTENSIONS\[email protected]
[2012/02/09 04:00:28 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/02/09 01:37:51 | 000,005,480 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\5giay.xml
[2012/06/03 13:29:17 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/02/09 01:37:51 | 000,001,937 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\baambootratuav.xml
[2012/02/09 01:37:51 | 000,003,220 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\muare.xml
[2012/02/09 01:37:51 | 000,001,296 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-vi.xml
[2012/02/09 01:37:51 | 000,002,435 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\zing-mp3.xml

========== Chrome ==========

CHR - default_search_provider: AVG Secure Search (Enabled)
CHR - default_search_provider: search_url = http://isearch.avg.c...fr&d=2012-06-03 13:29:25&v=11.0.0.9&sap=dsp&q={searchTerms}
CHR - default_search_provider: suggest_url = http://clients5.goog...outputEncoding}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Administrator\AppData\Local\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Administrator\AppData\Local\Google\Chrome\Application\19.0.1084.52\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Administrator\AppData\Local\Google\Chrome\Application\19.0.1084.52\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Administrator\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\Administrator\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
CHR - Extension: YouTube = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: avast! WebRep = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\
CHR - Extension: AVG Safe Search = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\
CHR - Extension: Skype Click to Call = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\
CHR - Extension: AVG Do Not Track = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\
CHR - Extension: Gmail = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/05/20 17:36:42 | 000,001,205 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 validation.sls.microsoft.com
O1 - Hosts: 127.0.0.1 www.tonec.com
O1 - Hosts: 127.0.0.1 www.registeridm.com
O1 - Hosts: 127.0.0.1 secure.registeridm.com
O1 - Hosts: 127.0.0.1 www.internetdownloadmanager.com
O1 - Hosts: 127.0.0.1 secure.internetdownloadmanager.com
O1 - Hosts: 127.0.0.1 mirror.internetdownloadmanager.com
O1 - Hosts: 127.0.0.1 mirror2.internetdownloadmanager.com
O1 - Hosts: 127.0.0.1 mirror3.internetdownloadmanager.com
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Hotspot Shield Toolbar) - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\prxtbHots.dll (Conduit Ltd.)
O2 - BHO: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Hotspot Shield Toolbar) - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\prxtbHots.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Yahoo! Thanh công cụ) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Hotspot Shield Toolbar) - {C95A4E8E-816D-4655-8C79-D736DA1ADB6D} - C:\Program Files\Hotspot_Shield\prxtbHots.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BDAgent] C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [Energy Management] C:\Program Files\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4 - HKLM..\Run: [EnergyUtility] C:\Program Files\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2A6ADD5C-88AE-430F-A885-7FAEB28354B6}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2A6ADD5C-88AE-430F-A885-7FAEB28354B6}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C08805AF-6762-4657-BF31-62B5C4B5CF1F}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 04:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{6fdf9a4c-a452-11e1-9fb8-00269e936751}\Shell - "" = AutoRun
O33 - MountPoints2\{6fdf9a4c-a452-11e1-9fb8-00269e936751}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{6fdf9a5d-a452-11e1-9fb8-00269e936751}\Shell - "" = AutoRun
O33 - MountPoints2\{6fdf9a5d-a452-11e1-9fb8-00269e936751}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/04 22:37:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BitDefender 2009
[2012/06/04 22:37:14 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\BitDefender
[2012/06/04 22:36:15 | 000,000,000 | ---D | C] -- C:\ProgramData\BitDefender
[2012/06/04 22:36:15 | 000,000,000 | ---D | C] -- C:\Program Files\BitDefender
[2012/06/04 22:34:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\BitDefender
[2012/06/04 22:25:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/06/04 22:25:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/06/04 22:25:36 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/06/04 22:25:36 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/06/03 20:26:37 | 000,088,632 | ---- | C] (Infowatch) -- C:\Windows\System32\drivers\CSCrySec.sys
[2012/06/03 20:26:37 | 000,039,352 | ---- | C] (Infowatch) -- C:\Windows\System32\drivers\CSVirtualDiskDrv.sys
[2012/06/03 13:42:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/06/03 13:42:24 | 000,337,880 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012/06/03 13:42:24 | 000,020,696 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012/06/03 13:42:16 | 000,044,376 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2012/06/03 13:42:10 | 000,053,848 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012/06/03 13:42:06 | 000,612,184 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012/06/03 13:42:05 | 000,057,688 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012/06/03 13:40:57 | 000,201,352 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012/06/03 13:40:57 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/06/03 13:29:21 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2012/06/03 13:08:57 | 000,000,000 | ---D | C] -- C:\ProgramData\PlatinumHideIP
[2012/06/03 13:08:55 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\PlatinumHideIP
[2012/06/03 13:08:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Platinum Hide IP
[2012/06/03 13:08:44 | 000,000,000 | ---D | C] -- C:\Program Files\PlatinumHideIP
[2012/06/03 11:20:17 | 000,000,000 | -H-D | C] -- C:\Windows\PIF
[2012/06/03 11:18:11 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Malwarebytes
[2012/06/03 09:33:56 | 000,000,000 | --SD | C] -- C:\Users\Administrator\Documents\Passwords Database
[2012/06/03 03:43:22 | 000,000,000 | R--D | C] -- C:\Backup
[2012/06/03 02:36:18 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2012/06/03 02:35:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012/06/02 15:28:07 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\AVG
[2012/06/02 15:27:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011
[2012/06/02 15:05:19 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\AVG2012
[2012/06/02 15:04:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/06/02 00:44:16 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\AVG Secure Search
[2012/06/02 00:43:25 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2012/06/02 00:43:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2012/06/02 00:35:34 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/06/02 00:35:06 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/06/02 00:35:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2012/06/02 00:32:56 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/06/02 00:31:07 | 000,000,000 | -H-D | C] -- C:\$AVG
[2012/06/02 00:31:06 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2012/06/02 00:30:01 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2012/06/02 00:17:55 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012/06/01 23:49:35 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\TrueCrypt
[2012/06/01 23:48:28 | 000,000,000 | ---D | C] -- C:\ProgramData\TrueCrypt
[2012/06/01 23:48:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrueCrypt
[2012/06/01 23:48:19 | 000,223,440 | ---- | C] (TrueCrypt Foundation) -- C:\Windows\System32\drivers\truecrypt.sys
[2012/06/01 23:48:00 | 000,000,000 | ---D | C] -- C:\Program Files\TrueCrypt
[2012/05/30 23:46:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pixlr
[2012/05/23 04:14:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\D-com 3G
[2012/05/23 04:14:27 | 000,860,928 | ---- | C] (DiBcom SA) -- C:\Windows\System32\drivers\mod7700.sys
[2012/05/23 04:14:27 | 000,208,896 | ---- | C] (MBB Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbnet.sys
[2012/05/23 04:14:27 | 000,106,880 | ---- | C] (MBB Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbmdm.sys
[2012/05/23 04:14:27 | 000,027,136 | ---- | C] (MBB Tech. Co., Ltd.) -- C:\Windows\System32\drivers\ewdcsc.sys
[2012/05/23 04:14:27 | 000,011,648 | ---- | C] (MBB Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_usbenumfilter.sys
[2012/05/23 04:14:13 | 000,102,144 | ---- | C] (MBB Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_mbbusbdev.sys
[2012/05/23 04:13:29 | 000,000,000 | ---D | C] -- C:\Program Files\D-com 3G
[2012/05/23 04:13:20 | 000,000,000 | ---D | C] -- C:\InstallC112
[2012/05/23 04:13:15 | 000,000,000 | ---D | C] -- C:\ProgramData\DatacardService
[2012/05/21 17:45:07 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\Corel VideoStudio
[2012/05/21 17:38:11 | 000,000,000 | ---D | C] -- C:\Program Files\Corel
[2012/05/21 17:38:04 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\InstallShield
[2012/05/20 17:36:42 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\IDM
[2012/05/20 17:36:41 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
[2012/05/12 17:25:35 | 003,902,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012/05/12 17:25:34 | 003,958,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012/05/12 17:25:33 | 002,342,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/05/12 17:25:29 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012/05/12 17:25:28 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2012/05/12 17:25:28 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2012/05/12 17:25:28 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2012/05/12 17:25:28 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll

========== Files - Modified Within 30 Days ==========

[2012/06/06 23:11:00 | 000,000,988 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3884192660-1188798769-3266166625-1000UA.job
[2012/06/06 23:01:02 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3884192660-1188798769-3266166625-500UA.job
[2012/06/06 22:28:38 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/06 22:28:38 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/06 22:21:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/06 22:21:04 | 1606,369,280 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/06 12:38:12 | 000,081,984 | ---- | M] () -- C:\Windows\System32\bdod.bin
[2012/06/05 14:11:00 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3884192660-1188798769-3266166625-1000Core.job
[2012/06/05 13:08:18 | 000,146,312 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Windows\System32\drivers\bdfm.sys
[2012/06/05 12:35:43 | 000,000,850 | ---- | M] () -- C:\Windows\System32\ProductTweaks.xml
[2012/06/05 12:35:43 | 000,000,385 | ---- | M] () -- C:\Windows\System32\user_gensett.xml
[2012/06/04 22:37:15 | 000,002,096 | ---- | M] () -- C:\Users\Public\Desktop\BitDefender Free Edition 2009.lnk
[2012/06/04 22:25:38 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/03 20:01:28 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/06/03 16:49:13 | 000,141,824 | ---- | M] () -- C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/06/03 16:42:52 | 000,618,912 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/06/03 16:42:52 | 000,107,232 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/06/03 13:42:25 | 000,001,994 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/06/03 13:08:50 | 000,001,037 | ---- | M] () -- C:\Users\Public\Desktop\Platinum Hide IP.lnk
[2012/06/03 03:43:25 | 000,017,408 | ---- | M] () -- C:\Users\Administrator\AppData\Local\WebpageIcons.db
[2012/06/02 15:27:03 | 000,001,124 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\AVG PC Tuneup 2011.lnk
[2012/06/02 15:27:03 | 000,001,100 | ---- | M] () -- C:\Users\Administrator\Desktop\AVG PC Tuneup 2011.lnk
[2012/06/02 15:06:26 | 000,034,814 | ---- | M] () -- C:\Users\Administrator\AppData\Local\dt.dat
[2012/06/02 15:04:39 | 000,000,935 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/06/01 23:48:28 | 000,001,028 | ---- | M] () -- C:\Users\Public\Desktop\TrueCrypt.lnk
[2012/06/01 23:48:19 | 000,223,440 | ---- | M] (TrueCrypt Foundation) -- C:\Windows\System32\drivers\truecrypt.sys
[2012/06/01 07:01:00 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3884192660-1188798769-3266166625-500Core.job
[2012/05/30 23:46:27 | 000,000,985 | ---- | M] () -- C:\Users\Public\Desktop\Pixlr-o-matic.lnk
[2012/05/24 09:03:19 | 000,002,399 | ---- | M] () -- C:\Users\Administrator\Desktop\Google Chrome.lnk
[2012/05/23 04:14:41 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\D-com 3G.lnk
[2012/05/21 18:25:52 | 002,217,968 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/05/20 17:36:42 | 000,001,205 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/05/20 17:36:42 | 000,000,979 | ---- | M] () -- C:\Users\Administrator\Desktop\Internet Download Manager.lnk

========== Files Created - No Company Name ==========

[2012/06/05 13:08:46 | 000,081,984 | ---- | C] () -- C:\Windows\System32\bdod.bin
[2012/06/05 12:35:43 | 000,000,850 | ---- | C] () -- C:\Windows\System32\ProductTweaks.xml
[2012/06/05 12:35:43 | 000,000,385 | ---- | C] () -- C:\Windows\System32\user_gensett.xml
[2012/06/04 22:37:15 | 000,002,096 | ---- | C] () -- C:\Users\Public\Desktop\BitDefender Free Edition 2009.lnk
[2012/06/04 22:25:38 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/03 13:42:25 | 000,001,994 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/06/03 13:08:50 | 000,001,037 | ---- | C] () -- C:\Users\Public\Desktop\Platinum Hide IP.lnk
[2012/06/03 03:43:23 | 000,017,408 | ---- | C] () -- C:\Users\Administrator\AppData\Local\WebpageIcons.db
[2012/06/02 15:27:03 | 000,001,124 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\AVG PC Tuneup 2011.lnk
[2012/06/02 15:27:03 | 000,001,100 | ---- | C] () -- C:\Users\Administrator\Desktop\AVG PC Tuneup 2011.lnk
[2012/06/02 15:06:26 | 000,034,814 | ---- | C] () -- C:\Users\Administrator\AppData\Local\dt.dat
[2012/06/02 15:04:39 | 000,000,935 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/06/01 23:48:28 | 000,001,028 | ---- | C] () -- C:\Users\Public\Desktop\TrueCrypt.lnk
[2012/05/23 04:14:41 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\D-com 3G.lnk
[2012/05/03 12:59:48 | 000,151,560 | ---- | C] () -- C:\Windows\System32\SARCheck.dll
[2012/02/23 18:16:45 | 000,141,824 | ---- | C] () -- C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/16 14:31:25 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2012/02/16 14:31:24 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2012/02/16 14:31:24 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2012/02/16 14:31:24 | 000,074,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2012/02/16 14:31:24 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:905844AA
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:661DFA1C

< End of report >
  • 0

Advertisements

#2
maliprog
Posted 11 June 2012 - 02:48 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello lyo laine and welcome to my office here at G2G! :)

My nick is maliprog and I'll be your technical support on this issue. Before we start please read my notes carefully:

NOTE:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
  • You must reply within 3 days or your topic will be closed


Can you please provide me more details. How do you know they see every picture/movie/website that you see? Any specific details about it can help me.

Step 1

You have more than one antivirus programs on your PC.

AVG, BitDefender and AVAST

Please leave only one antivirus protection on your system and remove all other.

Anti-Virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

If you choose to install more than one Anti-Virus program on your computer, then only one of them should be active in memory at a time.

Step 2

IMPORTANT I notice there are signs of P2P (Person to Person) File Sharing Programs on your computer.

I would ask that you uninstall uTorrent.

Here is a good reason to remove them:

P2P programmes form a direct conduit onto your computer, their security measures are easily circumvented, and Malware writers are increasingly exploiting them to spread their wares onto your computer. Further to that, if your P2P programme is not configured correctly you may be sharing more files than you realise. There have been cases where people's Passwords, Address Books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured programme.

Step 3

Please download WVCheck from Artellos.com.
  • Double click WVCheck.exe. (If you downloaded the zipped version you will need to extract it.)
  • As indicated by the prompt, This program can take a while depending on your hard drive space.
  • Once the program is done, copy the contents of the notepad file as a reply.

Step 4

NOTE: This fix is custom made for this system only and for current system state! Don't try to run it on another system!

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\xhunter1.sys -- (xhunter1)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\vtany.sys -- (vtany)
    IE - HKLM\..\URLSearchHook: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\prxtbHots.dll (Conduit Ltd.)
    O33 - MountPoints2\{6fdf9a4c-a452-11e1-9fb8-00269e936751}\Shell - "" = AutoRun
    O33 - MountPoints2\{6fdf9a4c-a452-11e1-9fb8-00269e936751}\Shell\AutoRun\command - "" = G:\AutoRun.exe
    O33 - MountPoints2\{6fdf9a5d-a452-11e1-9fb8-00269e936751}\Shell - "" = AutoRun
    O33 - MountPoints2\{6fdf9a5d-a452-11e1-9fb8-00269e936751}\Shell\AutoRun\command - "" = G:\AutoRun.exe
    O33 - MountPoints2\G\Shell - "" = AutoRun
    O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles


Step 5

Download GMER from Here. Note the file's name and save it to your root folder, such as C:.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "No", save the log and post back the results.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

Step 6

Please don't forget to include these items in your reply:

  • WVCheck log
  • OTL fix log
  • GMER log
It would be helpful if you could post each log in separate post using "Add Reply" button
  • 0

#3
lyo laine
Posted 14 June 2012 - 08:48 AM

lyo laine

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Thank you for your help. Here's the logs:
1. WVCheck log:
Windows Validation Check
Version: 1.9.12.5
Log Created On: 1741_11-06-2012
-----------------------

Windows Information
-----------------------
Windows Version: Windows 7
Windows Mode: Normal
Systemroot Path: C:\Windows

WVCheck's Auto Update Check
-----------------------
Auto-Update Option: Download updates and install them automatically.
-----------------------
Last Success Time for Update Detection: 2012-06-11 06:42:04
Last Success Time for Update Download: 2012-06-04 05:00:03
Last Success Time for Update Installation: 2012-06-04 06:06:25


WVCheck's Registry Check Check
-----------------------
Antiwpa: Not Found
-----------------------
Chew7Hale: Not Found
-----------------------


WVCheck's File Dump
-----------------------
C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7601.17514_none_0158f3ee01978c1f\slwga.dll
Size: 14336 bytes
Creation; 25/2/2012 22:51:25
Modification; 20/11/2010 19:21:24
MD5; 19f75d71e4256f5113d64ce2bb66b838
Matched: slwga.dll
-----------------------
C:\Windows\System32\slwga.dll
Size: 14336 bytes
Creation; 24/2/2012 23:43:38
Modification; 21/12/2010 12:38:16
MD5; 2008845b41d561fb77b77bbe0045099e
Matched: slwga.dll
-----------------------
C:\Windows\winsxs\x86_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7600.16385_none_ff27e02604a90885\slwga.dll
Size: 13824 bytes
Creation; 14/7/2009 6:36:22
Modification; 14/7/2009 8:16:15
MD5; 01fe4bdd0b47a7d8bf34d78d2bc23ddb
Matched: slwga.dll
-----------------------
C:\Windows\winsxs\x86_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7600.16723_none_ff66c6b2047a22cd\slwga.dll
Size: 14336 bytes
Creation; 24/2/2012 23:43:38
Modification; 21/12/2010 12:38:16
MD5; 2008845b41d561fb77b77bbe0045099e
Matched: slwga.dll
-----------------------
C:\Windows\winsxs\x86_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7600.20862_none_ffc423831db91904\slwga.dll
Size: 14336 bytes
Creation; 24/2/2012 23:43:38
Modification; 21/12/2010 12:29:6
MD5; 2332de32759ebcc691850e092b2564a6
Matched: slwga.dll
-----------------------
C:\Windows.old\Windows\System32\slwga.dll
Size: 14336 bytes
Creation; 11/12/2010 1:15:59
Modification; 11/12/2010 1:15:59
MD5; 19f75d71e4256f5113d64ce2bb66b838
Matched: slwga.dll
-----------------------
C:\Windows.old\Windows\winsxs\x86_microsoft-windows-security-spp-wga_31bf3856ad364e35_7.1.7601.17514_none_f2c970338c7e34ee\slwga.dll
Size: 14336 bytes
Creation; 11/12/2010 1:15:59
Modification; 11/12/2010 1:15:59
MD5; 19f75d71e4256f5113d64ce2bb66b838
Matched: slwga.dll
-----------------------


WVCheck's Dir Dump
-----------------------
WVCheck found no known bad directories.


WVCheck's Missing File Check
-----------------------
WVCheck found no missing Windows files.


WVCheck's MBAM Quarantine Check
-----------------------
There were no bad files quarantined by MBAM.


WVCheck's HOSTS File Check
-----------------------
WVCheck found no bad lines in the hosts file.


WVCheck's MD5 Check
EXPERIMENTAL!!
-----------------------
user32.dll - 34b7e222e81fafa885f0c5f2cfa56861


-------- End of File, program close at 1747_11-06-2012 --------
  • 0

#4
lyo laine
Posted 14 June 2012 - 08:48 AM

lyo laine

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
2. OTL log:

========== OTL ==========
Error: No service named xhunter1 was found to stop!
Service\Driver key xhunter1 not found.
File C:\Windows\xhunter1.sys not found.
Error: No service named vtany was found to stop!
Service\Driver key vtany not found.
File C:\Windows\vtany.sys not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{c95a4e8e-816d-4655-8c79-d736da1adb6d} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\ deleted successfully.
C:\Program Files\Hotspot_Shield\prxtbHots.dll moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6fdf9a4c-a452-11e1-9fb8-00269e936751}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6fdf9a4c-a452-11e1-9fb8-00269e936751}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6fdf9a4c-a452-11e1-9fb8-00269e936751}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6fdf9a4c-a452-11e1-9fb8-00269e936751}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6fdf9a5d-a452-11e1-9fb8-00269e936751}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6fdf9a5d-a452-11e1-9fb8-00269e936751}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6fdf9a5d-a452-11e1-9fb8-00269e936751}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6fdf9a5d-a452-11e1-9fb8-00269e936751}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ not found.
File G:\AutoRun.exe not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
D:\SOFT\cmd.bat deleted successfully.
D:\SOFT\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.42.1 log created on 06112012_172102
  • 0

#5
lyo laine
Posted 14 June 2012 - 08:49 AM

lyo laine

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
3. GMER log:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-06-14 21:27:31
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 FUJITSU_MJA2320BH_G2 rev.0084001C
Running: 645bg38u.exe; Driver: C:\Users\ADMINI~1\AppData\Local\Temp\uwldapow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x8DC53DF8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x8DBB0A5A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0x8DC5485E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x8DC592E4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x8DC59330]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x8DC59422]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x8DC59252]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x8DC59374]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x8DC5929A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x8DC593DC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x8DC53E44]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x8DBB0B34]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x8DC53AD6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x8DC53E90]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x8DC56D1C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x8DC54B02]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x8DC5930E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x8DC59352]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x8DC59446]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x8DC59278]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x8DC593AE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x8DC592C2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x8DC59400]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x8DBB0CA0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x8DC549CE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x8DC53EDC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x8DC53F28]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x8DC53B46]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x8DC53CEA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x8DC53C92]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x8DC53D5A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwTerminateProcess [0x8DBB0D60]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x8DC53F74]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwWriteVirtualMemory [0x8DBB0BE0]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8DBC6D92]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwRollbackTransaction + 13E9 82E7A599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82E9F092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 214 82EA6864 4 Bytes [F8, 3D, C5, 8D]
.text ntkrnlpa.exe!RtlSidHashLookup + 23C 82EA688C 4 Bytes [5A, 0A, BB, 8D]
.text ntkrnlpa.exe!RtlSidHashLookup + 29C 82EA68EC 4 Bytes [5E, 48, C5, 8D]
.text ntkrnlpa.exe!RtlSidHashLookup + 2F0 82EA6940 8 Bytes [E4, 92, C5, 8D, 30, 93, C5, ...] {IN AL, 0x92; LDS ECX, DWORD [EBP-0x723a6cd0]}
.text ntkrnlpa.exe!RtlSidHashLookup + 2FC 82EA694C 4 Bytes [22, 94, C5, 8D]
.text ...
.text win32k.sys!EngMultiByteToUnicodeN + 7220 82869839 5 Bytes JMP 8DC57536 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngIsSemaphoreOwned + 8A2B 82880894 5 Bytes JMP 8DC5767C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngEraseSurface + 7E89 8289DC71 5 Bytes JMP 8DC5773C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngEraseSurface + C174 828A1F5C 5 Bytes JMP 8DC582EA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XFORMOBJ_iGetXform + 1C30 828B477D 5 Bytes JMP 8DC577FE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XFORMOBJ_iGetXform + 3330 828B5E7D 5 Bytes JMP 8DC56F84 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XFORMOBJ_iGetXform + 4035 828B6B82 5 Bytes JMP 8DC580BA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCTGetGammaTable + 6CB 828BB666 5 Bytes JMP 8DC5770C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCTGetGammaTable + 18AB 828BC846 5 Bytes JMP 8DC57562 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngAllocMem + 8FAF 828C7865 5 Bytes JMP 8DC57724 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_bEnum + 79A7 828D8DA0 5 Bytes JMP 8DC56FF4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_bEnum + 868E 828D9A87 5 Bytes JMP 8DC56E4E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_bEnum + 927E 828DA677 5 Bytes JMP 8DC57384 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateSemaphore + A65B 828F5509 5 Bytes JMP 8DC57F8C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateSemaphore + CA10 828F78BE 5 Bytes JMP 8DC56D52 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngBitBlt + 56E 82900F0D 5 Bytes JMP 8DC58036 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngBitBlt + 5230 82905BCF 5 Bytes JMP 8DC584F2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngLpkInstalled + 6119 82918F0A 5 Bytes JMP 8DC56E66 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngLpkInstalled + 11685 82924476 5 Bytes JMP 8DC5807C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngLpkInstalled + 1AEC6 8292DCB7 5 Bytes JMP 8DC59544 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!STROBJ_bEnum + 9A22 8294144E 5 Bytes JMP 8DC572E4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 26C1 8294952C 5 Bytes JMP 8DC583A8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_bPolyBezierTo + F8 8295CFB0 5 Bytes JMP 8DC571AC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngAcquireSemaphoreSharedNoWait + 1F5A 8296D315 5 Bytes JMP 8DC58450 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_vGetBounds + EB5 829971FF 5 Bytes JMP 8DC570B0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCTGetCurrentGamma + 1C88 8299B22A 5 Bytes JMP 8DC57104 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngSetPointerShape + B31 8299DD8B 5 Bytes JMP 8DC577E6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngSetPointerShape + C86 8299DEE0 5 Bytes JMP 8DC58232 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!CLIPOBJ_cEnumStart + 6DAE 829A6C85 5 Bytes JMP 8DC56F22 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!CLIPOBJ_cEnumStart + A4AD 829AA384 5 Bytes JMP 8DC57248 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text kernel32.dll!GetBinaryTypeW + 70 775478FC 1 Byte [62]

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\csrss.exe[440] kernel32.dll!GetBinaryTypeW + 70 775478FC 1 Byte [62]
.text C:\Windows\system32\wininit.exe[492] ntdll.dll!LdrUnloadDll 776EBD1F 5 Bytes JMP 000303FC
.text C:\Windows\system32\wininit.exe[492] ntdll.dll!LdrLoadDll 776EF425 5 Bytes JMP 000301F8
.text C:\Windows\system32\wininit.exe[492] kernel32.dll!GetBinaryTypeW + 70 775478FC 1 Byte [62]
.text C:\Windows\system32\wininit.exe[492] USER32.dll!UnhookWindowsHookEx 775CCC7B 5 Bytes JMP 00050A08
.text C:\Windows\system32\wininit.exe[492] USER32.dll!UnhookWinEvent 775CD924 5 Bytes JMP 000503FC
.text C:\Windows\system32\wininit.exe[492] USER32.dll!SetWindowsHookExW 775D210A 5 Bytes JMP 00050804
.text C:\Windows\system32\wininit.exe[492] USER32.dll!SetWinEventHook 775D507E 5 Bytes JMP 000501F8
.text C:\Windows\system32\wininit.exe[492] USER32.dll!SetWindowsHookExA 775F6DFA 5 Bytes JMP 00050600
.text C:\Windows\system32\csrss.exe[500] kernel32.dll!GetBinaryTypeW + 70 775478FC 1 Byte [62]
.text C:\Windows\system32\services.exe[540] ntdll.dll!LdrUnloadDll 776EBD1F 5 Bytes JMP 000A03FC
.text C:\Windows\system32\services.exe[540] ntdll.dll!LdrLoadDll 776EF425 5 Bytes JMP 000A01F8
.text C:\Windows\system32\services.exe[540] kernel32.dll!GetBinaryTypeW + 70 775478FC 1 Byte [62]
.text C:\Windows\system32\lsass.exe[556] ntdll.dll!LdrUnloadDll 776EBD1F 5 Bytes JMP 000603FC
.text C:\Windows\system32\lsass.exe[556] ntdll.dll!LdrLoadDll 776EF425 5 Bytes JMP 000601F8
.text C:\Windows\system32\lsass.exe[556] kernel32.dll!GetBinaryTypeW + 70 775478FC 1 Byte [62]
.text C:\Windows\system32\lsm.exe[564] ntdll.dll!LdrUnloadDll 776EBD1F 5 Bytes JMP 000603FC
.text C:\Windows\system32\lsm.exe[564] ntdll.dll!LdrLoadDll 776EF425 5 Bytes JMP 000601F8
.text C:\Windows\system32\lsm.exe[564] kernel32.dll!GetBinaryTypeW + 70 775478FC 1 Byte [62]
.text C:\Windows\system32\svchost.exe[684] ntdll.dll!LdrUnloadDll 776EBD1F 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[684] ntdll.dll!LdrLoadDll 776EF425 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[684] kernel32.dll!GetBinaryTypeW + 70 775478FC 1 Byte [62]
.text C:\Windows\system32\nvvsvc.exe[764] ntdll.dll!LdrUnloadDll 776EBD1F 5 Bytes JMP 001603FC
.text C:\Windows\system32\nvvsvc.exe[764] ntdll.dll!LdrLoadDll 776EF425 5 Bytes JMP 001601F8
.text C:\Windows\system32\nvvsvc.exe[764] kernel32.dll!GetBinaryTypeW + 70 775478FC 1 Byte [62]
.text C:\Windows\system32\nvvsvc.exe[764] USER32.dll!UnhookWindowsHookEx 775CCC7B 5 Bytes JMP 001F0A08
.text C:\Windows\system32\nvvsvc.exe[764] USER32.dll!UnhookWinEvent 775CD924 5 Bytes JMP 001F03FC
.text C:\Windows\system32\nvvsvc.exe[764] USER32.dll!SetWindowsHookExW 775D210A 5 Bytes JMP 001F0804
.text C:\Windows\system32\nvvsvc.exe[764] USER32.dll!SetWinEventHook 775D507E 5 Bytes JMP 001F01F8
.text C:\Windows\system32\nvvsvc.exe[764] USER32.dll!SetWindowsHookExA 775F6DFA 5 Bytes JMP 001F0600
.text C:\Windows\system32\svchost.exe[804] ntdll.dll!LdrUnloadDll 776EBD1F 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[804] ntdll.dll!LdrLoadDll 776EF425 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[804] kernel32.dll!GetBinaryTypeW + 70 775478FC 1 Byte [62]
.text C:\Windows\system32\svchost.exe[804] user32.dll!UnhookWindowsHookEx 775CCC7B 5 Bytes JMP 002D0A08
.text C:\Windows\system32\svchost.exe[804] user32.dll!UnhookWinEvent 775CD924 5 Bytes JMP 002D03FC
.text C:\Windows\system32\svchost.exe[804] user32.dll!SetWindowsHookExW 775D210A 5 Bytes JMP 002D0804
.text C:\Windows\system32\svchost.exe[804] user32.dll!SetWinEventHook 775D507E 5 Bytes JMP 002D01F8
.text C:\Windows\system32\svchost.exe[804] user32.dll!SetWindowsHookExA 775F6DFA 5 Bytes JMP 002D0600
.text C:\Windows\System32\svchost.exe[864] ntdll.dll!LdrUnloadDll 776EBD1F 5 Bytes JMP 000603FC
.text C:\Windows\System32\svchost.exe[864] ntdll.dll!LdrLoadDll 776EF425 5 Bytes JMP 000601F8
.text C:\Windows\System32\svchost.exe[864] kernel32.dll!GetBinaryTypeW + 70 775478FC 1 Byte [62]
.text C:\Windows\System32\svchost.exe[864] USER32.dll!UnhookWindowsHookEx 775CCC7B 5 Bytes JMP 00190A08
.text C:\Windows\System32\svchost.exe[864] USER32.dll!UnhookWinEvent 775CD924 5 Bytes JMP 001903FC
.text C:\Windows\System32\svchost.exe[864] USER32.dll!SetWindowsHookExW 775D210A 5 Bytes JMP 00190804
.text C:\Windows\System32\svchost.exe[864] USER32.dll!SetWinEventHook 775D507E 5 Bytes JMP 001901F8
.text C:\Windows\System32\svchost.exe[864] USER32.dll!SetWindowsHookExA 775F6DFA 5 Bytes JMP 00190600
.text C:\Windows\System32\svchost.exe[896] ntdll.dll!LdrUnloadDll 776EBD1F 5 Bytes JMP 000A03FC
.text C:\Windows\System32\svchost.exe[896] ntdll.dll!LdrLoadDll 776EF425 5 Bytes JMP 000A01F8
.text C:\Windows\System32\svchost.exe[896] kernel32.dll!GetBinaryTypeW + 70 775478FC 1 Byte [62]
.text C:\Windows\System32\svchost.exe[896] USER32.dll!UnhookWindowsHookEx 775CCC7B 5 Bytes JMP 00420A08
.text C:\Windows\System32\svchost.exe[896] USER32.dll!UnhookWinEvent 775CD924 5 Bytes JMP 004203FC
.text C:\Windows\System32\svchost.exe[896] USER32.dll!SetWindowsHookExW 775D210A 5 Bytes JMP 00420804
.text C:\Windows\System32\svchost.exe[896] USER32.dll!SetWinEventHook 775D507E 5 Bytes JMP 004201F8
.text C:\Windows\System32\svchost.exe[896] USER32.dll!SetWindowsHookExA 775F6DFA 5 Bytes JMP 00420600
.text C:\Windows\system32\svchost.exe[936] ntdll.dll!LdrUnloadDll 776EBD1F 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[936] ntdll.dll!LdrLoadDll 776EF425 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[936] kernel32.dll!GetBinaryTypeW + 70 775478FC 1 Byte [62]
.text C:\Windows\system32\svchost.exe[936] USER32.dll!UnhookWindowsHookEx 775CCC7B 5 Bytes JMP 00780A08
.text C:\Windows\system32\svchost.exe[936] USER32.dll!UnhookWinEvent 775CD924 5 Bytes JMP 007803FC
.text C:\Windows\system32\svchost.exe[936] USER32.dll!SetWindowsHookExW 775D210A 5 Bytes JMP 00780804
.text C:\Windows\system32\svchost.exe[936] USER32.dll!SetWinEventHook 775D507E 5 Bytes JMP 007801F8
.text C:\Windows\system32\svchost.exe[936] USER32.dll!SetWindowsHookExA 775F6DFA 5 Bytes JMP 00780600
.text C:\Windows\system32\svchost.exe[1040] ntdll.dll!LdrUnloadDll 776EBD1F 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[1040] ntdll.dll!LdrLoadDll 776EF425 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[1040] kernel32.dll!GetBinaryTypeW + 70 775478FC 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1040] USER32.dll!UnhookWindowsHookEx 775CCC7B 5 Bytes JMP 005B0A08
.text C:\Windows\system32\svchost.exe[1040] USER32.dll!UnhookWinEvent 775CD924 5 Bytes JMP 005B03FC
.text C:\Windows\system32\svchost.exe[1040] USER32.dll!SetWindowsHookExW 775D210A 5 Bytes JMP 005B0804
.text C:\Windows\system32\svchost.exe[1040] USER32.dll!SetWinEventHook 775D507E 5 Bytes JMP 005B01F8
.text C:\Windows\system32\svchost.exe[1040] USER32.dll!SetWindowsHookExA 775F6DFA 5 Bytes JMP 005B0600
.text C:\Program Files\HitmanPro\hmpsched.exe[1108] ntdll.dll!LdrUnloadDll 776EBD1F 5 Bytes JMP 001603FC
.text C:\Program Files\HitmanPro\hmpsched.exe[1108] ntdll.dll!LdrLoadDll 776EF425 5 Bytes JMP 001601F8
.text C:\Program Files\HitmanPro\hmpsched.exe[1108] kernel32.dll!GetBinaryTypeW + 70 775478FC 1 Byte [62]
.text C:\Program Files\HitmanPro\hmpsched.exe[1108] USER32.dll!UnhookWindowsHookEx 775CCC7B 5 Bytes JMP 00200A08
.text C:\Program Files\HitmanPro\hmpsched.exe[1108] USER32.dll!UnhookWinEvent 775CD924 5 Bytes JMP 002003FC
.text C:\Program Files\HitmanPro\hmpsched.exe[1108] USER32.dll!SetWindowsHookExW 775D210A 5 Bytes JMP 00200804
.text C:\Program Files\HitmanPro\hmpsched.exe[1108] USER32.dll!SetWinEventHook 775D507E 5 Bytes JMP 002001F8
.text C:\Program Files\HitmanPro\hmpsched.exe[1108] USER32.dll!SetWindowsHookExA 775F6DFA 5 Bytes JMP 00200600
.text C:\Windows\system32\svchost.exe[1140] ntdll.dll!LdrUnloadDll 776EBD1F 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[1140] ntdll.dll!LdrLoadDll 776EF425 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[1140] kernel32.dll!GetBinaryTypeW + 70 775478FC 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1140] USER32.dll!UnhookWindowsHookEx 775CCC7B 5 Bytes JMP 00670A08
.text C:\Windows\system32\svchost.exe[1140] USER32.dll!UnhookWinEvent 775CD924 5 Bytes JMP 006703FC
.text C:\Windows\system32\svchost.exe[1140] USER32.dll!SetWindowsHookExW 775D210A 5 Bytes JMP 00670804
.text C:\Windows\system32\svchost.exe[1140] USER32.dll!SetWinEventHook 775D507E 5 Bytes JMP 006701F8
.text C:\Windows\system32\svchost.exe[1140] USER32.dll!SetWindowsHookExA 775F6DFA 5 Bytes JMP 00670600
.text C:\645bg38u.exe[1188] kernel32.dll!GetBinaryTypeW + 70 775478FC 1 Byte [62]
.text C:\Windows\system32\winlogon.exe[1240] ntdll.dll!LdrUnloadDll 776EBD1F 5 Bytes JMP 000303FC
.text C:\Windows\system32\winlogon.exe[1240] ntdll.dll!LdrLoadDll 776EF425 5 Bytes JMP 000301F8
.text C:\Windows\system32\winlogon.exe[1240] kernel32.dll!GetBinaryTypeW + 70 775478FC 1 Byte [62]
.text C:\Windows\system32\winlogon.exe[1240] USER32.dll!UnhookWindowsHookEx 775CCC7B 5 Bytes JMP 000D0A08
.text C:\Windows\system32\winlogon.exe[1240] USER32.dll!UnhookWinEvent 775CD924 5 Bytes JMP 000D03FC
.text C:\Windows\system32\winlogon.exe[1240] USER32.dll!SetWindowsHookExW 775D210A 5 Bytes JMP 000D0804
.text C:\Windows\system32\winlogon.exe[1240] USER32.dll!SetWinEventHook 775D507E 5 Bytes JMP 000D01F8
.text C:\Windows\system32\winlogon.exe[1240] USER32.dll!SetWindowsHookExA 775F6DFA 5 Bytes JMP 000D0600
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1272] kernel32.dll!SetUnhandledExceptionFilter 775330E2 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1272] kernel32.dll!GetBinaryTypeW + 70 775478FC 1 Byte [62]
.text C:\Windows\System32\spoolsv.exe[1412] ntdll.dll!LdrUnloadDll 776EBD1F 5 Bytes JMP 000A03FC
.text C:\Windows\System32\spoolsv.exe[1412] ntdll.dll!LdrLoadDll 776EF425 5 Bytes JMP 000A01F8
.text C:\Windows\System32\spoolsv.exe[1412] kernel32.dll!GetBinaryTypeW + 70 775478FC 1 Byte [62]
.text C:\Windows\System32\spoolsv.exe[1412] USER32.dll!UnhookWindowsHookEx 775CCC7B 5 Bytes JMP 00140A08
.text C:\Windows\System32\spoolsv.exe[1412] USER32.dll!UnhookWinEvent 775CD924 5 Bytes JMP 001403FC
.text C:\Windows\System32\spoolsv.exe[1412] USER32.dll!SetWindowsHookExW 775D210A 5 Bytes JMP 00140804
.text C:\Windows\System32\spoolsv.exe[1412] USER32.dll!SetWinEventHook 775D507E 5 Bytes JMP 001401F8
.text C:\Windows\System32\spoolsv.exe[1412] USER32.dll!SetWindowsHookExA 775F6DFA 5 Bytes JMP 00140600
.text C:\Windows\system32\svchost.exe[1488] ntdll.dll!LdrUnloadDll 776EBD1F 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[1488] ntdll.dll!LdrLoadDll 776EF425 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[1488] kernel32.dll!GetBinaryTypeW + 70 775478FC 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1488] USER32.dll!UnhookWindowsHookEx 775CCC7B 5 Bytes JMP 004F0A08
.text C:\Windows\system32\svchost.exe[1488] USER32.dll!UnhookWinEvent 775CD924 5 Bytes JMP 004F03FC
.text C:\Windows\system32\svchost.exe[1488] USER32.dll!SetWindowsHookExW 775D210A 5 Bytes JMP 004F0804
.text C:\Windows\system32\svchost.exe[1488] USER32.dll!SetWinEventHook 775D507E 5 Bytes JMP 004F01F8
.text C:\Windows\system32\svchost.exe[1488] USER32.dll!SetWindowsHookExA 775F6DFA 5 Bytes JMP 004F0600
.text C:\Windows\system32\nvvsvc.exe[1500] ntdll.dll!LdrUnloadDll 776EBD1F 5 Bytes JMP 001603FC
.text C:\Windows\system32\nvvsvc.exe[1500] ntdll.dll!LdrLoadDll 776EF425 5 Bytes JMP 001601F8
.text C:\Windows\system32\nvvsvc.exe[1500] kernel32.dll!GetBinaryTypeW + 70 775478FC 1 Byte [62]
.text C:\Windows\system32\nvvsvc.exe[1500] USER32.dll!UnhookWindowsHookEx 775CCC7B 5 Bytes JMP 001F0A08
.text C:\Windows\system32\nvvsvc.exe[1500] USER32.dll!UnhookWinEvent 775CD924 5 Bytes JMP 001F03FC
.text C:\Windows\system32\nvvsvc.exe[1500] USER32.dll!SetWindowsHookExW 775D210A 5 Bytes JMP 001F0804
.text C:\Windows\system32\nvvsvc.exe[1500] USER32.dll!SetWinEventHook 775D507E 5 Bytes JMP 001F01F8
.text C:\Windows\system32\nvvsvc.exe[1500] USER32.dll!SetWindowsHookExA 775F6DFA 5 Bytes JMP 001F0600
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1632] ntdll.dll!LdrUnloadDll 776EBD1F 5 Bytes JMP 000703FC
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1632] ntdll.dll!LdrLoadDll 776EF425 5 Bytes JMP 000701F8
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1632] kernel32.dll!GetBinaryTypeW + 70 775478FC 1 Byte [62]
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1632] USER32.dll!UnhookWindowsHookEx 775CCC7B 5 Bytes JMP 00100A08
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1632] USER32.dll!UnhookWinEvent 775CD924 5 Bytes JMP 001003FC
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1632] USER32.dll!SetWindowsHookExW 775D210A 5 Bytes JMP 00100804
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1632] USER32.dll!SetWinEventHook 775D507E 5 Bytes JMP 001001F8
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1632] USER32.dll!SetWindowsHookExA 775F6DFA 5 Bytes JMP 00100600
.text C:\Program Files\Bonjour\mDNSResponder.exe[1664] ntdll.dll!LdrUnloadDll 776EBD1F 5 Bytes JMP 001503FC
.text C:\Program Files\Bonjour\mDNSResponder.exe[1664] ntdll.dll!LdrLoadDll 776EF425 5 Bytes JMP 001501F8
.text C:\Program Files\Bonjour\mDNSResponder.exe[1664] kernel32.dll!GetBinaryTypeW + 70 775478FC 1 Byte [62]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1664] USER32.dll!UnhookWindowsHookEx 775CCC7B 5 Bytes JMP 001E0A08
.text C:\Program Files\Bonjour\mDNSResponder.exe[1664] USER32.dll!UnhookWinEvent 775CD924 5 Bytes JMP 001E03FC
.text C:\Program Files\Bonjour\mDNSResponder.exe[1664] USER32.dll!SetWindowsHookExW 775D210A 5 Bytes JMP 001E0804
.text C:\Program Files\Bonjour\mDNSResponder.exe[1664] USER32.dll!SetWinEventHook 775D507E 5 Bytes JMP 001E01F8
.text C:\Program Files\Bonjour\mDNSResponder.exe[1664] USER32.dll!SetWindowsHookExA 775F6DFA 5 Bytes JMP 001E0600
.text C:\ProgramData\DatacardService\DCService.exe[1692] ntdll.dll!LdrUnloadDll 776EBD1F 5 Bytes JMP 001603FC
.text C:\ProgramData\DatacardService\DCService.exe[1692] ntdll.dll!LdrLoadDll 776EF425 5 Bytes JMP 001601F8
.text C:\ProgramData\DatacardService\DCService.exe[1692] kernel32.dll!GetBinaryTypeW + 70 775478FC 1 Byte [62]
.text C:\ProgramData\DatacardService\DCService.exe[1692] USER32.dll!UnhookWindowsHookEx 775CCC7B 5 Bytes JMP 001F0A08
.text C:\ProgramData\DatacardService\DCService.exe[1692] USER32.dll!UnhookWinEvent 775CD924 5 Bytes JMP 001F03FC
.text C:\ProgramData\DatacardService\DCService.exe[1692] USER32.dll!SetWindowsHookExW 775D210A 5 Bytes JMP 001F0804
.text C:\ProgramData\DatacardService\DCService.exe[1692] USER32.dll!SetWinEventHook 775D507E 5 Bytes JMP 001F01F8
.text C:\ProgramData\DatacardService\DCService.exe[1692] USER32.dll!SetWindowsHookExA 775F6DFA 5 Bytes JMP 001F0600
.text C:\Windows\system32\svchost.exe[1772] ntdll.dll!LdrUnloadDll 776EBD1F 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[1772] ntdll.dll!LdrLoadDll 776EF425 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[1772] kernel32.dll!GetBinaryTypeW + 70 775478FC 1 Byte [62]
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[1832] ntdll.dll!LdrUnloadDll 776EBD1F 5 Bytes JMP 001703FC
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[1832] ntdll.dll!LdrLoadDll 776EF425 5 Bytes JMP 001701F8
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[1832] kernel32.dll!GetBinaryTypeW + 70 775478FC 1 Byte [62]
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[1832] USER32.dll!UnhookWindowsHookEx 775CCC7B 5 Bytes JMP 00210A08
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[1832] USER32.dll!UnhookWinEvent 775CD924 5 Bytes JMP 002103FC
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[1832] USER32.dll!SetWindowsHookExW 775D210A 5 Bytes JMP 00210804
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[1832] USER32.dll!SetWinEventHook 775D507E 5 Bytes JMP 002101F8
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[1832] USER32.dll!SetWindowsHookExA 775F6DFA 5 Bytes JMP 00210600
.text C:\Windows\system32\wuauclt.exe[1928] ntdll.dll!LdrUnloadDll 776EBD1F 5 Bytes JMP 000803FC
.text C:\Windows\system32\wuauclt.exe[1928] ntdll.dll!LdrLoadDll 776EF425 5 Bytes JMP 000801F8
.text C:\Windows\system32\wuauclt.exe[1928] kernel32.dll!GetBinaryTypeW + 70 775478FC 1 Byte [62]
.text C:\Windows\system32\wuauclt.exe[1928] USER32.dll!UnhookWindowsHookEx 775CCC7B 5 Bytes JMP 00110A08
.text C:\Windows\system32\wuauclt.exe[1928] USER32.dll!UnhookWinEvent 775CD924 5 Bytes JMP 001103FC
.text C:\Windows\system32\wuauclt.exe[1928] USER32.dll!SetWindowsHookExW 775D210A 5 Bytes JMP 00110804
.text C:\Windows\system32\wuauclt.exe[1928] USER32.dll!SetWinEventHook 775D507E 5 Bytes JMP 001101F8
.text C:\Windows\system32\wuauclt.exe[1928] USER32.dll!SetWindowsHookExA 775F6DFA 5 Bytes JMP 00110600
.text C:\Windows\system32\ctfmon.exe[2068] kernel32.dll!GetBinaryTypeW + 70 775478FC 1 Byte [62]
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2120] ntdll.dll!LdrUnloadDll 776EBD1F 5 Bytes JMP 001603FC
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2120] ntdll.dll!LdrLoadDll 776EF425 5 Bytes JMP 001601F8
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2120] kernel32.dll!GetBinaryTypeW + 70 775478FC 1 Byte [62]
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2120] USER32.dll!UnhookWindowsHookEx 775CCC7B 5 Bytes JMP 00210A08
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2120] USER32.dll!UnhookWinEvent 775CD924 5 Bytes JMP 002103FC
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2120] USER32.dll!SetWindowsHookExW 775D210A 5 Bytes JMP 00210804
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2120] USER32.dll!SetWinEventHook 775D507E 5 Bytes JMP 002101F8
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2120] USER32.dll!SetWindowsHookExA 775F6DFA 5 Bytes JMP 00210600
.text C:\Windows\system32\Dwm.exe[2164] ntdll.dll!LdrUnloadDll 776EBD1F 5 Bytes JMP 000603FC
.text C:\Windows\system32\Dwm.exe[2164] ntdll.dll!LdrLoadDll 776EF425 5 Bytes JMP 000601F8
.text C:\Windows\system32\Dwm.exe[2164] kernel32.dll!GetBinaryTypeW + 70 775478FC 1 Byte [62]
.text C:\Windows\system32\Dwm.exe[2164] USER32.dll!UnhookWindowsHookEx 775CCC7B 5 Bytes JMP 00080A08
.text C:\Windows\system32\Dwm.exe[2164] USER32.dll!UnhookWinEvent 775CD924 5 Bytes JMP 000803FC
.text C:\Windows\system32\Dwm.exe[2164] USER32.dll!SetWindowsHookExW 775D210A 5 Bytes JMP 00080804
.text C:\Windows\system32\Dwm.exe[2164] USER32.dll!SetWinEventHook 775D507E 5 Bytes JMP 000801F8
.text C:\Windows\system32\Dwm.exe[2164] USER32.dll!SetWindowsHookExA 775F6DFA 5 Bytes JMP 00080600
.text C:\Windows\Explorer.EXE[2188] ntdll.dll!LdrUnloadDll 776EBD1F 5 Bytes JMP 000603FC
.text C:\Windows\Explorer.EXE[2188] ntdll.dll!LdrLoadDll 776EF425 5 Bytes JMP 000601F8
.text C:\Windows\Explorer.EXE[2188] kernel32.dll!GetBinaryTypeW + 70 775478FC 1 Byte [62]
.text C:\Windows\Explorer.EXE[2188] USER32.dll!UnhookWindowsHookEx 775CCC7B 5 Bytes JMP 00110A08
.text C:\Windows\Explorer.EXE[2188] USER32.dll!UnhookWinEvent 775CD924 5 Bytes JMP 001103FC
.text C:\Windows\Explorer.EXE[2188] USER32.dll!SetWindowsHookExW 775D210A 5 Bytes JMP 00110804
.text C:\Windows\Explorer.EXE[2188] USER32.dll!SetWinEventHook 775D507E 5 Bytes JMP 001101F8
.text C:\Windows\Explorer.EXE[2188] USER32.dll!SetWindowsHookExA 775F6DFA 5 Bytes JMP 00110600
.text C:\Windows\system32\taskhost.exe[2196] ntdll.dll!LdrUnloadDll 776EBD1F 5 Bytes JMP 000503FC
.text C:\Windows\system32\taskhost.exe[2196] ntdll.dll!LdrLoadDll 776EF425 5 Bytes JMP 000501F8
.text C:\Windows\system32\taskhost.exe[2196] kernel32.dll!GetBinaryTypeW + 70 775478FC 1 Byte [62]
.text C:\Windows\system32\taskhost.exe[2196] USER32.dll!UnhookWindowsHookEx 775CCC7B 5 Bytes JMP 00120A08
.text C:\Windows\system32\taskhost.exe[2196] USER32.dll!UnhookWinEvent 775CD924 5 Bytes JMP 001203FC
.text C:\Windows\system32\taskhost.exe[2196] USER32.dll!SetWindowsHookExW 775D210A 5 Bytes JMP 00120804
.text C:\Windows\system32\taskhost.exe[2196] USER32.dll!SetWinEventHook 775D507E 5 Bytes JMP 001201F8
.text C:\Windows\system32\taskhost.exe[2196] USER32.dll!SetWindowsHookExA 775F6DFA 5 Bytes JMP 00120600
.text C:\ProgramData\DatacardService\DCSHelper.exe[2300] ntdll.dll!LdrUnloadDll 776EBD1F 5 Bytes JMP 001603FC
.text C:\ProgramData\DatacardService\DCSHelper.exe[2300] ntdll.dll!LdrLoadDll 776EF425 5 Bytes JMP 001601F8
.text C:\ProgramData\DatacardService\DCSHelper.exe[2300] kernel32.dll!GetBinaryTypeW + 70 775478FC 1 Byte [62]
.text C:\ProgramData\DatacardService\DCSHelper.exe[2300] USER32.dll!UnhookWindowsHookEx 775CCC7B 5 Bytes JMP 001F0A08
.text C:\ProgramData\DatacardService\DCSHelper.exe[2300] USER32.dll!UnhookWinEvent 775CD924 5 Bytes JMP 001F03FC
.text C:\ProgramData\DatacardService\DCSHelper.exe[2300] USER32.dll!SetWindowsHookExW 775D210A 5 Bytes JMP 001F0804
.text C:\ProgramData\DatacardService\DCSHelper.exe[2300] USER32.dll!SetWinEventHook 775D507E 5 Bytes JMP 001F01F8
.text C:\ProgramData\DatacardService\DCSHelper.exe[2300] USER32.dll!SetWindowsHookExA 775F6DFA 5 Bytes JMP 001F0600
.text C:\Program Files\UniKey\UniKey.exe[2436] ntdll.dll!LdrUnloadDll 776EBD1F 5 Bytes JMP 000A03FC
.text C:\Program Files\UniKey\UniKey.exe[2436] ntdll.dll!LdrLoadDll 776EF425 5 Bytes JMP 000A01F8
.text C:\Program Files\UniKey\UniKey.exe[2436] kernel32.dll!GetBinaryTypeW + 70 775478FC 1 Byte [62]
.text C:\Program Files\UniKey\UniKey.exe[2436] USER32.dll!UnhookWindowsHookEx 775CCC7B 5 Bytes JMP 00140A08
.text C:\Program Files\UniKey\UniKey.exe[2436] USER32.dll!UnhookWinEvent 775CD924 5 Bytes JMP 001403FC
.text C:\Program Files\UniKey\UniKey.exe[2436] USER32.dll!SetWindowsHookExW 775D210A 5 Bytes JMP 00140804
.text C:\Program Files\UniKey\UniKey.exe[2436] USER32.dll!SetWinEventHook 775D507E 5 Bytes JMP 001401F8
.text C:\Program Files\UniKey\UniKey.exe[2436] USER32.dll!SetWindowsHookExA 775F6DFA 5 Bytes JMP 00140600
.text C:\Program Files\Lenovo\Energy Management\utility.exe[2568] ntdll.dll!LdrUnloadDll 776EBD1F 5 Bytes JMP 001603FC
.text C:\Program Files\Lenovo\Energy Management\utility.exe[2568] ntdll.dll!LdrLoadDll 776EF425 5 Bytes JMP 001601F8
.text C:\Program Files\Lenovo\Energy Management\utility.exe[2568] kernel32.dll!GetBinaryTypeW + 70 775478FC 1 Byte [62]
.text C:\Program Files\Lenovo\Energy Management\utility.exe[2568] USER32.dll!UnhookWindowsHookEx 775CCC7B 5 Bytes JMP 001F0A08
.text C:\Program Files\Lenovo\Energy Management\utility.exe[2568] USER32.dll!UnhookWinEvent 775CD924 5 Bytes JMP 001F03FC
.text C:\Program Files\Lenovo\Energy Management\utility.exe[2568] USER32.dll!SetWindowsHookExW 775D210A 5 Bytes JMP 001F0804
.text C:\Program Files\Lenovo\Energy Management\utility.exe[2568] USER32.dll!SetWinEventHook 775D507E 5 Bytes JMP 001F01F8
.text C:\Program Files\Lenovo\Energy Management\utility.exe[2568] USER32.dll!SetWindowsHookExA 775F6DFA 5 Bytes JMP 001F0600
.text C:\Program Files\Lenovo\Energy Management\Energy Management.exe[2580] ntdll.dll!LdrUnloadDll 776EBD1F 5 Bytes JMP 001603FC
.text C:\Program Files\Lenovo\Energy Management\Energy Management.exe[2580] ntdll.dll!LdrLoadDll 776EF425 5 Bytes JMP 001601F8
.text C:\Program Files\Lenovo\Energy Management\Energy Management.exe[2580] kernel32.dll!GetBinaryTypeW + 70 775478FC 1 Byte [62]
.text C:\Program Files\Lenovo\Energy Management\Energy Management.exe[2580] USER32.dll!UnhookWindowsHookEx 775CCC7B 5 Bytes JMP 002F0A08
.text C:\Program Files\Lenovo\Energy Management\Energy Management.exe[2580] USER32.dll!UnhookWinEvent 775CD924 5 Bytes JMP 002F03FC
.text C:\Program Files\Lenovo\Energy Management\Energy Management.exe[2580] USER32.dll!SetWindowsHookExW 775D210A 5 Bytes JMP 002F0804
.text C:\Program Files\Lenovo\Energy Management\Energy Management.exe[2580] USER32.dll!SetWinEventHook 775D507E 5 Bytes JMP 002F01F8
.text C:\Program Files\Lenovo\Energy Management\Energy Management.exe[2580] USER32.dll!SetWindowsHookExA 775F6DFA 5 Bytes JMP 002F0600
.text C:\Program Files\Ask.com\Updater\Updater.exe[2608] ntdll.dll!LdrUnloadDll 776EBD1F 5 Bytes JMP 000703FC
.text C:\Program Files\Ask.com\Updater\Updater.exe[2608] ntdll.dll!LdrLoadDll 776EF425 5 Bytes JMP 000701F8
.text C:\Program Files\Ask.com\Updater\Updater.exe[2608] kernel32.dll!GetBinaryTypeW + 70 775478FC 1 Byte [62]
.text C:\Program Files\Ask.com\Updater\Updater.exe[2608] USER32.dll!UnhookWindowsHookEx 775CCC7B 5 Bytes JMP 00100A08
.text C:\Program Files\Ask.com\Updater\Updater.exe[2608] USER32.dll!UnhookWinEvent 775CD924 5 Bytes JMP 001003FC
.text C:\Program Files\Ask.com\Updater\Updater.exe[2608] USER32.dll!SetWindowsHookExW 775D210A 5 Bytes JMP 00100804
.text C:\Program Files\Ask.com\Updater\Updater.exe[2608] USER32.dll!SetWinEventHook 775D507E 5 Bytes JMP 001001F8
.text C:\Program Files\Ask.com\Updater\Updater.exe[2608] USER32.dll!SetWindowsHookExA 775F6DFA 5 Bytes JMP 00100600
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2628] ntdll.dll!LdrUnloadDll 776EBD1F 5 Bytes JMP 001603FC
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2628] ntdll.dll!LdrLoadDll 776EF425 5 Bytes JMP 001601F8
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2628] kernel32.dll!GetBinaryTypeW + 70 775478FC 1 Byte [62]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2628] USER32.dll!UnhookWindowsHookEx 775CCC7B 5 Bytes JMP 00210A08
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2628] USER32.dll!UnhookWinEvent 775CD924 5 Bytes JMP 002103FC
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2628] USER32.dll!SetWindowsHookExW 775D210A 5 Bytes JMP 00210804
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2628] USER32.dll!SetWinEventHook 775D507E 5 Bytes JMP 002101F8
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2628] USER32.dll!SetWindowsHookExA 775F6DFA 5 Bytes JMP 00210600
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2648] kernel32.dll!GetBinaryTypeW + 70 775478FC 1 Byte [62]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2692] ntdll.dll!LdrUnloadDll 776EBD1F 5 Bytes JMP 000603FC
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2692] ntdll.dll!LdrLoadDll 776EF425 5 Bytes JMP 000601F8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2692] kernel32.dll!GetBinaryTypeW + 70 775478FC 1 Byte [62]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2692] USER32.dll!UnhookWindowsHookEx 775CCC7B 5 Bytes JMP 00210A08
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2692] USER32.dll!UnhookWinEvent 775CD924 5 Bytes JMP 002103FC
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2692] USER32.dll!SetWindowsHookExW 775D210A 5 Bytes JMP 00210804
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2692] USER32.dll!SetWinEventHook 775D507E 5 Bytes JMP 002101F8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2692] USER32.dll!SetWindowsHookExA 775F6DFA 5 Bytes JMP 00210600
.text C:\Program Files\Internet Download Manager\IDMan.exe[2792] ntdll.dll!LdrUnloadDll 776EBD1F 5 Bytes JMP 001603FC
.text C:\Program Files\Internet Download Manager\IDMan.exe[2792] ntdll.dll!LdrLoadDll 776EF425 5 Bytes JMP 001601F8
.text C:\Program Files\Internet Download Manager\IDMan.exe[2792] kernel32.dll!GetBinaryTypeW + 70 775478FC 1 Byte [62]
.text C:\Program Files\Internet Download Manager\IDMan.exe[2792] USER32.dll!UnhookWindowsHookEx 775CCC7B 5 Bytes JMP 001F0A08
.text C:\Program Files\Internet Download Manager\IDMan.exe[2792] USER32.dll!UnhookWinEvent 775CD924 5 Bytes JMP 001F03FC
.text C:\Program Files\Internet Download Manager\IDMan.exe[2792] USER32.dll!SetWindowsHookExW 775D210A 5 Bytes JMP 001F0804
.text C:\Program Files\Internet Download Manager\IDMan.exe[2792] USER32.dll!SetWinEventHook 775D507E 5 Bytes JMP 001F01F8
.text C:\Program Files\Internet Download Manager\IDMan.exe[2792] USER32.dll!SetWindowsHookExA 775F6DFA 5 Bytes JMP 001F0600
.text C:\Program Files\Windows Sidebar\sidebar.exe[2804] ntdll.dll!LdrUnloadDll 776EBD1F 5 Bytes JMP 000603FC
.text C:\Program Files\Windows Sidebar\sidebar.exe[2804] ntdll.dll!LdrLoadDll 776EF425 5 Bytes JMP 000601F8
.text C:\Program Files\Windows Sidebar\sidebar.exe[2804] kernel32.dll!GetBinaryTypeW + 70 775478FC 1 Byte [62]
.text C:\Program Files\Windows Sidebar\sidebar.exe[2804] USER32.dll!UnhookWindowsHookEx 775CCC7B 5 Bytes JMP 00110A08
.text C:\Program Files\Windows Sidebar\sidebar.exe[2804] USER32.dll!UnhookWinEvent 775CD924 5 Bytes JMP 001103FC
.text C:\Program Files\Windows Sidebar\sidebar.exe[2804] USER32.dll!SetWindowsHookExW 775D210A 5 Bytes JMP 00110804
.text C:\Program Files\Windows Sidebar\sidebar.exe[2804] USER32.dll!SetWinEventHook 775D507E 5 Bytes JMP 001101F8
.text C:\Program Files\Windows Sidebar\sidebar.exe[2804] USER32.dll!SetWindowsHookExA 775F6DFA 5 Bytes JMP 00110600
.text C:\Windows\system32\svchost.exe[3016] ntdll.dll!LdrUnloadDll 776EBD1F 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[3016] ntdll.dll!LdrLoadDll 776EF425 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[3016] kernel32.dll!GetBinaryTypeW + 70 775478FC 1 Byte [62]
.text C:\Program Files\Internet Download Manager\IEMonitor.exe[3052] ntdll.dll!LdrUnloadDll 776EBD1F 5 Bytes JMP 001603FC
.text C:\Program Files\Internet Download Manager\IEMonitor.exe[3052] ntdll.dll!LdrLoadDll 776EF425 5 Bytes JMP 001601F8
.text C:\Program Files\Internet Download Manager\IEMonitor.exe[3052] kernel32.dll!GetBinaryTypeW + 70 775478FC 1 Byte [62]
.text C:\Program Files\Internet Download Manager\IEMonitor.exe[3052] USER32.dll!UnhookWindowsHookEx 775CCC7B 5 Bytes JMP 001F0A08
.text C:\Program Files\Internet Download Manager\IEMonitor.exe[3052] USER32.dll!UnhookWinEvent 775CD924 5 Bytes JMP 001F03FC
.text C:\Program Files\Internet Download Manager\IEMonitor.exe[3052] USER32.dll!SetWindowsHookExW 775D210A 5 Bytes JMP 001F0804
.text C:\Program Files\Internet Download Manager\IEMonitor.exe[3052] USER32.dll!SetWinEventHook 775D507E 5 Bytes JMP 001F01F8
.text C:\Program Files\Internet Download Manager\IEMonitor.exe[3052] USER32.dll!SetWindowsHookExA 775F6DFA 5 Bytes JMP 001F0600
.text C:\Windows\system32\SearchIndexer.exe[3164] ntdll.dll!LdrUnloadDll 776EBD1F 5 Bytes JMP 000603FC
.text C:\Windows\system32\SearchIndexer.exe[3164] ntdll.dll!LdrLoadDll 776EF425 5 Bytes JMP 000601F8
.text C:\Windows\system32\SearchIndexer.exe[3164] kernel32.dll!GetBinaryTypeW + 70 775478FC 1 Byte [62]
.text C:\Windows\system32\SearchIndexer.exe[3164] USER32.dll!UnhookWindowsHookEx 775CCC7B 5 Bytes JMP 00140A08
.text C:\Windows\system32\SearchIndexer.exe[3164] USER32.dll!UnhookWinEvent 775CD924 5 Bytes JMP 001403FC
.text C:\Windows\system32\SearchIndexer.exe[3164] USER32.dll!SetWindowsHookExW 775D210A 5 Bytes JMP 00140804
.text C:\Windows\system32\SearchIndexer.exe[3164] USER32.dll!SetWinEventHook 775D507E 5 Bytes JMP 001401F8
.text C:\Windows\system32\SearchIndexer.exe[3164] USER32.dll!SetWindowsHookExA 775F6DFA 5 Bytes JMP 00140600
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3316] ntdll.dll!LdrUnloadDll 776EBD1F 5 Bytes JMP 000603FC
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3316] ntdll.dll!LdrLoadDll 776EF425 5 Bytes JMP 000601F8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3316] kernel32.dll!GetBinaryTypeW + 70 775478FC 1 Byte [62]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3316] USER32.dll!UnhookWindowsHookEx 775CCC7B 5 Bytes JMP 00120A08
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3316] USER32.dll!UnhookWinEvent 775CD924 5 Bytes JMP 001203FC
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3316] USER32.dll!SetWindowsHookExW 775D210A 5 Bytes JMP 00120804
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3316] USER32.dll!SetWinEventHook 775D507E 5 Bytes JMP 001201F8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3316] USER32.dll!SetWindowsHookExA 775F6DFA 5 Bytes JMP 00120600
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3608] ntdll.dll!LdrUnloadDll 776EBD1F 5 Bytes JMP 000603FC
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3608] ntdll.dll!LdrLoadDll 776EF425 5 Bytes JMP 000601F8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3608] kernel32.dll!GetBinaryTypeW + 70 775478FC 1 Byte [62]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3608] USER32.dll!UnhookWindowsHookEx 775CCC7B 5 Bytes JMP 00090A08
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3608] USER32.dll!UnhookWinEvent 775CD924 5 Bytes JMP 000903FC
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3608] USER32.dll!SetWindowsHookExW 775D210A 5 Bytes JMP 00090804
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3608] USER32.dll!SetWinEventHook 775D507E 5 Bytes JMP 000901F8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3608] USER32.dll!SetWindowsHookExA 775F6DFA 5 Bytes JMP 00090600
.text C:\Windows\System32\svchost.exe[3916] ntdll.dll!LdrUnloadDll 776EBD1F 5 Bytes JMP 000603FC
.text C:\Windows\System32\svchost.exe[3916] ntdll.dll!LdrLoadDll 776EF425 5 Bytes JMP 000601F8
.text C:\Windows\System32\svchost.exe[3916] kernel32.dll!GetBinaryTypeW + 70 775478FC 1 Byte [62]
.text C:\Windows\System32\svchost.exe[3916] USER32.dll!UnhookWindowsHookEx 775CCC7B 5 Bytes JMP 00270A08
.text C:\Windows\System32\svchost.exe[3916] USER32.dll!UnhookWinEvent 775CD924 5 Bytes JMP 002703FC
.text C:\Windows\System32\svchost.exe[3916] USER32.dll!SetWindowsHookExW 775D210A 5 Bytes JMP 00270804
.text C:\Windows\System32\svchost.exe[3916] USER32.dll!SetWinEventHook 775D507E 5 Bytes JMP 002701F8
.text C:\Windows\System32\svchost.exe[3916] USER32.dll!SetWindowsHookExA 775F6DFA 5 Bytes JMP 00270600

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1272] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [740FF6A0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software)
IAT C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[1832] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75735E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[1832] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75735E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[1832] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75735E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[1832] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75735E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[1832] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [75735E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[1832] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75735E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[1832] @ C:\Windows\system32\secur32.dll [KERNEL32.dll!GetProcAddress] [75735E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2120] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [61347917] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2120] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [61347849] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2120] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [61347889] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2120] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [613470AD] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2120] @ C:\Windows\system32\USER32.dll [GDI32.dll!GetStockObject] [6134649C] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2120] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [61347917] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2120] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExA] [613478C9] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2120] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [613470AD] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2120] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [61347889] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2120] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [61347889] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2120] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [61347849] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2120] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [61347917] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2120] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [613470AD] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2120] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [613478C9] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2120] @ C:\Windows\system32\SHLWAPI.dll [GDI32.dll!GetStockObject] [6134649C] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2120] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [613463D7] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2120] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [61346CC4] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2120] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [61346CC4] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2120] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetSysColorBrush] [613464A2] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2120] @ C:\Windows\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [61346306] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2120] @ C:\Windows\system32\SHELL32.dll [USER32.dll!TrackPopupMenuEx] [61346344] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2120] @ C:\Windows\system32\SHELL32.dll [USER32.dll!AnimateWindow] [61346537] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2120] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetSysColor] [613463D7] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2120] @ C:\Windows\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [61346CC4] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2120] @ C:\Windows\system32\SHELL32.dll [GDI32.dll!GetStockObject] [6134649C] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2120] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [61347849] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2120] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [61347889] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2120] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!CreateFileA] [61346622] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2120] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!CreateFileW] [6134657C] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\AVAST Software\Avast\AvastUI.exe[2648] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [740FF6A0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
Device \Driver\ACPI_HAL \Device\00000045 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0c6076c9e623
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0c6076c9e623 (not active ControlSet)
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Superfetch@VirtualStoreSize 928

---- EOF - GMER 1.0.15 ----
  • 0

#6
lyo laine
Posted 14 June 2012 - 08:54 AM

lyo laine

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
And about how I know they knew every thing I do, I have a hobby of modelling and photography, and my pictures and everything I was working on got leaked out even though I'm the one keeping the memory cards all the time and I did not upload them anywhere, every conversation between me and my friends on yahoo and skypee also got leaked out.
  • 0

#7
maliprog
Posted 14 June 2012 - 02:33 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
OK. Let's see what else is hiding on your system.

Step 1

Download Virus Removal Tool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Posted Image

Allow Virus Removal Tool to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post


Step 2

Please don't forget to include these items in your reply:

  • VRT log
It would be helpful if you could post each log in separate post using "Add Reply" button
  • 0

#8
maliprog
Posted 18 June 2012 - 02:59 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Are you still with me? Did you manage to do VRT scan?
  • 0

#9
maliprog
Posted 19 June 2012 - 10:53 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP