Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93117 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Slow PC, hangs during reboot


  • This topic is locked This topic is locked
6 replies to this topic

#1 ladyixnay

ladyixnay

    Authentic Member

  • Authentic Member
  • PipPip
  • 87 posts

Posted 05 October 2011 - 09:11 PM

PC running slowly, and when I try to restart my pc it hangs on the intel screen and I end up having to hold the power button to shut down. When I shut down it restarts fine. Posting a couple logs and if you can let me know it something is wrong it would be much appreciated, thanks :-) DDS (Ver_10-12-12.02) - NTFSx86 Run by Amy at 23:05:58.93 on Wed 10/05/2011 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2046.1250 [GMT -4:00] AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Alwil Software\Avast5\AvastSvc.exe C:\Program Files\Sprint\Sprint SmartView\SprintSV.exe C:\Program Files\Sprint\Sprint SmartView\RDVCHG.exe C:\Program Files\Alwil Software\Avast5\AvastUI.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\AWS\WeatherBug\Weather.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\taskhost.exe C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\SearchIndexer.exe C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\System32\alg.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\WUDFHost.exe C:\Program Files\Sprint\Sprint SmartView\SwiApiMuxCdma.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe C:\Windows\system32\ctfmon.exe C:\Program Files\MSBuild\Mozilla Firefox\firefox.exe C:\Program Files\MSBuild\Mozilla Firefox\plugin-container.exe C:\Users\Amy\Desktop\AMY\SCANS\dds.scr C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uStart Page = hxxp://amyost.homestead.com/ BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1 mRun: [Sprint SmartView] "c:\program files\sprint\sprint smartview\SprintSV.exe" -a mRun: [RDVCHG] "c:\program files\sprint\sprint smartview\RDVCHG.exe" mRun: [avast] "c:\program files\alwil software\avast5\avastUI.exe" /nogui mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe" mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: &Add animation to IncrediMail Style Box - c:\program files\incredimail\bin\resources\WebMenuImg.htm IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: {28AB4157-57D1-4951-820D-BE2B23AC05C4} = 68.28.154.91 68.28.146.91 ============= SERVICES / DRIVERS =============== R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-2-27 442200] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-11-26 320856] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656] R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128] R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-11-26 20568] R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-11-26 54616] R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2011-9-7 44768] R2 NvtlService;NovaCore SDK Service;c:\program files\novatel wireless\novacore\server\NvtlSrvr.exe [2010-1-11 82944] R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-7-17 2214504] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-9-28 315392] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-8-7 136176] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] S3 CASprint;Sprint Con App Svc;c:\program files\sprint\sprint smartview\ConAppsSvc.exe [2010-12-15 124224] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-8-7 136176] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-5-20 15872] S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-5-20 52224] S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-11-22 1343400] S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520] =============== Created Last 30 ================ ==================== Find3M ==================== 2011-09-25 00:18:36 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-09-06 20:45:29 41184 ----a-w- c:\windows\avastSS.scr ============= FINISH: 23:07:03.37 ===============

    Advertisements

Register to Remove


#2 patndoris

patndoris

    SuperMember

  • Malware Team
  • 2,593 posts

Posted 09 October 2011 - 06:34 PM

Hello and Posted Image

My name is patndoris. I will be glad to take a look at your log and help you with solving any malware problems. It will be very helpful if you follow these guidelines:
  • Malware logs are often lengthy and can take a lot of time to research and interpret. Please be patient while I review your logs.
  • Please note that there is no "Quick Fix" to modern malware infections and we may need to use several different approaches to get your system clean.
  • Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • Please follow my instructions carefully and in the order they are posted. You may also find it helpful to print out the instructions you receive.
  • Please do not run any scans or install/uninstall any applications or delete anything without being directed to do so.
  • Remember, absence of symptoms does not mean the infection is all gone. Please stick with me till you're given the "all clear".
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • Please reply within 3 days. If I do not hear back from you in that time frame, I will post a reminder for you. Topics with no reply in 4 days are closed!



Download and Run GMER

Posted Image
Download GMER Rootkit Scanner from here or here.
  • Extract the contents of the zipped file to desktop.
  • Right-click and choose Run as Administrator on GMER.exe. If asked to allow gmer.sys driver to load, please consent .
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.

    Posted Image
    Click the image to enlarge it
  • In the right panel, you will see several boxes that may have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one - make sure it is UNCHECKED)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop, and attach it in your reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries





This scan make take awhile depending on how many items are on the computer. You may want to run it at a time you won't be needing the machine. It should be run from IE and I'd recommend not doing anything else while it's running.


http://www.eset.eu/online-scanner
Go here to run an online scannner from ESET.
Click the green ESET Online Scanner button.
Read the End User License Agreement and check the box: YES, I accept the Terms of Use.
Click on the Start button next to it.
You may receive an alert on the address bar that "This site might require the following ActiveX control...Click here to install...". Click on that alert and then click Insall ActiveX component.
A new window will appear asking "Do you want to install this software?"".
Answer Yes to download and install the ActiveX controls that allows the scan to run.
Click Start.
Uncheck Remove found threats.
Click Scan to begin.
If offered the option to get information or buy software. Just close the window.
Wait for the scan to finish
Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
Copy and paste that log as a reply to this topic.
~Doris~

Proud Graduate of the WTT Classroom
Member of UNITE

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online. http://www.whatthetech.com/donate

#3 ladyixnay

ladyixnay

    Authentic Member

  • Authentic Member
  • PipPip
  • 87 posts

Posted 12 October 2011 - 10:43 AM

Eset appears to be clean.

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=5696fc29e0b347458e1d1a81b1f0ea4c
# end=stopped
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-10-12 04:02:06
# local_time=2011-10-12 12:02:06 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=768 16777215 100 0 26690148 26690148 0 0
# compatibility_mode=1024 16777215 100 0 26607851 26607851 0 0
# compatibility_mode=5893 16776574 100 94 11576482 69935124 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=28649
# found=0
# cleaned=0
# scan_time=1793
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=5696fc29e0b347458e1d1a81b1f0ea4c
# end=stopped
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-10-12 05:06:03
# local_time=2011-10-12 01:06:03 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=768 16777215 100 0 26692327 26692327 0 0
# compatibility_mode=1024 16777215 100 0 26613630 26613630 0 0
# compatibility_mode=5893 16776574 100 94 11578661 69937303 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=28633
# found=0
# cleaned=0
# scan_time=3451
ESETSmartInstaller@High as downloader log:
Can not read file from internet.ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=5696fc29e0b347458e1d1a81b1f0ea4c
# end=stopped
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-10-12 05:11:54
# local_time=2011-10-12 01:11:54 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=768 16777215 100 0 26696129 26696129 0 0
# compatibility_mode=1024 16777215 100 0 26613832 26613832 0 0
# compatibility_mode=5893 16776574 100 94 11582463 69941105 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=26
# found=0
# cleaned=0
# scan_time=20
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=5696fc29e0b347458e1d1a81b1f0ea4c
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-10-12 06:52:55
# local_time=2011-10-12 02:52:55 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=768 16777215 100 0 26696349 26696349 0 0
# compatibility_mode=1024 16777215 100 0 26614052 26614052 0 0
# compatibility_mode=5893 16776574 100 94 11582683 69941325 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=106371
# found=0
# cleaned=0
# scan_time=5840


GMER...

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-10-11 07:27:57
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T1L0-5 WDC_WD800JD-00LSA0 rev.06.01D06
Running: gmer.exe; Driver: C:\Users\Amy\AppData\Local\Temp\uwldrpow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x8E835374]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x8EF552B8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x8E837996]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x8E8379EE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x8E837B04]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x8E8378EC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x8E837A3E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x8E837940]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x8E837AB2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x8E835398]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x8EF55368]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x8E835162]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x8E8353BC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x8E837EFC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x8E835E54]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x8E8379C6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x8E837A16]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x8E837B2E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x8E837918]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x8E837A7E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x8E83796E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x8E837ADC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x8EF55400]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x8E835D1A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x8E8353E0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x8E835404]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x8E8351BC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x8E8352F8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x8E8352D4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x8E83531C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x8E835428]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8EF6A9A6]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKey + 13D1 83A42349 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 83A7BD52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10CB 83A82D80 4 Bytes [74, 53, 83, 8E]
.text ntkrnlpa.exe!KeRemoveQueueEx + 10F3 83A82DA8 4 Bytes [B8, 52, F5, 8E]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11A7 83A82E5C 8 Bytes [96, 79, 83, 8E, EE, 79, 83, ...]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11B3 83A82E68 4 Bytes [04, 7B, 83, 8E]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11CF 83A82E84 4 Bytes [EC, 78, 83, 8E]
.text ...
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 83C0FBE8 5 Bytes JMP 8EF663DE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject + 27 83C281B8 5 Bytes JMP 8EF67E9C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108 83C3D2FF 4 Bytes CALL 8E8364C5 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122 83C570D1 4 Bytes CALL 8E8364DB \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 83CE0F10 7 Bytes JMP 8EF6A9AA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text kernel32.dll!GetBinaryTypeW + 70 773D69F4 1 Byte [62]
.text user32.dll!UnhookWindowsHookEx 7703ADF9 5 Bytes [E9, 0A, 5C, 1E, 89] {JMP 0xffffffff891e5c0f}
.text user32.dll!UnhookWinEvent 7703B750 5 Bytes [E9, A7, 4C, 1E, 89] {JMP 0xffffffff891e4cac}
.text user32.dll!SetWindowsHookExW 7703E30C 5 Bytes [E9, F3, 24, 1E, 89] {JMP 0xffffffff891e24f8}
.text user32.dll!SetWinEventHook 770424DC 5 Bytes [E9, 17, DD, 1D, 89] {JMP 0xffffffff891ddd1c}
.text user32.dll!SetWindowsHookExA 77066D0C 5 Bytes [E9, EF, 98, 1B, 89] {JMP 0xffffffff891b98f4}

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[112] ntdll.dll!LdrUnloadDll 77CCC8DE 5 Bytes JMP 001703FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[112] ntdll.dll!LdrLoadDll 77CD22B8 5 Bytes JMP 001701F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[112] kernel32.dll!GetBinaryTypeW + 70 773D69F4 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[112] USER32.dll!UnhookWindowsHookEx 7703ADF9 5 Bytes JMP 00210A08
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[112] USER32.dll!UnhookWinEvent 7703B750 5 Bytes JMP 002103FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[112] USER32.dll!SetWindowsHookExW 7703E30C 5 Bytes JMP 00210804
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[112] USER32.dll!SetWinEventHook 770424DC 5 Bytes JMP 002101F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[112] USER32.dll!SetWindowsHookExA 77066D0C 5 Bytes JMP 00210600
.text C:\Program Files\AWS\WeatherBug\Weather.exe[336] ntdll.dll!LdrUnloadDll 77CCC8DE 5 Bytes JMP 001503FC
.text C:\Program Files\AWS\WeatherBug\Weather.exe[336] ntdll.dll!LdrLoadDll 77CD22B8 5 Bytes JMP 001501F8
.text C:\Program Files\AWS\WeatherBug\Weather.exe[336] kernel32.dll!GetBinaryTypeW + 70 773D69F4 1 Byte [62]
.text C:\Program Files\AWS\WeatherBug\Weather.exe[336] USER32.dll!UnhookWindowsHookEx 7703ADF9 5 Bytes JMP 001E0A08
.text C:\Program Files\AWS\WeatherBug\Weather.exe[336] USER32.dll!UnhookWinEvent 7703B750 5 Bytes JMP 001E03FC
.text C:\Program Files\AWS\WeatherBug\Weather.exe[336] USER32.dll!SetWindowsHookExW 7703E30C 5 Bytes JMP 001E0804
.text C:\Program Files\AWS\WeatherBug\Weather.exe[336] USER32.dll!SetWinEventHook 770424DC 5 Bytes JMP 001E01F8
.text C:\Program Files\AWS\WeatherBug\Weather.exe[336] USER32.dll!SetWindowsHookExA 77066D0C 5 Bytes JMP 001E0600
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[344] ntdll.dll!LdrUnloadDll 77CCC8DE 5 Bytes JMP 001603FC
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[344] ntdll.dll!LdrLoadDll 77CD22B8 5 Bytes JMP 001601F8
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[344] kernel32.dll!GetBinaryTypeW + 70 773D69F4 1 Byte [62]
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[344] USER32.dll!UnhookWindowsHookEx 7703ADF9 5 Bytes JMP 00190A08
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[344] USER32.dll!UnhookWinEvent 7703B750 5 Bytes JMP 001903FC
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[344] USER32.dll!SetWindowsHookExW 7703E30C 5 Bytes JMP 00190804
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[344] USER32.dll!SetWinEventHook 770424DC 5 Bytes JMP 001901F8
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[344] USER32.dll!SetWindowsHookExA 77066D0C 5 Bytes JMP 00190600
.text C:\Windows\system32\csrss.exe[392] kernel32.dll!GetBinaryTypeW + 70 773D69F4 1 Byte [62]
.text C:\Windows\system32\wininit.exe[448] ntdll.dll!LdrUnloadDll 77CCC8DE 5 Bytes JMP 000303FC
.text C:\Windows\system32\wininit.exe[448] ntdll.dll!LdrLoadDll 77CD22B8 5 Bytes JMP 000301F8
.text C:\Windows\system32\wininit.exe[448] kernel32.dll!GetBinaryTypeW + 70 773D69F4 1 Byte [62]
.text C:\Windows\system32\wininit.exe[448] USER32.dll!UnhookWindowsHookEx 7703ADF9 5 Bytes JMP 00100A08
.text C:\Windows\system32\wininit.exe[448] USER32.dll!UnhookWinEvent 7703B750 5 Bytes JMP 001003FC
.text C:\Windows\system32\wininit.exe[448] USER32.dll!SetWindowsHookExW 7703E30C 5 Bytes JMP 00100804
.text C:\Windows\system32\wininit.exe[448] USER32.dll!SetWinEventHook 770424DC 5 Bytes JMP 001001F8
.text C:\Windows\system32\wininit.exe[448] USER32.dll!SetWindowsHookExA 77066D0C 5 Bytes JMP 00100600
.text C:\Windows\system32\csrss.exe[460] kernel32.dll!GetBinaryTypeW + 70 773D69F4 1 Byte [62]
.text C:\Users\Amy\Desktop\gmer\gmer.exe[472] ntdll.dll!LdrUnloadDll 77CCC8DE 5 Bytes JMP 001603FC
.text C:\Users\Amy\Desktop\gmer\gmer.exe[472] ntdll.dll!LdrLoadDll 77CD22B8 5 Bytes JMP 001601F8
.text C:\Users\Amy\Desktop\gmer\gmer.exe[472] kernel32.dll!GetBinaryTypeW + 70 773D69F4 1 Byte [62]
.text C:\Users\Amy\Desktop\gmer\gmer.exe[472] USER32.dll!UnhookWindowsHookEx 7703ADF9 5 Bytes JMP 00220A08
.text C:\Users\Amy\Desktop\gmer\gmer.exe[472] USER32.dll!UnhookWinEvent 7703B750 5 Bytes JMP 002203FC
.text C:\Users\Amy\Desktop\gmer\gmer.exe[472] USER32.dll!SetWindowsHookExW 7703E30C 5 Bytes JMP 00220804
.text C:\Users\Amy\Desktop\gmer\gmer.exe[472] USER32.dll!SetWinEventHook 770424DC 5 Bytes JMP 002201F8
.text C:\Users\Amy\Desktop\gmer\gmer.exe[472] USER32.dll!SetWindowsHookExA 77066D0C 5 Bytes JMP 00220600
.text C:\Windows\system32\services.exe[496] ntdll.dll!LdrUnloadDll 77CCC8DE 5 Bytes JMP 000603FC
.text C:\Windows\system32\services.exe[496] ntdll.dll!LdrLoadDll 77CD22B8 5 Bytes JMP 000601F8
.text C:\Windows\system32\services.exe[496] kernel32.dll!GetBinaryTypeW + 70 773D69F4 1 Byte [62]
.text C:\Windows\system32\lsass.exe[516] ntdll.dll!LdrUnloadDll 77CCC8DE 5 Bytes JMP 000603FC
.text C:\Windows\system32\lsass.exe[516] ntdll.dll!LdrLoadDll 77CD22B8 5 Bytes JMP 000601F8
.text C:\Windows\system32\lsass.exe[516] kernel32.dll!GetBinaryTypeW + 70 773D69F4 1 Byte [62]
.text C:\Windows\system32\lsm.exe[528] ntdll.dll!LdrUnloadDll 77CCC8DE 5 Bytes JMP 000A03FC
.text C:\Windows\system32\lsm.exe[528] ntdll.dll!LdrLoadDll 77CD22B8 5 Bytes JMP 000A01F8
.text C:\Windows\system32\lsm.exe[528] kernel32.dll!GetBinaryTypeW + 70 773D69F4 1 Byte [62]
.text C:\Windows\system32\winlogon.exe[568] ntdll.dll!LdrUnloadDll 77CCC8DE 5 Bytes JMP 000303FC
.text C:\Windows\system32\winlogon.exe[568] ntdll.dll!LdrLoadDll 77CD22B8 5 Bytes JMP 000301F8
.text C:\Windows\system32\winlogon.exe[568] kernel32.dll!GetBinaryTypeW + 70 773D69F4 1 Byte [62]
.text C:\Windows\system32\winlogon.exe[568] USER32.dll!UnhookWindowsHookEx 7703ADF9 5 Bytes JMP 00050A08
.text C:\Windows\system32\winlogon.exe[568] USER32.dll!UnhookWinEvent 7703B750 5 Bytes JMP 000503FC
.text C:\Windows\system32\winlogon.exe[568] USER32.dll!SetWindowsHookExW 7703E30C 5 Bytes JMP 00050804
.text C:\Windows\system32\winlogon.exe[568] USER32.dll!SetWinEventHook 770424DC 5 Bytes JMP 000501F8
.text C:\Windows\system32\winlogon.exe[568] USER32.dll!SetWindowsHookExA 77066D0C 5 Bytes JMP 00050600
.text C:\Windows\system32\svchost.exe[684] ntdll.dll!LdrUnloadDll 77CCC8DE 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[684] ntdll.dll!LdrLoadDll 77CD22B8 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[684] kernel32.dll!GetBinaryTypeW + 70 773D69F4 1 Byte [62]
.text C:\Windows\system32\nvvsvc.exe[772] ntdll.dll!LdrUnloadDll 77CCC8DE 5 Bytes JMP 001603FC
.text C:\Windows\system32\nvvsvc.exe[772] ntdll.dll!LdrLoadDll 77CD22B8 5 Bytes JMP 001601F8
.text C:\Windows\system32\nvvsvc.exe[772] kernel32.dll!GetBinaryTypeW + 70 773D69F4 1 Byte [62]
.text C:\Windows\system32\nvvsvc.exe[772] USER32.dll!UnhookWindowsHookEx 7703ADF9 5 Bytes JMP 001F0A08
.text C:\Windows\system32\nvvsvc.exe[772] USER32.dll!UnhookWinEvent 7703B750 5 Bytes JMP 001F03FC
.text C:\Windows\system32\nvvsvc.exe[772] USER32.dll!SetWindowsHookExW 7703E30C 5 Bytes JMP 001F0804
.text C:\Windows\system32\nvvsvc.exe[772] USER32.dll!SetWinEventHook 770424DC 5 Bytes JMP 001F01F8
.text C:\Windows\system32\nvvsvc.exe[772] USER32.dll!SetWindowsHookExA 77066D0C 5 Bytes JMP 001F0600
.text C:\Windows\system32\svchost.exe[808] ntdll.dll!LdrUnloadDll 77CCC8DE 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[808] ntdll.dll!LdrLoadDll 77CD22B8 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[808] kernel32.dll!GetBinaryTypeW + 70 773D69F4 1 Byte [62]
.text C:\Windows\System32\svchost.exe[880] ntdll.dll!LdrUnloadDll 77CCC8DE 5 Bytes JMP 000603FC
.text C:\Windows\System32\svchost.exe[880] ntdll.dll!LdrLoadDll 77CD22B8 5 Bytes JMP 000601F8
.text C:\Windows\System32\svchost.exe[880] kernel32.dll!GetBinaryTypeW + 70 773D69F4 1 Byte [62]
.text C:\Windows\System32\svchost.exe[880] USER32.dll!UnhookWindowsHookEx 7703ADF9 5 Bytes JMP 00200A08
.text C:\Windows\System32\svchost.exe[880] USER32.dll!UnhookWinEvent 7703B750 5 Bytes JMP 002003FC
.text C:\Windows\System32\svchost.exe[880] USER32.dll!SetWindowsHookExW 7703E30C 5 Bytes JMP 00200804
.text C:\Windows\System32\svchost.exe[880] USER32.dll!SetWinEventHook 770424DC 5 Bytes JMP 002001F8
.text C:\Windows\System32\svchost.exe[880] USER32.dll!SetWindowsHookExA 77066D0C 5 Bytes JMP 00200600
.text C:\Windows\System32\svchost.exe[952] ntdll.dll!LdrUnloadDll 77CCC8DE 5 Bytes JMP 000A03FC
.text C:\Windows\System32\svchost.exe[952] ntdll.dll!LdrLoadDll 77CD22B8 5 Bytes JMP 000A01F8
.text C:\Windows\System32\svchost.exe[952] kernel32.dll!GetBinaryTypeW + 70 773D69F4 1 Byte [62]
.text C:\Windows\System32\svchost.exe[952] USER32.dll!UnhookWindowsHookEx 7703ADF9 5 Bytes JMP 00360A08
.text C:\Windows\System32\svchost.exe[952] USER32.dll!UnhookWinEvent 7703B750 5 Bytes JMP 003603FC
.text C:\Windows\System32\svchost.exe[952] USER32.dll!SetWindowsHookExW 7703E30C 5 Bytes JMP 00360804
.text C:\Windows\System32\svchost.exe[952] USER32.dll!SetWinEventHook 770424DC 5 Bytes JMP 003601F8
.text C:\Windows\System32\svchost.exe[952] USER32.dll!SetWindowsHookExA 77066D0C 5 Bytes JMP 00360600
.text C:\Windows\system32\svchost.exe[1000] ntdll.dll!LdrUnloadDll 77CCC8DE 5 Bytes JMP 000A03FC
.text C:\Windows\system32\svchost.exe[1000] ntdll.dll!LdrLoadDll 77CD22B8 5 Bytes JMP 000A01F8
.text C:\Windows\system32\svchost.exe[1000] kernel32.dll!GetBinaryTypeW + 70 773D69F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1000] USER32.dll!UnhookWindowsHookEx 7703ADF9 5 Bytes JMP 00EC0A08
.text C:\Windows\system32\svchost.exe[1000] USER32.dll!UnhookWinEvent 7703B750 5 Bytes JMP 00EC03FC
.text C:\Windows\system32\svchost.exe[1000] USER32.dll!SetWindowsHookExW 7703E30C 5 Bytes JMP 00EC0804
.text C:\Windows\system32\svchost.exe[1000] USER32.dll!SetWinEventHook 770424DC 5 Bytes JMP 00EC01F8
.text C:\Windows\system32\svchost.exe[1000] USER32.dll!SetWindowsHookExA 77066D0C 5 Bytes JMP 00EC0600
.text C:\Windows\system32\svchost.exe[1156] ntdll.dll!LdrUnloadDll 77CCC8DE 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[1156] ntdll.dll!LdrLoadDll 77CD22B8 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[1156] kernel32.dll!GetBinaryTypeW + 70 773D69F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1156] USER32.dll!UnhookWindowsHookEx 7703ADF9 5 Bytes JMP 003B0A08
.text C:\Windows\system32\svchost.exe[1156] USER32.dll!UnhookWinEvent 7703B750 5 Bytes JMP 003B03FC
.text C:\Windows\system32\svchost.exe[1156] USER32.dll!SetWindowsHookExW 7703E30C 5 Bytes JMP 003B0804
.text C:\Windows\system32\svchost.exe[1156] USER32.dll!SetWinEventHook 770424DC 5 Bytes JMP 003B01F8
.text C:\Windows\system32\svchost.exe[1156] USER32.dll!SetWindowsHookExA 77066D0C 5 Bytes JMP 003B0600
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1224] ntdll.dll!LdrUnloadDll 77CCC8DE 5 Bytes JMP 001603FC
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1224] ntdll.dll!LdrLoadDll 77CD22B8 5 Bytes JMP 001601F8
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1224] kernel32.dll!GetBinaryTypeW + 70 773D69F4 1 Byte [62]
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1224] USER32.dll!UnhookWindowsHookEx 7703ADF9 5 Bytes JMP 001F0A08
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1224] USER32.dll!UnhookWinEvent 7703B750 5 Bytes JMP 001F03FC
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1224] USER32.dll!SetWindowsHookExW 7703E30C 5 Bytes JMP 001F0804
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1224] USER32.dll!SetWinEventHook 770424DC 5 Bytes JMP 001F01F8
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1224] USER32.dll!SetWindowsHookExA 77066D0C 5 Bytes JMP 001F0600
.text C:\Windows\system32\nvvsvc.exe[1236] ntdll.dll!LdrUnloadDll 77CCC8DE 5 Bytes JMP 001603FC
.text C:\Windows\system32\nvvsvc.exe[1236] ntdll.dll!LdrLoadDll 77CD22B8 5 Bytes JMP 001601F8
.text C:\Windows\system32\nvvsvc.exe[1236] kernel32.dll!GetBinaryTypeW + 70 773D69F4 1 Byte [62]
.text C:\Windows\system32\nvvsvc.exe[1236] USER32.dll!UnhookWindowsHookEx 7703ADF9 5 Bytes JMP 001F0A08
.text C:\Windows\system32\nvvsvc.exe[1236] USER32.dll!UnhookWinEvent 7703B750 5 Bytes JMP 001F03FC
.text C:\Windows\system32\nvvsvc.exe[1236] USER32.dll!SetWindowsHookExW 7703E30C 5 Bytes JMP 001F0804
.text C:\Windows\system32\nvvsvc.exe[1236] USER32.dll!SetWinEventHook 770424DC 5 Bytes JMP 001F01F8
.text C:\Windows\system32\nvvsvc.exe[1236] USER32.dll!SetWindowsHookExA 77066D0C 5 Bytes JMP 001F0600
.text C:\Windows\system32\svchost.exe[1392] ntdll.dll!LdrUnloadDll 77CCC8DE 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[1392] ntdll.dll!LdrLoadDll 77CD22B8 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[1392] kernel32.dll!GetBinaryTypeW + 70 773D69F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1392] USER32.dll!UnhookWindowsHookEx 7703ADF9 5 Bytes JMP 003F0A08
.text C:\Windows\system32\svchost.exe[1392] USER32.dll!UnhookWinEvent 7703B750 5 Bytes JMP 003F03FC
.text C:\Windows\system32\svchost.exe[1392] USER32.dll!SetWindowsHookExW 7703E30C 5 Bytes JMP 003F0804
.text C:\Windows\system32\svchost.exe[1392] USER32.dll!SetWinEventHook 770424DC 5 Bytes JMP 003F01F8
.text C:\Windows\system32\svchost.exe[1392] USER32.dll!SetWindowsHookExA 77066D0C 5 Bytes JMP 003F0600
.text C:\Windows\system32\svchost.exe[1536] ntdll.dll!LdrUnloadDll 77CCC8DE 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[1536] ntdll.dll!LdrLoadDll 77CD22B8 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[1536] kernel32.dll!GetBinaryTypeW + 70 773D69F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1536] USER32.dll!UnhookWindowsHookEx 7703ADF9 5 Bytes JMP 00570A08
.text C:\Windows\system32\svchost.exe[1536] USER32.dll!UnhookWinEvent 7703B750 5 Bytes JMP 005703FC
.text C:\Windows\system32\svchost.exe[1536] USER32.dll!SetWindowsHookExW 7703E30C 5 Bytes JMP 00570804
.text C:\Windows\system32\svchost.exe[1536] USER32.dll!SetWinEventHook 770424DC 5 Bytes JMP 005701F8
.text C:\Windows\system32\svchost.exe[1536] USER32.dll!SetWindowsHookExA 77066D0C 5 Bytes JMP 00570600
.text C:\Windows\System32\spoolsv.exe[1548] ntdll.dll!LdrUnloadDll 77CCC8DE 5 Bytes JMP 000603FC
.text C:\Windows\System32\spoolsv.exe[1548] ntdll.dll!LdrLoadDll 77CD22B8 5 Bytes JMP 000601F8
.text C:\Windows\System32\spoolsv.exe[1548] kernel32.dll!GetBinaryTypeW + 70 773D69F4 1 Byte [62]
.text C:\Windows\System32\spoolsv.exe[1548] USER32.dll!UnhookWindowsHookEx 7703ADF9 5 Bytes JMP 00100A08
.text C:\Windows\System32\spoolsv.exe[1548] USER32.dll!UnhookWinEvent 7703B750 5 Bytes JMP 001003FC
.text C:\Windows\System32\spoolsv.exe[1548] USER32.dll!SetWindowsHookExW 7703E30C 5 Bytes JMP 00100804
.text C:\Windows\System32\spoolsv.exe[1548] USER32.dll!SetWinEventHook 770424DC 5 Bytes JMP 001001F8
.text C:\Windows\System32\spoolsv.exe[1548] USER32.dll!SetWindowsHookExA 77066D0C 5 Bytes JMP 00100600
.text C:\Windows\system32\Dwm.exe[1588] ntdll.dll!LdrUnloadDll 77CCC8DE 5 Bytes JMP 000603FC
.text C:\Windows\system32\Dwm.exe[1588] ntdll.dll!LdrLoadDll 77CD22B8 5 Bytes JMP 000601F8
.text C:\Windows\system32\Dwm.exe[1588] kernel32.dll!GetBinaryTypeW + 70 773D69F4 1 Byte [62]
.text C:\Windows\system32\Dwm.exe[1588] USER32.dll!UnhookWindowsHookEx 7703ADF9 5 Bytes JMP 000F0A08
.text C:\Windows\system32\Dwm.exe[1588] USER32.dll!UnhookWinEvent 7703B750 5 Bytes JMP 000F03FC
.text C:\Windows\system32\Dwm.exe[1588] USER32.dll!SetWindowsHookExW 7703E30C 5 Bytes JMP 000F0804
.text C:\Windows\system32\Dwm.exe[1588] USER32.dll!SetWinEventHook 770424DC 5 Bytes JMP 000F01F8
.text C:\Windows\system32\Dwm.exe[1588] USER32.dll!SetWindowsHookExA 77066D0C 5 Bytes JMP 000F0600
.text C:\Windows\system32\taskhost.exe[1608] ntdll.dll!LdrUnloadDll 77CCC8DE 5 Bytes JMP 000503FC
.text C:\Windows\system32\taskhost.exe[1608] ntdll.dll!LdrLoadDll 77CD22B8 5 Bytes JMP 000501F8
.text C:\Windows\system32\taskhost.exe[1608] kernel32.dll!GetBinaryTypeW + 70 773D69F4 1 Byte [62]
.text C:\Windows\system32\taskhost.exe[1608] USER32.dll!UnhookWindowsHookEx 7703ADF9 5 Bytes JMP 00070A08
.text C:\Windows\system32\taskhost.exe[1608] USER32.dll!UnhookWinEvent 7703B750 5 Bytes JMP 000703FC
.text C:\Windows\system32\taskhost.exe[1608] USER32.dll!SetWindowsHookExW 7703E30C 5 Bytes JMP 00070804
.text C:\Windows\system32\taskhost.exe[1608] USER32.dll!SetWinEventHook 770424DC 5 Bytes JMP 000701F8
.text C:\Windows\system32\taskhost.exe[1608] USER32.dll!SetWindowsHookExA 77066D0C 5 Bytes JMP 00070600
.text C:\Windows\Explorer.EXE[1616] ntdll.dll!LdrUnloadDll 77CCC8DE 5 Bytes JMP 000603FC
.text C:\Windows\Explorer.EXE[1616] ntdll.dll!LdrLoadDll 77CD22B8 5 Bytes JMP 000601F8
.text C:\Windows\Explorer.EXE[1616] kernel32.dll!GetBinaryTypeW + 70 773D69F4 1 Byte [62]
.text C:\Windows\Explorer.EXE[1616] USER32.dll!UnhookWindowsHookEx 7703ADF9 5 Bytes JMP 000A0A08
.text C:\Windows\Explorer.EXE[1616] USER32.dll!UnhookWinEvent 7703B750 5 Bytes JMP 000A03FC
.text C:\Windows\Explorer.EXE[1616] USER32.dll!SetWindowsHookExW 7703E30C 5 Bytes JMP 000A0804
.text C:\Windows\Explorer.EXE[1616] USER32.dll!SetWinEventHook 770424DC 5 Bytes JMP 000A01F8
.text C:\Windows\Explorer.EXE[1616] USER32.dll!SetWindowsHookExA 77066D0C 5 Bytes JMP 000A0600
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1656] kernel32.dll!SetUnhandledExceptionFilter 773BF4FB 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1656] kernel32.dll!GetBinaryTypeW + 70 773D69F4 1 Byte [62]
.text C:\Program Files\Sprint\Sprint SmartView\SprintSV.exe[1896] ntdll.dll!LdrUnloadDll 77CCC8DE 5 Bytes JMP 001603FC
.text C:\Program Files\Sprint\Sprint SmartView\SprintSV.exe[1896] ntdll.dll!LdrLoadDll 77CD22B8 5 Bytes JMP 001601F8
.text C:\Program Files\Sprint\Sprint SmartView\SprintSV.exe[1896] kernel32.dll!GetBinaryTypeW + 70 773D69F4 1 Byte [62]
.text C:\Program Files\Sprint\Sprint SmartView\SprintSV.exe[1896] USER32.dll!UnhookWindowsHookEx 7703ADF9 5 Bytes JMP 004B0A08
.text C:\Program Files\Sprint\Sprint SmartView\SprintSV.exe[1896] USER32.dll!UnhookWinEvent 7703B750 5 Bytes JMP 004B03FC
.text C:\Program Files\Sprint\Sprint SmartView\SprintSV.exe[1896] USER32.dll!SetWindowsHookExW 7703E30C 5 Bytes JMP 004B0804
.text C:\Program Files\Sprint\Sprint SmartView\SprintSV.exe[1896] USER32.dll!SetWinEventHook 770424DC 5 Bytes JMP 004B01F8
.text C:\Program Files\Sprint\Sprint SmartView\SprintSV.exe[1896] USER32.dll!SetWindowsHookExA 77066D0C 5 Bytes JMP 004B0600
.text C:\Program Files\Sprint\Sprint SmartView\RDVCHG.exe[1916] ntdll.dll!LdrUnloadDll 77CCC8DE 5 Bytes JMP 001603FC
.text C:\Program Files\Sprint\Sprint SmartView\RDVCHG.exe[1916] ntdll.dll!LdrLoadDll 77CD22B8 5 Bytes JMP 001601F8
.text C:\Program Files\Sprint\Sprint SmartView\RDVCHG.exe[1916] kernel32.dll!GetBinaryTypeW + 70 773D69F4 1 Byte [62]
.text C:\Program Files\Sprint\Sprint SmartView\RDVCHG.exe[1916] USER32.dll!UnhookWindowsHookEx 7703ADF9 5 Bytes JMP 00180A08
.text C:\Program Files\Sprint\Sprint SmartView\RDVCHG.exe[1916] USER32.dll!UnhookWinEvent 7703B750 5 Bytes JMP 001803FC
.text C:\Program Files\Sprint\Sprint SmartView\RDVCHG.exe[1916] USER32.dll!SetWindowsHookExW 7703E30C 5 Bytes JMP 00180804
.text C:\Program Files\Sprint\Sprint SmartView\RDVCHG.exe[1916] USER32.dll!SetWinEventHook 770424DC 5 Bytes JMP 001801F8
.text C:\Program Files\Sprint\Sprint SmartView\RDVCHG.exe[1916] USER32.dll!SetWindowsHookExA 77066D0C 5 Bytes JMP 00180600
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[1960] kernel32.dll!GetBinaryTypeW + 70 773D69F4 1 Byte [62]
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[2024] ntdll.dll!LdrUnloadDll 77CCC8DE 5 Bytes JMP 000603FC
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[2024] ntdll.dll!LdrLoadDll 77CD22B8 5 Bytes JMP 000601F8
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[2024] kernel32.dll!GetBinaryTypeW + 70 773D69F4 1 Byte [62]
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[2024] USER32.dll!UnhookWindowsHookEx 7703ADF9 5 Bytes JMP 00090A08
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[2024] USER32.dll!UnhookWinEvent 7703B750 5 Bytes JMP 000903FC
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[2024] USER32.dll!SetWindowsHookExW 7703E30C 5 Bytes JMP 00090804
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[2024] USER32.dll!SetWinEventHook 770424DC 5 Bytes JMP 000901F8
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[2024] USER32.dll!SetWindowsHookExA 77066D0C 5 Bytes JMP 00090600
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2168] ntdll.dll!LdrUnloadDll 77CCC8DE 5 Bytes JMP 000703FC
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2168] ntdll.dll!LdrLoadDll 77CD22B8 5 Bytes JMP 000701F8
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2168] kernel32.dll!GetBinaryTypeW + 70 773D69F4 1 Byte [62]
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2168] USER32.dll!UnhookWindowsHookEx 7703ADF9 5 Bytes JMP 00090A08
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2168] USER32.dll!UnhookWinEvent 7703B750 5 Bytes JMP 000903FC
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2168] USER32.dll!SetWindowsHookExW 7703E30C 5 Bytes JMP 00090804
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2168] USER32.dll!SetWinEventHook 770424DC 5 Bytes JMP 000901F8
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2168] USER32.dll!SetWindowsHookExA 77066D0C 5 Bytes JMP 00090600
.text C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe[2240] ntdll.dll!LdrUnloadDll 77CCC8DE 5 Bytes JMP 001603FC
.text C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe[2240] ntdll.dll!LdrLoadDll 77CD22B8 5 Bytes JMP 001601F8
.text C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe[2240] kernel32.dll!GetBinaryTypeW + 70 773D69F4 1 Byte [62]
.text C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe[2240] USER32.dll!UnhookWindowsHookEx 7703ADF9 5 Bytes JMP 00300A08
.text C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe[2240] USER32.dll!UnhookWinEvent 7703B750 5 Bytes JMP 003003FC
.text C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe[2240] USER32.dll!SetWindowsHookExW 7703E30C 5 Bytes JMP 00300804
.text C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe[2240] USER32.dll!SetWinEventHook 770424DC 5 Bytes JMP 003001F8
.text C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe[2240] USER32.dll!SetWindowsHookExA 77066D0C 5 Bytes JMP 00300600
.text C:\Windows\system32\svchost.exe[2312] ntdll.dll!LdrUnloadDll 77CCC8DE 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[2312] ntdll.dll!LdrLoadDll 77CD22B8 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[2312] kernel32.dll!GetBinaryTypeW + 70 773D69F4 1 Byte [62]
.text C:\Windows\system32\SearchIndexer.exe[2680] ntdll.dll!LdrUnloadDll 77CCC8DE 5 Bytes JMP 000603FC
.text C:\Windows\system32\SearchIndexer.exe[2680] ntdll.dll!LdrLoadDll 77CD22B8 5 Bytes JMP 000601F8
.text C:\Windows\system32\SearchIndexer.exe[2680] kernel32.dll!GetBinaryTypeW + 70 773D69F4 1 Byte [62]
.text C:\Windows\system32\SearchIndexer.exe[2680] USER32.dll!UnhookWindowsHookEx 7703ADF9 5 Bytes JMP 00240A08
.text C:\Windows\system32\SearchIndexer.exe[2680] USER32.dll!UnhookWinEvent 7703B750 5 Bytes JMP 002403FC
.text C:\Windows\system32\SearchIndexer.exe[2680] USER32.dll!SetWindowsHookExW 7703E30C 5 Bytes JMP 00240804
.text C:\Windows\system32\SearchIndexer.exe[2680] USER32.dll!SetWinEventHook 770424DC 5 Bytes JMP 002401F8
.text C:\Windows\system32\SearchIndexer.exe[2680] USER32.dll!SetWindowsHookExA 77066D0C 5 Bytes JMP 00240600
.text C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe[2740] ntdll.dll!LdrUnloadDll 77CCC8DE 5 Bytes JMP 001603FC
.text C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe[2740] ntdll.dll!LdrLoadDll 77CD22B8 5 Bytes JMP 001601F8
.text C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe[2740] kernel32.dll!GetBinaryTypeW + 70 773D69F4 1 Byte [62]
.text C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe[2740] USER32.dll!UnhookWindowsHookEx 7703ADF9 5 Bytes JMP 00210A08
.text C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe[2740] USER32.dll!UnhookWinEvent 7703B750 5 Bytes JMP 002103FC
.text C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe[2740] USER32.dll!SetWindowsHookExW 7703E30C 5 Bytes JMP 00210804
.text C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe[2740] USER32.dll!SetWinEventHook 770424DC 5 Bytes JMP 002101F8
.text C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe[2740] USER32.dll!SetWindowsHookExA 77066D0C 5 Bytes JMP 00210600
.text C:\Windows\system32\svchost.exe[2916] ntdll.dll!LdrUnloadDll 77CCC8DE 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[2916] ntdll.dll!LdrLoadDll 77CD22B8 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[2916] kernel32.dll!GetBinaryTypeW + 70 773D69F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[2916] USER32.dll!UnhookWindowsHookEx 7703ADF9 5 Bytes JMP 00260A08
.text C:\Windows\system32\svchost.exe[2916] USER32.dll!UnhookWinEvent 7703B750 5 Bytes JMP 002603FC
.text C:\Windows\system32\svchost.exe[2916] USER32.dll!SetWindowsHookExW 7703E30C 5 Bytes JMP 00260804
.text C:\Windows\system32\svchost.exe[2916] USER32.dll!SetWinEventHook 770424DC 5 Bytes JMP 002601F8
.text C:\Windows\system32\svchost.exe[2916] USER32.dll!SetWindowsHookExA 77066D0C 5 Bytes JMP 00260600
.text C:\Windows\System32\alg.exe[2956] ntdll.dll!LdrUnloadDll 77CCC8DE 5 Bytes JMP 000603FC
.text C:\Windows\System32\alg.exe[2956] ntdll.dll!LdrLoadDll 77CD22B8 5 Bytes JMP 000601F8
.text C:\Windows\System32\alg.exe[2956] kernel32.dll!GetBinaryTypeW + 70 773D69F4 1 Byte [62]
.text C:\Windows\System32\alg.exe[2956] USER32.dll!UnhookWindowsHookEx 7703ADF9 5 Bytes JMP 00140A08
.text C:\Windows\System32\alg.exe[2956] USER32.dll!UnhookWinEvent 7703B750 5 Bytes JMP 001403FC
.text C:\Windows\System32\alg.exe[2956] USER32.dll!SetWindowsHookExW 7703E30C 5 Bytes JMP 00140804
.text C:\Windows\System32\alg.exe[2956] USER32.dll!SetWinEventHook 770424DC 5 Bytes JMP 001401F8
.text C:\Windows\System32\alg.exe[2956] USER32.dll!SetWindowsHookExA 77066D0C 5 Bytes JMP 00140600
.text C:\Windows\system32\svchost.exe[3032] ntdll.dll!LdrUnloadDll 77CCC8DE 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[3032] ntdll.dll!LdrLoadDll 77CD22B8 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[3032] kernel32.dll!GetBinaryTypeW + 70 773D69F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[3032] USER32.dll!UnhookWindowsHookEx 7703ADF9 5 Bytes JMP 00260A08
.text C:\Windows\system32\svchost.exe[3032] USER32.dll!UnhookWinEvent 7703B750 5 Bytes JMP 002603FC
.text C:\Windows\system32\svchost.exe[3032] USER32.dll!SetWindowsHookExW 7703E30C 5 Bytes JMP 00260804
.text C:\Windows\system32\svchost.exe[3032] USER32.dll!SetWinEventHook 770424DC 5 Bytes JMP 002601F8
.text C:\Windows\system32\svchost.exe[3032] USER32.dll!SetWindowsHookExA 77066D0C 5 Bytes JMP 00260600
.text C:\Windows\system32\WUDFHost.exe[3188] ntdll.dll!LdrUnloadDll 77CCC8DE 5 Bytes JMP 000A03FC
.text C:\Windows\system32\WUDFHost.exe[3188] ntdll.dll!LdrLoadDll 77CD22B8 5 Bytes JMP 000A01F8
.text C:\Windows\system32\WUDFHost.exe[3188] kernel32.dll!GetBinaryTypeW + 70 773D69F4 1 Byte [62]
.text C:\Windows\system32\WUDFHost.exe[3188] USER32.dll!UnhookWindowsHookEx 7703ADF9 5 Bytes JMP 000D0A08
.text C:\Windows\system32\WUDFHost.exe[3188] USER32.dll!UnhookWinEvent 7703B750 5 Bytes JMP 000D03FC
.text C:\Windows\system32\WUDFHost.exe[3188] USER32.dll!SetWindowsHookExW 7703E30C 5 Bytes JMP 000D0804
.text C:\Windows\system32\WUDFHost.exe[3188] USER32.dll!SetWinEventHook 770424DC 5 Bytes JMP 000D01F8
.text C:\Windows\system32\WUDFHost.exe[3188] USER32.dll!SetWindowsHookExA 77066D0C 5 Bytes JMP 000D0600
.text C:\Windows\System32\svchost.exe[3296] ntdll.dll!LdrUnloadDll 77CCC8DE 5 Bytes JMP 000603FC
.text C:\Windows\System32\svchost.exe[3296] ntdll.dll!LdrLoadDll 77CD22B8 5 Bytes JMP 000601F8
.text C:\Windows\System32\svchost.exe[3296] kernel32.dll!GetBinaryTypeW + 70 773D69F4 1 Byte [62]
.text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[3548] ntdll.dll!LdrUnloadDll 77CCC8DE 5 Bytes JMP 001703FC
.text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[3548] ntdll.dll!LdrLoadDll 77CD22B8 5 Bytes JMP 001701F8
.text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[3548] kernel32.dll!GetBinaryTypeW + 70 773D69F4 1 Byte [62]
.text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[3548] USER32.dll!UnhookWindowsHookEx 7703ADF9 5 Bytes JMP 00200A08
.text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[3548] USER32.dll!UnhookWinEvent 7703B750 5 Bytes JMP 002003FC
.text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[3548] USER32.dll!SetWindowsHookExW 7703E30C 5 Bytes JMP 00200804
.text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[3548] USER32.dll!SetWinEventHook 770424DC 5 Bytes JMP 002001F8
.text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[3548] USER32.dll!SetWindowsHookExA 77066D0C 5 Bytes JMP 00200600
.text C:\Program Files\Sprint\Sprint SmartView\SwiApiMuxCdma.exe[3924] ntdll.dll!LdrUnloadDll 77CCC8DE 5 Bytes JMP 001603FC
.text C:\Program Files\Sprint\Sprint SmartView\SwiApiMuxCdma.exe[3924] ntdll.dll!LdrLoadDll 77CD22B8 5 Bytes JMP 001601F8
.text C:\Program Files\Sprint\Sprint SmartView\SwiApiMuxCdma.exe[3924] kernel32.dll!GetBinaryTypeW + 70 773D69F4 1 Byte [62]
.text C:\Program Files\Sprint\Sprint SmartView\SwiApiMuxCdma.exe[3924] USER32.dll!UnhookWindowsHookEx 7703ADF9 5 Bytes JMP 001F0A08
.text C:\Program Files\Sprint\Sprint SmartView\SwiApiMuxCdma.exe[3924] USER32.dll!UnhookWinEvent 7703B750 5 Bytes JMP 001F03FC
.text C:\Program Files\Sprint\Sprint SmartView\SwiApiMuxCdma.exe[3924] USER32.dll!SetWindowsHookExW 7703E30C 5 Bytes JMP 001F0804
.text C:\Program Files\Sprint\Sprint SmartView\SwiApiMuxCdma.exe[3924] USER32.dll!SetWinEventHook 770424DC 5 Bytes JMP 001F01F8
.text C:\Program Files\Sprint\Sprint SmartView\SwiApiMuxCdma.exe[3924] USER32.dll!SetWindowsHookExA 77066D0C 5 Bytes JMP 001F0600
.text C:\Windows\system32\wbem\unsecapp.exe[3952] ntdll.dll!LdrUnloadDll 77CCC8DE 5 Bytes JMP 000603FC
.text C:\Windows\system32\wbem\unsecapp.exe[3952] ntdll.dll!LdrLoadDll 77CD22B8 5 Bytes JMP 000601F8
.text C:\Windows\system32\wbem\unsecapp.exe[3952] kernel32.dll!GetBinaryTypeW + 70 773D69F4 1 Byte [62]
.text C:\Windows\system32\wbem\unsecapp.exe[3952] USER32.dll!UnhookWindowsHookEx 7703ADF9 5 Bytes JMP 000F0A08
.text C:\Windows\system32\wbem\unsecapp.exe[3952] USER32.dll!UnhookWinEvent 7703B750 5 Bytes JMP 000F03FC
.text C:\Windows\system32\wbem\unsecapp.exe[3952] USER32.dll!SetWindowsHookExW 7703E30C 5 Bytes JMP 000F0804
.text C:\Windows\system32\wbem\unsecapp.exe[3952] USER32.dll!SetWinEventHook 770424DC 5 Bytes JMP 000F01F8
.text C:\Windows\system32\wbem\unsecapp.exe[3952] USER32.dll!SetWindowsHookExA 77066D0C 5 Bytes JMP 000F0600
.text C:\Windows\system32\wbem\wmiprvse.exe[4056] ntdll.dll!LdrUnloadDll 77CCC8DE 5 Bytes JMP 000603FC
.text C:\Windows\system32\wbem\wmiprvse.exe[4056] ntdll.dll!LdrLoadDll 77CD22B8 5 Bytes JMP 000601F8
.text C:\Windows\system32\wbem\wmiprvse.exe[4056] kernel32.dll!GetBinaryTypeW + 70 773D69F4 1 Byte [62]
.text C:\Windows\system32\wbem\wmiprvse.exe[4056] USER32.dll!UnhookWindowsHookEx 7703ADF9 5 Bytes JMP 00090A08
.text C:\Windows\system32\wbem\wmiprvse.exe[4056] USER32.dll!UnhookWinEvent 7703B750 5 Bytes JMP 000903FC
.text C:\Windows\system32\wbem\wmiprvse.exe[4056] USER32.dll!SetWindowsHookExW 7703E30C 5 Bytes JMP 00090804
.text C:\Windows\system32\wbem\wmiprvse.exe[4056] USER32.dll!SetWinEventHook 770424DC 5 Bytes JMP 000901F8
.text C:\Windows\system32\wbem\wmiprvse.exe[4056] USER32.dll!SetWindowsHookExA 77066D0C 5 Bytes JMP 00090600

---- Devices - GMER 1.0.15 ----

Device \Driver\ACPI_HAL \Device\00000051 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- EOF - GMER 1.0.15 ----

#4 patndoris

patndoris

    SuperMember

  • Malware Team
  • 2,593 posts

Posted 12 October 2011 - 03:14 PM

When you ran DDS, was there an attach.txt file saved on your desktop? Can you please copy and past the contents of that log?

I'm not seeing any malware, but there will be some error logs I can see in the attach.txt log that might help us out or at least point us in the right direction.
~Doris~

Proud Graduate of the WTT Classroom
Member of UNITE

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online. http://www.whatthetech.com/donate

#5 ladyixnay

ladyixnay

    Authentic Member

  • Authentic Member
  • PipPip
  • 87 posts

Posted 12 October 2011 - 05:29 PM

Sorry about that, I did not see it from when I ran it the first time, so I ran it again now, hope that is okay. UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_10-12-12.02) Microsoft Windows 7 Ultimate Boot Device: \Device\HarddiskVolume1 Install Date: 5/3/2010 2:13:53 PM System Uptime: 10/12/2011 12:53:54 PM (7 hours ago) Motherboard: Intel Corporation | | D925XCV Processor: Intel® Pentium® 4 CPU 3.00GHz | J3E1 | 3000/200mhz ==== Disk Partitions ========================= C: is FIXED (NTFS) - 75 GiB total, 24.556 GiB free. D: is CDROM () E: is Removable ==== Disabled Device Manager Items ============= Class GUID: Description: Device ID: ACPI\IFX0101\1 Manufacturer: Name: PNP Device ID: ACPI\IFX0101\1 Service: ==== System Restore Points =================== RP165: 10/9/2011 9:26:12 AM - Windows Update ==== Installed Programs ====================== Adobe AIR Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Reader X (10.1.1) AI RoboForm (All Users) AIM 7 Apple Application Support Apple Software Update avast! Free Antivirus CCleaner Defraggler DirectX Media Runtime 5.1 ESET Online Scanner v3 Google Chrome Google Earth Plug-in Google Update Helper HP Deskjet 1000 J110 series Basic Device Software IncrediMail IncrediMail 2.0 InstallVC90Support Java Auto Updater Java™ 6 Update 26 Lottso! Deluxe Malwarebytes' Anti-Malware version 1.51.2.1300 Merriam-Webster's Reference Library Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft IntelliPoint 8.2 Microsoft Silverlight Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Mozilla Firefox 7.0.1 (x86 en-US) NVIDIA Control Panel 275.33 NVIDIA Graphics Driver 275.33 NVIDIA Install Application NVIDIA PhysX NVIDIA PhysX System Software 9.10.0514 NVIDIA Update 1.3.5 NVIDIA Update Components Photo Notifier and Animation Creator PVSonyDll QuickTime Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Sprint SmartView Spybot - Search & Destroy SUPERAntiSpyware System Requirements Lab The Weather Channel Toolbar Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Visual C++ 2008 x86 Runtime - (v9.0.30729) Visual C++ 2008 x86 Runtime - v9.0.30729.01 WeatherBug WinRAR archiver WowAceUpdater ==== Event Viewer Messages From Past Week ======== 10/9/2011 6:53:17 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. 10/5/2011 9:27:42 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. 10/12/2011 12:54:49 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Lbd 10/11/2011 3:17:02 AM, Error: RasMan [20276] - CoId={58203E56-4024-4538-BD61-DCD3ED3A97F1}: Layer=PPP: SubLayer=LCP: The connection attempt failed on port: COM37 because of the authentication protocol selected. Check to see if the authentication protocol is supported in the operating systems at the client and server ends of the connection 10/11/2011 11:05:10 PM, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error. ==== End Of File ===========================

#6 patndoris

patndoris

    SuperMember

  • Malware Team
  • 2,593 posts

Posted 13 October 2011 - 03:57 PM

It looks like you may be having some memory errors. Since this isn't my area of expertise, I'd like to refer you to our Windows Forum for additional help. When posting there, please feel free to include a link to this post in case they need to see any information contained in the logs.
~Doris~

Proud Graduate of the WTT Classroom
Member of UNITE

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online. http://www.whatthetech.com/donate

#7 ladyixnay

ladyixnay

    Authentic Member

  • Authentic Member
  • PipPip
  • 87 posts

Posted 13 October 2011 - 08:36 PM

Well thanks so much for your help, and I will try the windows forum :-D

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users