Solved Tdx.sys infected (Windows 7 Pro) cannot connect to Internet

R

Ryanmon99

Posts: 25   +0
Avast scanned and I moved tdx.sys to chest. Next startup Windows Restore installed and no internet access (connect to network but no internet access).
I ran ComboFix. Log states that tdx.sys infected. Windows Restore and popups gone.
Ran Malwarebytes: nothing.
EDIT: tdssKiller: nothing.

Logs to follow...

Thanks in advance!
 
Combo Fix

ComboFix 11-11-09.01 - Ryan 11/10/2011 0:35.1.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2038.1173 [GMT -8:00]
Running from: I:\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Hotspot Shield\HssIE\HsSIe.dll
c:\program files\RelevantKnowledge
c:\program files\RelevantKnowledge\shfscp.dat
c:\programdata\haYmxJzJarJdVt.exe
c:\programdata\HygiitgmpfdQHsG.exe
c:\users\Ryan\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
c:\users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore
c:\users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore\System Restore.lnk
c:\users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore\Uninstall System Restore.lnk
c:\windows\$NtUninstallKB52242$
c:\windows\$NtUninstallKB52242$\354499486
c:\windows\$NtUninstallKB52242$\3607894814\Desktop.ini
.
c:\windows\system32\drivers\tdx.sys . . . is infected!! . . . Failed to find a valid replacement.
.
((((((((((((((((((((((((( Files Created from 2011-10-10 to 2011-11-10 )))))))))))))))))))))))))))))))
.
.
2011-11-10 09:04 . 2011-11-10 09:06 -------- d-----w- c:\users\Ryan\AppData\Local\temp
2011-11-10 09:04 . 2011-11-10 09:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-10 08:39 . 2011-11-10 08:39 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{910EA4BF-0BF3-42BF-A195-3BAA38F40F04}\offreg.dll
2011-11-09 06:35 . 2011-11-09 06:36 -------- d-----w- c:\program files\Microsoft IntelliPoint
2011-11-09 05:49 . 2011-11-09 05:50 -------- d--h--w- c:\users\Ryan\AppData\Roaming\Mozilla-Cache
2011-11-09 05:47 . 2011-11-09 05:47 -------- d-----w- C:\Programs
2011-11-09 03:10 . 2011-09-29 16:03 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 03:10 . 2011-10-01 04:37 708608 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-09 03:10 . 2011-09-29 03:37 2341888 ----a-w- c:\windows\system32\win32k.sys
2011-11-09 03:07 . 2011-10-07 03:48 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{910EA4BF-0BF3-42BF-A195-3BAA38F40F04}\mpengine.dll
2011-10-15 20:47 . 2011-08-27 04:26 233472 ----a-w- c:\windows\system32\oleacc.dll
2011-10-15 20:47 . 2011-08-27 04:26 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-15 20:47 . 2011-08-17 04:19 75776 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-15 20:47 . 2011-08-17 04:24 465408 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-15 20:13 . 2011-10-15 20:13 -------- d-----w- c:\program files\iPod
2011-10-15 20:09 . 2011-10-15 20:09 -------- d-----w- c:\program files\Bonjour
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-15 20:20 . 2011-06-11 01:23 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-31 06:05 . 2011-08-31 06:05 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-31 06:05 . 2011-08-31 06:05 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-08-22 03:42 . 2011-08-22 03:42 2829 ----a-w- c:\windows\War3Unin.pif
2011-08-22 03:42 . 2011-08-22 03:42 126976 ----a-w- c:\windows\War3Unin.exe
2011-11-05 06:53 . 2011-04-13 05:08 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2009-04-02 20:47 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ---ha-w- c:\users\Ryan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ---ha-w- c:\users\Ryan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ---ha-w- c:\users\Ryan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"googletalk"="c:\users\Ryan\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"MusicManager"="c:\users\Ryan\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [2011-09-14 13128704]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe" [2010-08-20 33120]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2011-04-22 247728]
"iCloudServices"="c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe" [2011-10-06 59240]
"ApplePhotoStreams"="c:\program files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2011-09-29 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2008-06-18 122880]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-24 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-24 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-24 150552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-06 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-10 421736]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576]
.
c:\users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Ryan\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-8-22 24182896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WDDMStatus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk
backup=c:\windows\pss\WDDMStatus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WDSmartWare.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WDSmartWare.lnk
backup=c:\windows\pss\WDSmartWare.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Ryan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnk.Startup
backupExtension=.Startup
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-27 135664]
R2 hshld;Hotspot Shield Service;c:\program files\Hotspot Shield\bin\openvpnas.exe [2011-03-25 271408]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 40320]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-27 135664]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2010-04-20 18432]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-12 1343400]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2009-02-13 11520]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-07-25 436792]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [2009-04-02 464264]
S2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [2009-04-02 234888]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-05-10 53592]
S2 ccXgui;ccXgui;c:\program files\ccxgui\ccXservice.exe [2004-04-23 173568]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe [2010-10-15 326704]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2011-04-22 92592]
S2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2009-08-17 98304]
S2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-06-16 20480]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2007-08-03 9344]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
S3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2007-06-05 812544]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-10 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-12-27 00:22]
.
2011-11-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-27 18:49]
.
2011-11-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-27 18:49]
.
2011-11-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1148415063-2950945713-2109174141-1000Core.job
- c:\users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-27 03:20]
.
2011-11-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1148415063-2950945713-2109174141-1000UA.job
- c:\users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-27 03:20]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = localhost;127.0.0.1;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254 199.185.220.254
FF - ProfilePath - c:\users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\pp9zcygj.default\
FF - prefs.js: browser.startup.homepage - hxxp://m.us.yahoo.com/
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-ares - c:\program files\Ares\Ares.exe
HKCU-Run-HygiitgmpfdQHsG.exe - c:\programdata\HygiitgmpfdQHsG.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3236)
c:\users\Ryan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
c:\program files\WinSCP\DragExt.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Hotspot Shield\HssWPR\hsssrv.exe
c:\program files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\DllHost.exe
.
**************************************************************************
.
Completion time: 2011-11-10 01:22:55 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-10 09:22
.
Pre-Run: 4,349,894,656 bytes free
Post-Run: 5,066,555,392 bytes free
.
- - End Of File - - 2E06E2386BDC6B1B6E1698C897528BE4
 
mbam log

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7622

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

11/10/2011 12:07:24 PM
mbam-log-2011-11-10 (12-07-24).txt

Scan type: Quick scan
Objects scanned: 164436
Time elapsed: 7 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 
GMER Log

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-11-10 13:27:48
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 Hitachi_HTS542516K9SA00 rev.BBCOC3BP
Running: rnmk5gkv.exe; Driver: C:\Users\Ryan\AppData\Local\Temp\kxldrpog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x8E226202]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x8E8FCCB2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x8E22881C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x8E228874]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x8E22898A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x8E228772]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x8E2288C4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x8E2287C6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x8E228938]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x8E226226]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x8E8FCD62]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x8E225FF0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x8E22624A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x8E228D82]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x8E226CDA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x8E22884C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x8E22889C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x8E2289B4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x8E22879E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x8E228904]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x8E2287F4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x8E228962]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x8E8FCDFA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x8E226BA0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x8E22626E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x8E226292]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x8E22604A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x8E226186]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x8E226162]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x8E2261AA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x8E2262B6]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8E912902]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKey + 13D1 82A86349 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82ABFD52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10CB 82AC6D80 4 Bytes [02, 62, 22, 8E]
.text ntkrnlpa.exe!KeRemoveQueueEx + 10F3 82AC6DA8 4 Bytes [B2, CC, 8F, 8E]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11A7 82AC6E5C 8 Bytes [1C, 88, 22, 8E, 74, 88, 22, ...] {SBB AL, 0x88; AND CL, [ESI-0x71dd778c]}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11B3 82AC6E68 4 Bytes [8A, 89, 22, 8E]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11CF 82AC6E84 4 Bytes [72, 87, 22, 8E]
.text ...
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 82C53BE8 5 Bytes JMP 8E90E2BE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject + 27 82C6C1B8 5 Bytes JMP 8E90FD74 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108 82C812FF 4 Bytes CALL 8E22734B \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122 82C9B0D1 4 Bytes CALL 8E227361 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 82D24F10 7 Bytes JMP 8E912906 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text sptd.sys 888AF000 8 Bytes [34, E2, A1, 82, A0, 47, A1, ...]
.text sptd.sys 888AF009 23 Bytes [47, A1, 82, 48, 6B, A1, 82, ...]
.text sptd.sys 888AF024 4 Bytes [44, E5, 9D, 88]
.text sptd.sys 888AF02C 100 Bytes [39, D6, CA, 82, 48, 99, C2, ...]
.text sptd.sys 888AF091 87 Bytes [45, A8, 82, 15, F5, A7, 82, ...]
.text ...
.sptd2 C:\Windows\System32\Drivers\sptd.sys entry point in ".sptd2" section [0x889A6D38]
? C:\Windows\System32\Drivers\sptd.sys The process cannot access the file because it is being used by another process.
.text USBPORT.SYS!DllUnload 8E9A3DB9 5 Bytes JMP 85A5E410
.text ayfuhx4w.SYS 94D95000 12 Bytes [44, 68, A1, 82, EE, 66, A1, ...]
.text ayfuhx4w.SYS 94D9500D 189 Bytes [47, A1, 82, 48, 6B, A1, 82, ...]
.text ayfuhx4w.SYS 94D950CB 285 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text ayfuhx4w.SYS 94D951E9 470 Bytes [F8, 5C, 3A, 5E, 7C, 5F, BE, ...]
.text ayfuhx4w.SYS 94D953C0 99 Bytes [57, 80, 56, 30, 54, E0, 55, ...]
.text ...
.text peauth.sys AF161C9D 28 Bytes [44, CE, 65, D4, E8, C5, 2F, ...]
.text peauth.sys AF161CC1 28 Bytes [44, CE, 65, D4, E8, C5, 2F, ...]
.text user32.dll!UnhookWindowsHookEx 75B4ADF9 5 Bytes [E9, 0A, 5C, 6E, 8A] {JMP 0xffffffff8a6e5c0f}
.text user32.dll!UnhookWinEvent 75B4B750 5 Bytes [E9, A7, 4C, 6E, 8A] {JMP 0xffffffff8a6e4cac}
.text user32.dll!SetWindowsHookExW 75B4E30C 5 Bytes [E9, F3, 24, 6E, 8A] {JMP 0xffffffff8a6e24f8}
.text user32.dll!SetWinEventHook 75B524DC 5 Bytes [E9, 17, DD, 6D, 8A] {JMP 0xffffffff8a6ddd1c}
.text user32.dll!SetWindowsHookExA 75B76D0C 5 Bytes [E9, EF, 98, 6B, 8A] {JMP 0xffffffff8a6b98f4}
.text kernel32.dll!GetBinaryTypeW + 70 75A169F4 1 Byte [62]

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\csrss.exe[408] kernel32.dll!GetBinaryTypeW + 70 75A169F4 1 Byte [62]
.text C:\Windows\system32\wininit.exe[460] ntdll.dll!LdrUnloadDll 773AC8DE 5 Bytes JMP 000303FC
.text C:\Windows\system32\wininit.exe[460] ntdll.dll!LdrLoadDll 773B22B8 5 Bytes JMP 000301F8
.text C:\Windows\system32\wininit.exe[460] kernel32.dll!GetBinaryTypeW + 70 75A169F4 1 Byte [62]
.text C:\Windows\system32\wininit.exe[460] USER32.dll!UnhookWindowsHookEx 75B4ADF9 5 Bytes JMP 001C0A08
.text C:\Windows\system32\wininit.exe[460] USER32.dll!UnhookWinEvent 75B4B750 5 Bytes JMP 001C03FC
.text C:\Windows\system32\wininit.exe[460] USER32.dll!SetWindowsHookExW 75B4E30C 5 Bytes JMP 001C0804
.text C:\Windows\system32\wininit.exe[460] USER32.dll!SetWinEventHook 75B524DC 5 Bytes JMP 001C01F8
.text C:\Windows\system32\wininit.exe[460] USER32.dll!SetWindowsHookExA 75B76D0C 5 Bytes JMP 001C0600
.text C:\Windows\system32\csrss.exe[468] kernel32.dll!GetBinaryTypeW + 70 75A169F4 1 Byte [62]
.text C:\Windows\system32\services.exe[520] ntdll.dll!LdrUnloadDll 773AC8DE 5 Bytes JMP 000603FC
.text C:\Windows\system32\services.exe[520] ntdll.dll!LdrLoadDll 773B22B8 5 Bytes JMP 000601F8
.text C:\Windows\system32\services.exe[520] kernel32.dll!GetBinaryTypeW + 70 75A169F4 1 Byte [62]
.text C:\Windows\system32\winlogon.exe[544] ntdll.dll!LdrUnloadDll 773AC8DE 5 Bytes JMP 000303FC
.text C:\Windows\system32\winlogon.exe[544] ntdll.dll!LdrLoadDll 773B22B8 5 Bytes JMP 000301F8
.text C:\Windows\system32\winlogon.exe[544] kernel32.dll!GetBinaryTypeW + 70 75A169F4 1 Byte [62]
.text C:\Windows\system32\winlogon.exe[544] USER32.dll!UnhookWindowsHookEx 75B4ADF9 5 Bytes JMP 000C0A08
.text C:\Windows\system32\winlogon.exe[544] USER32.dll!UnhookWinEvent 75B4B750 5 Bytes JMP 000C03FC
.text C:\Windows\system32\winlogon.exe[544] USER32.dll!SetWindowsHookExW 75B4E30C 5 Bytes JMP 000C0804
.text C:\Windows\system32\winlogon.exe[544] USER32.dll!SetWinEventHook 75B524DC 5 Bytes JMP 000C01F8
.text C:\Windows\system32\winlogon.exe[544] USER32.dll!SetWindowsHookExA 75B76D0C 5 Bytes JMP 000C0600
.text C:\Windows\system32\lsass.exe[564] ntdll.dll!LdrUnloadDll 773AC8DE 5 Bytes JMP 000603FC
.text C:\Windows\system32\lsass.exe[564] ntdll.dll!LdrLoadDll 773B22B8 5 Bytes JMP 000601F8
.text C:\Windows\system32\lsass.exe[564] kernel32.dll!GetBinaryTypeW + 70 75A169F4 1 Byte [62]
.text C:\Windows\system32\lsm.exe[580] ntdll.dll!LdrUnloadDll 773AC8DE 5 Bytes JMP 000F03FC
.text C:\Windows\system32\lsm.exe[580] ntdll.dll!LdrLoadDll 773B22B8 5 Bytes JMP 000F01F8
.text C:\Windows\system32\lsm.exe[580] kernel32.dll!GetBinaryTypeW + 70 75A169F4 1 Byte [62]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[668] ntdll.dll!LdrUnloadDll 773AC8DE 5 Bytes JMP 000503FC
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[668] ntdll.dll!LdrLoadDll 773B22B8 5 Bytes JMP 000501F8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[668] kernel32.dll!GetBinaryTypeW + 70 75A169F4 1 Byte [62]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[668] USER32.dll!UnhookWindowsHookEx 75B4ADF9 5 Bytes JMP 00080A08
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[668] USER32.dll!UnhookWinEvent 75B4B750 5 Bytes JMP 000803FC
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[668] USER32.dll!SetWindowsHookExW 75B4E30C 5 Bytes JMP 00080804
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[668] USER32.dll!SetWinEventHook 75B524DC 5 Bytes JMP 000801F8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[668] USER32.dll!SetWindowsHookExA 75B76D0C 5 Bytes JMP 00080600
.text C:\Windows\system32\svchost.exe[676] ntdll.dll!LdrUnloadDll 773AC8DE 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[676] ntdll.dll!LdrLoadDll 773B22B8 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[676] kernel32.dll!GetBinaryTypeW + 70 75A169F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[764] ntdll.dll!LdrUnloadDll 773AC8DE 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[764] ntdll.dll!LdrLoadDll 773B22B8 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[764] kernel32.dll!GetBinaryTypeW + 70 75A169F4 1 Byte [62]
.text C:\Windows\System32\svchost.exe[856] ntdll.dll!LdrUnloadDll 773AC8DE 5 Bytes JMP 000603FC
.text C:\Windows\System32\svchost.exe[856] ntdll.dll!LdrLoadDll 773B22B8 5 Bytes JMP 000601F8
.text C:\Windows\System32\svchost.exe[856] kernel32.dll!GetBinaryTypeW + 70 75A169F4 1 Byte [62]
.text C:\Windows\System32\svchost.exe[856] USER32.dll!UnhookWindowsHookEx 75B4ADF9 5 Bytes JMP 00230A08
.text C:\Windows\System32\svchost.exe[856] USER32.dll!UnhookWinEvent 75B4B750 5 Bytes JMP 002303FC
.text C:\Windows\System32\svchost.exe[856] USER32.dll!SetWindowsHookExW 75B4E30C 5 Bytes JMP 00230804
.text C:\Windows\System32\svchost.exe[856] USER32.dll!SetWinEventHook 75B524DC 5 Bytes JMP 002301F8
.text C:\Windows\System32\svchost.exe[856] USER32.dll!SetWindowsHookExA 75B76D0C 5 Bytes JMP 00230600
.text C:\Windows\System32\svchost.exe[892] ntdll.dll!LdrUnloadDll 773AC8DE 5 Bytes JMP 000603FC
.text C:\Windows\System32\svchost.exe[892] ntdll.dll!LdrLoadDll 773B22B8 5 Bytes JMP 000601F8
.text C:\Windows\System32\svchost.exe[892] kernel32.dll!GetBinaryTypeW + 70 75A169F4 1 Byte [62]
.text C:\Windows\System32\svchost.exe[892] USER32.dll!UnhookWindowsHookEx 75B4ADF9 5 Bytes JMP 00350A08
.text C:\Windows\System32\svchost.exe[892] USER32.dll!UnhookWinEvent 75B4B750 5 Bytes JMP 003503FC
.text C:\Windows\System32\svchost.exe[892] USER32.dll!SetWindowsHookExW 75B4E30C 5 Bytes JMP 00350804
.text C:\Windows\System32\svchost.exe[892] USER32.dll!SetWinEventHook 75B524DC 5 Bytes JMP 003501F8
.text C:\Windows\System32\svchost.exe[892] USER32.dll!SetWindowsHookExA 75B76D0C 5 Bytes JMP 00350600
.text C:\Windows\system32\svchost.exe[920] ntdll.dll!LdrUnloadDll 773AC8DE 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[920] ntdll.dll!LdrLoadDll 773B22B8 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[920] kernel32.dll!GetBinaryTypeW + 70 75A169F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[920] USER32.dll!UnhookWindowsHookEx 75B4ADF9 5 Bytes JMP 00A20A08
.text C:\Windows\system32\svchost.exe[920] USER32.dll!UnhookWinEvent 75B4B750 5 Bytes JMP 00A203FC
.text C:\Windows\system32\svchost.exe[920] USER32.dll!SetWindowsHookExW 75B4E30C 5 Bytes JMP 00A20804
.text C:\Windows\system32\svchost.exe[920] USER32.dll!SetWinEventHook 75B524DC 5 Bytes JMP 00A201F8
.text C:\Windows\system32\svchost.exe[920] USER32.dll!SetWindowsHookExA 75B76D0C 5 Bytes JMP 00A20600
.text C:\Windows\system32\svchost.exe[1088] ntdll.dll!LdrUnloadDll 773AC8DE 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[1088] ntdll.dll!LdrLoadDll 773B22B8 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[1088] kernel32.dll!GetBinaryTypeW + 70 75A169F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1088] USER32.dll!UnhookWindowsHookEx 75B4ADF9 5 Bytes JMP 003C0A08
.text C:\Windows\system32\svchost.exe[1088] USER32.dll!UnhookWinEvent 75B4B750 5 Bytes JMP 003C03FC
.text C:\Windows\system32\svchost.exe[1088] USER32.dll!SetWindowsHookExW 75B4E30C 5 Bytes JMP 003C0804
.text C:\Windows\system32\svchost.exe[1088] USER32.dll!SetWinEventHook 75B524DC 5 Bytes JMP 003C01F8
.text C:\Windows\system32\svchost.exe[1088] USER32.dll!SetWindowsHookExA 75B76D0C 5 Bytes JMP 003C0600
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1248] kernel32.dll!SetUnhandledExceptionFilter 759FF4FB 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1248] kernel32.dll!GetBinaryTypeW + 70 75A169F4 1 Byte [62]
.text C:\Windows\system32\Dwm.exe[1340] ntdll.dll!LdrUnloadDll 773AC8DE 5 Bytes JMP 000603FC
.text C:\Windows\system32\Dwm.exe[1340] ntdll.dll!LdrLoadDll 773B22B8 5 Bytes JMP 000601F8
.text C:\Windows\system32\Dwm.exe[1340] kernel32.dll!GetBinaryTypeW + 70 75A169F4 1 Byte [62]
.text C:\Windows\system32\Dwm.exe[1340] USER32.dll!UnhookWindowsHookEx 75B4ADF9 5 Bytes JMP 000F0A08
.text C:\Windows\system32\Dwm.exe[1340] USER32.dll!UnhookWinEvent 75B4B750 5 Bytes JMP 000F03FC
.text C:\Windows\system32\Dwm.exe[1340] USER32.dll!SetWindowsHookExW 75B4E30C 5 Bytes JMP 000F0804
.text C:\Windows\system32\Dwm.exe[1340] USER32.dll!SetWinEventHook 75B524DC 5 Bytes JMP 000F01F8
.text C:\Windows\system32\Dwm.exe[1340] USER32.dll!SetWindowsHookExA 75B76D0C 5 Bytes JMP 000F0600
.text C:\Windows\Explorer.EXE[1364] ntdll.dll!LdrUnloadDll 773AC8DE 5 Bytes JMP 000603FC
.text C:\Windows\Explorer.EXE[1364] ntdll.dll!LdrLoadDll 773B22B8 5 Bytes JMP 000601F8
.text C:\Windows\Explorer.EXE[1364] kernel32.dll!GetBinaryTypeW + 70 75A169F4 1 Byte [62]
.text C:\Windows\Explorer.EXE[1364] USER32.dll!UnhookWindowsHookEx 75B4ADF9 5 Bytes JMP 00110A08
.text C:\Windows\Explorer.EXE[1364] USER32.dll!UnhookWinEvent 75B4B750 5 Bytes JMP 001103FC
.text C:\Windows\Explorer.EXE[1364] USER32.dll!SetWindowsHookExW 75B4E30C 5 Bytes JMP 00110804
.text C:\Windows\Explorer.EXE[1364] USER32.dll!SetWinEventHook 75B524DC 5 Bytes JMP 001101F8
.text C:\Windows\Explorer.EXE[1364] USER32.dll!SetWindowsHookExA 75B76D0C 5 Bytes JMP 00110600
.text C:\Program Files\Apoint\Apoint.exe[1516] ntdll.dll!LdrUnloadDll 773AC8DE 5 Bytes JMP 001503FC
.text C:\Program Files\Apoint\Apoint.exe[1516] ntdll.dll!LdrLoadDll 773B22B8 5 Bytes JMP 001501F8
.text C:\Program Files\Apoint\Apoint.exe[1516] kernel32.dll!GetBinaryTypeW + 70 75A169F4 1 Byte [62]
.text C:\Program Files\Apoint\Apoint.exe[1516] USER32.dll!UnhookWindowsHookEx 75B4ADF9 5 Bytes JMP 00170A08
.text C:\Program Files\Apoint\Apoint.exe[1516] USER32.dll!UnhookWinEvent 75B4B750 5 Bytes JMP 001703FC
.text C:\Program Files\Apoint\Apoint.exe[1516] USER32.dll!SetWindowsHookExW 75B4E30C 5 Bytes JMP 00170804
.text C:\Program Files\Apoint\Apoint.exe[1516] USER32.dll!SetWinEventHook 75B524DC 5 Bytes JMP 001701F8
.text C:\Program Files\Apoint\Apoint.exe[1516] USER32.dll!SetWindowsHookExA 75B76D0C 5 Bytes JMP 00170600
.text C:\Windows\System32\igfxtray.exe[1528] ntdll.dll!LdrUnloadDll 773AC8DE 5 Bytes JMP 001603FC
.text C:\Windows\System32\igfxtray.exe[1528] ntdll.dll!LdrLoadDll 773B22B8 5 Bytes JMP 001601F8
.text C:\Windows\System32\igfxtray.exe[1528] kernel32.dll!GetBinaryTypeW + 70 75A169F4 1 Byte [62]
.text C:\Windows\System32\igfxtray.exe[1528] USER32.dll!UnhookWindowsHookEx 75B4ADF9 5 Bytes JMP 00200A08
.text C:\Windows\System32\igfxtray.exe[1528] USER32.dll!UnhookWinEvent 75B4B750 5 Bytes JMP 002003FC
.text C:\Windows\System32\igfxtray.exe[1528] USER32.dll!SetWindowsHookExW 75B4E30C 5 Bytes JMP 00200804
.text C:\Windows\System32\igfxtray.exe[1528] USER32.dll!SetWinEventHook 75B524DC 5 Bytes JMP 002001F8
.text C:\Windows\System32\igfxtray.exe[1528] USER32.dll!SetWindowsHookExA 75B76D0C 5 Bytes JMP 00200600
.text C:\Windows\System32\hkcmd.exe[1536] ntdll.dll!LdrUnloadDll 773AC8DE 5 Bytes JMP 001603FC
.text C:\Windows\System32\hkcmd.exe[1536] ntdll.dll!LdrLoadDll 773B22B8 5 Bytes JMP 001601F8
.text C:\Windows\System32\hkcmd.exe[1536] kernel32.dll!GetBinaryTypeW + 70 75A169F4 1 Byte [62]
.text C:\Windows\System32\hkcmd.exe[1536] USER32.dll!UnhookWindowsHookEx 75B4ADF9 5 Bytes JMP 00200A08
.text C:\Windows\System32\hkcmd.exe[1536] USER32.dll!UnhookWinEvent 75B4B750 5 Bytes JMP 002003FC
.text C:\Windows\System32\hkcmd.exe[1536] USER32.dll!SetWindowsHookExW 75B4E30C 5 Bytes JMP 00200804
.text C:\Windows\System32\hkcmd.exe[1536] USER32.dll!SetWinEventHook 75B524DC 5 Bytes JMP 002001F8
.text C:\Windows\System32\hkcmd.exe[1536] USER32.dll!SetWindowsHookExA 75B76D0C 5 Bytes JMP 00200600
.text C:\Windows\System32\igfxpers.exe[1548] ntdll.dll!LdrUnloadDll 773AC8DE 5 Bytes JMP 001603FC
.text C:\Windows\System32\igfxpers.exe[1548] ntdll.dll!LdrLoadDll 773B22B8 5 Bytes JMP 001601F8
.text C:\Windows\System32\igfxpers.exe[1548] kernel32.dll!GetBinaryTypeW + 70 75A169F4 1 Byte [62]
.text C:\Windows\System32\igfxpers.exe[1548] USER32.dll!UnhookWindowsHookEx 75B4ADF9 5 Bytes JMP 00190A08
.text C:\Windows\System32\igfxpers.exe[1548] USER32.dll!UnhookWinEvent 75B4B750 5 Bytes JMP 001903FC
.text C:\Windows\System32\igfxpers.exe[1548] USER32.dll!SetWindowsHookExW 75B4E30C 5 Bytes JMP 00190804
.text C:\Windows\System32\igfxpers.exe[1548] USER32.dll!SetWinEventHook 75B524DC 5 Bytes JMP 001901F8
.text C:\Windows\System32\igfxpers.exe[1548] USER32.dll!SetWindowsHookExA 75B76D0C 5 Bytes JMP 00190600
.text C:\Windows\system32\igfxsrvc.exe[1620] ntdll.dll!LdrUnloadDll 773AC8DE 5 Bytes JMP 001603FC
.text C:\Windows\system32\igfxsrvc.exe[1620] ntdll.dll!LdrLoadDll 773B22B8 5 Bytes JMP 001601F8
.text C:\Windows\system32\igfxsrvc.exe[1620] kernel32.dll!GetBinaryTypeW + 70 75A169F4 1 Byte [62]
.text C:\Windows\system32\igfxsrvc.exe[1620] USER32.dll!UnhookWindowsHookEx 75B4ADF9 5 Bytes JMP 001F0A08
.text C:\Windows\system32\igfxsrvc.exe[1620] USER32.dll!UnhookWinEvent 75B4B750 5 Bytes JMP 001F03FC
.text C:\Windows\system32\igfxsrvc.exe[1620] USER32.dll!SetWindowsHookExW 75B4E30C 5 Bytes JMP 001F0804
.text C:\Windows\system32\igfxsrvc.exe[1620] USER32.dll!SetWinEventHook 75B524DC 5 Bytes JMP 001F01F8
.text C:\Windows\system32\igfxsrvc.exe[1620] USER32.dll!SetWindowsHookExA 75B76D0C 5 Bytes JMP 001F0600
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[1680] ntdll.dll!LdrUnloadDll 773AC8DE 5 Bytes JMP 000603FC
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[1680] ntdll.dll!LdrLoadDll 773B22B8 5 Bytes JMP 000601F8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[1680] kernel32.dll!GetBinaryTypeW + 70 75A169F4 1 Byte [62]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[1680] USER32.dll!UnhookWindowsHookEx 75B4ADF9 5 Bytes JMP 00100A08
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[1680] USER32.dll!UnhookWinEvent 75B4B750 5 Bytes JMP 001003FC
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[1680] USER32.dll!SetWindowsHookExW 75B4E30C 5 Bytes JMP 00100804
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[1680] USER32.dll!SetWinEventHook 75B524DC 5 Bytes JMP 001001F8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[1680] USER32.dll!SetWindowsHookExA 75B76D0C 5 Bytes JMP 00100600
.text C:\Program Files\iTunes\iTunesHelper.exe[1720] ntdll.dll!LdrUnloadDll 773AC8DE 5 Bytes JMP 000603FC
.text C:\Program Files\iTunes\iTunesHelper.exe[1720] ntdll.dll!LdrLoadDll 773B22B8 5 Bytes JMP 000601F8
.text C:\Program Files\iTunes\iTunesHelper.exe[1720] kernel32.dll!GetBinaryTypeW + 70 75A169F4 1 Byte [62]
.text C:\Program Files\iTunes\iTunesHelper.exe[1720] USER32.dll!UnhookWindowsHookEx 75B4ADF9 5 Bytes JMP 00100A08
.text C:\Program Files\iTunes\iTunesHelper.exe[1720] USER32.dll!UnhookWinEvent 75B4B750 5 Bytes JMP 001003FC
.text C:\Program Files\iTunes\iTunesHelper.exe[1720] USER32.dll!SetWindowsHookExW 75B4E30C 5 Bytes JMP 00100804
.text C:\Program Files\iTunes\iTunesHelper.exe[1720] USER32.dll!SetWinEventHook 75B524DC 5 Bytes JMP 001001F8
.text C:\Program Files\iTunes\iTunesHelper.exe[1720] USER32.dll!SetWindowsHookExA 75B76D0C 5 Bytes JMP 00100600
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1728] ntdll.dll!LdrUnloadDll 773AC8DE 5 Bytes JMP 000A03FC
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1728] ntdll.dll!LdrLoadDll 773B22B8 5 Bytes JMP 000A01F8
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1728] kernel32.dll!GetBinaryTypeW + 70 75A169F4 1 Byte [62]
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1728] USER32.dll!UnhookWindowsHookEx 75B4ADF9 5 Bytes JMP 00140A08
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1728] USER32.dll!UnhookWinEvent 75B4B750 5 Bytes JMP 001403FC
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1728] USER32.dll!SetWindowsHookExW 75B4E30C 5 Bytes JMP 00140804
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1728] USER32.dll!SetWinEventHook 75B524DC 5 Bytes JMP 001401F8
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[1728] USER32.dll!SetWindowsHookExA 75B76D0C 5 Bytes JMP 00140600
.text C:\Windows\System32\svchost.exe[1752] ntdll.dll!LdrUnloadDll 773AC8DE 5 Bytes JMP 000A03FC
.text C:\Windows\System32\svchost.exe[1752] ntdll.dll!LdrLoadDll 773B22B8 5 Bytes JMP 000A01F8
.text C:\Windows\System32\svchost.exe[1752] kernel32.dll!GetBinaryTypeW + 70 75A169F4 1 Byte [62]
.text C:\Windows\System32\svchost.exe[1752] USER32.dll!UnhookWindowsHookEx 75B4ADF9 5 Bytes JMP 00390A08
.text C:\Windows\System32\svchost.exe[1752] USER32.dll!UnhookWinEvent 75B4B750 5 Bytes JMP 003903FC
.text C:\Windows\System32\svchost.exe[1752] USER32.dll!SetWindowsHookExW 75B4E30C 5 Bytes JMP 00390804
.text C:\Windows\System32\svchost.exe[1752] USER32.dll!SetWinEventHook 75B524DC 5 Bytes JMP 003901F8
.text C:\Windows\System32\svchost.exe[1752] USER32.dll!SetWindowsHookExA 75B76D0C 5 Bytes JMP 00390600
.text C:\Program Files\Windows Sidebar\sidebar.exe[1756] ntdll.dll!LdrUnloadDll 773AC8DE 5 Bytes JMP 000603FC
.text C:\Program Files\Windows Sidebar\sidebar.exe[1756] ntdll.dll!LdrLoadDll 773B22B8 5 Bytes JMP 000601F8
.text C:\Program Files\Windows Sidebar\sidebar.exe[1756] kernel32.dll!GetBinaryTypeW + 70 75A169F4 1 Byte [62]
.text C:\Program Files\Windows Sidebar\sidebar.exe[1756] USER32.dll!UnhookWindowsHookEx 75B4ADF9 5 Bytes JMP 00110A08
.text C:\Program Files\Windows Sidebar\sidebar.exe[1756] USER32.dll!UnhookWinEvent 75B4B750 5 Bytes JMP 001103FC
.text C:\Program Files\Windows Sidebar\sidebar.exe[1756] USER32.dll!SetWindowsHookExW 75B4E30C 5 Bytes JMP 00110804
.text C:\Program Files\Windows Sidebar\sidebar.exe[1756] USER32.dll!SetWinEventHook 75B524DC 5 Bytes JMP 001101F8
.text C:\Program Files\Windows Sidebar\sidebar.exe[1756] USER32.dll!SetWindowsHookExA 75B76D0C 5 Bytes JMP 00110600
.text C:\Users\Ryan\AppData\Roaming\Google\Google Talk\googletalk.exe[1768] ntdll.dll!LdrUnloadDll 773AC8DE 5 Bytes JMP 001603FC
.text C:\Users\Ryan\AppData\Roaming\Google\Google Talk\googletalk.exe[1768] ntdll.dll!LdrLoadDll 773B22B8 5 Bytes JMP 001601F8
.text C:\Users\Ryan\AppData\Roaming\Google\Google Talk\googletalk.exe[1768] kernel32.dll!GetBinaryTypeW + 70 75A169F4 1 Byte [62]
.text C:\Users\Ryan\AppData\Roaming\Google\Google Talk\googletalk.exe[1768] USER32.dll!UnhookWindowsHookEx 75B4ADF9 5 Bytes JMP 002F0A08
.text C:\Users\Ryan\AppData\Roaming\Google\Google Talk\googletalk.exe[1768] USER32.dll!UnhookWinEvent 75B4B750 5 Bytes JMP 002F03FC
.text C:\Users\Ryan\AppData\Roaming\Google\Google Talk\googletalk.exe[1768] USER32.dll!SetWindowsHookExW 75B4E30C 5 Bytes JMP 002F0804
.text C:\Users\Ryan\AppData\Roaming\Google\Google Talk\googletalk.exe[1768] USER32.dll!SetWinEventHook 75B524DC 5 Bytes JMP 002F01F8
.text C:\Users\Ryan\AppData\Roaming\Google\Google Talk\googletalk.exe[1768] USER32.dll!SetWindowsHookExA 75B76D0C 5 Bytes JMP 002F0600
.text C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe[1836] ntdll.dll!LdrUnloadDll 773AC8DE 5 Bytes JMP 001603FC
.text C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe[1836] ntdll.dll!LdrLoadDll 773B22B8 5 Bytes JMP 001601F8
.text C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe[1836] kernel32.dll!GetBinaryTypeW + 70 75A169F4 1 Byte [62]
.text C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe[1836] USER32.dll!UnhookWindowsHookEx 75B4ADF9 5 Bytes JMP 00300A08
.text C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe[1836] USER32.dll!UnhookWinEvent 75B4B750 5 Bytes JMP 003003FC
.text C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe[1836] USER32.dll!SetWindowsHookExW 75B4E30C 5 Bytes JMP 00300804
.text C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe[1836] USER32.dll!SetWinEventHook
 
GMER Log 2

.text C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe[1836] USER32.dll!SetWindowsHookExA 75B76D0C 5 Bytes JMP 00300600
.text C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe[1880] ntdll.dll!LdrUnloadDll 773AC8DE 5 Bytes JMP 000603FC
.text C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe[1880] ntdll.dll!LdrLoadDll 773B22B8 5 Bytes JMP 000601F8
.text C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe[1880] kernel32.dll!GetBinaryTypeW + 70 75A169F4 1 Byte [62]
.text C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe[1880] USER32.dll!UnhookWindowsHookEx 75B4ADF9 5 Bytes JMP 00100A08
.text C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe[1880] USER32.dll!UnhookWinEvent 75B4B750 5 Bytes JMP 001003FC
.text C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe[1880] USER32.dll!SetWindowsHookExW 75B4E30C 5 Bytes JMP 00100804
.text C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe[1880] USER32.dll!SetWinEventHook 75B524DC 5 Bytes JMP 001001F8
.text C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe[1880] USER32.dll!SetWindowsHookExA 75B76D0C 5 Bytes JMP 00100600
.text C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[1908] ntdll.dll!LdrUnloadDll 773AC8DE 5 Bytes JMP 001603FC
.text C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[1908] ntdll.dll!LdrLoadDll 773B22B8 5 Bytes JMP 001601F8
.text C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[1908] kernel32.dll!GetBinaryTypeW + 70 75A169F4 1 Byte [62]
.text C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[1908] USER32.dll!UnhookWindowsHookEx 75B4ADF9 5 Bytes JMP 00200A08
.text C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[1908] USER32.dll!UnhookWinEvent 75B4B750 5 Bytes JMP 002003FC
.text C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[1908] USER32.dll!SetWindowsHookExW 75B4E30C 5 Bytes JMP 00200804
.text C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[1908] USER32.dll!SetWinEventHook 75B524DC 5 Bytes JMP 002001F8
.text C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[1908] USER32.dll!SetWindowsHookExA 75B76D0C 5 Bytes JMP 00200600
.text C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe[1972] ntdll.dll!LdrUnloadDll 773AC8DE 5 Bytes JMP 000603FC
.text C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe[1972] ntdll.dll!LdrLoadDll 773B22B8 5 Bytes JMP 000601F8
.text C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe[1972] kernel32.dll!GetBinaryTypeW + 70 75A169F4 1 Byte [62]
.text C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe[1972] USER32.dll!UnhookWindowsHookEx 75B4ADF9 5 Bytes JMP 00100A08
.text C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe[1972] USER32.dll!UnhookWinEvent 75B4B750 5 Bytes JMP 001003FC
.text C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe[1972] USER32.dll!SetWindowsHookExW 75B4E30C 5 Bytes JMP 00100804
.text C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe[1972] USER32.dll!SetWinEventHook 75B524DC 5 Bytes JMP 001001F8
.text C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe[1972] USER32.dll!SetWindowsHookExA 75B76D0C 5 Bytes JMP 00100600
.text C:\Users\Ryan\AppData\Roaming\Dropbox\bin\Dropbox.exe[2012] ntdll.dll!LdrUnloadDll 773AC8DE 5 Bytes JMP 001603FC
.text C:\Users\Ryan\AppData\Roaming\Dropbox\bin\Dropbox.exe[2012] ntdll.dll!LdrLoadDll 773B22B8 5 Bytes JMP 001601F8
.text C:\Users\Ryan\AppData\Roaming\Dropbox\bin\Dropbox.exe[2012] kernel32.dll!GetBinaryTypeW + 70 75A169F4 1 Byte [62]
.text C:\Users\Ryan\AppData\Roaming\Dropbox\bin\Dropbox.exe[2012] USER32.dll!UnhookWindowsHookEx 75B4ADF9 5 Bytes JMP 001F0A08
.text C:\Users\Ryan\AppData\Roaming\Dropbox\bin\Dropbox.exe[2012] USER32.dll!UnhookWinEvent 75B4B750 5 Bytes JMP 001F03FC
.text C:\Users\Ryan\AppData\Roaming\Dropbox\bin\Dropbox.exe[2012] USER32.dll!SetWindowsHookExW 75B4E30C 5 Bytes JMP 001F0804
.text C:\Users\Ryan\AppData\Roaming\Dropbox\bin\Dropbox.exe[2012] USER32.dll!SetWinEventHook 75B524DC 5 Bytes JMP 001F01F8
.text C:\Users\Ryan\AppData\Roaming\Dropbox\bin\Dropbox.exe[2012] USER32.dll!SetWindowsHookExA 75B76D0C 5 Bytes JMP 001F0600
.text C:\Windows\System32\spoolsv.exe[2140] ntdll.dll!LdrUnloadDll 773AC8DE 5 Bytes JMP 000603FC
.text C:\Windows\System32\spoolsv.exe[2140] ntdll.dll!LdrLoadDll 773B22B8 5 Bytes JMP 000601F8
.text C:\Windows\System32\spoolsv.exe[2140] kernel32.dll!GetBinaryTypeW + 70 75A169F4 1 Byte [62]
.text C:\Windows\System32\spoolsv.exe[2140] USER32.dll!UnhookWindowsHookEx 75B4ADF9 5 Bytes JMP 00140A08
.text C:\Windows\System32\spoolsv.exe[2140] USER32.dll!UnhookWinEvent 75B4B750 5 Bytes JMP 001403FC
.text C:\Windows\System32\spoolsv.exe[2140] USER32.dll!SetWindowsHookExW 75B4E30C 5 Bytes JMP 00140804
.text C:\Windows\System32\spoolsv.exe[2140] USER32.dll!SetWinEventHook 75B524DC 5 Bytes JMP 001401F8
.text C:\Windows\System32\spoolsv.exe[2140] USER32.dll!SetWindowsHookExA 75B76D0C 5 Bytes JMP 00140600
.text C:\Windows\system32\svchost.exe[2180] ntdll.dll!LdrUnloadDll 773AC8DE 5 Bytes JMP 000A03FC
.text C:\Windows\system32\svchost.exe[2180] ntdll.dll!LdrLoadDll 773B22B8 5 Bytes JMP 000A01F8
.text C:\Windows\system32\svchost.exe[2180] kernel32.dll!GetBinaryTypeW + 70 75A169F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[2180] USER32.dll!UnhookWindowsHookEx 75B4ADF9 5 Bytes JMP 003E0A08
.text C:\Windows\system32\svchost.exe[2180] USER32.dll!UnhookWinEvent 75B4B750 5 Bytes JMP 003E03FC
.text C:\Windows\system32\svchost.exe[2180] USER32.dll!SetWindowsHookExW 75B4E30C 5 Bytes JMP 003E0804
.text C:\Windows\system32\svchost.exe[2180] USER32.dll!SetWinEventHook 75B524DC 5 Bytes JMP 003E01F8
.text C:\Windows\system32\svchost.exe[2180] USER32.dll!SetWindowsHookExA 75B76D0C 5 Bytes JMP 003E0600
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2228] ntdll.dll!LdrUnloadDll 773AC8DE 5 Bytes JMP 000603FC
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2228] ntdll.dll!LdrLoadDll 773B22B8 5 Bytes JMP 000601F8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2228] kernel32.dll!GetBinaryTypeW + 70 75A169F4 1 Byte [62]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2228] USER32.dll!UnhookWindowsHookEx 75B4ADF9 5 Bytes JMP 00140A08
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2228] USER32.dll!UnhookWinEvent 75B4B750 5 Bytes JMP 001403FC
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2228] USER32.dll!SetWindowsHookExW 75B4E30C 5 Bytes JMP 00140804
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2228] USER32.dll!SetWinEventHook 75B524DC 5 Bytes JMP 001401F8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2228] USER32.dll!SetWindowsHookExA 75B76D0C 5 Bytes JMP 00140600
.text C:\Windows\system32\taskhost.exe[2240] ntdll.dll!LdrUnloadDll 773AC8DE 5 Bytes JMP 000503FC
.text C:\Windows\system32\taskhost.exe[2240] ntdll.dll!LdrLoadDll 773B22B8 5 Bytes JMP 000501F8
.text C:\Windows\system32\taskhost.exe[2240] kernel32.dll!GetBinaryTypeW + 70 75A169F4 1 Byte [62]
.text C:\Windows\system32\taskhost.exe[2240] USER32.dll!UnhookWindowsHookEx 75B4ADF9 5 Bytes JMP 00070A08
.text C:\Windows\system32\taskhost.exe[2240] USER32.dll!UnhookWinEvent 75B4B750 5 Bytes JMP 000703FC
.text C:\Windows\system32\taskhost.exe[2240] USER32.dll!SetWindowsHookExW 75B4E30C 5 Bytes JMP 00070804
.text C:\Windows\system32\taskhost.exe[2240] USER32.dll!SetWinEventHook 75B524DC 5 Bytes JMP 000701F8
.text C:\Windows\system32\taskhost.exe[2240] USER32.dll!SetWindowsHookExA 75B76D0C 5 Bytes JMP 00070600
.text C:\Windows\System32\svchost.exe[2308] ntdll.dll!LdrUnloadDll 773AC8DE 5 Bytes JMP 000603FC
.text C:\Windows\System32\svchost.exe[2308] ntdll.dll!LdrLoadDll 773B22B8 5 Bytes JMP 000601F8
.text C:\Windows\System32\svchost.exe[2308] kernel32.dll!GetBinaryTypeW + 70 75A169F4 1 Byte [62]
.text C:\Windows\System32\svchost.exe[2308] USER32.dll!UnhookWindowsHookEx 75B4ADF9 5 Bytes JMP 00900A08
.text C:\Windows\System32\svchost.exe[2308] USER32.dll!UnhookWinEvent 75B4B750 5 Bytes JMP 009003FC
.text C:\Windows\System32\svchost.exe[2308] USER32.dll!SetWindowsHookExW 75B4E30C 5 Bytes JMP 00900804
.text C:\Windows\System32\svchost.exe[2308] USER32.dll!SetWinEventHook 75B524DC 5 Bytes JMP 009001F8
.text C:\Windows\System32\svchost.exe[2308] USER32.dll!SetWindowsHookExA 75B76D0C 5 Bytes JMP 00900600
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2356] ntdll.dll!LdrUnloadDll 773AC8DE 5 Bytes JMP 000603FC
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2356] ntdll.dll!LdrLoadDll 773B22B8 5 Bytes JMP 000601F8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2356] kernel32.dll!GetBinaryTypeW + 70 75A169F4 1 Byte [62]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2356] USER32.dll!UnhookWindowsHookEx 75B4ADF9 5 Bytes JMP 00100A08
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2356] USER32.dll!UnhookWinEvent 75B4B750 5 Bytes JMP 001003FC
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2356] USER32.dll!SetWindowsHookExW 75B4E30C 5 Bytes JMP 00100804
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2356] USER32.dll!SetWinEventHook 75B524DC 5 Bytes JMP 001001F8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2356] USER32.dll!SetWindowsHookExA 75B76D0C 5 Bytes JMP 00100600
.text C:\Program Files\AskBarDis\bar\bin\AskService.exe[2464] ntdll.dll!LdrUnloadDll 773AC8DE 5 Bytes JMP 001503FC
.text C:\Program Files\AskBarDis\bar\bin\AskService.exe[2464] ntdll.dll!LdrLoadDll 773B22B8 5 Bytes JMP 001501F8
.text C:\Program Files\AskBarDis\bar\bin\AskService.exe[2464] kernel32.dll!GetBinaryTypeW + 70 75A169F4 1 Byte [62]
.text C:\Program Files\AskBarDis\bar\bin\AskService.exe[2464] USER32.dll!UnhookWindowsHookEx 75B4ADF9 5 Bytes JMP 001E0A08
.text C:\Program Files\AskBarDis\bar\bin\AskService.exe[2464] USER32.dll!UnhookWinEvent 75B4B750 5 Bytes JMP 001E03FC
.text C:\Program Files\AskBarDis\bar\bin\AskService.exe[2464] USER32.dll!SetWindowsHookExW 75B4E30C 5 Bytes JMP 001E0804
.text C:\Program Files\AskBarDis\bar\bin\AskService.exe[2464] USER32.dll!SetWinEventHook 75B524DC 5 Bytes JMP 001E01F8
.text C:\Program Files\AskBarDis\bar\bin\AskService.exe[2464] USER32.dll!SetWindowsHookExA 75B76D0C 5 Bytes JMP 001E0600
.text C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe[2512] ntdll.dll!LdrUnloadDll 773AC8DE 5 Bytes JMP 001503FC
.text C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe[2512] ntdll.dll!LdrLoadDll 773B22B8 5 Bytes JMP 001501F8
.text C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe[2512] kernel32.dll!GetBinaryTypeW + 70 75A169F4 1 Byte [62]
.text C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe[2512] USER32.dll!UnhookWindowsHookEx 75B4ADF9 5 Bytes JMP 001E0A08
.text C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe[2512] USER32.dll!UnhookWinEvent 75B4B750 5 Bytes JMP 001E03FC
.text C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe[2512] USER32.dll!SetWindowsHookExW 75B4E30C 5 Bytes JMP 001E0804
.text C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe[2512] USER32.dll!SetWinEventHook 75B524DC 5 Bytes JMP 001E01F8
.text C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe[2512] USER32.dll!SetWindowsHookExA 75B76D0C 5 Bytes JMP 001E0600
.text C:\Program Files\Bonjour\mDNSResponder.exe[2564] ntdll.dll!LdrUnloadDll 773AC8DE 5 Bytes JMP 000603FC
.text C:\Program Files\Bonjour\mDNSResponder.exe[2564] ntdll.dll!LdrLoadDll 773B22B8 5 Bytes JMP 000601F8
.text C:\Program Files\Bonjour\mDNSResponder.exe[2564] kernel32.dll!GetBinaryTypeW + 70 75A169F4 1 Byte [62]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2564] USER32.dll!UnhookWindowsHookEx 75B4ADF9 5 Bytes JMP 00100A08
.text C:\Program Files\Bonjour\mDNSResponder.exe[2564] USER32.dll!UnhookWinEvent 75B4B750 5 Bytes JMP 001003FC
.text C:\Program Files\Bonjour\mDNSResponder.exe[2564] USER32.dll!SetWindowsHookExW 75B4E30C 5 Bytes JMP 00100804
.text C:\Program Files\Bonjour\mDNSResponder.exe[2564] USER32.dll!SetWinEventHook 75B524DC 5 Bytes JMP 001001F8
.text C:\Program Files\Bonjour\mDNSResponder.exe[2564] USER32.dll!SetWindowsHookExA 75B76D0C 5 Bytes JMP 00100600
.text C:\Program Files\ccxgui\ccXservice.exe[2648] ntdll.dll!LdrUnloadDll 773AC8DE 5 Bytes JMP 001503FC
.text C:\Program Files\ccxgui\ccXservice.exe[2648] ntdll.dll!LdrLoadDll 773B22B8 5 Bytes JMP 001501F8
.text C:\Program Files\ccxgui\ccXservice.exe[2648] kernel32.dll!GetBinaryTypeW + 70 75A169F4 1 Byte [62]
.text C:\Program Files\ccxgui\ccXservice.exe[2648] user32.dll!UnhookWindowsHookEx 75B4ADF9 5 Bytes JMP 001F0A08
.text C:\Program Files\ccxgui\ccXservice.exe[2648] user32.dll!UnhookWinEvent 75B4B750 5 Bytes JMP 001F03FC
.text C:\Program Files\ccxgui\ccXservice.exe[2648] user32.dll!SetWindowsHookExW 75B4E30C 5 Bytes JMP 001F0804
.text C:\Program Files\ccxgui\ccXservice.exe[2648] user32.dll!SetWinEventHook 75B524DC 5 Bytes JMP 001F01F8
.text C:\Program Files\ccxgui\ccXservice.exe[2648] user32.dll!SetWindowsHookExA 75B76D0C 5 Bytes JMP 001F0600
.text C:\Windows\system32\svchost.exe[2704] ntdll.dll!LdrUnloadDll 773AC8DE 5 Bytes JMP 000A03FC
.text C:\Windows\system32\svchost.exe[2704] ntdll.dll!LdrLoadDll 773B22B8 5 Bytes JMP 000A01F8
.text C:\Windows\system32\svchost.exe[2704] kernel32.dll!GetBinaryTypeW + 70 75A169F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[2704] USER32.dll!UnhookWindowsHookEx 75B4ADF9 5 Bytes JMP 005B0A08
.text C:\Windows\system32\svchost.exe[2704] USER32.dll!UnhookWinEvent 75B4B750 5 Bytes JMP 005B03FC
.text C:\Windows\system32\svchost.exe[2704] USER32.dll!SetWindowsHookExW 75B4E30C 5 Bytes JMP 005B0804
.text C:\Windows\system32\svchost.exe[2704] USER32.dll!SetWinEventHook 75B524DC 5 Bytes JMP 005B01F8
.text C:\Windows\system32\svchost.exe[2704] USER32.dll!SetWindowsHookExA 75B76D0C 5 Bytes JMP 005B0600
.text C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe[2744] ntdll.dll!LdrUnloadDll 773AC8DE 5 Bytes JMP 001603FC
.text C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe[2744] ntdll.dll!LdrLoadDll 773B22B8 5 Bytes JMP 001601F8
.text C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe[2744] kernel32.dll!GetBinaryTypeW + 70 75A169F4 1 Byte [62]
.text C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe[2744] USER32.dll!UnhookWindowsHookEx 75B4ADF9 5 Bytes JMP 00200A08
.text C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe[2744] USER32.dll!UnhookWinEvent 75B4B750 5 Bytes JMP 002003FC
.text C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe[2744] USER32.dll!SetWindowsHookExW 75B4E30C 5 Bytes JMP 00200804
.text C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe[2744] USER32.dll!SetWinEventHook 75B524DC 5 Bytes JMP 002001F8
.text C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe[2744] USER32.dll!SetWindowsHookExA 75B76D0C 5 Bytes JMP 00200600
.text C:\Program Files\Hotspot Shield\bin\hsswd.exe[2792] ntdll.dll!LdrUnloadDll 773AC8DE 5 Bytes JMP 000603FC
.text C:\Program Files\Hotspot Shield\bin\hsswd.exe[2792] ntdll.dll!LdrLoadDll 773B22B8 5 Bytes JMP 000601F8
.text C:\Program Files\Hotspot Shield\bin\hsswd.exe[2792] kernel32.dll!GetBinaryTypeW + 70 75A169F4 1 Byte [62]
.text C:\Program Files\Hotspot Shield\bin\hsswd.exe[2792] USER32.dll!UnhookWindowsHookEx 75B4ADF9 5 Bytes JMP 00100A08
.text C:\Program Files\Hotspot Shield\bin\hsswd.exe[2792] USER32.dll!UnhookWinEvent 75B4B750 5 Bytes JMP 001003FC
.text C:\Program Files\Hotspot Shield\bin\hsswd.exe[2792] USER32.dll!SetWindowsHookExW 75B4E30C 5 Bytes JMP 00100804
.text C:\Program Files\Hotspot Shield\bin\hsswd.exe[2792] USER32.dll!SetWinEventHook 75B524DC 5 Bytes JMP 001001F8
.text C:\Program Files\Hotspot Shield\bin\hsswd.exe[2792] USER32.dll!SetWindowsHookExA 75B76D0C 5 Bytes JMP 00100600
.text C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe[2896] ntdll.dll!LdrUnloadDll 773AC8DE 5 Bytes JMP 000503FC
.text C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe[2896] ntdll.dll!LdrLoadDll 773B22B8 5 Bytes JMP 000501F8
.text C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe[2896] kernel32.dll!GetBinaryTypeW + 70 75A169F4 1 Byte [62]
.text C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe[2896] USER32.dll!UnhookWindowsHookEx 75B4ADF9 5 Bytes JMP 000F0A08
.text C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe[2896] USER32.dll!UnhookWinEvent 75B4B750 5 Bytes JMP 000F03FC
.text C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe[2896] USER32.dll!SetWindowsHookExW 75B4E30C 5 Bytes JMP 000F0804
.text C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe[2896] USER32.dll!SetWinEventHook 75B524DC 5 Bytes JMP 000F01F8
.text C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe[2896] USER32.dll!SetWindowsHookExA 75B76D0C 5 Bytes JMP 000F0600
.text C:\Users\Ryan\Desktop\rnmk5gkv.exe[2904] ntdll.dll!LdrUnloadDll 773AC8DE 5 Bytes JMP 001603FC
.text C:\Users\Ryan\Desktop\rnmk5gkv.exe[2904] ntdll.dll!LdrLoadDll 773B22B8 5 Bytes JMP 001601F8
.text C:\Users\Ryan\Desktop\rnmk5gkv.exe[2904] kernel32.dll!GetBinaryTypeW + 70 75A169F4 1 Byte [62]
.text C:\Users\Ryan\Desktop\rnmk5gkv.exe[2904] USER32.dll!UnhookWindowsHookEx 75B4ADF9 5 Bytes JMP 00230A08
.text C:\Users\Ryan\Desktop\rnmk5gkv.exe[2904] USER32.dll!UnhookWinEvent 75B4B750 5 Bytes JMP 002303FC
.text C:\Users\Ryan\Desktop\rnmk5gkv.exe[2904] USER32.dll!SetWindowsHookExW 75B4E30C 5 Bytes JMP 00230804
.text C:\Users\Ryan\Desktop\rnmk5gkv.exe[2904] USER32.dll!SetWinEventHook 75B524DC 5 Bytes JMP 002301F8
.text C:\Users\Ryan\Desktop\rnmk5gkv.exe[2904] USER32.dll!SetWindowsHookExA 75B76D0C 5 Bytes JMP 00230600
.text C:\Windows\system32\svchost.exe[2916] ntdll.dll!LdrUnloadDll 773AC8DE 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[2916] ntdll.dll!LdrLoadDll 773B22B8 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[2916] kernel32.dll!GetBinaryTypeW + 70 75A169F4 1 Byte [62]
.text C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe[2948] ntdll.dll!LdrUnloadDll 773AC8DE 5 Bytes JMP 001603FC
.text C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe[2948] ntdll.dll!LdrLoadDll 773B22B8 5 Bytes JMP 001601F8
.text C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe[2948] kernel32.dll!GetBinaryTypeW + 70 75A169F4 1 Byte [62]
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3004] ntdll.dll!LdrUnloadDll 773AC8DE 5 Bytes JMP 001603FC
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3004] ntdll.dll!LdrLoadDll 773B22B8 5 Bytes JMP 001601F8
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3004] kernel32.dll!GetBinaryTypeW + 70 75A169F4 1 Byte [62]
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3004] USER32.dll!UnhookWindowsHookEx 75B4ADF9 5 Bytes JMP 00200A08
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3004] USER32.dll!UnhookWinEvent 75B4B750 5 Bytes JMP 002003FC
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3004] USER32.dll!SetWindowsHookExW 75B4E30C 5 Bytes JMP 00200804
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3004] USER32.dll!SetWinEventHook 75B524DC 5 Bytes JMP 002001F8
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3004] USER32.dll!SetWindowsHookExA 75B76D0C 5 Bytes JMP 00200600
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe[3036] KERNEL32.dll!GetBinaryTypeW + 70 75A169F4 1 Byte [62]
.text C:\Windows\system32\SearchIndexer.exe[3308] ntdll.dll!LdrUnloadDll 773AC8DE 5 Bytes JMP 000603FC
.text C:\Windows\system32\SearchIndexer.exe[3308] ntdll.dll!LdrLoadDll 773B22B8 5 Bytes JMP 000601F8
.text C:\Windows\system32\SearchIndexer.exe[3308] kernel32.dll!GetBinaryTypeW + 70 75A169F4 1 Byte [62]
.text C:\Windows\system32\SearchIndexer.exe[3308] USER32.dll!UnhookWindowsHookEx 75B4ADF9 5 Bytes JMP 00100A08
.text C:\Windows\system32\SearchIndexer.exe[3308] USER32.dll!UnhookWinEvent 75B4B750 5 Bytes JMP 001003FC
.text C:\Windows\system32\SearchIndexer.exe[3308] USER32.dll!SetWindowsHookExW 75B4E30C 5 Bytes JMP 00100804
.text C:\Windows\system32\SearchIndexer.exe[3308] USER32.dll!SetWinEventHook 75B524DC 5 Bytes JMP 001001F8
.text C:\Windows\system32\SearchIndexer.exe[3308] USER32.dll!SetWindowsHookExA 75B76D0C 5 Bytes JMP 00100600
.text C:\Program Files\iPod\bin\iPodService.exe[3400] ntdll.dll!LdrUnloadDll 773AC8DE 5 Bytes JMP 000603FC
.text C:\Program Files\iPod\bin\iPodService.exe[3400] ntdll.dll!LdrLoadDll 773B22B8 5 Bytes JMP 000601F8
.text C:\Program Files\iPod\bin\iPodService.exe[3400] kernel32.dll!GetBinaryTypeW + 70 75A169F4 1 Byte [62]
.text C:\Program Files\iPod\bin\iPodService.exe[3400] USER32.dll!UnhookWindowsHookEx 75B4ADF9 5 Bytes JMP 00200A08
.text C:\Program Files\iPod\bin\iPodService.exe[3400] USER32.dll!UnhookWinEvent 75B4B750 5 Bytes JMP 002003FC
.text C:\Program Files\iPod\bin\iPodService.exe[3400] USER32.dll!SetWindowsHookExW 75B4E30C 5 Bytes JMP 00200804
.text C:\Program Files\iPod\bin\iPodService.exe[3400] USER32.dll!SetWinEventHook 75B524DC 5 Bytes JMP 002001F8
.text C:\Program Files\iPod\bin\iPodService.exe[3400] USER32.dll!SetWindowsHookExA 75B76D0C 5 Bytes JMP 00200600
.text C:\Windows\system32\AUDIODG.EXE[3500] kernel32.dll!GetBinaryTypeW + 70 75A169F4 1 Byte [62]
.text C:\Windows\system32\WUDFHost.exe[3520] ntdll.dll!LdrUnloadDll 773AC8DE 5 Bytes JMP 000A03FC
.text C:\Windows\system32\WUDFHost.exe[3520] ntdll.dll!LdrLoadDll 773B22B8 5 Bytes JMP 000A01F8
.text C:\Windows\system32\WUDFHost.exe[3520] kernel32.dll!GetBinaryTypeW + 70 75A169F4 1 Byte [62]
.text C:\Windows\system32\WUDFHost.exe[3520] USER32.dll!UnhookWindowsHookEx 75B4ADF9 5 Bytes JMP 00140A08
.text C:\Windows\system32\WUDFHost.exe[3520] USER32.dll!UnhookWinEvent 75B4B750 5 Bytes JMP 001403FC
.text C:\Windows\system32\WUDFHost.exe[3520] USER32.dll!SetWindowsHookExW 75B4E30C 5 Bytes JMP 00140804
.text C:\Windows\system32\WUDFHost.exe[3520] USER32.dll!SetWinEventHook 75B524DC 5 Bytes JMP 001401F8
.text C:\Windows\system32\WUDFHost.exe[3520] USER32.dll!SetWindowsHookExA 75B76D0C 5 Bytes JMP 00140600
.text C:\Program Files\Apoint\ApMsgFwd.exe[3768] ntdll.dll!LdrUnloadDll 773AC8DE 5 Bytes JMP 001603FC
.text C:\Program Files\Apoint\ApMsgFwd.exe[3768] ntdll.dll!LdrLoadDll 773B22B8 5 Bytes JMP 001601F8
.text C:\Program Files\Apoint\ApMsgFwd.exe[3768] kernel32.dll!GetBinaryTypeW + 70 75A169F4 1 Byte [62]
.text C:\Program Files\Apoint\ApMsgFwd.exe[3768] USER32.dll!UnhookWindowsHookEx 75B4ADF9 5 Bytes JMP 001F0A08
.text C:\Program Files\Apoint\ApMsgFwd.exe[3768] USER32.dll!UnhookWinEvent 75B4B750 5 Bytes JMP 001F03FC
.text C:\Program Files\Apoint\ApMsgFwd.exe[3768] USER32.dll!SetWindowsHookExW 75B4E30C 5 Bytes JMP 001F0804
.text C:\Program Files\Apoint\ApMsgFwd.exe[3768] USER32.dll!SetWinEventHook 75B524DC 5 Bytes JMP 001F01F8
.text C:\Program Files\Apoint\ApMsgFwd.exe[3768] USER32.dll!SetWindowsHookExA 75B76D0C 5 Bytes JMP 001F0600
.text C:\Program Files\Apoint\Apntex.exe[3800] ntdll.dll!LdrUnloadDll 773AC8DE 5 Bytes JMP 001503FC
.text C:\Program Files\Apoint\Apntex.exe[3800] ntdll.dll!LdrLoadDll 773B22B8 5 Bytes JMP 001501F8
.text C:\Program Files\Apoint\Apntex.exe[3800] kernel32.dll!GetBinaryTypeW + 70 75A169F4 1 Byte [62]
.text C:\Program Files\Apoint\Apntex.exe[3800] USER32.dll!UnhookWindowsHookEx 75B4ADF9 5 Bytes JMP 00170A08
.text C:\Program Files\Apoint\Apntex.exe[3800] USER32.dll!UnhookWinEvent 75B4B750 5 Bytes JMP 001703FC
.text C:\Program Files\Apoint\Apntex.exe[3800] USER32.dll!SetWindowsHookExW 75B4E30C 5 Bytes JMP 00170804
.text C:\Program Files\Apoint\Apntex.exe[3800] USER32.dll!SetWinEventHook 75B524DC 5 Bytes JMP 001701F8
.text C:\Program Files\Apoint\Apntex.exe[3800] USER32.dll!SetWindowsHookExA 75B76D0C 5 Bytes JMP 00170600
.text C:\Windows\system32\conhost.exe[3820] ntdll.dll!LdrUnloadDll 773AC8DE 5 Bytes JMP 000703FC
.text C:\Windows\system32\conhost.exe[3820] ntdll.dll!LdrLoadDll 773B22B8 5 Bytes JMP 000701F8
.text C:\Windows\system32\conhost.exe[3820] kernel32.dll!GetBinaryTypeW + 70 75A169F4 1 Byte [62]
.text C:\Windows\system32\conhost.exe[3820] USER32.dll!UnhookWindowsHookEx 75B4ADF9 5 Bytes JMP 00100A08
.text C:\Windows\system32\conhost.exe[3820] USER32.dll!UnhookWinEvent 75B4B750 5 Bytes JMP 001003FC
.text C:\Windows\system32\conhost.exe[3820] USER32.dll!SetWindowsHookExW 75B4E30C 5 Bytes JMP 00100804
.text C:\Windows\system32\conhost.exe[3820] USER32.dll!SetWinEventHook 75B524DC 5 Bytes JMP 001001F8
.text C:\Windows\system32\conhost.exe[3820] USER32.dll!SetWindowsHookExA 75B76D0C 5 Bytes JMP 00100600
.text C:\Windows\system32\SearchProtocolHost.exe[3900] ntdll.dll!LdrUnloadDll 773AC8DE 5 Bytes JMP 000503FC
.text C:\Windows\system32\SearchProtocolHost.exe[3900] ntdll.dll!LdrLoadDll 773B22B8 5 Bytes JMP 000501F8
.text C:\Windows\system32\SearchProtocolHost.exe[3900] kernel32.dll!GetBinaryTypeW + 70 75A169F4 1 Byte [62]
.text C:\Windows\system32\SearchProtocolHost.exe[3900] USER32.dll!UnhookWindowsHookEx 75B4ADF9 5 Bytes JMP 00130A08
.text C:\Windows\system32\SearchProtocolHost.exe[3900] USER32.dll!UnhookWinEvent 75B4B750 5 Bytes JMP 001303FC
.text C:\Windows\system32\SearchProtocolHost.exe[3900] USER32.dll!SetWindowsHookExW 75B4E30C 5 Bytes JMP 00130804
.text C:\Windows\system32\SearchProtocolHost.exe[3900] USER32.dll!SetWinEventHook 75B524DC 5 Bytes JMP 001301F8
.text C:\Windows\system32\SearchProtocolHost.exe[3900] USER32.dll!SetWindowsHookExA 75B76D0C 5 Bytes JMP 00130600

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [888B00C0] \SystemRoot\System32\Drivers\sptd.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [888B0FE0] \SystemRoot\System32\Drivers\sptd.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUlong] [888B0574] \SystemRoot\System32\Drivers\sptd.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [888B11BC] \SystemRoot\System32\Drivers\sptd.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [888B0362] \SystemRoot\System32\Drivers\sptd.sys
IAT \SystemRoot\System32\Drivers\ayfuhx4w.SYS[USBD.SYS!USBD_CreateConfigurationRequestEx] 1456B60F

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 84A591F8
Device \FileSystem\fastfat \FatCdrom 87FB01F8
Device \Driver\usbuhci \Device\USBPDO-0 85BDD430
Device \Driver\usbuhci \Device\USBPDO-1 85BDD430
Device \Driver\ACPI_HAL \Device\00000052 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device \Driver\usbehci \Device\USBPDO-2 85BD91F8
Device \Driver\usbuhci \Device\USBPDO-3 85BDD430
Device \Driver\usbuhci \Device\USBPDO-4 85BDD430
Device \Driver\usbuhci \Device\USBPDO-5 85BDD430
Device \Driver\usbehci \Device\USBPDO-6 85BD91F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\cdrom \Device\CdRom0 85A9F1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 84A561F8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-4 84A561F8
Device \Driver\atapi \Device\Ide\IdePort0 84A561F8
Device \Driver\atapi \Device\Ide\IdePort1 84A561F8
Device \Driver\atapi \Device\Ide\IdePort2 84A561F8
Device \Driver\msahci \Device\Ide\PciIde1Channel0 84A571F8
Device \Driver\cdrom \Device\CdRom1 85A9F1F8
 
GMER Log 3

AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\cdrom \Device\CdRom2 85A9F1F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\USBSTOR \Device\00000079 85ABC1F8
Device \Driver\PCI_PNP0965 \Device\0000005c sptd.sys
Device \Driver\PCI_PNP0965 \Device\0000005c sptd.sys
Device \Driver\usbuhci \Device\USBFDO-0 85BDD430
Device \Driver\USBSTOR \Device\0000007a 85ABC1F8
Device \Driver\usbuhci \Device\USBFDO-1 85BDD430
Device \Driver\usbehci \Device\USBFDO-2 85BD91F8
Device \Driver\usbuhci \Device\USBFDO-3 85BDD430
Device \Driver\usbuhci \Device\USBFDO-4 85BDD430
Device \Driver\usbuhci \Device\USBFDO-5 85BDD430
Device \Driver\usbehci \Device\USBFDO-6 85BD91F8
Device \Driver\ayfuhx4w \Device\Scsi\ayfuhx4w1Port3Path0Target0Lun0 85CF81F8
Device \Driver\ayfuhx4w \Device\Scsi\ayfuhx4w1Port3Path0Target1Lun0 85CF81F8
Device \Driver\ayfuhx4w \Device\Scsi\ayfuhx4w1 85CF81F8
Device \FileSystem\fastfat \Fat 87FB01F8

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 52\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xC4 0x93 0xE1 0x88 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xBF 0x64 0xFF 0x7A ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x5C 0xFE 0x39 0xC3 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41@ujdew 0xE6 0x9F 0xAD 0x51 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 52\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xC4 0x93 0xE1 0x88 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xBF 0x64 0xFF 0x7A ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x5C 0xFE 0x39 0xC3 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41@ujdew 0xE6 0x9F 0xAD 0x51 ...

---- EOF - GMER 1.0.15 ----
 
DDS

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_26
Run by Ryan at 13:28:48 on 2011-11-10
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2038.855 [GMT -8:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Ryan\AppData\Roaming\Google\Google Talk\googletalk.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Users\Ryan\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\System32\svchost.exe -k NetworkService
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ccxgui\ccXservice.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Hotspot Shield\bin\hsswd.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Apoint\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = localhost;127.0.0.1;*.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [googletalk] c:\users\ryan\appdata\roaming\google\google talk\googletalk.exe /autostart
uRun: [MusicManager] "c:\users\ryan\appdata\local\programs\google\musicmanager\MusicManager.exe"
uRun: [AlcoholAutomount] "c:\program files\alcohol soft\alcohol 52\AxAutoMntSrv.exe" -automount
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"
uRun: [iCloudServices] c:\program files\common files\apple\internet services\iCloudServices.exe
uRun: [ApplePhotoStreams] c:\program files\common files\apple\internet services\ApplePhotoStreams.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\users\ryan\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\ryan\appdata\roaming\dropbox\bin\Dropbox.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\users\ryan\desktop\PartyPoker.lnk
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.254 199.185.220.254
TCP: Interfaces\{14138B5B-41F7-4F66-ACE8-B498610B0014} : DhcpNameServer = 64.71.255.198 64.71.255.253
TCP: Interfaces\{332725B6-F2FD-4668-9941-9E98FBC250DC} : DhcpNameServer = 192.168.1.254 199.185.220.254
TCP: Interfaces\{332725B6-F2FD-4668-9941-9E98FBC250DC}\142696A716465686 : DhcpNameServer = 216.19.176.6 216.19.176.7
TCP: Interfaces\{332725B6-F2FD-4668-9941-9E98FBC250DC}\2456C6B696E6E233646454 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{332725B6-F2FD-4668-9941-9E98FBC250DC}\4656661657C647 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{332725B6-F2FD-4668-9941-9E98FBC250DC}\C696E6B6379737 : DhcpNameServer = 24.196.64.53 24.196.64.52
TCP: Interfaces\{7EE372DB-69EB-4749-8669-9E0168E1E4D0} : DhcpNameServer = 64.71.255.198 64.71.255.253
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\ryan\appdata\roaming\mozilla\firefox\profiles\pp9zcygj.default\
FF - prefs.js: browser.startup.homepage - hxxp://m.us.yahoo.com/
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\ryan\appdata\local\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\users\ryan\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\ryan\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-3-8 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-12-27 307928]
R2 ASKService;ASKService;c:\program files\askbardis\bar\bin\AskService.exe [2009-12-27 464264]
R2 ASKUpgrade;ASKUpgrade;c:\program files\askbardis\bar\bin\ASKUpgrade.exe [2009-12-27 234888]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-12-27 19544]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-12-27 53592]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2011-5-10 42184]
R2 ccXgui;ccXgui;c:\program files\ccxgui\ccXservice.exe [2004-4-23 173568]
R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\hotspot shield\bin\hsswd.exe -product hss --> c:\program files\hotspot shield\bin\hsswd.exe -product HSS [?]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-11-10 366152]
R2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 52\starwind\StarWindServiceAE.exe [2009-12-23 370688]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2011-4-22 92592]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2009-8-17 98304]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\western digital\wd smartware\front parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-11-10 22216]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
R3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2007-8-3 9344]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2009-12-28 812544]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-7-13 311296]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-27 135664]
S2 hshld;Hotspot Shield Service;c:\program files\hotspot shield\bin\openvpnas.exe [2011-3-24 271408]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-12-27 135664]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2010-4-19 18432]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-2 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-11 1343400]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2009-2-13 11520]
.
=============== Created Last 30 ================
.
2011-11-10 20:01:11 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{910ea4bf-0bf3-42bf-a195-3baa38f40f04}\offreg.dll
2011-11-10 19:59:24 -------- d-----w- c:\users\ryan\appdata\roaming\Malwarebytes
2011-11-10 19:59:18 -------- d-----w- c:\programdata\Malwarebytes
2011-11-10 19:59:15 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-10 19:59:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-10 09:16:39 -------- d-sh--w- C:\$RECYCLE.BIN
2011-11-10 09:04:19 -------- d-----w- c:\users\ryan\appdata\local\temp
2011-11-10 08:28:24 98816 ----a-w- c:\windows\sed.exe
2011-11-10 08:28:24 518144 ----a-w- c:\windows\SWREG.exe
2011-11-10 08:28:24 256000 ----a-w- c:\windows\PEV.exe
2011-11-10 08:28:24 208896 ----a-w- c:\windows\MBR.exe
2011-11-10 08:28:16 -------- d-----w- C:\ComboFix
2011-11-09 06:35:24 -------- d-----w- c:\program files\Microsoft IntelliPoint
2011-11-09 05:49:32 -------- d-----w- c:\users\ryan\appdata\roaming\Mozilla-Cache
2011-11-09 05:47:14 -------- d-----w- C:\Programs
2011-11-09 03:10:35 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 03:10:32 708608 ----a-w- c:\program files\common files\system\wab32.dll
2011-11-09 03:10:30 2341888 ----a-w- c:\windows\system32\win32k.sys
2011-11-09 03:07:47 6668624 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{910ea4bf-0bf3-42bf-a195-3baa38f40f04}\mpengine.dll
2011-10-15 20:47:19 233472 ----a-w- c:\windows\system32\oleacc.dll
2011-10-15 20:47:18 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-15 20:47:07 75776 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-15 20:47:06 465408 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-15 20:13:38 -------- d-----w- c:\program files\iPod
2011-10-15 20:09:29 -------- d-----w- c:\program files\Bonjour
.
==================== Find3M ====================
.
2011-10-15 20:20:40 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-01 02:42:56 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-08-31 06:05:04 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-31 06:05:04 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-08-22 03:42:10 2829 ----a-w- c:\windows\War3Unin.pif
2011-08-22 03:42:09 126976 ----a-w- c:\windows\War3Unin.exe
2011-08-20 04:31:05 981504 ----a-w- c:\windows\system32\wininet.dll
.
============= FINISH: 13:31:41.16 ===============
 
DDS attach

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 12/26/2009 3:48:36 PM
System Uptime: 11/10/2011 11:56:30 AM (2 hours ago)
.
Motherboard: Sony Corporation | | VAIO
Processor: Intel(R) Pentium(R) Dual CPU T2390 @ 1.86GHz | N/A | 1867/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 140 GiB total, 4.758 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is CDROM ()
H: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: WPD FileSystem Volume Driver
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_FLASHMEDIA#SDDEVICE1#5&28709844&0&003#
Manufacturer: Microsoft
Name: E:\
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_FLASHMEDIA#SDDEVICE1#5&28709844&0&003#
Service: WUDFRd
.
Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: WPD FileSystem Volume Driver
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_FLASHMEDIA#MEMORYSTICKDEVICE0#5&28709844&0&002#
Manufacturer: Microsoft
Name: F:\
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_FLASHMEDIA#MEMORYSTICKDEVICE0#5&28709844&0&002#
Service: WUDFRd
.
==== System Restore Points ===================
.
RP318: 11/9/2011 10:59:53 PM - Restore Operation
.
==== Installed Programs ======================
.
Leawo MP4 Converter version 3.1.0.0
Update for Microsoft Office 2007 (KB2508958)
Acoustica Effects Pack
Acoustica Mixcraft 5
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.4.6
Alpha Decay
Alps Pointing-device for VAIO
Amazon MP3 Downloader 1.0.10
Apple Application Support
Apple Mobile Device Support
Apple Software Update
avast! Free Antivirus
AviSynth 2.5
Bonjour
CCleaner
Dropbox
FrostWire 4.21.1
Google Chrome
Google Earth
Google Talk (remove only)
Google Talk Plugin
Google Update Helper
Google Updater
Hotspot Shield 1.57
iCloud
Intel(R) Graphics Media Accelerator Driver
Intel(R) TV Wizard
iTunes
Java(TM) 6 Update 26
Malwarebytes' Anti-Malware version 1.51.2.1300
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft IntelliPoint 8.2
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ Run Time Lib Setup
Mozilla Firefox 8.0 (x86 en-US)
MSVCRT
Music Manager
Nuclear Fission
OGA Notifier 2.0.0048.0
PartyPoker
QuickTime
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Skype Toolbars
Skype™ 4.2
Sony Download Taxi 1.5.0.0
Starcraft
System Requirements Lab CYRI
TomTom HOME 2.8.2.2264
TomTom HOME Visual Studio Merge Modules
TrueCrypt
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2596560)
Veetle TV 0.9.18
Videora iPhone 4 Converter 6
Videora iPod Converter 5.04
VLC media player 1.0.5
Vuze
Vuze Toolbar
Warcraft III
WD SmartWare
Windows Live Communications Platform
Windows Live Essentials
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Upload Tool
WinRAR archiver
WinSCP 4.3.2
XBMC
XP Codec Pack
.
==== Event Viewer Messages From Past Week ========
.
11/9/2011 6:17:30 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
11/9/2011 6:17:29 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
11/9/2011 6:17:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
11/9/2011 6:16:53 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
11/9/2011 6:16:53 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
11/9/2011 6:16:30 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswSnx aswSP aswTdi DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr sptd tdx truecrypt Wanarpv6 WfpLwf
11/9/2011 6:16:30 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
11/9/2011 6:16:30 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
11/9/2011 6:16:30 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
11/9/2011 6:16:30 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
11/9/2011 6:16:30 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
11/9/2011 6:16:30 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
11/9/2011 6:16:30 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
11/9/2011 6:16:30 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
11/9/2011 6:16:30 PM, Error: Service Control Manager [7001] - The Hotspot Shield Service service depends on the DHCP Client service which failed to start because of the following error: The dependency service or group failed to start.
11/9/2011 6:16:30 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/9/2011 6:16:30 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
11/9/2011 5:14:52 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wuauserv service.
11/9/2011 5:13:51 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
11/9/2011 11:22:16 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
11/9/2011 10:59:44 PM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: 490@01010004
11/8/2011 8:21:19 PM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: %%-2147416365
11/8/2011 7:45:35 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswSnx aswSP aswTdi CSC DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr sptd tdx truecrypt Wanarpv6 WfpLwf
11/8/2011 5:04:51 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
11/7/2011 11:47:08 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
11/3/2011 5:20:07 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{332725B6-F2FD-4668-9941-9E98FBC250DC} because another computer on the network has the same name. The server could not start.
11/10/2011 12:54:22 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
11/10/2011 12:35:50 AM, Error: Service Control Manager [7034] - The Hotspot Shield Monitoring Service service terminated unexpectedly. It has done this 1 time(s).
11/10/2011 12:28:28 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
11/10/2011 12:24:17 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
11/10/2011 12:24:17 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
11/10/2011 12:24:16 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11/10/2011 12:24:11 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
11/10/2011 12:24:08 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswSnx aswSP aswTdi discache spldr sptd truecrypt Wanarpv6
11/10/2011 12:23:25 AM, Error: sptd [4] - Driver detected an internal error in its data structures for .
11/10/2011 11:57:39 AM, Error: Service Control Manager [7003] - The IP Helper service depends the following service: Tdx. This service might not be installed.
11/10/2011 11:57:39 AM, Error: Service Control Manager [7001] - The Hotspot Shield Service service depends on the DHCP Client service which failed to start because of the following error: The dependency service does not exist or has been marked for deletion.
11/10/2011 11:56:51 AM, Error: Service Control Manager [7023] - The Offline Files service terminated with the following error: The system cannot find the path specified.
11/10/2011 1:30:30 PM, Error: Service Control Manager [7003] - The DHCP Client service depends the following service: Tdx. This service might not be installed.
11/10/2011 1:30:30 PM, Error: Service Control Manager [7001] - The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: The dependency service does not exist or has been marked for deletion.
11/10/2011 1:28:04 PM, Error: Service Control Manager [7003] - The DNS Client service depends the following service: Tdx. This service might not be installed.
11/10/2011 1:12:22 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
.
==== End Of File ===========================
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

======================================================================

Never run Combofix on your own!

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
64-bit users go HERE
  • Double-click SystemLook.exe to run it.
  • Vista\Win 7 users:: Right click on SystemLook.exe, click Run As Administrator
  • Copy the content of the following box and paste it into the main textfield:
    Code: 
    :filefind
tdx.sys
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
 
SystemLook

C:\windows\winsxs\x86_microsoft-windows-rid-over-tcpip_31bf3856ad364e35_6.1.7600.16385_none_ea141e6f3d693e28\tdx.sys --a--- 74240 bytes [23:12 13/07/2009] [23:12 13/07/2009] cb39e896a2a83702d1737bfd402b3542

-= EOF =-
 
1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box
  • Click OK
Windows Vista/7 users: click Start, in "Start search" type notepad and press Enter.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code: 
FCopy::
C:\windows\winsxs\x86_microsoft-windows-rid-over-tcpip_31bf3856ad364e35_6.1.7600.16385_none_ea141e6f3d693e28\tdx.sys | c:\windows\system32\drivers\tdx.sys

File::

Folder::
c:\program files\AskBarDis

Driver::
ASKService
ASKUpgrade


Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"=-
[-HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[-HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"=-
[-HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[-HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]


3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif



6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
 
ComboFix 11-11-09.01 - Ryan 11/11/2011 11:39:32.2.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2038.1247 [GMT -8:00]
Running from: c:\users\Ryan\Desktop\ComboFix.exe
Command switches used :: c:\users\Ryan\Desktop\CFScript.txt
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\AskBarDis
c:\program files\AskBarDis\bar\bin\askBar.dll
c:\program files\AskBarDis\bar\bin\askPopStp.dll
c:\program files\AskBarDis\bar\bin\AskService.exe
c:\program files\AskBarDis\bar\bin\AskSplash.exe
c:\program files\AskBarDis\bar\bin\AskTBApp.exe
c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe
c:\program files\AskBarDis\bar\bin\psvince.dll
c:\program files\AskBarDis\bar\Settings\AskLogo.ico
c:\program files\AskBarDis\bar\Settings\config.dat
c:\program files\AskBarDis\bar\Settings\config.dat.bak
c:\program files\AskBarDis\unins000.dat
c:\program files\AskBarDis\unins000.exe
c:\users\Ryan\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
.
.
--------------- FCopy ---------------
.
c:\windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7600.16385_none_ea141e6f3d693e28\tdx.sys --> c:\windows\system32\drivers\tdx.sys
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_ASKService
-------\Service_ASKUpgrade
.
.
((((((((((((((((((((((((( Files Created from 2011-10-11 to 2011-11-11 )))))))))))))))))))))))))))))))
.
.
2011-11-11 20:06 . 2011-11-11 20:08 -------- d-----w- c:\users\Ryan\AppData\Local\temp
2011-11-11 20:06 . 2011-11-11 20:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-11 19:39 . 2009-07-13 23:12 74240 ----a-w- c:\windows\system32\drivers\tdx.sys
2011-11-11 08:10 . 2011-11-11 08:10 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{910EA4BF-0BF3-42BF-A195-3BAA38F40F04}\offreg.dll
2011-11-10 21:34 . 2011-11-10 21:34 -------- d-----w- c:\program files\RegTweaker
2011-11-10 19:59 . 2011-11-10 19:59 -------- d-----w- c:\users\Ryan\AppData\Roaming\Malwarebytes
2011-11-10 19:59 . 2011-11-10 19:59 -------- d-----w- c:\programdata\Malwarebytes
2011-11-10 19:59 . 2011-11-10 19:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-10 19:59 . 2011-09-01 01:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-09 06:35 . 2011-11-09 06:36 -------- d-----w- c:\program files\Microsoft IntelliPoint
2011-11-09 05:49 . 2011-11-09 05:50 -------- d-----w- c:\users\Ryan\AppData\Roaming\Mozilla-Cache
2011-11-09 05:47 . 2011-11-09 05:47 -------- d-----w- C:\Programs
2011-11-09 03:10 . 2011-09-29 16:03 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 03:10 . 2011-10-01 04:37 708608 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-09 03:10 . 2011-09-29 03:37 2341888 ----a-w- c:\windows\system32\win32k.sys
2011-11-09 03:07 . 2011-10-07 03:48 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{910EA4BF-0BF3-42BF-A195-3BAA38F40F04}\mpengine.dll
2011-10-15 20:47 . 2011-08-27 04:26 233472 ----a-w- c:\windows\system32\oleacc.dll
2011-10-15 20:47 . 2011-08-27 04:26 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-15 20:47 . 2011-08-17 04:19 75776 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-15 20:47 . 2011-08-17 04:24 465408 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-15 20:13 . 2011-10-15 20:13 -------- d-----w- c:\program files\iPod
2011-10-15 20:09 . 2011-10-15 20:09 -------- d-----w- c:\program files\Bonjour
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-15 20:20 . 2011-06-11 01:23 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-31 06:05 . 2011-08-31 06:05 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-31 06:05 . 2011-08-31 06:05 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-08-22 03:42 . 2011-08-22 03:42 2829 ----a-w- c:\windows\War3Unin.pif
2011-08-22 03:42 . 2011-08-22 03:42 126976 ----a-w- c:\windows\War3Unin.exe
2011-11-05 06:53 . 2011-04-13 05:08 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EA5CA8B6-9B9C-4994-A7A1-947B6C631BE7}]
2011-03-03 07:20 242688 ----a-w- c:\program files\RegTweaker\key.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Ryan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Ryan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Ryan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"googletalk"="c:\users\Ryan\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"MusicManager"="c:\users\Ryan\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [2011-09-14 13128704]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe" [2010-08-20 33120]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2011-04-22 247728]
"iCloudServices"="c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe" [2011-10-06 59240]
"ApplePhotoStreams"="c:\program files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2011-09-29 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2008-06-18 122880]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-24 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-24 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-24 150552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-06 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-10 421736]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-09-01 449608]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-09-01 1047208]
.
c:\users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Ryan\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-8-22 24182896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WDDMStatus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk
backup=c:\windows\pss\WDDMStatus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WDSmartWare.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WDSmartWare.lnk
backup=c:\windows\pss\WDSmartWare.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Ryan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnk.Startup
backupExtension=.Startup
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-27 135664]
R2 hshld;Hotspot Shield Service;c:\program files\Hotspot Shield\bin\openvpnas.exe [2011-03-25 271408]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 40320]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-27 135664]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2010-04-20 18432]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-12 1343400]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2009-02-13 11520]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-07-25 436792]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-05-10 53592]
S2 ccXgui;ccXgui;c:\program files\ccxgui\ccXservice.exe [2004-04-23 173568]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe [2010-10-15 326704]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-09-01 366152]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2011-04-22 92592]
S2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2009-08-17 98304]
S2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-06-16 20480]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-09-01 22216]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2007-08-03 9344]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
S3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2007-06-05 812544]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-11 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-12-27 00:22]
.
2011-11-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-27 18:49]
.
2011-11-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-27 18:49]
.
2011-11-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1148415063-2950945713-2109174141-1000Core.job
- c:\users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-27 03:20]
.
2011-11-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1148415063-2950945713-2109174141-1000UA.job
- c:\users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-27 03:20]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = localhost;127.0.0.1;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254 199.185.220.254
FF - ProfilePath - c:\users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\pp9zcygj.default\
FF - prefs.js: browser.startup.homepage - hxxp://m.us.yahoo.com/
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Ask Toolbar_is1 - c:\program files\AskBarDis\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3836)
c:\users\Ryan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
c:\program files\WinSCP\DragExt.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Hotspot Shield\HssWPR\hsssrv.exe
c:\program files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2011-11-11 12:19:43 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-11 20:19
ComboFix2.txt 2011-11-10 09:22
.
Pre-Run: 5,078,818,816 bytes free
Post-Run: 4,906,876,928 bytes free
.
- - End Of File - - CB3993156AD916E50EB824FECAA0B646
 
Also, when going to Internet Options I get an error: Explorer.exe Illegal Operation attempted on a registry key that has been marked for deletion.

EDIT: Get the same error message when trying to open any program
 
You have to restart computer to fix that issue.

After restarting....

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
Click Go and post the result.
 
MiniToolBox by Farbar
Ran by Ryan (administrator) on 11-11-2011 at 14:45:52
Windows 7 Professional Service Pack 1 (X86)

***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 0
========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Ryan-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection* 17:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Anchorfree HSS Adapter
Physical Address. . . . . . . . . : 00-FF-11-24-1C-73
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Marvell Yukon 88E8039 PCI-E Fast Ethernet Controller
Physical Address. . . . . . . . . : 00-1A-80-F8-42-50
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) Wireless WiFi Link 4965AGN
Physical Address. . . . . . . . . : 00-1F-3B-BD-AC-27
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::35aa:a53d:acee:5025%10(Preferred)
Autoconfiguration IPv4 Address. . : 169.254.80.37(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 192.168.1.254
199.185.220.254
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{332725B6-F2FD-4668-9941-9E98FBC250DC}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{3114ADA3-487B-4C1E-B608-B922E16785C0}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{11241C73-C986-4D96-999B-B20B77AF9935}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 192.168.1.254

Ping request could not find host google.com. Please check the name and try again.
Server: UnKnown
Address: 192.168.1.254

Ping request could not find host yahoo.com. Please check the name and try again.

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
21...00 ff 11 24 1c 73 ......Anchorfree HSS Adapter
11...00 1a 80 f8 42 50 ......Marvell Yukon 88E8039 PCI-E Fast Ethernet Controller
10...00 1f 3b bd ac 27 ......Intel(R) Wireless WiFi Link 4965AGN
1...........................Software Loopback Interface 1
24...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
25...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
26...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
27...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
169.254.0.0 255.255.0.0 On-link 169.254.80.37 281
169.254.80.37 255.255.255.255 On-link 169.254.80.37 281
169.254.255.255 255.255.255.255 On-link 169.254.80.37 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 169.254.80.37 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 169.254.80.37 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
10 281 fe80::/64 On-link
10 281 fe80::35aa:a53d:acee:5025/128
On-link
1 306 ff00::/8 On-link
10 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\System32\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\System32\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 29 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 30 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 31 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 32 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 33 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 34 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 35 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 36 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 37 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 38 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (11/11/2011 00:11:44 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15647

Error: (11/11/2011 00:11:44 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15647

Error: (11/11/2011 00:11:44 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/10/2011 04:58:02 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2739892

Error: (11/10/2011 04:58:02 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2739892

Error: (11/10/2011 04:58:02 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/10/2011 04:57:51 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2728380

Error: (11/10/2011 04:57:51 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2728380

Error: (11/10/2011 04:57:51 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/10/2011 04:12:38 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15600


System errors:
=============
Error: (11/11/2011 02:44:39 PM) (Source: Service Control Manager) (User: )
Description: The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error:
%%1075

Error: (11/11/2011 02:44:39 PM) (Source: Service Control Manager) (User: )
Description: The DHCP Client service depends the following service: Tdx. This service might not be installed.

Error: (11/11/2011 02:44:36 PM) (Source: Service Control Manager) (User: )
Description: The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error:
%%1075

Error: (11/11/2011 02:44:36 PM) (Source: Service Control Manager) (User: )
Description: The DHCP Client service depends the following service: Tdx. This service might not be installed.

Error: (11/11/2011 02:44:36 PM) (Source: Service Control Manager) (User: )
Description: The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error:
%%1075

Error: (11/11/2011 02:44:36 PM) (Source: Service Control Manager) (User: )
Description: The DHCP Client service depends the following service: Tdx. This service might not be installed.

Error: (11/11/2011 02:44:35 PM) (Source: Service Control Manager) (User: )
Description: The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error:
%%1075

Error: (11/11/2011 02:44:35 PM) (Source: Service Control Manager) (User: )
Description: The DHCP Client service depends the following service: Tdx. This service might not be installed.

Error: (11/11/2011 02:44:35 PM) (Source: Service Control Manager) (User: )
Description: The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error:
%%1075

Error: (11/11/2011 02:44:35 PM) (Source: Service Control Manager) (User: )
Description: The DHCP Client service depends the following service: Tdx. This service might not be installed.


Microsoft Office Sessions:
=========================

**** End of log ****
 
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
64-bit users go HERE
  • Double-click SystemLook.exe to run it.
  • Vista\Win 7 users:: Right click on SystemLook.exe, click Run As Administrator
  • Copy the content of the following box and paste it into the main textfield:
    Code: 
    :reg
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\afd
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\netbt
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ipsec
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tdx
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
 
SystemLook 30.07.11 by jpshortstuff
Log created at 15:20 on 11/11/2011 by Ryan
Administrator - Elevation successful

========== reg ==========

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\afd]
"BootFlags"= 0x0000000001 (1)
"DisplayName"="@%systemroot%\system32\drivers\afd.sys,-1000"
"Group"="PNP_TDI"
"ImagePath"="\SystemRoot\system32\drivers\afd.sys"
"Description"="@%systemroot%\system32\drivers\afd.sys,-1000"
"ErrorControl"= 0x0000000001 (1)
"Start"= 0x0000000001 (1)
"Type"= 0x0000000001 (1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\afd\Parameters]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\afd\Enum]


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\netbt]
"DisplayName"="@%SystemRoot%\system32\drivers\netbt.sys,-2"
"Group"="PNP_TDI"
"ImagePath"="System32\DRIVERS\netbt.sys"
"Description"="@%SystemRoot%\system32\drivers\netbt.sys,-1"
"ErrorControl"= 0x0000000001 (1)
"Start"= 0x0000000001 (1)
"Type"= 0x0000000001 (1)
"DependOnService"="Tdx tcpip"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\netbt\Linkage]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\netbt\Parameters]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\netbt\Security]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\netbt\Enum]


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ipsec]
(Unable to open key - key not found)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tdx]
(Unable to open key - key not found)

-= EOF =-
 
It looks like you have "tdx" key missing from registry as well.
Do you have another Windows 7 computer you could copy that key from?
 
OK, we can try "tdk" from my Vista but make sure to create fresh restore point first.

Attached is zipped tdx.reg file.
Unzip it and double click on tdx.reg.
Allow registry merge.

Restart computer and check your internet connection.
 

Attachments

  • tdx.zip
    627 bytes · Views: 50
Working?

If so....

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
You must log in or register to reply here.

Similar threads

D
Windows xp home cannot connect to internet
Replies
4
Views
2K
bazz2004
B
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A
S
  • Locked
Inactive Am I infected?
Replies
8
Views
3K
Broni
Broni

Latest posts

Back